freeipa

Clone
Source Code
GIT

#6509 better error logging for non-existing dns reverse zones
Opened 2 years ago by tscherf. Modified 5 months ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

When you setup a host record and no reverse zone exists and/or is reachable for the entry, an ISE is shown. A more meaningful error message would be nice:

#  ipa host-add client.testrelm.test --password redhat --ip-address 10.34.57.44
ipa: ERROR: an internal error has occurred

[Thu Nov 24 04:16:48.999360 2016] [:error] [pid 34745] ipa: ERROR: non-public: NoNameservers: All nameservers failed to answer the query 44.57.34.10.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 anwered SERVFAIL; Server ::1 UDP port 53 anwered SERVFAIL
[Thu Nov 24 04:16:48.999380 2016] [:error] [pid 34745] Traceback (most recent call last):
[Thu Nov 24 04:16:48.999384 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 366, in wsgi_execute
[Thu Nov 24 04:16:48.999394 2016] [:error] [pid 34745]     result = command(*args, **options)
[Thu Nov 24 04:16:48.999397 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__
[Thu Nov 24 04:16:48.999399 2016] [:error] [pid 34745]     return self.__do_call(*args, **options)
[Thu Nov 24 04:16:48.999401 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call
[Thu Nov 24 04:16:48.999404 2016] [:error] [pid 34745]     ret = self.run(*args, **options)
[Thu Nov 24 04:16:48.999406 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 799, in run
[Thu Nov 24 04:16:48.999408 2016] [:error] [pid 34745]     return self.execute(*args, **options)
[Thu Nov 24 04:16:48.999409 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1181, in execute
[Thu Nov 24 04:16:48.999411 2016] [:error] [pid 34745]     *keys, **options)
[Thu Nov 24 04:16:48.999413 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/host.py", line 668, in pre_callback
[Thu Nov 24 04:16:48.999415 2016] [:error] [pid 34745]     check_reverse=check_reverse)
[Thu Nov 24 04:16:48.999417 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 583, in add_records_for_host_validation
[Thu Nov 24 04:16:48.999419 2016] [:error] [pid 34745]     revzone, revname = get_reverse_zone(ip)
[Thu Nov 24 04:16:48.999421 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 539, in get_reverse_zone
[Thu Nov 24 04:16:48.999423 2016] [:error] [pid 34745]     revzone = DNSName(dns.resolver.zone_for_name(revdns))
[Thu Nov 24 04:16:48.999425 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1050, in zone_for_name
[Thu Nov 24 04:16:48.999427 2016] [:error] [pid 34745]     answer = resolver.query(name, dns.rdatatype.SOA, rdclass, tcp)
[Thu Nov 24 04:16:48.999429 2016] [:error] [pid 34745]   File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 855, in query
[Thu Nov 24 04:16:48.999431 2016] [:error] [pid 34745]     raise NoNameservers(request=request, errors=errors)
[Thu Nov 24 04:16:48.999433 2016] [:error] [pid 34745] NoNameservers: All nameservers failed to answer the query 44.57.34.10.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 anwered SERVFAIL; Server ::1 UDP port 53 anwered SERVFAIL
[Thu Nov 24 04:16:48.999637 2016] [:error] [pid 34745] ipa: INFO: [jsonserver_session] admin@TESTRELM.TEST: host_add/1(u'client.testrelm.test', userpassword=u'redhat', ip_address=u'10.34.57.44', version=u'2.213'): NoNameservers

Without the reverse zone checks, the command works ok: 

#  ipa host-add client.testrelm.test --password redhat --ip-address 10.34.57.44 --no-reverse
---------------------------------
Added host "client.testrelm.test"
---------------------------------
  Host name: client.testrelm.test
  Password: True
  Keytab: False
  Managed by: client.testrelm.test

Metadata Update from @tscherf:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5
2 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
2 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)
2 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
a year ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

This is also reproducible by setting a non-existent server in resolv.conf with a different exception:

dns.exception.Timeout: The DNS operation timed out after 30.00067687034607 seconds

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
enhancement
None
None
IPA
None
None
None
None
None
None
None
0
None
None
None
Powered by Pagure 5.5
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© 2014-2018 Red Hat, Inc. and others.