search

operasoftware / dns-ui

Opera's LDAP-authenticated PowerDNS user interface
Apache License 2.0
283 stars 57 forks source link

Zone creation failed with PowerDNS 4.2. The following error message was given: Creating domain 'example.com.' failed #116

Closed Napsty closed 4 years ago

Napsty commented 5 years ago

Using dns-ui cloned from repo on January 22nd 2019 and pdns 4.2.0. A new zone can not be added and the ui gives the following error message:

Zone creation failed
The zone creation failed. The following error message was given: Creating domain 'example.com.' failed

No further information is given. The apache debug logs don't show any hint either. I made sure to add the dot suffix to contact and primary nameserver.

Any idea?

Edit: I just found this in syslog:

Jan 23 14:43:33 ip-10-10-1-62 dnsui: client_ip=10.130.136.195;uid=myuser;zone=example.com.;object=rrset;action=add;name=example.com.
Jan 23 14:43:33 ip-10-10-1-62 pdns_server[22097]: SOA-EDIT-API/DNSUPDATE type 'INCEPTION-INCREMENT' for zone example.com is unknown.
thomas-pike commented 5 years ago

If using pdns 4.2.0 then you could be encountering the problem mentioned in this thread. The documentation for 4.2.0 has not yet been published (as 4.2.0 is still under development), so it's unclear if this is a deliberate deprecation of the INCEPTION-INCREMENT value.

Napsty commented 5 years ago

Indeed, very interesting. I see the following stuff happens in the background when dns-ui talks with the pdns API.

Request:

POST /api/v1/servers/localhost/zones HTTP/1.1
Host: localhost:8081
X-API-Key: secret
0: Content-Length: 327
Accept: application/json
Content-Type: application/json
Content-Length: 327

{"name":"example.com.","kind":"Master","nameservers":["ns1.example.com."],"rrsets":[{"name":"example.com.","type":"SOA","ttl":900,"records":[{"content":"ns1.example.com. dnsadmin@example.com. 2019012300 3600 3600 86400 3600","disabled":false}],"comments":[]}],"soa_edit_api":"INCEPTION-INCREMENT","account":"Testing","dnssec":false}

Response:

HTTP/1.1 422 Unprocessable Entity
Access-Control-Allow-Origin: *
Connection: close
Content-Length: 50
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'
Content-Type: application/json
Server: PowerDNS/4.2.0-alpha1
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 1; mode=block

{"error": "Creating domain 'example.com.' failed"}

I will downgrade and try with PDNS 4.1 now. But you're absolutely right: I couldn't find anything concerning the INCEPTION-INCREMENT type in the official PowerDNS (API) documentation either. Maybe @ahupowerdns could help here?

TigerP commented 4 years ago

The documentation for pdns 4.2 is available. And if I understand it correctly, removing the sending the soa-edit-api during the creation will make it succeed, because it will be set to DEFAULT.

thomas-pike commented 4 years ago

If that's the case then setting the new soa_edit_api setting to DEFAULT will fix the problem (which is now the default setting in the sample config file).