#6509 better error logging for non-existing dns reverse zones
Opened 2 years ago by tscherf. Modified 5 months ago

When you setup a host record and no reverse zone exists and/or is reachable for the entry, an ISE is shown. A more meaningful error message would be nice:

#  ipa host-add client.testrelm.test --password redhat --ip-address 10.34.57.44
ipa: ERROR: an internal error has occurred

[Thu Nov 24 04:16:48.999360 2016] [:error] [pid 34745] ipa: ERROR: non-public: NoNameservers: All nameservers failed to answer the query 44.57.34.10.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 anwered SERVFAIL; Server ::1 UDP port 53 anwered SERVFAIL
[Thu Nov 24 04:16:48.999380 2016] [:error] [pid 34745] Traceback (most recent call last):
[Thu Nov 24 04:16:48.999384 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 366, in wsgi_execute
[Thu Nov 24 04:16:48.999394 2016] [:error] [pid 34745]     result = command(*args, **options)
[Thu Nov 24 04:16:48.999397 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__
[Thu Nov 24 04:16:48.999399 2016] [:error] [pid 34745]     return self.__do_call(*args, **options)
[Thu Nov 24 04:16:48.999401 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call
[Thu Nov 24 04:16:48.999404 2016] [:error] [pid 34745]     ret = self.run(*args, **options)
[Thu Nov 24 04:16:48.999406 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 799, in run
[Thu Nov 24 04:16:48.999408 2016] [:error] [pid 34745]     return self.execute(*args, **options)
[Thu Nov 24 04:16:48.999409 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1181, in execute
[Thu Nov 24 04:16:48.999411 2016] [:error] [pid 34745]     *keys, **options)
[Thu Nov 24 04:16:48.999413 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/host.py", line 668, in pre_callback
[Thu Nov 24 04:16:48.999415 2016] [:error] [pid 34745]     check_reverse=check_reverse)
[Thu Nov 24 04:16:48.999417 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 583, in add_records_for_host_validation
[Thu Nov 24 04:16:48.999419 2016] [:error] [pid 34745]     revzone, revname = get_reverse_zone(ip)
[Thu Nov 24 04:16:48.999421 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 539, in get_reverse_zone
[Thu Nov 24 04:16:48.999423 2016] [:error] [pid 34745]     revzone = DNSName(dns.resolver.zone_for_name(revdns))
[Thu Nov 24 04:16:48.999425 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1050, in zone_for_name
[Thu Nov 24 04:16:48.999427 2016] [:error] [pid 34745]     answer = resolver.query(name, dns.rdatatype.SOA, rdclass, tcp)
[Thu Nov 24 04:16:48.999429 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 855, in query
[Thu Nov 24 04:16:48.999431 2016] [:error] [pid 34745]     raise NoNameservers(request=request, errors=errors)
[Thu Nov 24 04:16:48.999433 2016] [:error] [pid 34745] NoNameservers: All nameservers failed to answer the query 44.57.34.10.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 anwered SERVFAIL; Server ::1 UDP port 53 anwered SERVFAIL
[Thu Nov 24 04:16:48.999637 2016] [:error] [pid 34745] ipa: INFO: [jsonserver_session] admin@TESTRELM.TEST: host_add/1(u'client.testrelm.test', userpassword=u'redhat', ip_address=u'10.34.57.44', version=u'2.213'): NoNameservers

Without the reverse zone checks, the command works ok:

#  ipa host-add client.testrelm.test --password redhat --ip-address 10.34.57.44 --no-reverse
---------------------------------
Added host "client.testrelm.test"
---------------------------------
  Host name: client.testrelm.test
  Password: True
  Keytab: False
  Managed by: client.testrelm.test

Metadata Update from @tscherf:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5

2 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)

2 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)

2 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

a year ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

This is also reproducible by setting a non-existent server in resolv.conf with a different exception:

dns.exception.Timeout: The DNS operation timed out after 30.00067687034607 seconds

Login to comment on this ticket.

Metadata