[SOLVED] Zentyal 2.2, DNS 2.2.1 zones updates REFUSED (not saved)

[gchr]

Hello,

I'm running 2.2 in a new installation with these components:
Component    Installed version   
Backup    2.2.1   
Bandwidth Monitor    2.2.2   
Certification Authority    2.2.1   
Cloud Client    2.2.1   
DHCP Service    2.2   
DNS Service    2.2   
FTP    2.2.1   
File Sharing Service    2.2   
Firewall    2.2   
HTTP Proxy (Cache and Filter)    2.2   
Layer-7 Filter    2.2   
Monitor    2.2   
NTP Service    2.2   
Network Configuration    2.2.1   
Network Objects    2.2   
Network Services    2.2   
Traffic Shaping    2.2   
Users and Groups    2.2   
VPN Service    2.2   
Web Server    2.2.1

I have tried to add some hosts and an alias to 'ns' hostname in DNS module.
When saving the changes i get in zentyal.log :

Code: [Select]

2011/10/10 20:56:35 INFO> Base.pm:228 EBox::Module::Base::save - Restarting service for module: dns
2011/10/10 20:56:36 ERROR> Sudo.pm:213 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/eJFPOsRjW6 failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2011/10/10 20:56:36 ERROR> Sudo.pm:213 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/mlF_a3yslP failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2011/10/10 20:56:36 ERROR> Sudo.pm:213 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/PjQfk_txMk failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2

the forementioned tmp/... files contain respectively:

Code: [Select]

gchr@zenbox:~$ sudo cat /var/lib/zentyal/tmp/eJFPOsRjW6
update delete zen.home.lan
send

gchr@zenbox:~$ sudo cat /var/lib/zentyal/tmp/mlF_a3yslP
zone home.lan
update delete home.lan A
update add home.lan 259200 NS ns.home.lan
update delete fritz.home.lan A
update add fritz.home.lan 259200 A 192.168.1.253
update delete ns.home.lan A
update add ns.home.lan 259200 A 192.168.123.200
update delete home.lan MX
send

gchr@zenbox:~$ sudo cat /var/lib/zentyal/tmp/PjQfk_txMk
zone 123.168.192.in-addr.arpa
update delete 200.123.168.192.in-addr.arpa. PTR
update add 200.123.168.192.in-addr.arpa. 259200 PTR ns.home.lan.
send

I'm not considering myself as a linux expert but I think it has something to do with permissions of zone(?) files in /var/lib/bind

Code: [Select]

gchr@zenbox:~$ sudo ls -l /var/lib/bind/
total 68
-rw-r--r-- 1 bind bind   232 2011-10-10 20:56 db.1.168.192
-rw-r--r-- 1 bind bind   495 2011-10-10 20:14 db.123.168.192
-rw-r--r-- 1 bind bind 19648 2011-10-10 20:48 db.123.168.192.jnl
-rw-r--r-- 1 bind bind   600 2011-10-10 20:16 db.home.lan
-rw-r--r-- 1 bind bind 26114 2011-10-10 20:48 db.home.lan.jnl

Any suggestions?
Thank you in advance!

[gchr]

This post is here as a note for future reference for myself and anyone who might have the same problem.

After a full reinstall with 2.2-1 installer, the issue was the same.

i.e I couldn't add hostnames and aliases in my domain because nsupdate was failing.
Dynamic leases were working fine.

I noticed in /var/log/syslog :

Code: [Select]

Oct 15 20:46:35 zenbox named[3009]: listening on IPv4 interface eth1, 192.168.123.200#53
Oct 15 20:46:35 zenbox named[3009]: couldn't mkdir '/var/run/named': Permission denied
Oct 15 20:46:35 zenbox named[3009]: generating session key for dynamic DNS
Oct 15 20:46:35 zenbox named[3009]: couldn't mkdir '/var/run/named': Permission denied
Oct 15 20:46:35 zenbox named[3009]: could not create /var/run/named/session.key
Oct 15 20:46:35 zenbox named[3009]: failed to generate session key for dynamic DNS: permission denied
Oct 15 20:46:35 zenbox kernel: [  442.228246] type=1503 audit(1318700795.020:31):  operation="mkdir" pid=3011 parent=1 profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=110 ouid=110 name="/var/run/named/"

I realized that /var/run/named was missing!
I created it and gave write & exec permissions to bind:bind

UPDATE:
After a reboot  /var/run/named was missing again!
I followed http://lists.zentyal.org/pipermail/zentyal-devel/2011-September/000072.html and replaced paths in /etc/init/ebox.bind9.conf with  /var/run/named

After rebooting  /var/run/named is ok

[sixstone]

Thanks very much!

It seems there is a bug in our upstart script... from very old times..

I will be merged and be released in the following versions of zentyal-dns

[gchr]

Upgraded to:

DHCP Service    2.2.1    
DNS Service    2.2.1
and rebooted.

When I go to DNS -> "TXT records" of my dynamic domain and press the delete icon (garbage can)  for a previously entered TXT entry, the following message appears on top of page :

Code: [Select]

An internal error has occurred. This is most probably a bug, relevant information can be found in the logs. Please look for the details in the /var/log/zentyal/zentyal.log file and take a minute to submit a bug report so we can fix the issue as soon as possible.
...and In zentyal.log:
2011/10/28 14:27:41 ERROR> Union.pm:393 EBox::Types::Union::AUTOLOAD - Method printableValueByName is not defined in type select

After that "save changes" appears, I apply it but
/var/lib/bind/db.<mydomain> remains the same e.g the deleted TXT is still there.

Regards,
George

PS: ticket http://trac.zentyal.org/ticket/3412

[sixstone]

Hi gchr,

Thanks very much for your filling the bug. I have already fixed in [1] changeset. Please, patch the /usr/share/perl5/EBox/DNS/Model/Text.pm file in your installation to fix this problem.

To remove your buggy TXT record, just add it again, then remove it and finally save changes.

Best,

[1] http://trac.zentyal.org/changeset/23562

[gchr]

Hi sixtone!

Thank you for your effort!

I patched and rebooted.
I removed TXT entries by re-creating and removing them as suggested.

But I think something odd is still going going on.
I have two "buggy" SRV entries in my /var/lib/bind/db.home.lan file.

Code: [Select]

$ORIGIN home.lan.
_ldap._tcp SRV 0 0 389 ns
SRV 0 0 389 zenbox
I recreate them, save changes, delete them and again save changes.
They are still there! The strange thing is that, after each "save"  the file /var/lib/bind/db.home.lan is NOT regenerated.
The "last modification" timestamp remains the same.
I don't see any errors in syslog, messages or zentyal.log

Code: [Select]

Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'home.lan' NS
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'fritzbox.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'fritzbox.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'fritz.home.lan' CNAME
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'fritz.home.lan' CNAME
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'fritz.box.home.lan' CNAME
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'fritz.box.home.lan' CNAME
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'ns.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'ns.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'tpl.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'tpl.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'zenbox.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'zenbox.home.lan' A
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'zentyal.home.lan' CNAME
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': adding an RR at 'zentyal.home.lan' CNAME
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#36332: updating zone 'home.lan/IN': deleting rrset at 'home.lan' MX
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#45699: updating zone '123.168.192.in-addr.arpa/IN': deleting rrset at '252.123.168.192.in-addr.arpa' PTR
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#45699: updating zone '123.168.192.in-addr.arpa/IN': adding an RR at '252.123.168.192.in-addr.arpa' PTR
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#45699: updating zone '123.168.192.in-addr.arpa/IN': deleting rrset at '200.123.168.192.in-addr.arpa' PTR
Oct 30 00:47:04 zenbox named[26869]: client 127.0.0.1#45699: updating zone '123.168.192.in-addr.arpa/IN': adding an RR at '200.123.168.192.in-addr.arpa' PTR
Oct 30 00:47:05 zenbox named[26869]: shutting down

I have two questions:
Should /var/lib/bind/db.home.lan be regenerated after each save?
Is there a command I can issue to force the regeneration of db.home.lan from db.mas?

Thank you for your time.

[gchr]

Just trying to answer my own questions...

I found out that by issuing

Code: [Select]

rndc freeze
rndc thaw
all zones changes (from .jnl files) are flushed into db.* files

But , shouldn't this be happening when restarting DNS from dashboard or after "saving" changes in DNS in the dynamic zone?
The answer is "no", because "flush-zones-on-shutdown" is not defined as 'yes' in named.conf.options(.mas)

BTW, I thought my buggy "Service" entries were not removed, because db.<mydomain> was not updated on every "save changes". Now that I can flush DNS changes manually, I'm sure they are removed.

So , for me there are no more issues in DNS for the time being.

Regards,
George