• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/
  • On Plesk for Linux mod_status is disabled on upgrades to improve Apache security.
    This is a one-time operation that occurs during an upgrade. You can manually enable mod_status later if needed.

Question INWX as a secondary Nameserver

R

ralerbon

New Pleskian
Server operating system version
Ubuntu 24.04
Plesk version and microupdate number
18.0.75
Hello experts,
I have the following setup:
My domains are registered at INWX. Until now, I have been using their nameservers. Now, however, I would like to use the option to sync DNS zones from Plesk, so that I don’t have to manually change or add DNS records, by using INWX as a secondary nameserver.
(I know this is mainly a matter of convenience, e.g. to avoid having to constantly watch for changes to TLSA records, etc.)

AXFR itself works, but here is the issue:
I need to restart the Plesk service in order for the zone transfer to happen. After restarting, I can see the following log entry:
".... transfer of 'myprettydomain.de/IN': AXFR started (serial 2026011017)" - The SOA serial is correct.

Before restarting the service, I can see that my server is sending a "notifies", but nothing happens afterwards. (until I restart the Plesk service)

Additionally, I would like to enable DNSSEC for the zone.
Has anyone been able to get DNSSEC working with a slave zone (Type of the used NS-Set is "Secondary DNS")?

Many Thanks
 
I have finally found the solution to get DNSSEC working in this specific setup. The key was the handling of the NS records within the zone itself.

1. On Plesk (The Master):
  • Modify the DNS Zone: Add the INWX nameservers (e.g., ns.inwx.de, ns2.inwx.de, ns3.inwx.eu) as NS records.
  • The Critical Step: REMOVE any other NS records that point to your own domain (like ns.yourawesomedomain.tld).
  • Keep the A/AAAA records: Keep A and AAAA records for "ns.yourawesomedomain.tld" within the zone
2. On INWX (The Secondary/Slave):
  • Glue Record: Create a Glue Record for ns.yourawesomedomain.tld pointing to your VPS IP.
  • NS-Set: Create a new NS-Set as "Secondary DNS" (Nameserver -> Manage NS-sets -> Add NS-Set).
    • First Nameserver: Your own (ns.yourawesomedomain.tld).
    • Further Nameservers: Add the INWX nameservers.
    • Master IP address: Your VPS IP.
  • Update Domain: Change the Zone type for your domain to "Slave" and select the NS-Set you just created.
3. Finalizing DNSSEC: Once the AXFR transfer is successful and the zone is synced, you can proceed with the DNSSEC setup in Plesk and copy the DS records to INWX.


The missing piece of the puzzle for me was the NS record configuration: Only after deleting my own domain's NS record from the Plesk DNS zone was I finally able to get DNSSEC to validate correctly.

I’m also keeping an eye on the AXFR transfer process. Today, neither restarting Plesk nor the Bind service triggered the initial transfer, even though the SOA serial was incrementing correctly on my VPS. Manually toggling the zone type on INWX to "Master" and back to "Slave" forced the transfer to complete successfully.
 
You must log in or register to reply here.

Similar threads

M
Question IONOS as secondary dns?
Replies
6
Views
2K
mopanim
M
M
Question ACL reset in BIND breaks AXFR to secondary DNS
Replies
2
Views
1K
Medina
M
Talistech
Question Possible via cli to reissue certificates with DANE + auto create TLSA records?
Replies
5
Views
1K
Talistech
Talistech
wasiwarez
Issue Issues with Plesk/bind configuring as master and slave nameserver
Replies
7
Views
1K
wasiwarez
wasiwarez
psxeu
Question DNSSEC - The TTL of the RRset exceeds the value of the Original TTL field of the RRSIG RR covering it
Replies
2
Views
1K
psxeu
psxeu
Back
Top