DHCP 404 and DNS 400 errors

Alan_McAlexander · January 26, 2017, 12:38am

I've been having a heck of a couple days trying to stand up Foreman 1.14 on
Ubuntu 14.04. I have everything setup like another environment, but for
whatever reason, I keep getting crazy errors. I've checked out the rndc
key, to no avail as everything matches up. But yet I keep getting these
errors.

Here is what I get in the production.log and is also shown on the GUI:

Create Reverse IPv4 DNS record for infr003-cldtst.some.domain task failed
with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to
set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy
https://foreman01tst.some.domain:8443/dns

Here is what's going on in the foreman-proxy proxy.log:

I, [2017-01-26T00:31:21.929852 ] INFO – : 10.16.37.2 - - [26/Jan/2017
00:31:21] "GET /tftp/serverName HTTP/1.1" 200 27 0.0013

E, [2017-01-26T00:31:22.015214 ] ERROR – : DHCP record
10.x.x.0/ab:cd:ef:gh:b9:e8 not found
I, [2017-01-26T00:31:22.015645 ] INFO – : 10.x.x.2 - - [26/Jan/2017
00:31:22] "GET /dhcp/10.x.x.0/64:51:06:ee:b9:e8 HTTP/1.1" 404 50 0.0013

E, [2017-01-26T00:31:22.100339 ] ERROR – : DHCP record
10.16.37.0/10.16.37.8 not found
I, [2017-01-26T00:31:22.100921 ] INFO – : 10.x.x.2 - - [26/Jan/2017
00:31:22] "GET /dhcp/10.x.x.0/10.x.x.8 HTTP/1.1" 404 43 0.0014

I, [2017-01-26T00:31:22.325780 ] INFO – : 10.x.x.2 - - [26/Jan/2017
00:31:22] "POST /dhcp/10.16.37.0 HTTP/1.1" 200 - 0.0169

E, [2017-01-26T00:31:22.463041 ] ERROR – : Update errors: Answer:

;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 49597

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;10.in-addr.arpa. IN SOA

;; TSIG PSEUDOSECTION:

rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int.
1485390682 300 16 kwnn1289abLZrs5bPRqueQ== 49597 NOERROR 0

I, [2017-01-26T00:31:22.464868 ] INFO – : 10.16.37.2 - - [26/Jan/2017
00:31:22] "POST /dns/ HTTP/1.1" 400 329 0.0479

I, [2017-01-26T00:31:22.567307 ] INFO – : 10.16.37.2 - - [26/Jan/2017
00:31:22] "DELETE /dhcp/10.16.37.0/ab:cd:ef:gh:b9:e8 HTTP/1.1" 200 - 0.0135

Servers have been stopped, started and server rebooted. During install, I
just ran foreman-installer with no extra options.

Dominic_Cleal2 · January 26, 2017, 8:13am

> I've been having a heck of a couple days trying to stand up Foreman 1.14
> on Ubuntu 14.04. I have everything setup like another environment, but
> for whatever reason, I keep getting crazy errors. I've checked out the
> rndc key, to no avail as everything matches up. But yet I keep getting
> these errors.

Can you show the BIND configuration?

[…]
> I, [2017-01-26T00:31:22.325780 ] INFO – : 10.x.x.2 - - [26/Jan/2017
> 00:31:22] "POST /dhcp/10.16.37.0 HTTP/1.1" 200 - 0.0169
>
> E, [2017-01-26T00:31:22.463041 ] ERROR – : Update errors: Answer:
>
> ;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 49597

REFUSED indicates the BIND server is not permitting the update. What
zone configuration does it have?

> ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
>
> ;; ZONE SECTION:
>
> ;10.in-addr.arpa. IN SOA

This indicates the zone is 10.in-addr.arpa, check that's what's
configured in BIND. If you have a more specific zone, then change the
subnet configuration (prefix length/netmask) in Foreman to match.

···

On 26/01/17 00:38, Alan McAlexander wrote:

–
Dominic Cleal
dominic@cleal.org

Alan_McAlexander · January 26, 2017, 4:39pm

// named.conf

include "/etc/bind/rndc.key";

controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};

options {
include "/etc/bind/named.conf.options";
};

include "/etc/bind/zones.rfc1918";

// Public view read by Server Admin
include "/etc/bind/zones.conf";

···

~

From named.conf.options:

directory “/var/cache/bind”;
forwarders { 10.X.X.66; 10.X.X.40; };

recursion yes;
allow-query { any; };
dnssec-enable yes;
dnssec-validation yes;

empty-zones-enable yes;

listen-on-v6 { any; };

allow-recursion { localnets; localhost; };

From zones.conf:

zone “0.X.X.10.in-addr.arpa” {
type master;
file “/var/cache/bind/zones/db.0.X.X.10.in-addr.arpa”;
update-policy {
grant rndc-key zonesub ANY;
};
};
zone “hq.s http://hq.corp.viasat.com/ome.domain.com” {
type master;
file “/var/cache/bind/zones/db.some.domain.com”;
update-policy {
grant rndc-key zonesub ANY;
};
};

Dominic_Cleal2 · January 27, 2017, 8:16am

> From zones.conf:
>
> zone "0.X.X.10.in-addr.arpa" {
> type master;
> file "/var/cache/bind/zones/db.0.X.X.10.in-addr.arpa";
> update-policy {
> grant rndc-key zonesub ANY;
> };
> };
> zone "hq.corp.viasat.com" {
> type master;
[…]

The in-addr.arpa zone here does not match the zone in your first
message, see my quoted response:

···

On 26/01/17 16:35, Alan McAlexander wrote:

On 26/01/17 00:38, Alan McAlexander wrote:

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;10.in-addr.arpa. IN SOA

This indicates the zone is 10.in-addr.arpa, check that’s what’s
configured in BIND. If you have a more specific zone, then change the
subnet configuration (prefix length/netmask) in Foreman to match.

For the 0.X.X.10.in-addr.arpa zone, the subnet in Foreman should be
10.X.X.0 with a 255.255.255.0 or 24 bit prefix specified. It appears
that it’s set to 8.

–
Dominic Cleal
dominic@cleal.org

Alan_McAlexander · January 27, 2017, 7:22pm

The issue is resolved, removed DNS Proxy from the Subnets area. I was able
to add a host FINALLY - every freakin' foreman install is a different
issue. Now the issue is tftp timeouts (a new issue yet again)… The host
gets an IP, but just doesn't pull anything via TFTP. Nothing on tcpdump
either. The foreman host is listening on 0.0.0.0:69, just nothing.