DNS forwarding doesn't work because MAAS enables dnssec
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
maas (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I have a MAAS server that uses a box running dnsmasq as a DNS forwarder.
With MAAS enabling dnssec by default, I get errors like these and DNS resolution from the MAAS provisioned machines doesn't work beyond what MAAS manages.
Aug 21 01:29:17 maas-region-hkg named[1147]: error (no valid RRSIG) resolving 'mediawiki/DS/IN': <ipv4addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (network unreachable) resolving 'mediawiki/DS/IN': <ipv6addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (network unreachable) resolving 'mediawiki/DS/IN': <ipv6addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (insecurity proof failed) resolving 'mediawiki/
Aug 21 01:29:17 maas-region-hkg named[1147]: error (insecurity proof failed) resolving 'mediawiki/A/IN': <ipv4addr>#53
/etc/bind/
//
// This file is managed by MAAS. Although MAAS attempts to preserve changes
// made here, it is possible to create conflicts that MAAS can not resolve.
//
// DNS settings available in MAAS (for example, forwarders and
// dnssec-validation) should be managed only in MAAS.
I I disable dnssec, name resolution works, and I didn't find a place in the web UI where I can disable dnssec.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: maas 1.7.6+bzr3376-
ProcVersionSign
Uname: Linux 3.19.0-25-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: amd64
Date: Fri Aug 21 02:55:27 2015
InstallationDate: Installed on 2015-08-10 (10 days ago)
InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
PackageArchitec
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: maas
UpgradeStatus: No upgrade log present (probably fresh install)
Status changed to 'Confirmed' because the bug affects multiple users.