Error in zone update when adding new bind9 target to pool
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Designate |
Fix Released
|
Undecided
|
Dmitry Galkin |
Bug Description
When adding a new bind9 target to an existing pool which already holds zones, then the zone update triggered by `designate-manage` will fail on the new target, e.g.:
```
Jan 19 12:52:35 dev-stack named[60670]: received control channel command 'modzone example.net { type slave; masters { 192.168.122.153 port 5354;}; file "slave.
Jan 19 12:52:35 dev-stack named[60670]: client @0x7fe33c000cd0 192.168.
```
The update issues a `modzone` rndc command, which will not create the zone if it does not exist. The following notify will not trigger an AXFR as the bind9 instance is "not authoritative".
Should the new target also be added as a nameserver to the 'pools.yaml' then the zones will end up in status "ERROR" as they cannot be found on the new target.
Expected behaviour:
Zones are added to empty/new pool targets
Steps to reproduce:
1. Set up a devstack on ubuntu focal as described in https:/
2. Add a zone: `openstack zone create --email <email address hidden> example.net.`
3. Add a second bind9 instance, e.g.:
```
sudo aa-teardown # turn off apparmor for this
sudo cp -a /etc/bind /etc/bind-2
sudo mkdir -p /var/cache/bind-2
sudo chown -R bind. /var/cache/bind-2
sudo sed -i -e 's#port 53#port 1053#g' -e 's#port 953#port 1953#g' -e 's#/var/
sudo sed -i 's#port 953#port 1953#g' /etc/bind-
sudo sed -i 's#/etc/
sudo systemctl cat bind9 | sed -e 's#^\(Exec.
sudo systemctl daemon-reload
sudo systemctl start bind9-2.service
```
4. Update the pool:
```
cat <<EOF | sudo tee -a /etc/designate/
- type: bind9
description: Another BIND Instance
masters:
- host: $(hostname -I)
port: 5354
options:
host: $(hostname -I)
port: 1053
rndc_host: $(hostname -I)
rndc_port: 1953
EOF
designate-manage pool update --file /etc/designate/
```
5. Check the log of the second bind9 instance for the error at the beginning of this report: `sudo journalctl --no-pager -eu bind9-2.service`
6. Verify that the second bind9 does not have the zone configured: `dig +short SOA example.net @$(hostname -I) -p1053`
Workaround:
Create zones manually on the new target before the pool update, e.g.: `rndc -c /etc/bind-
Changed in designate: | |
assignee: | nobody → Dmitry Galkin (galkindmitrii) |
Fix proposed to branch: master /review. opendev. org/c/openstack /designate/ +/828679
Review: https:/