search

hashicorp / terraform-provider-dns

Utility provider that supports DNS updates (RFC 2136) and can optionally be configured with secret key based transaction authentication (RFC 2845).
https://registry.terraform.io/providers/hashicorp/dns/latest
Mozilla Public License 2.0
112 stars 71 forks source link

Error: Error updating DNS record: Error negotiating GSS context: [Root cause: Networking_Error] Networking_Error: AS Exchange Error: failed sending AS_REQ to KDC: failed to communicate with KDC #241

Open RahmanBadru opened 1 year ago

RahmanBadru commented 1 year ago

Terraform CLI and Provider Versions

Terraform v1.3.3 on linux_amd64 and provider registry.terraform.io/hashicorp/dns v3.2.3

Terraform Configuration

provider "dns"{
    update {
      server = "172.254.10.57"
      gssapi {
      realm    = "TESTSERVER.COM"
      username = var.username
      password  = var.password
      }
    } 
}

resource "dns_a_record_set" "dolapo" {
  zone = "testserver.com."
  name = "interswitch"
  addresses = [
    "192.168.0.1"
  ]
  ttl = 300
}

Expected Behavior

An A record should have been created on the dns server configured in the provider block

Actual Behavior

It doesnt create and i get the error "Error updating DNS record: Error negotiating GSS context: [Root cause: Networking_Error] Networking_Error: AS Exchange Error: failed sending AS_REQ to KDC: failed to communicate with KDC. Attempts made with UDP (error sending to a KDC: error sneding to WINDOWS-MCW2020.testserver.com:53: sending over UDP failed to 76.223.65.111:53: read udp 172.254.10.55:57425->76.223.65.111:53: i/o timeout) and then TCP (error in getting a TCP connection to any of the KDCs)"

Steps to Reproduce

  1. terraform apply

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

No response

Code of Conduct

jmyers82 commented 1 year ago

@RahmanBadru did you get this working? Where did you put your krb5.conf file on windows? Did you have to install any kerb packages? I am actually getting the Error negotiating GSS context: configuration file could not be opened: open : no such file or directory, so wondering / assuming my setup is still off somewhere?

peshay commented 7 months ago

I run into the same error message. 

│ Error: Error updating DNS record: error negotiating GSS context: [Root cause: Networking_Error] Networking_Error: AS Exchange Error: failed sending AS_REQ to KDC: failed to communicate with KDC. Attempts made with TCP (no KDCs defined in configuration for realm my.domain) and then UDP (no KDCs defined in configuration for realm my.domain)
│
│   with module.dns.dns_a_record_set.server_entry,
│   on ../../../modules/censhareDNS/main.tf line 3, in resource "dns_a_record_set" "server_entry":
│    3: resource "dns_a_record_set" "server_entry" {
│
╵

What I think is weird is failed sending AS_REQ to KDC, because in Wireshark I cant even see it trying to send AS_REQ to any server. If I do this with kinit from my macOS or Ubuntu 22 it works fine and I can see the requests on the network. Even tho the terraform provider has everything it requires (keytab, realm infos, krb5.conf) it seems not even trying to send out the request. I have no idea where this get stuck and why it's not getting processed.