Author Topic: DNS Updates stopped working after Upgrade from 4.2 to 5.0  (Read 11230 times)

zoombiel

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
DNS Updates stopped working after Upgrade from 4.2 to 5.0
« on: February 20, 2017, 06:59:27 pm »
Hi,

After upgrade from version 4.2 to 5.0 (5.0.7) i can't update DNS zone.

Log from /var/log/zentyal/zentyal.log
Code: [Select]
2017/02/20 18:00:26 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/uo_lMDy6Bb failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at root command nsupdate -g -t 10 /var/lib/zentyal/tmp/uo_lMDy6Bb failed.
Error output: update failed: REFUSED


Log from /var/log/syslog
Code: [Select]
Feb 20 18:45:10 ad01 named[3502]: samba_dlz: disallowing update of signer=dns-ad01\@EXAMPLE.LOC name=example.loc type=A error=insufficient access rights
Feb 20 18:45:10 ad01 named[3502]: client 10.1.0.2#41805/key dns-ad01\@EXAMPLE.LOC: updating zone 'example.loc/NONE': update failed: rejected by secure update (REFUSED)

Do You have any solution to this problem?

yougotborked

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #1 on: February 21, 2017, 01:27:36 am »
I am getting similar problems with different error messages

Code: [Select]
2017/02/20 18:19:52 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-tatooine failed.
Error output: Password has expired
 dns-tatooine@EXAMPLE.CO's Password:
 kinit: Password incorrect

Command output: .
Exit value: 1
2017/02/20 18:19:52 ERROR> Service.pm:964 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-tatooine failed.
Error output: Password has expired
 dns-tatooine@EXAMPLE.CO's Password:
 kinit: Password incorrect

Command output: .
Exit value: 1 at root command kinit -k -t /var/lib/samba/private/dns.keytab dns-tatooine failed.
Error output: Password has expired
 dns-tatooine@EXAMPLE.CO's Password:
 kinit: Password incorrect

EDIT:

Now I am getting the same errors as you after and apt upgrade
Code: [Select]
EBox::Util::Init::moduleAction('dns', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 247
EBox::Util::Init::moduleRestart('dns') called at /etc/init.d/zentyal line 60
main::main at /etc/init.d/zentyal line 80
2017/02/20 18:50:24 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command nsupdate -g -t 10 /var/lib/zentyal/tmp/mmaKvyZ3WN failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2017/02/20 18:50:24 ERROR> Service.pm:964 EBox::Module::Service::restartService - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/mmaKvyZ3WN failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at root command nsupdate -g -t 10 /var/lib/zentyal/tmp/mmaKvyZ3WN failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at /usr/share/perl5/EBox/Module/Service.pm line 964
EBox::Module::Service::restartService('EBox::DNS=HASH(0x5a1e1e8)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 121
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 119
EBox::Util::Init::moduleAction('dns', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 247
EBox::Util::Init::moduleRestart('dns') called at /etc/init.d/zentyal line 60
main::main at /etc/init.d/zentyal line 80
« Last Edit: February 21, 2017, 01:52:36 am by yougotborked »

soso

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #2 on: February 24, 2017, 10:23:22 pm »
Identical issue in my case.
Code: [Select]
Error output: update failed: REFUSEDAny idea how to solve this dns update issue?

zoombiel

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #3 on: February 27, 2017, 10:44:03 am »
Update of component "Domain Controller and File Sharing " from version 5.0.3 to 5.0.4 is resolving this issue. This update was published at the end of the last week.

ompoly

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #4 on: March 02, 2017, 11:49:08 am »
Hi All,

this problem still exists in "Domain Controller and File Sharing " version 5.0.4:
The whole DNS update process fails, because it wants to delete and recreate all the items, but "dns-..." user has no rights for it:
"... disallowing update of signer=dns-zentyal\@SILICON.HU name=www.silicon.hu type=CNAME error=insufficient access rights"

As I could see nsupdate refuses changes on items created BEFORE the Zentyal 5 upgrade.
My terminology: old host/alias was created BEFORE upgrade to Zentyal 5, new host/alias was created AFTER the upgrade.
During the execution of a /var/lib/zentyal/tmp/... file at nsupdate prompt line by line I could notice the following:
creating new host (A) is OK
adding new alias (CNAME) to new host is OK
adding new alias (CNAME) to old host is OK
deleting old alias FAILS
deleting old host FAILS

Here is the test:
root@zentyal:/home/zadmin# nsupdate -g
> update add itsanewhost.silicon.hu 259200 A 10.9.20.3
> send
> add itsanewalias.silicon.hu 259200 CNAME itsanewhost.silicon.hu
> send
> add itsanewalias2.silicon.hu 259200 CNAME web.silicon.hu
> send
> update delete www.silicon.hu CNAME
> send
update failed: REFUSED
>

How can I fix it?

Thanks,
Peter

ompoly

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #5 on: March 06, 2017, 02:27:27 pm »
Any idea how to solve this dns update issue?

thanks.

ompoly

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #6 on: March 08, 2017, 07:37:11 pm »
Bump.

mahax01

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #7 on: March 27, 2017, 01:24:28 pm »
Hi there Peter,

I've got exactly the same problem after upgrading from 4.2.
Where you able to solve yours?

greetings

hagies

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #8 on: March 27, 2017, 02:30:46 pm »
I have exactly the same problem after the update, quite a headache!

Any feedback would be greatly appreciated on this thread!

jclaggett

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #9 on: March 28, 2017, 02:00:58 am »
There seems to be no less than 3 or 4 different threads on this particular problem...and yet no resolution.  :(

adarkbar

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +2/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #10 on: March 29, 2017, 06:22:03 pm »
Good Morning!,
I've found this link searching for the same error, and I've solved doing these few steps:

Code: [Select]
sudo cp /var/lib/samba/private/dns.keytab /var/lib/samba/private/dns.keytab.old
sudo rm /var/lib/samba/private/dns.keytab
sudo samba-tool domain exportkeytab --principal=DNS/server.domain.local /var/lib/samba/private/dns.keytab
sudo samba-tool domain exportkeytab --principal=dns-ZENTYAL@DOMAIN.LOCAL /var/lib/samba/private/dns.keytab
sudo ktutil -v -k /var/lib/samba/private/dns.keytab list
sudo kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL

If you still get errors with the last command, review the Zentyal DNS user name

Cheers!

rihokirss

  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #11 on: March 29, 2017, 08:05:43 pm »
How to check the name of dns user?
It looks that I dont have one.

Is it possible to somehow make new dns-user?

In zentyal.log I have
Code: [Select]
2017/03/29 22:18:06 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-server
 failed.
Error output: kinit: Password incorrect


user dns-server does not exist
« Last Edit: March 29, 2017, 09:28:50 pm by rihokirss »

mahax01

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #12 on: March 29, 2017, 09:35:27 pm »
Hi there,

@rihokirss
Code: [Select]
sudo pdbedit -Lwould list your users, just search for your user with "dns" prefix, usually it's dns-Servername.

@adarkbar
I tried your solution but that just shifted my problem to:
Code: [Select]
2017/03/29 21:31:12 ERROR> GlobalImpl.pm:661 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command nsupdate -g -t 10 /var/lib/zentyal/tmp/TUVjOoVEOm failed.
Error output: dns_tkey_negotiategss: TKEY is unacceptable
Any Idea on that one?

Thanks in advance!

rihokirss

  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #13 on: March 30, 2017, 06:09:14 pm »
Hi there,

@rihokirss
Code: [Select]
sudo pdbedit -Lwould list your users, just search for your user with "dns" prefix, usually it's dns-Servername.

Looks like the dns user is missing. Name of the user shall be dns-server.
Probably I can not create that user through the web interface. How to add it correctly?

rihokirss

  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: DNS Updates stopped working after Upgrade from 4.2 to 5.0
« Reply #14 on: April 04, 2017, 06:31:21 pm »
Can anybody help to find a way to re-make dns-server user?