Change domain name does not propagate to the slave DNS servers

Submitted by webinteractive on Wed, 07/06/2011 - 03:23

I think that we are facing the same problem as described in: https://www.virtualmin.com/node/18460. When we change the domain name, Virtualmin shows no errors. But the domain name does not change on the secondary DNS servers. We use Bind 9.6 and we also have custom hostnames for the DNS slaves. Do we have the same bug as described? If so, what is the timeframe for Webmin 1.560 or should we patch the current Webmin 1.550?

Status: 
Closed (fixed)

Comments

Submitted by Locutus on Wed, 07/06/2011 - 07:00

Jamie modified the corresponding file on my server, fixing the problem... If you'd like and if that's okay with him, I can send you the modification.

Submitted by webinteractive on Wed, 07/06/2011 - 07:47

That would be great, because it happens once in a while that we have to rename a domain. What I do now is that I manually configure the slave domains after a domain name change. Do you also have Bind 9.x?

Submitted by Locutus on Wed, 07/06/2011 - 08:11

Yeah, BIND 9.7.0 here.

Okay, I guess Jamie won't mind me telling you the fix. :) Go to file /usr/share/webmin/bind8/bind8-lib.pl and modify line 2570 from

     next if (%on && !$on{$slave->{'host'}});

to

     next if (%on && !$on{$slave->{'host'}} && !$on{$slave->{'nsname'}});

Submitted by webinteractive on Wed, 07/06/2011 - 08:21

Just tried and tested it and it works perfectly!

Thank you so much!

Submitted by andreychek on Wed, 07/06/2011 - 10:32

Yup, we certainly don't mind you sharing a fix like that. Thanks!

The only thing to watch out for is that if someone has a different Virtualmin version, or the GPL rather than Pro, the codebase may be different.

I'm glad that's working though, and I'll mark this as fixed!

Submitted by Locutus on Wed, 07/06/2011 - 16:10

Yup, you're right, and I'm aware of the "different codebases" issue... That's why I compared the file in question from a Pro and GPL version, found them to be identical, and additionally gave the filename, line number and "before / after" line contents to be triple-safe. :)

Submitted by webinteractive on Wed, 07/06/2011 - 16:17

And I made a backup of the file I was going to edit. So we were quadruple-safe. :)

Submitted by Issues on Wed, 07/20/2011 - 17:20

Automatically closed -- issue fixed for 2 weeks with no activity.

Submitted by webinteractive on Mon, 08/15/2011 - 14:52

I want to reopen this issue because today I renamed a domain and it did not propagate to the other servers. I checked if the fix was still in place and it is. Does someone know what the problem is?

We have Webmin 1.560 and Virtualmin 3.87 Pro

Submitted by JamieCameron on Mon, 08/15/2011 - 15:33

Did you see any error messages when renaming the domain?

Submitted by webinteractive on Mon, 08/15/2011 - 15:41

Nopes. No error messages. Otherwise I could have done some troubleshooting. It just says "Changing slave domain on ns03, ns02".

Submitted by JamieCameron on Mon, 08/15/2011 - 19:15

Was this domain disabled at the time you renamed in?

Submitted by webinteractive on Tue, 08/16/2011 - 00:25

No, the domain was enabled and active. During renaming the domain, no errors. When I add a new domain, the domain is properly propagated to the slaves. So I guess that the transfers are allowed. Updates on a domain also gets propagated to the slaves.

NS01 (Master)

Webmin 1.560 Virtualmin 3.87 Pro Debian Linux 5.0 Bind 9.6

NS02 (Slave)

Webmin 1.560 Virtualmin 3.87.gpl Debian Linux 6.0 Bind 9.7.3

NS03 (Slave)

Webmin 1.560 Virtualmin 3.87.gpl Debian Linux 6.0 Bind 9.7.3

Submitted by Locutus on Tue, 08/16/2011 - 03:03

I guess debug logs of master and slave at the moment of renaming might be useful?

Submitted by JamieCameron on Tue, 08/16/2011 - 12:55

I did some tests, but wasn't able to re-produce this issue.

If you create a test domain and then rename it, does the rename consistently fail on the same slave server?

Submitted by webinteractive on Tue, 08/16/2011 - 13:55

Thank you for your time to reproduce it. When I analyze the syslog, I see the following errors. At this moment the servers are behind a firewall which does not support IPv6 (yet). I guess that this is why I get these errors. But shouldn't Virtualmin try to resolve the IPv4 address when it cannot resolve to the IPv6 address?

Aug 16 09:57:15 beheer named[2564]: zone eurologix2.com/IN: (master) removed Aug 16 09:57:15 beheer named[2564]: reloading configuration succeeded Aug 16 09:57:15 beheer named[2564]: zone eurologix.com/IN: loaded serial 2011081006 Aug 16 09:57:15 beheer named[2564]: reloading zones succeeded Aug 16 09:57:15 beheer named[2564]: zone eurologix.com/IN: sending notifies (serial 2011081006) Aug 16 09:57:15 beheer named[2564]: network unreachable resolving 'ns02.web-interactive.nl/A/IN': 2001:610:0:800d::2#53 Aug 16 09:57:15 beheer named[2564]: network unreachable resolving 'ns02.web-interactive.nl/AAAA/IN': 2001:610:0:800d::2#53 Aug 16 09:57:15 beheer named[2564]: network unreachable resolving 'ns03.web-interactive.nl/AAAA/IN': 2001:67c:1010:10::53#53 Aug 16 09:57:15 beheer named[2564]: network unreachable resolving 'ns02.web-interactive.nl/AAAA/IN': 2a00:1188:5::212#53 Aug 16 09:57:15 beheer named[2564]: network unreachable resolving 'ns02.web-interactive.nl/AAAA/IN': 2001:67c:1010:10::53#53 Aug 16 09:57:15 beheer named[2564]: network unreachable resolving 'ns02.web-interactive.nl/AAAA/IN': 2001:7b8:606::28#53

Submitted by JamieCameron on Tue, 08/16/2011 - 15:14

Those errors appear to be coming from BIND, which does the IPv6 address resolution .. not Virtualmin. Also, they are related to zone transfer and so wouldn't be the cause of the rename issue.

If you create a test domain and then rename it, does the rename still fail on one slave?

Submitted by webinteractive on Tue, 08/16/2011 - 15:35

I just created a new test domain and renamed it. The rename still fails on the slaves. But now I don't get errors:

Aug 16 22:15:45 beheer named[2564]: zone nietnix.com/IN: loaded serial 2011081601 Aug 16 22:15:45 beheer named[2564]: reloading zones succeeded Aug 16 22:15:45 beheer named[2564]: zone nietnix.com/IN: sending notifies (serial 2011081601) Aug 16 22:15:45 beheer named[2564]: network unreachable resolving 'ns02.web-interactive.nl/A/IN': 2001:7b8:606::28#53 Aug 16 22:15:45 beheer named[2564]: network unreachable resolving 'ns03.web-interactive.nl/A/IN': 2001:67c:1010:10::53#53 Aug 16 22:15:45 beheer named[2564]: client 83.96.168.45#48933: transfer of 'nietnix.com/IN': AXFR started Aug 16 22:15:45 beheer named[2564]: client 83.96.168.45#48933: transfer of 'nietnix.com/IN': AXFR ended

Aug 16 22:19:21 beheer named[2564]: zone nietnix.com/IN: (master) removed Aug 16 22:19:21 beheer named[2564]: reloading configuration succeeded Aug 16 22:19:21 beheer named[2564]: zone nietniks.com/IN: loaded serial 2011081602 Aug 16 22:19:21 beheer named[2564]: reloading zones succeeded Aug 16 22:19:21 beheer named[2564]: zone nietniks.com/IN: sending notifies (serial 2011081602)

Submitted by webinteractive on Tue, 08/16/2011 - 15:58

When I delete the domain name, the slaves are correctly deleted. When I add a new subdomain, the subdomain also gets correctly propagated to the slaves. So: Creating a domain works OK, deleting a domain works OK, updating a domain works OK, but renaming does not work.

Submitted by JamieCameron on Tue, 08/16/2011 - 16:46

To collect some logs, could you try adding the line rpcdebug=1 to /etc/webmin/config on a slave system that is failing to rename, then trying a domain rename immediately afterwards. Then attach the contents of /var/webmin/miniserv.error from the slave to this bug report (or email me at jcameron@virtualmin.com ) ..

Submitted by webinteractive on Wed, 08/17/2011 - 00:23

Hi,

I attached the log you asked for. Hopefully you can extract some information from it.

Submitted by JamieCameron on Wed, 08/17/2011 - 16:07

That's odd, I am not seeing any sign that Virtualmin even attempted the remote rename of the domain ..

I wonder if perhaps Virtualmin thought that creation of the slave domain failed when the virtual server was originally created. If you create a new test domain, do you see any errors related to slave DNS servers during the creation process?

Submitted by webinteractive on Wed, 08/17/2011 - 16:15

When I create a new domain, I don't get errors. All secondaries have the new domain too. See attached log file of the output of Virtualmin and the output of miniserv.error

Submitted by JamieCameron on Wed, 08/17/2011 - 18:31

That also looks fine ...

I think to debug this further, I would have to SSH into your virtualmin system myself as root and see what is going wrong. Let me know if that is possible.

Submitted by webinteractive on Thu, 08/18/2011 - 15:37

Do you need SSH on the Master, on the Slaves or on all systems? The slaves are not Virtualmin Pro, so I cannot easily enable SSH I guess?

On the Master I enabled remote support, mail has been sent to remote@virtualmin.com

If you need anything more, please let me know.

Thanks for your time.

Submitted by JamieCameron on Fri, 08/19/2011 - 00:34

I will try on the master first, and let you know if I need slave access as well ..

Submitted by JamieCameron on Fri, 08/19/2011 - 00:38

Yes, I think I will need access via SSH to the slaves .. you can email me the root password at jcameron@virtualmin.com , or add my SSH key from /root/.ssh/authorized_keys on the Virtualmin master to the same file on the slaves.

Submitted by webinteractive on Fri, 08/19/2011 - 01:33

I added all SSH keys from /root/.ssh/authorized_keys to the slaves.

Submitted by JamieCameron on Fri, 08/19/2011 - 17:15

Ok, I see the bug now, and have found a fix!

I have patched the bug on your system, and will include the fix in the next Webmin release. It wasn't noticed before because it only happens if you have a custom NS name setup for the slave..

Submitted by Locutus on Fri, 08/19/2011 - 17:29

Jamie, I also have a custom NS setup for my slave (FQDN "carina.tianet.de", NS entry "ns2.tianet.de"), yet with your fix from a few weeks ago, the problem in my particular case went away.

Could you clarify what exactly was difference between the issue back then and now?

Submitted by webinteractive on Fri, 08/19/2011 - 17:32

Thanks for the fix! Can I close the support login?

Submitted by JamieCameron on Fri, 08/19/2011 - 17:35

The previous fix solved the problem of deletes not working - this fix solved the rename..

Submitted by JamieCameron on Fri, 08/19/2011 - 17:35

Yes, the support login can be closed now..

Submitted by Locutus on Fri, 08/19/2011 - 17:39

@Jamie: Uuhm, not exactly. :)

The previous issue was titled Renaming a BIND zone on slave nameserver fails when "changing domain name". Deletion on the slave was never an issue for me.

And my final note, which you confirmed with a "yes, that was indeed the trigger", was:

I compared the file on the two machines, and it looks to me like the bug indeed had something to do with the fact that I'm using a "custom" hostname for the DNS slave?

Sooo... Again, what's the difference to this new issue here? :)

Submitted by JamieCameron on Fri, 08/19/2011 - 17:44

In that case, I am really confused .. because before I fixed the code just now it was clearly doing the wrong thing when renaming a domain.

Submitted by Locutus on Fri, 08/19/2011 - 18:06

Alright, well, please check post #3 in this issue here, I reiterated there what fix you applied back then.

Although this was a while ago, and in a previous Virtualmin version. I haven't tested renaming a domain with Webmin 1.560 yet, maybe the issue re-emerged there. I can remember quite positively that it was fixed back then. I'd surely have continued my rant in the other issue tracker entry otherwise. ;)

Did you maybe forget to include the fix in your own codebase? You did it directly on my server back then.

Submitted by JamieCameron on Fri, 08/19/2011 - 18:25

Yeah, maybe I only fixed it in your system and not our codebase.

Submitted by Issues on Fri, 09/02/2011 - 20:22

Automatically closed -- issue fixed for 2 weeks with no activity.