When you setup a host record and no reverse zone exists and/or is reachable for the entry, an ISE is shown. A more meaningful error message would be nice:
# ipa host-add client.testrelm.test --password redhat --ip-address 10.34.57.44 ipa: ERROR: an internal error has occurred [Thu Nov 24 04:16:48.999360 2016] [:error] [pid 34745] ipa: ERROR: non-public: NoNameservers: All nameservers failed to answer the query 44.57.34.10.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 anwered SERVFAIL; Server ::1 UDP port 53 anwered SERVFAIL [Thu Nov 24 04:16:48.999380 2016] [:error] [pid 34745] Traceback (most recent call last): [Thu Nov 24 04:16:48.999384 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 366, in wsgi_execute [Thu Nov 24 04:16:48.999394 2016] [:error] [pid 34745] result = command(*args, **options) [Thu Nov 24 04:16:48.999397 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__ [Thu Nov 24 04:16:48.999399 2016] [:error] [pid 34745] return self.__do_call(*args, **options) [Thu Nov 24 04:16:48.999401 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call [Thu Nov 24 04:16:48.999404 2016] [:error] [pid 34745] ret = self.run(*args, **options) [Thu Nov 24 04:16:48.999406 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 799, in run [Thu Nov 24 04:16:48.999408 2016] [:error] [pid 34745] return self.execute(*args, **options) [Thu Nov 24 04:16:48.999409 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1181, in execute [Thu Nov 24 04:16:48.999411 2016] [:error] [pid 34745] *keys, **options) [Thu Nov 24 04:16:48.999413 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/host.py", line 668, in pre_callback [Thu Nov 24 04:16:48.999415 2016] [:error] [pid 34745] check_reverse=check_reverse) [Thu Nov 24 04:16:48.999417 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 583, in add_records_for_host_validation [Thu Nov 24 04:16:48.999419 2016] [:error] [pid 34745] revzone, revname = get_reverse_zone(ip) [Thu Nov 24 04:16:48.999421 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 539, in get_reverse_zone [Thu Nov 24 04:16:48.999423 2016] [:error] [pid 34745] revzone = DNSName(dns.resolver.zone_for_name(revdns)) [Thu Nov 24 04:16:48.999425 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1050, in zone_for_name [Thu Nov 24 04:16:48.999427 2016] [:error] [pid 34745] answer = resolver.query(name, dns.rdatatype.SOA, rdclass, tcp) [Thu Nov 24 04:16:48.999429 2016] [:error] [pid 34745] File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 855, in query [Thu Nov 24 04:16:48.999431 2016] [:error] [pid 34745] raise NoNameservers(request=request, errors=errors) [Thu Nov 24 04:16:48.999433 2016] [:error] [pid 34745] NoNameservers: All nameservers failed to answer the query 44.57.34.10.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 anwered SERVFAIL; Server ::1 UDP port 53 anwered SERVFAIL [Thu Nov 24 04:16:48.999637 2016] [:error] [pid 34745] ipa: INFO: [jsonserver_session] admin@TESTRELM.TEST: host_add/1(u'client.testrelm.test', userpassword=u'redhat', ip_address=u'10.34.57.44', version=u'2.213'): NoNameservers
Without the reverse zone checks, the command works ok:
# ipa host-add client.testrelm.test --password redhat --ip-address 10.34.57.44 --no-reverse --------------------------------- Added host "client.testrelm.test" --------------------------------- Host name: client.testrelm.test Password: True Keytab: False Managed by: client.testrelm.test
Metadata Update from @tscherf: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @mbasti: - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
This is also reproducible by setting a non-existent server in resolv.conf with a different exception:
dns.exception.Timeout: The DNS operation timed out after 30.00067687034607 seconds
Log in to comment on this ticket.