Author Topic: I did the 6.1 upgrade now anything added to DNS won't resolve  (Read 490 times)

stetho

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
I did the 6.1 upgrade now anything added to DNS won't resolve
« on: November 19, 2019, 11:20:52 pm »
I decided to do the 6.1 upgrade when the button appeared and the upgrade seemed to work fine. Everything appeared to have come up as it should.

However, I've discovered that if I add something to DNS in the same way I've done for loads of other devices I can't resolve it. To be clear, anything that was already on my server still works

Code: [Select]
dig +short odroid1.23wwc.io @192.168.6.1                           22:09:52
192.168.1.91

But anything added since the upgrade doesn't work

Code: [Select]
dig pdu1.23wwc.io @192.168.6.1                                     22:11:09

; <<>> DiG 9.10.6 <<>> pdu1.23wwc.io @192.168.6.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40328
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pdu1.23wwc.io. IN A

;; AUTHORITY SECTION:
23wwc.io. 3600 IN SOA zentyal.23wwc.io. hostmaster.23wwc.io. 2160 900 600 86400 3600

;; Query time: 82 msec
;; SERVER: 192.168.6.1#53(192.168.6.1)
;; WHEN: Tue Nov 19 22:11:15 GMT 2019
;; MSG SIZE  rcvd: 97

I can't see anything relevant in any log files so I went and did a bit of digging and found this (PDU1 is 192.168.1.31)

Code: [Select]
cat /var/lib/bind/db.1.168.192
$ORIGIN .
$TTL 259200 ; 3 days
1.168.192.in-addr.arpa IN SOA zentyal.23wwc.io. hostmaster.23wwc.io. (
2019111628 ; serial
28800      ; refresh (8 hours)
7200       ; retry (2 hours)
2419200    ; expire (4 weeks)
86400      ; minimum (1 day)
)
NS zentyal.23wwc.io.
$ORIGIN 1.168.192.in-addr.arpa.
1 PTR usg.23wwc.io.
10 PTR pve.23wwc.io.
12 PTR diskstation.23wwc.io.
13 PTR bigserver.23wwc.io.
14 PTR qnap.23wwc.io.
16 PTR netgear.23wwc.io.
196 PTR ups.23wwc.io.
25 PTR zabbix.23wwc.io.
26 PTR librenms.23wwc.io.
$TTL 3600 ; 1 hour
29 PTR minecraft.23wwc.io.
$TTL 259200 ; 3 days
3 PTR garageswitch.23wwc.io.
$TTL 3600 ; 1 hour
34 PTR docker.23wwc.io.
$TTL 259200 ; 3 days
4 PTR lrswitch.23wwc.io.
5 PTR loftswitch.23wwc.io.
$TTL 3600 ; 1 hour
51 PTR HS100.23wwc.io.
52 PTR HS100.23wwc.io.
$TTL 259200 ; 3 days
7 PTR lrap.23wwc.io.
8 PTR upstairsap.23wwc.io.
$TTL 3600 ; 1 hour
91 PTR odroid1.23wwc.io.
92 PTR odroid2.23wwc.io.
93 PTR odroid3.23wwc.io.

So these records haven't been created even though they're visible in the Admin UI


Anyone know what's going on?

Thanks

Steve

AxxelH

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #1 on: November 24, 2019, 09:27:02 am »
I'm seeing the exact same issue, records added after 6.1 upgrade do not resolve.

In my case the expected entries in /var/lib/bind/db.* are present and the reverse lookups work. Forward lookups fail (NXDOMAIN).

I was able to rollback to 6.0.1 from a backup and things are working again. There is no obvious difference in content between /var/lib/bind/db.* in 6.0.1 vs 6.1.

I'm a little concerned that your problem has seen no response, so I wanted to be sure to mention its not a one-off.

stetho

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #2 on: November 24, 2019, 01:49:39 pm »
Thank you. I can confirm that I built a 6.0.1 VM and restored it from the backup I did before I clicked the upgrade button (fortunately) and then added the new entries. That all worked so as an experiment I upgraded the VM to 6.1. Upgrade worked without a problem, the entries I added before the upgrade resolve but anything else added doesn't resolve. It's definitely a 6.1 problem but I can't find anything helpful in the logs e.g. theres no "Unable to write /var/lib/bind/db.1.168.192" or anything that says "There was an error".

I'm now running a VM with 6.0.1 until someone confirms and fixes this. Or tells me what I'm doing wrong (for example, 6.1 might have new extra steps that are not obvious).

victorsts

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #3 on: November 26, 2019, 11:55:26 am »
Hello,

Same issue with a fresh installation of Zentyal 6.1. If I add a host (A record) to the main domain (the one used by Samba), direct resolution does not work with NXDOMAIN, but reverse resolution does work.

Dumping bind data with rndc dumpdb -zones creates the file /var/cache/bind/named_dump.db. Editing that file shows that the hosts I created in the GUI are not in bind's configuration, so obviously bind can't resolve them.

Please, could anyone confirm that with a previous Zentyal version you can create hosts within a Samba (dynamic) zone?
Thanks in advance.

[EDIT]
If I create another zone, not related to Samba/Active Directory, hosts are created correctly both for direct and reverse resolution.
« Last Edit: November 26, 2019, 01:17:30 pm by victorsts »

victorsts

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #4 on: November 26, 2019, 05:37:17 pm »
[UPDATE]

After reading https://wiki.samba.org/index.php/DNS_Administration I tried to use a Win10 PC + RSAT tools. I could connect to Zentyal DNS for the AD domain and manage the DNS service without any issues.

Using RSAT tools I could create/modify/delete hosts. I could even create different domains. All those settings got replicated among all 3 DCs automatically (although with some delay).

Why does Zentyal UI allow to make such changes if they wont be applied to the underlying bind daemon? Wouldn't it be easier to just place a notice "hey, you cant do that using this UI, use RSAT for it, ty!"?

AxxelH

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #5 on: November 28, 2019, 08:38:26 am »
RSAT tools were not previously required, this appears to be a new bug in 6.1, though we don't know the cause.

TechnicalValues

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +2/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #6 on: December 02, 2019, 07:52:51 pm »
I'm experiencing issues with DNS as well after upgrading to 6.1. I initially posted in another thread, then found this one.
 
NOTE: I've just added GitHub issue with reference to this thread and the other one: https://github.com/zentyal/zentyal/issues/1925

ecc

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: I did the 6.1 upgrade now anything added to DNS won't resolve
« Reply #7 on: December 05, 2019, 11:30:38 am »
Hello,

Same issue with a fresh installation of Zentyal 6.1. If I add a host (A record) to the main domain (the one used by Samba), direct resolution does not work with NXDOMAIN, but reverse resolution does work.

Dumping bind data with rndc dumpdb -zones creates the file /var/cache/bind/named_dump.db. Editing that file shows that the hosts I created in the GUI are not in bind's configuration, so obviously bind can't resolve them.

Please, could anyone confirm that with a previous Zentyal version you can create hosts within a Samba (dynamic) zone?
Thanks in advance.

[EDIT]
If I create another zone, not related to Samba/Active Directory, hosts are created correctly both for direct and reverse resolution.

I  tried this and got the same result: Add record in non-AD zone and adds fine; Add record in AD zone and it won;t add and therefore resolve. It's referencing the old PDC that we ran ad-migrate on but it hasn't transferred the BIND over.  :(

Is there anyway of editing this BIND so it points to itself? I don't know BIND that well I'm afraid so could do with a steer.

Thanks

doncamilo

  • Zen Samurai
  • ****
  • Posts: 390
  • Karma: +110/-1
    • View Profile
"Tanta salud goces como bondad abrigues en tu corazón"

Don Camilo.

"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.