Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Plesk Email Security: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved)

 
cachecachingcentoschrootdebian

Symptoms

  • Plesk Email Security shows the warning below after some time of a correct work:

    DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved).

  • The following records might be found in /var/log/plesk/panel.log with enabled debug logging:

    DEBUG [extension/email-security] [5e3e3f7a584fa] Starting: '/opt/psa/admin/bin/filemng' 'root' 'exec' '/' 'bash' '-c' 'host -tTXT 2.0.0.127.multi.uribl.com' '--allow-root', stdin:
    DEBUG [extension/email-security] [5e3e3f7a584fa] Finished in 0.11335s, Error code: 0, stdout: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"

  • The manual check returns the same message:

    # host -tTXT 2.0.0.127.multi.uribl.com
    2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"

Cause

Local DNS server (for caching) is not configured on the server.

When a server has many incoming/outgoing emails that come through spam check by block lists, for example, URIBL it might abuse DNS public lookup provided by such services and get a block after certain amount of successful checks. After that, a corresponding warning appears in Plesk Email Security extension.

Resolution

Warning: Configuration of the local DNS server to cache requests is the tasks that has to be configured by a server administrator.

Configure local DNS server to decrease the load on public DNS servers and avoid blocks from URIBL side.
For example, systemd-resolved can be configured as described here: https://geekflare.com/linux-server-local-dns-caching/

Example steps for BIND DNS server shipped with Plesk:

  1. Install the BIND DNS server component if it's not yet:

    Log into Plesk > Tools & Settings > Updates > Add and Remove Product Components > BIND DNS server > Install

  2. Connect to the server via SSH.

  3. Run a check against the test point:

    # host -tTXT 2.0.0.127.multi.uribl.com

    Usually, if caching is not enabled the response is:

    2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 203.0.113.2]"

  4. Run named-checkconf to check for syntax error in the configuration files:

    # named-checkconf

  5. Add the local nameserver to the /etc/resolv.conf file:

    # vi /etc/resolv.conf

    add to the top of the file:

    nameserver 127.0.0.1

  6. Restart BIND service (named-chroot for CentOS, bind9 is Ubuntu/Debian):

    # service named-chroot restart || service bind9 restart

  7. Check that the service is running:

    # service named-chroot status || service bind9 restart

  8. Wait a few minutes and then run the check against the endpoint again:

    # host -tTXT 2.0.0.127.multi.uribl.com

    This time the response should be:

    2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

Note: If URIBL is not needed it might be simply disabled:

  1. Log into Plesk
  2. Go to Extensions > My extensions> Plesk Email Security > Server Settings tab > Advanced > DNSBL
  3. Switch off the URIBL block list
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit