Univention Bugzilla – Bug 40393
Check DNS nameserver entries at forward zones
Last modified: 2017-09-20 15:03:47 CEST
The DNS forward zones name server entries should be checked. See http://sdb.univention.de/1273 and I had a support case where a DNS alias was set as nameserver: Jan 7 21:38:06 ucs named[9576]: received control channel command 'reload domain.de' Jan 7 21:38:06 ucs named[9557]: zone domain.de/IN: NS 'test.domain.de' is a CNAME (illegal) Jan 7 21:38:06 ucs named[9557]: zone domain.de/IN: not loaded due to errors. Jan 7 21:38:07 ucs named[9576]: zone domain.de/IN: refresh: unexpected rcode (SERVFAIL) from master 127.0.0.1#7777 (source 0.0.0.0#0)
Created attachment 8954 [details] 40393-diagostic-check-nameservers-420.patch This new check `check_nameserver.py` examines all `nameserver` entries of all `dns/{forword,reverse}_zone`s. If the nameserver is within the UCS domain, but no UDM host-record can be found a Warning is shown. If an UDM alias-record is found instead of a host-record a Warning is shown. If the nameserver is not within the UCS domain, a DNS lookup is performed and a Warning shown, if no address can be resolved.
Committed in r81626 - r81627 (advisory r81649).
Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/__init__.py", line 263, in execute result = execute(umc_module, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 229, in run ed.extend(str(error) for error in group) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 229, in ed.extend(str(error) for error in group) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 212, in find_all_zone_problems for error in udm.check_zone(zone): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 192, in check_zone record = self.find(nameserver) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 171, in find filter_expression = nameserver.build_filter() File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 154, in build_filter return '(|{})'.format(''.join(expressions)) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 152, in expressions = (ldap.filter.filter_format(template, (rdn, zn)) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/check_nameservers.py", line 144, in _generate_splits (rdn, zn) = zn.split('.', 1) ValueError: need more than 1 value to unpack
r81708: fix ValueError in check_nameservers I think this fixes the error, otherwise I would need some more information to debug it.
Yes, the ValueError is gone.
The check fails in AD member mode. See for example: http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-2/job/ADMemberMultiEnv/1/Mode=installation,Version=w2k8r2-english/testReport/00_checks/81_diagnostic_checks/test/ [2017-09-08 21:52:03.767242] E Exception: ############### [2017-09-08 21:52:03.767314] E Nameserver sind nicht ansprechbar [2017-09-08 21:52:03.767391] E 1 der konfigurierten Nameserver anworten nicht auf DNS-Anfragen. [2017-09-08 21:52:03.767491] E Bitte sicherstellen, dass die DNS-Einstellungen in {setup:network} korrekt konfiguriert sind. [2017-09-08 21:52:03.767572] E Falls das Problem bestehen bleibt stellen Sie sicher, dass der Nameserver mit dem Netzwerk verbunden ist und die DNS-Forwarder das Internet erreichen können (www.univention.de). [2017-09-08 21:52:03.767650] E [2017-09-08 21:52:03.767727] E Der Nameserver 10.210.55.103 (UCR Variable 'nameserver1') ist nicht ansprechbar: [2017-09-08 21:52:03.767802] E ###############
I am unable to reproduce. Also: Jenkins is happy again.
(In reply to Lukas Oyen from comment #7) > I am unable to reproduce. Also: Jenkins is happy again. I guess because I disabled the plugin: https://git.knut.univention.de/univention/ucs/commit/97d5e6b935cd119c20fb3b7ef6c6e99c940e2907 97d5e6b9 by Stefan Gohmann at 2017-09-10T14:53:35+02:00 * 00_checks/81_diagnostic_checks.py: disable 11_nameserver check since it doesn't work in AD member setup (Bug #40393) * 20_appcenter/100_settings.py: Skip test in admember setup (Bug #45377) * 55_adconnector/502_other_attribute_sync.py: Skip test case in AD member mode (Bug #36480) Sorry, I didn't add a comment for it at this bug.
(In reply to Stefan Gohmann from comment #8) > I guess because I disabled the plugin: > > https://git.knut.univention.de/univention/ucs/commit/ > 97d5e6b935cd119c20fb3b7ef6c6e99c940e2907 Right, but this bug is for 20_check_nameservers.py, not 11_nameserver.py (the one that fails). 11_nameserver.py checks the UCR variables 'dns/forwarder1', 'dns/forwarder2', 'dns/forwarder3', 'nameserver1', 'nameserver2', 'nameserver3'. 20_check_nameservers.py checks all UDM 'dns/forward_zone', 'dns/reverse_zone'.
(In reply to Lukas Oyen from comment #9) > (In reply to Stefan Gohmann from comment #8) > > I guess because I disabled the plugin: > > > > https://git.knut.univention.de/univention/ucs/commit/ > > 97d5e6b935cd119c20fb3b7ef6c6e99c940e2907 > > Right, but this bug is for 20_check_nameservers.py, not 11_nameserver.py > (the one that fails). > > 11_nameserver.py checks the UCR variables 'dns/forwarder1', > 'dns/forwarder2', 'dns/forwarder3', 'nameserver1', 'nameserver2', > 'nameserver3'. > > 20_check_nameservers.py checks all UDM 'dns/forward_zone', > 'dns/reverse_zone'. Yes, you are right. YAML: OK Tests: OK, it looks good now.
<http://errata.software-univention.de/ucs/4.2/166.html>