Website on Plesk cannot be resolved to the server with enabled DNS

Dmitry Bystrov

1 year ago

Symptoms

Plesk website opens with one of the following errors in a browser:

This site can’t be reached
ERR_NAME_NOT_RESOLVED

DNS_PROBE_FINISHED_NXDOMAIN
DNS Server is enabled in Tools & Settings > Services Management and no errors are provided on its restart.

Cause

The port 53 (TCP or UDP) is filtered by a firewall for incoming or/and outgoing connections for the Plesk server's IP address:

# nmap -p53 203.0.113.2
PORT STATE SERVICE
53/tcp filtered domain

# nmap -sU -p53 203.0.113.2
PORT STATE SERVICE
53/udp open|filtered domain

Resolution

Allow inbound and outbound connections on port 53 (TCP and UDP) in a firewall.

Configuring firewall rules in case Plesk Firewall is used

Log into Plesk.
Make sure that Plesk Firewall is installed. If required, enable it to open all ports needed by Plesk automatically.
If Plesk Firewall is installed and enabled, however, the rule Domain name server is missing, add a custom rule for opening port 53 as per the article.

Configuring firewall rules via SSH (for Plesk for Linux)

Connect to the server via SSH.
Open port 53 (UDP and TCP) for incoming and outgoing connections in the local firewall:
- For iptables:
1. Open port 53 in iptables:
  
  # iptables -I INPUT -m tcp -p tcp --sport 53 -j ACCEPT
  # iptables -I INPUT -m udp -p udp --sport 53 -j ACCEPT
  # iptables -I INPUT -m udp -p udp --dport 53 -j ACCEPT
  # iptables -I INPUT -m tcp -p tcp --dport 53 -j ACCEPT
2. To apply changes execute the command below:
  - for RHEL-based OSes:
    
    # service iptables save
  - for Debian-like OSes:
    
    # iptables-save > /etc/iptables/rules.v4
- For firewalld:
  
  # firewall-cmd --permanent --add-port=53/tcp
  # firewall-cmd --permanent --add-port=53/udp
  # firewall-cmd --reload

Configuring firewall rules in Windows Firewall (for Plesk for Windows)

Connect to the server via RDP.
Go to Start > Control Panel > Windows Defender Firewall > Advanced Settings.
Open the Inbound Rules and make sure that the following rules are enabled:

Add them manually if required.

Note: If after applying the above steps port 53 is still shown as filtered (closed) in an online port checker (for example, ping.eu), that means that port is being filtered on a hosting/Internet service provider side. Please, contact your hosting/Internet service provider and ask them to open these ports for you.

0 Shares