[Freeipa-users] "DNS resource record not found" error when searching or deleting records

Rob Crittenden rcritten at redhat.com
Mon Dec 7 19:30:16 UTC 2015 

Andrey Ptashnik wrote:
> Martin,
> 
> For my education, how did you identify that from my output?

The +nsuniqueid=<UUID> in the dn.

When managing entries in IPA it constructs the DN based on the values
provided which is why you got a notfound for webapps001.mz984, because
it literally doesn't exist. It has a +nsuniqueid appended to it.

There are plans to make conflict resolution simpler and more obvious.

rob

> 
> Regards,
> 
> Andrey Ptashnik
> 
> 
> From: Martin Basti <mbasti at redhat.com <mailto:mbasti at redhat.com>>
> Date: Monday, December 7, 2015 at 1:24 PM
> To: Andrey Ptashnik <APtashnik at cccis.com <mailto:APtashnik at cccis.com>>,
> "freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>"
> <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> Subject: Re: [Freeipa-users] "DNS resource record not found" error when
> searching or deleting records
> 
> Yes, it is replication conflict.
> 
> Please follow:
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
> 
> On 07.12.2015 20:19, Andrey Ptashnik wrote:
>> Martin,
>>
>> Here is the output you requested:
>>
>> [root at ipa-idm]# ipa dnsrecord-find 123.xyz.com mz984  --all --raw
>>   dn:
>> idnsName=webapps001.mz984+nsuniqueid=650db4bc-88c511e5-90e7864e-76f6b2c3,idnsname=123.xyz.com.,cn=dns,dc=123,dc=xyz,dc=com
>>   idnsname: webapps001.mz984
>>   arecord: 10.16.9.232
>>   dNSTTL: 1200
>>   objectClass: idnsRecord
>>   objectClass: top
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>> [root at ipa-idm]# 
>>
>> Regards,
>>
>> Andrey Ptashnik
>>
>>
>> From: Martin Basti <<mailto:mbasti at redhat.com>mbasti at redhat.com>
>> Date: Monday, December 7, 2015 at 12:45 PM
>> To: Andrey Ptashnik <APtashnik at cccis.com
>> <mailto:APtashnik at cccis.com>>, "freeipa-users at redhat.com
>> <mailto:freeipa-users at redhat.com>" <freeipa-users at redhat.com
>> <mailto:freeipa-users at redhat.com>>
>> Subject: Re: [Freeipa-users] "DNS resource record not found" error
>> when searching or deleting records
>>
>>
>>
>> On 07.12.2015 18:08, Andrey Ptashnik wrote:
>>> Dear Team,
>>>
>>> I’m trying to remove DNS records from IPA server and getting
>>> following error: "ipa: ERROR: webapps001.mz984: DNS resource record
>>> not found"
>>> I suspect that there was such server "webapps001.mz984" in the past
>>> properly added to IPA server via “spa-client-install” utility , but
>>> it was probably crashed and removed from the network without running
>>> "ipa-client-install —uninstall”.
>>>
>>> I’m able to locate this record via CLI:
>>>
>>> [root at ipa-idm]# ipa dnsrecord-find 123.xyz.com mz984
>>>   Record name: webapps001.mz984
>>>   A record: 10.16.9.232
>>> ----------------------------
>>> Number of entries returned 1
>>> ----------------------------
>>> [root at ipa-idm]#
>>>
>>> This is what happens when I’m trying to delete this record:
>>>
>>> [root at ipa-idm]# ipa dnsrecord-del 123.xyz.com. webapps001.mz984
>>> --a-rec 10.16.9.232
>>> ipa: ERROR: webapps001.mz984: DNS resource record not found
>>> [root at ipa-idm]#
>>>
>>> This is my DNS zone config:
>>>
>>> [root at ipa-idm]# ipa dnszone-show 123.xyz.com
>>>   Zone name: 123.xyz.com.
>>>   Active zone: TRUE
>>>   Authoritative nameserver: ipa-idm.123.xyz.com.
>>>   Administrator e-mail address: hostmaster.123.xyz.com.
>>>   SOA serial: 1449502971
>>>   SOA refresh: 1800
>>>   SOA retry: 900
>>>   SOA expire: 604800
>>>   SOA minimum: 900
>>>   Allow query: any;
>>>   Allow transfer: 10.xxx.xxx.xxx
>>> [root at ipa-idm]# 
>>>
>>> [root at ipa-idm]# ipa dnsconfig-show
>>>   Allow PTR sync: TRUE
>>> [root at ipa-idm]#
>>>
>>> In Web GUI when I’m trying to search for this particular record
>>> “Operations Error” window appears with "DNS resource record not
>>> found” error message.
>>>
>>> Are there any ways to forcefully delete such stalled records or find
>>> out the root cause of this error message?
>>>
>>> Regards,
>>>
>>> Andrey Ptashnik
>>>
>>>
>>>
>>>
>> Hello,
>>
>> please execute:
>> ipa dnsrecord-find 123.xyz.com mz984  --all --raw
>>
>> I suspect that they might be a replication conflict, I need to see
>> output of command to be sure.
>>
>> Martin
> 
> 
>

More information about the Freeipa-users mailing list