Smart Proxy using Windows DNSCMD no implicit conversion of nil into String

mdiorio · January 5, 2022, 8:44pm

Problem:
When attempting to onboard a new server into Foreman using bootstrap.py, it calls out to our Windows smart-proxy to create the DNS entry using dnscmd. When smart-proxy does the /EnumZones, it gives the ‘no implicit conversion of nil into String’ error and fails.

This block adding new servers into Foreman/Katello and is blocking our server creation now.

Expected outcome:
System is added to Windows DNS as it used to be.

Foreman and Proxy versions:
Foreman 3.1.0
Proxy 3.1.0 (also happens with the 3.2 dev branch), and happens when the proxy is built using both ruby 2.6 and 2.7

Other relevant data:

[Calling Foreman API to create a host entry associated with the group & org]
An error occurred: HTTP Error 422: Unprocessable Entity
url: https://hq-1pforeman.internal.domain.com:443/api/v2/hosts/
code: 422
data: {
"host": {
"name": "hq-1pjenkinsx01",
"hostgroup_id": 5,
"organization_id": 1,
"mac": "00:50:56:85:31:11",
"architecture_id": 1,
"build": false,
"managed": "true",
"location_id": 2,
"domain_id": 1,
"ip": "10.85.136.117" 
}
}
error: {
"error": {
"id": null,
"errors": {
"base": [
"Create IPv4 DNS record for hq-1pjenkinsx01.internal.ieeeglobalspec.com task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://hq-2pforeman02.internal.domain.com/dns" 
]
},
"full_messages": [
"Create IPv4 DNS record for hq-1pjenkinsx01.internal.domain.com task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://hq-2pforeman02.internal.domain.com/dns" 
]
}
}

2022-01-05T11:54:28 [D] accept: 10.85.136.161:59638
2022-01-05T11:54:28 [D] Rack::Handler::WEBrick is invoked.
2022-01-05T11:54:28 8ae73b6c [I] Started POST /dns/ 
2022-01-05T11:54:29 8ae73b6c [D] verifying remote client 10.85.136.161 against trusted_hosts ["hq-1pforeman.internal.domain.com", "hq-2pforeman02.intenral.domain.com"]
2022-01-05T11:54:29 8ae73b6c [D] Finished DNS query getresources for 'hq-1pjenkinsx01.internal.domain.com' in 37.02 ms
2022-01-05T11:54:29 8ae73b6c [D] executing: ["c:\\Windows\\System32\\dnscmd.exe", "hq-2pdom01.internal.domain.com", "/EnumZones", nil, true]
2022-01-05T11:54:29 8ae73b6c [E] no implicit conversion of nil into String
2022-01-05T11:54:29 8ae73b6c [W] Error details for no implicit conversion of nil into String: <TypeError>: no implicit conversion of nil into String
C:/Ruby27-x64/lib/ruby/2.7.0/open3.rb:213:in `spawn'
C:/Ruby27-x64/lib/ruby/2.7.0/open3.rb:213:in `popen_run'
C:/Ruby27-x64/lib/ruby/2.7.0/open3.rb:101:in `popen3'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:130:in `popen3'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:42:in `block in execute'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:95:in `block in timeout'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:33:in `block in catch'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:33:in `catch'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:33:in `catch'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:110:in `timeout'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:124:in `timeout'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:40:in `execute'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:100:in `enum_zones'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:13:in `do_create'
C:/smart-proxy/modules/dns_common/dns_common.rb:37:in `create_a_record'
C:/smart-proxy/modules/dns/dns_api.rb:25:in `block in <class:Api>'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `block in compile!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (3 levels) in route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1032:in `route_eval'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (2 levels) in route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1061:in `block in process_route'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `catch'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `process_route'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1011:in `block in route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `each'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1129:in `block in dispatch!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1124:in `dispatch!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `block in call!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `call!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:929:in `call'
C:/smart-proxy/lib/proxy/log.rb:105:in `call'
C:/smart-proxy/lib/proxy/request_id_middleware.rb:11:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/xss_header.rb:18:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/path_traversal.rb:16:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/json_csrf.rb:26:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/frame_options.rb:31:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/show_exceptions.rb:22:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:216:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1991:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `block in call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1769:in `synchronize'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/urlmap.rb:74:in `block in call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `each'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/builder.rb:244:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/handler/webrick.rb:95:in `service'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:140:in `service'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:96:in `run'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/webrick-1.7.0/lib/webrick/server.rb:310:in `block in start_thread'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-01-05T11:54:29 8ae73b6c [W] no implicit conversion of nil into String: <TypeError>: no implicit conversion of nil into String
C:/Ruby27-x64/lib/ruby/2.7.0/open3.rb:213:in `spawn'
C:/Ruby27-x64/lib/ruby/2.7.0/open3.rb:213:in `popen_run'
C:/Ruby27-x64/lib/ruby/2.7.0/open3.rb:101:in `popen3'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:130:in `popen3'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:42:in `block in execute'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:95:in `block in timeout'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:33:in `block in catch'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:33:in `catch'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:33:in `catch'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:110:in `timeout'
C:/Ruby27-x64/lib/ruby/2.7.0/timeout.rb:124:in `timeout'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:40:in `execute'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:100:in `enum_zones'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:13:in `do_create'
C:/smart-proxy/modules/dns_common/dns_common.rb:37:in `create_a_record'
C:/smart-proxy/modules/dns/dns_api.rb:25:in `block in <class:Api>'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `block in compile!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (3 levels) in route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1032:in `route_eval'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (2 levels) in route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1061:in `block in process_route'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `catch'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `process_route'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1011:in `block in route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `each'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `route!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1129:in `block in dispatch!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1124:in `dispatch!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `block in call!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `call!'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:929:in `call'
C:/smart-proxy/lib/proxy/log.rb:105:in `call'
C:/smart-proxy/lib/proxy/request_id_middleware.rb:11:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/xss_header.rb:18:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/path_traversal.rb:16:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/json_csrf.rb:26:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-protection-2.1.0/lib/rack/protection/frame_options.rb:31:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/show_exceptions.rb:22:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:216:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1991:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `block in call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1769:in `synchronize'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/urlmap.rb:74:in `block in call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `each'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/builder.rb:244:in `call'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/handler/webrick.rb:95:in `service'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:140:in `service'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:96:in `run'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/webrick-1.7.0/lib/webrick/server.rb:310:in `block in start_thread'
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-01-05T11:54:29 8ae73b6c [I] Finished POST /dns/ with 400 (65.12 ms)



curl --cacert /etc/foreman/proxy_ca.pem --cert /etc/foreman/client_cert.pem --key /etc/foreman/client_key.pem -d 'fqdn=hq-1pjenkinsx01.internal.domain.com&value=10.85.136.117&type=A' 'https://hq-2pforeman02.internal.domain.com:443/dns/'
no implicit conversion of nil into String

lzap · January 6, 2022, 10:47am

Hey, this is a regression introduced by fixes #4026 - fixes #4026 secure Windows command execution · theforeman/smart-proxy@9522669 · GitHub as a temporary workaround revert that commit.

lzap · January 6, 2022, 11:14am

And here is a patch against develop and 3.1, apply and report back as I currently do not have working MS DNS environment.

mdiorio · January 6, 2022, 2:28pm

Hey @lzap - the patch worked perfectly! Thank you so much for looking at this so quickly. Our devs will be happy to get their Jenkins box up

mdiorio · January 10, 2022, 3:38pm

Hey @lzap,

Looks like there’s another bug in the dnscmd. Trying to delete an entry is failing. But it’s strange - I can copy/paste the command being run and it works fine from the command line.

>dnscmd hq-2pdom01.internal.domain.com /EnumRecords internal.domain.com hq-1ploki.internal.domain.com. /Type A

Returned records:
@                3600 A 10.85.136.32

Command completed successfully.


Error from log: 

2022-01-10T09:55:05 1a4c251f [I] Started DELETE /dns/hq-1ploki.internal.domain.com/A 
2022-01-10T09:55:05 1a4c251f [D] verifying remote client 10.85.136.161 against trusted_hosts ["hq-1pforeman.internal.domain.com", "hq-2pforeman02.intenral.domain.com"]
2022-01-10T09:55:05 1a4c251f [D] executing: ["c:\\Windows\\System32\\dnscmd.exe", "hq-2pdom01.internal.domain.com", "/EnumZones"]
2022-01-10T09:55:05 1a4c251f [D] Enumerated authoritative dns zones: ["TRUNCATED to remove zones"]
2022-01-10T09:55:05 1a4c251f [D] executing: ["c:\\Windows\\System32\\dnscmd.exe", "hq-2pdom01.internal.ieeeglobalspec.com", "/EnumRecords internal.domain.com hq-1ploki.internal.ieeeglobalspec.com. /Type A", "EnumRecords"]
2022-01-10T09:55:05 1a4c251f [E] Command dnscmd failed:
Unknown Command "/EnumRecords internal.domain.com hq-1ploki.internal.domain.com. /Type A" Specified -- type DnsCmd -?.





In future versions of Windows, Microsoft might remove dnscmd.exe.



If you currently use dnscmd.exe to configure and manage the DNS server,

Microsoft recommends that you transition to Windows PowerShell.



To view a list of commands for DNS server management, type

"Get-Command -Module DnsServer" at the Windows PowerShell prompt. Additional

information about Windows PowerShell commands for DNS is available at

http://go.microsoft.com/fwlink/?LinkId=217627.



Usage: DnsCmd <ServerName> <Command> [<Command Parameters>]



<ServerName>:

  IP address or host name    -- remote or local DNS server

  .                          -- DNS server on local machine

<Command>:

  /Info                      -- Get server information

  /Config                    -- Reset server or zone configuration

  /EnumZones                 -- Enumerate zones

  /Statistics                -- Query/clear server statistics data

  /ClearCache                -- Clear DNS server cache

  /WriteBackFiles            -- Write back all zone or root-hint datafile(s)

  /StartScavenging           -- Initiates server scavenging

  /IpValidate                -- Validate remote DNS servers

  /EnumKSPs                  -- Enumerate available key storage providers

  /ResetListenAddresses      -- Set server IP address(es) to serve DNS requests

  /ResetForwarders           -- Set DNS servers to forward recursive queries to

  /ZoneInfo                  -- View zone information

  /ZoneAdd                   -- Create a new zone on the DNS server

  /ZoneDelete                -- Delete a zone from DNS server or DS

  /ZonePause                 -- Pause a zone

  /ZoneResume                -- Resume a zone

  /ZoneReload                -- Reload zone from its database (file or DS)

  /ZoneWriteBack             -- Write back zone to file

  /ZoneRefresh               -- Force refresh of secondary zone from master

  /ZoneUpdateFromDs          -- Update a DS integrated zone by data from DS

  /ZonePrint                 -- Display all records in the zone

  /ZoneResetType             -- Change zone type

  /ZoneResetSecondaries      -- Reset secondary\notify information for a zone

  /ZoneResetScavengeServers  -- Reset scavenging servers for a zone

  /ZoneResetMasters          -- Reset secondary zone's master servers

  /ZoneExport                -- Export a zone to file

  /ZoneChangeDirectoryPartition -- Move a zone to another directory partition

  /ZoneSeizeKeymasterRole    -- Seize the key master role for a zone

  /ZoneTransferKeymasterRole -- Transfer the key master role for a zone

  /ZoneEnumSKDs              -- Enumerate the signing key descriptors for a zone

  /ZoneAddSKD                -- Create a new signing key descriptor for a zone

  /ZoneDeleteSKD             -- Delete a signing key descriptor for a zone

  /ZoneModifySKD             -- Modify a signing key descriptor for a zone

  /ZoneValidateSigningParameters -- Validate DNSSEC online signing parameters for a zone

  /ZoneSetSKDState           -- Set Active and/or Standby keys for a signing key descriptor for a zone

  /ZoneGetSKDState           -- Retrieve dynamic state for a signing key descriptor for a zone

  /ZonePerformKeyRollover    -- Trigger a key rollover in a signing key descriptor for a zone

  /ZonePokeKeyRollover       -- Trigger a key rollover in a signing key descriptor for a zone

  /ZoneSign                  -- Signs the zone using DNSSEC online signing parameters

  /ZoneUnsign                -- Removes DNSSEC signatures from a signed zone

  /ZoneResign                -- Regenerate DNSSEC signatures in a signed zone

  /EnumRecords               -- Enumerate records at a name

  /RecordAdd                 -- Create a record in zone or RootHints

  /RecordDelete              -- Delete a record from zone, RootHints or cache

  /NodeDelete                -- Delete all records at a name

  /AgeAllRecords             -- Force aging on node(s) in zone

  /TrustAnchorAdd            -- Create a new trust anchor zone on the DNS server

  /TrustAnchorDelete         -- Delete a trust anchor zone from DNS server or DS

  /EnumTrustAnchors          -- Display status information for trust anchors

  /TrustAnchorsResetType     -- Change zone type for a trust anchor zone

  /EnumDirectoryPartitions   -- Enumerate directory partitions

  /DirectoryPartitionInfo    -- Get info on a directory partition

  /CreateDirectoryPartition  -- Create a directory partition

  /DeleteDirectoryPartition  -- Delete a directory partition

  /EnlistDirectoryPartition  -- Add DNS server to partition replication scope

  /UnenlistDirectoryPartition -- Remove DNS server from replication scope

  /CreateBuiltinDirectoryPartitions -- Create built-in partitions

  /ExportSettings            -- Output settings to DnsSettings.txt in the DNS server database directory

  /OfflineSign               -- Offline signing zone files, including key generation/deletion

  /EnumTrustPoints           -- Display active refresh information for all trust points

  /ActiveRefreshAllTrustPoints -- Perform an active refresh on all trust points now

  /RetrieveRootTrustAnchors  -- Retrieve root trust anchors via HTTPS



<Command Parameters>:

  DnsCmd <CommandName> /? -- For help info on specific Command



In future versions of Windows, Microsoft might remove dnscmd.exe.



If you currently use dnscmd.exe to configure and manage the DNS server,

Microsoft recommends that you transition to Windows PowerShell.



To view a list of commands for DNS server management, type

"Get-Command -Module DnsServer" at the Windows PowerShell prompt. Additional

information about Windows PowerShell commands for DNS is available at

http://go.microsoft.com/fwlink/?LinkId=217627.



2022-01-10T09:55:05 1a4c251f [E] Command dnscmd failed:
Unknown Command "/EnumRecords internal.ieeeglobalspec.com hq-1ploki.internal.domain.com. /Type A" Specified -- type DnsCmd -?.

In future versions of Windows, Microsoft might remove dnscmd.exe.

If you currently use dnscmd.exe to configure and manage the DNS server,

Microsoft recommends that you transition to Windows PowerShell.



To view a list of commands for DNS server management, type

"Get-Command -Module DnsServer" at the Windows PowerShell prompt. Additional

information about Windows PowerShell commands for DNS is available at

http://go.microsoft.com/fwlink/?LinkId=217627.



Usage: DnsCmd <ServerName> <Command> [<Command Parameters>]
...

2022-01-10T09:55:05 1a4c251f [E] Unknown error while processing ''
2022-01-10T09:55:05 1a4c251f [W] Error details for Unknown error while processing '': <Proxy::Dns::Error>: Unknown error while processing ''
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:76:in `rescue in report'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:57:in `report'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:53:in `execute'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:111:in `enum_records'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:28:in `do_remove'
C:/smart-proxy/modules/dns_common/dns_common.rb:79:in `remove_a_record'
C:/smart-proxy/modules/dns/dns_api.rb:61:in `block in <class:Api>'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `block in compile!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (3 levels) in route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1032:in `route_eval'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (2 levels) in route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1061:in `block in process_route'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `catch'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `process_route'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1011:in `block in route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `each'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1129:in `block in dispatch!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1124:in `dispatch!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `block in call!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `call!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:929:in `call'
C:/smart-proxy/lib/proxy/log.rb:105:in `call'
C:/smart-proxy/lib/proxy/request_id_middleware.rb:11:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/xss_header.rb:18:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/path_traversal.rb:16:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/json_csrf.rb:26:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/frame_options.rb:31:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/show_exceptions.rb:22:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:216:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1991:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `block in call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1769:in `synchronize'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/urlmap.rb:74:in `block in call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `each'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/builder.rb:244:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/handler/webrick.rb:95:in `service'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:140:in `service'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:96:in `run'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/webrick-1.7.0/lib/webrick/server.rb:310:in `block in start_thread'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-01-10T09:55:05 1a4c251f [W] Unknown error while processing '': <Proxy::Dns::Error>: Unknown error while processing ''
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:76:in `rescue in report'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:57:in `report'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:53:in `execute'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:111:in `enum_records'
C:/smart-proxy/modules/dns_dnscmd/dns_dnscmd_main.rb:28:in `do_remove'
C:/smart-proxy/modules/dns_common/dns_common.rb:79:in `remove_a_record'
C:/smart-proxy/modules/dns/dns_api.rb:61:in `block in <class:Api>'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `block in compile!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (3 levels) in route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1032:in `route_eval'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (2 levels) in route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1061:in `block in process_route'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `catch'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `process_route'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1011:in `block in route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `each'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `route!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1129:in `block in dispatch!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1124:in `dispatch!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `block in call!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `call!'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:929:in `call'
C:/smart-proxy/lib/proxy/log.rb:105:in `call'
C:/smart-proxy/lib/proxy/request_id_middleware.rb:11:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/xss_header.rb:18:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/path_traversal.rb:16:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/json_csrf.rb:26:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-protection-2.1.0/lib/rack/protection/frame_options.rb:31:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/show_exceptions.rb:22:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:216:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1991:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `block in call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1769:in `synchronize'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/urlmap.rb:74:in `block in call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `each'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/builder.rb:244:in `call'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/handler/webrick.rb:95:in `service'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:140:in `service'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:96:in `run'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/webrick-1.7.0/lib/webrick/server.rb:310:in `block in start_thread'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2022-01-10T09:55:05 1a4c251f [I] Finished DELETE /dns/hq-1ploki.internal.domain.com/A with 400 (101.9 ms)
2022-01-10T09:55:05  [D] close: 10.85.136.161:50256

lzap · January 11, 2022, 7:39am

I can see it, the purpose of that patch was avoding escaping into shell, now we pass the command as an array. The second argument is passed as one with spaces.

lzap · January 11, 2022, 7:54am

Apply and report back please:

mdiorio · January 11, 2022, 3:27pm

Thanks. Still didn’t like it:

2022-01-11T10:18:50 33daa445 [D] executing: ["c:\\Windows\\System32\\dnscmd.exe", "hq-2pdom01.internal.domain.com", "/EnumZones"]
2022-01-11T10:18:50 33daa445 [D] Enumerated authoritative dns zones: ["_msdcs.internal.... "microsoft-email.com", "solstice_customer_internal", "staging.com", "TrustAnchors"]
2022-01-11T10:18:50 33daa445 [D] executing: ["c:\\Windows\\System32\\dnscmd.exe", "hq-2pdom01.internal.domain.com", "/EnumRecords", "internal.domain.com", "hq-1ploki.internal.domain.com.", "/Type", "A", "EnumRecords"]
2022-01-11T10:18:50 33daa445 [E] Command dnscmd failed

Why the second EnumRecords at the end of the command?

lzap · January 12, 2022, 6:57am

Okay before I prepare a third patch (we merged it actually already) can you test it and tell how the command line should look like? It definitely looks weird to me, probably some leftover from previous edits.

mdiorio · January 12, 2022, 3:20pm

I posted the command I can run successfully from the command line.

dnscmd hq-2pdom01.internal.domain.com /EnumRecords internal.domain.com hq-1ploki.internal.domain.com. /Type A

lzap · January 13, 2022, 1:13pm

Please apply this patch and report back. Once this is confirmed, we can merge and backport this into 3.1.

If you could to full testing of all the features we would appreciate - no Windows setup available for us to play with.

mdiorio · January 13, 2022, 2:05pm

What patch?

lzap · January 13, 2022, 2:07pm

mdiorio · January 13, 2022, 4:24pm

This works - which means all functions should work as expected now.

Thank you!