Test Steps for dnspython only (no OpenStack Designate required)
----------
1) Setup bind9 for 'example.tld':
$ sudo apt install bind9
- /etc/bind/named.conf.options: add in 'options':
listen-on port 12753 { 127.0.0.1/32; };
allow-query { any; };
allow-transfer { any; };
- /etc/bind/named.conf.local: add:
zone "example.tld" IN {
type master;
file "/etc/bind/example.tld.db";
};
- /etc/bind/example.tlb.db: create:
$TTL 5m
@ IN SOA ns.example.tld. email.example.tld. 90 4h 15m 8h 4m
@ IN NS ns.example.tld.
ns IN A 1.1.1.1
test IN A 1.2.3.4
$ sudo systemctl restart named.service
$ systemctl status named.service | grep Active:
Active: active (running) since ...
$ journalctl -u named.service | grep -e example.tld -e 'all zones
loaded'
... named[3668]: zone example.tld/IN: loaded serial 90
... named[3668]: all zones loaded
2) Test the basics and AXFR:
Basics:
$ dig +noall +authority @127.0.0.1 -p 12753 example.tld
example.tld. 240 IN SOA ns.example.tld.
email.example.tld. 90 14400 900 28800 240
$ dig +noall +answer @127.0.0.1 -p 12753 ns.example.tld
ns.example.tld. 300 IN A 1.1.1.1
$ dig +noall +answer @127.0.0.1 -p 12753 test.example.tld
test.example.tld. 300 IN A 1.2.3.4
AXFR:
$ dig +noall +answer @127.0.0.1 -p 12753 example.tld axfr
example.tld. 300 IN SOA ns.example.tld.
email.example.tld. 90 14400 900 28800 240
example.tld. 300 IN NS ns.example.tld.
ns.example.tld. 300 IN A 1.1.1.1
test.example.tld. 300 IN A 1.2.3.4
example.tld. 300 IN SOA ns.example.tld.
email.example.tld. 90 14400 900 28800 240
3) Test AXFR with dnspython:
Check same answers with python:
$ sudo apt install python3-dnspython
$ python3 -q
import dns.query
import dns.zone
axfr = dns.zone.from_xfr(dns.query.xfr(where='127.0.0.1', port=12753,
zone='example.tld', rdtype=dns.rdatatype.AXFR))
for node in axfr.nodes.keys():
print(axfr.nodes[node].to_text(node))
@ 300 IN SOA ns email 90 14400 900 28800 240
@ 300 IN NS ns
ns 300 IN A 1.1.1.1
test 300 IN A 1.2.3.4
Now set dns.query.xfr(lifetime=None, timeout=not None) to hit the bug:
axfr = dns.zone.from_xfr(dns.query.xfr(where='127.0.0.1', port=12753,
zone='example.tld', rdtype=dns.rdatatype.AXFR, lifetime=None, timeout=30))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3/dist-packages/dns/zone.py", line 1106, in
from_xfr
for r in xfr:
File "/usr/lib/python3/dist-packages/dns/query.py", line 611, in xfr
if mexpiration is None or mexpiration > expiration:
TypeError: '>' not supported between instances of 'float' and 'NoneType'
As reported:
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR
designate.dnsutils TypeError: '>' not supported between instances of
'float' and 'NoneType'
4) With the patch applied, the issue doesn't happen.
** Description changed:
[Impact]
- * Designate logs stack traces as per the original description.
+ * Designate logs stack traces as per the original description:
+
+ dns.query.xfr() w/ timeout=not None and lifetime=None (default):
+ `TypeError: '>' not supported between instances of 'float' and 'NoneType'`
+
* Backport will improve the robustness of Designate on Ubuntu.
- [Test Case] (Original Description)
+ [Test Case]
+
+ * Synthetic reproducer for dnspython alone in comment #11.
+
+ * See below for OpenStack Designate included:
+
### Scenario ###
1) Start remote BIND
Use some external host as a DNS server to tor AXFR the Zone from.
Note: BIND9 on RHEL is provided in attached doc.
2) From your setup check that AXFR is possible
dig @10.9.95.132 debuntu.foo axfr
3) Create a Secondary zone with:
openstack zone create debuntu.foo. --type SECONDARY --master 10.9.95.132
### Expected result ###
Secondary zone is created and ACTIVE
### Actual Result ###
Secondary zone gets into the ERROR statuses + Error in log
journalctl -f -u devstack@designate-mdns
Aug 25 12:56:43 seal08 designate-mdns[116065]: INFO designate.dnsutils [None
req-0fcfe0f2-b8cb-4eec-ae42-9ea88e089c69 None None] Doing AXFR for debuntu.foo.
from {'zone_id': 'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host': '10.35.64.8',
'port': 53, 'id': 'ba2932b2-3f81-4ad5-985c-86ce081fe62d', 'created_at':
datetime.datetime(2021, 8, 25, 9, 56, 44), 'updated_at': None, 'version': 1}
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils [None
req-0fcfe0f2-b8cb-4eec-ae42-9ea88e089c69 None None] Problem doing AXFR
debuntu.foo. from {'zone_id': 'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host':
'10.35.64.8', 'port': 53, 'id': 'ba2932b2-3f81-4ad5-985c-86ce081fe62d',
'created_at': datetime.datetime(2021, 8, 25, 9, 56, 44), 'updated_at': None,
'version': 1}. Trying next server.: TypeError: '>' not supported between
instances of 'float' and 'NoneType'
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
Traceback (most recent call last):
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
File "/opt/stack/designate/designate/dnsutils.py", line 358, in do_axfr
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
raw_zone = dns.zone.from_xfr(xfr, relativize=False)
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
File "/usr/local/lib/python3.8/dist-packages/dns/zone.py", line 1106, in
from_xfr
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
for r in xfr:
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
File "/usr/local/lib/python3.8/dist-packages/dns/query.py", line 611, in xfr
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
if mexpiration is None or mexpiration > expiration:
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
TypeError: '>' not supported between instances of 'float' and 'NoneType'
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
Aug 25 12:56:43 seal08 designate-mdns[116065]: WARNING designate.mdns.xfr
[None req-0fcfe0f2-b8cb-4eec-ae42-9ea88e089c69 None None] XFR failed for
debuntu.foo.. No servers in [{'zone_id':
'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host': '10.35.64.8', 'port': 53, 'id':
'ba2932b2-3f81-4ad5-985c-86ce081fe62d', 'created_at': datetime.datetime(2021,
8, 25, 9, 56, 44), 'updated_at': None, 'version': 1}] was reached.:
designate.exceptions.XFRFailure: XFR failed for debuntu.foo.. No servers in
[{'zone_id': 'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host': '10.35.64.8',
'port': 53, 'id': 'ba2932b2-3f81-4ad5-985c-86ce081fe62d', 'created_at':
datetime.datetime(2021, 8, 25, 9, 56, 44), 'updated_at': None, 'version': 1}]
was reached.
Aug 25 12:56:43 seal08 designate-mdns[116064]: DEBUG designate.service [None
req-b13130f1-3391-4bbc-b026-22f6ffefa71e None None] Handling UDP Request from:
10.35.64.8:38424 {{(pid=116064) _dns_handle_udp
/opt/stack/designate/designate/service.py:317}}
Aug 25 12:56:44 seal08 designate-mdns[116064]: DEBUG
designate.storage.impl_sqlalchemy [None
req-97b992fe-cf4f-4c84-bc3d-88556d9b9abc None None] Fetched zone <Zone
id:'ccadec69-4723-4c24-987f-7cb1587cff2c' type:'SECONDARY' name:'debuntu.foo.'
pool_id:'794ccc2c-d751-44fe-b57f-8894c9f5c842' serial:'1' action:'CREATE'
status:'PENDING'> {{(pid=116064) _find_zones
/opt/stack/designate/designate/storage/impl_sqlalchemy/__init__.py:252}}
Aug 25 12:56:44 seal08 designate-mdns[116058]: DEBUG designate.service [None
req-df0d9bc9-e4d6-43ff-b108-05b4005b4357 None None] Handling TCP Request from:
10.35.64.8:49715 {{(pid=116058) _dns_handle_tcp
/opt/stack/designate/designate/service.py:203}}
Aug 25 12:56:44 seal08 designate-mdns[116058]: DEBUG
designate.storage.impl_sqlalchemy [None
req-e1f94cdb-a9dc-434c-907c-54769d7375b8 None None] Fetched zone <Zone
id:'ccadec69-4723-4c24-987f-7cb1587cff2c' type:'SECONDARY' name:'debuntu.foo.'
pool_id:'794ccc2c-d751-44fe-b57f-8894c9f5c842' serial:'1' action:'CREATE'
status:'PENDING'> {{(pid=116058) _find_zones
/opt/stack/designate/designate/storage/impl_sqlalchemy/__init__.py:252}}
### Note ###
Michael has already found the reason.
From:Michael Johnson
Aug 26, 2021, 8:13 PM (3 days ago)
to me
Ok, so this is a bug in the "dnspython" library designate uses.
Version 1.16 which you had installed has:
if mexpiration is None or mexpiration > expiration:
mexpiration = expiration
Which is broken.
Version 2.0.0rc1 has:
(https://github.com/rthalley/dnspython/blob/v2.0.0rc1/dns/query.py#L925)
if mexpiration is None or \
(expiration is not None and mexpiration > expiration):
mexpiration = expiration
Which works.
[Where problems could occur]
* This small patch improves the robustness of python library code.
- Issues should be self evident in errors logged.
+ Issues should be self evident in errors logged.
+
+ [Other Info]
+
+ * Jammy+ have the fix. Focal/Bionic don't have it.
--
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1941988
Title:
[SRU] Designate DNS – Secondary zone is failed to be created and gets
into the ERROR status
Status in OpenStack Designate Charm:
New
Status in Designate:
Fix Released
Status in dnspython package in Ubuntu:
Fix Released
Status in dnspython3 package in Ubuntu:
Invalid
Status in dnspython source package in Focal:
In Progress
Status in dnspython3 source package in Focal:
Invalid
Bug description:
[Impact]
* Designate logs stack traces as per the original description:
dns.query.xfr() w/ timeout=not None and lifetime=None (default):
`TypeError: '>' not supported between instances of 'float' and 'NoneType'`
* Backport will improve the robustness of Designate on Ubuntu.
[Test Case]
* Synthetic reproducer for dnspython alone in comment #11.
* See below for OpenStack Designate included:
### Scenario ###
1) Start remote BIND
Use some external host as a DNS server to tor AXFR the Zone from.
Note: BIND9 on RHEL is provided in attached doc.
2) From your setup check that AXFR is possible
dig @10.9.95.132 debuntu.foo axfr
3) Create a Secondary zone with:
openstack zone create debuntu.foo. --type SECONDARY --master 10.9.95.132
### Expected result ###
Secondary zone is created and ACTIVE
### Actual Result ###
Secondary zone gets into the ERROR statuses + Error in log
journalctl -f -u devstack@designate-mdns
Aug 25 12:56:43 seal08 designate-mdns[116065]: INFO designate.dnsutils [None
req-0fcfe0f2-b8cb-4eec-ae42-9ea88e089c69 None None] Doing AXFR for debuntu.foo.
from {'zone_id': 'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host': '10.35.64.8',
'port': 53, 'id': 'ba2932b2-3f81-4ad5-985c-86ce081fe62d', 'created_at':
datetime.datetime(2021, 8, 25, 9, 56, 44), 'updated_at': None, 'version': 1}
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils [None
req-0fcfe0f2-b8cb-4eec-ae42-9ea88e089c69 None None] Problem doing AXFR
debuntu.foo. from {'zone_id': 'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host':
'10.35.64.8', 'port': 53, 'id': 'ba2932b2-3f81-4ad5-985c-86ce081fe62d',
'created_at': datetime.datetime(2021, 8, 25, 9, 56, 44), 'updated_at': None,
'version': 1}. Trying next server.: TypeError: '>' not supported between
instances of 'float' and 'NoneType'
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
Traceback (most recent call last):
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
File "/opt/stack/designate/designate/dnsutils.py", line 358, in do_axfr
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
raw_zone = dns.zone.from_xfr(xfr, relativize=False)
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
File "/usr/local/lib/python3.8/dist-packages/dns/zone.py", line 1106, in
from_xfr
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
for r in xfr:
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
File "/usr/local/lib/python3.8/dist-packages/dns/query.py", line 611, in xfr
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
if mexpiration is None or mexpiration > expiration:
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
TypeError: '>' not supported between instances of 'float' and 'NoneType'
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils
Aug 25 12:56:43 seal08 designate-mdns[116065]: WARNING designate.mdns.xfr
[None req-0fcfe0f2-b8cb-4eec-ae42-9ea88e089c69 None None] XFR failed for
debuntu.foo.. No servers in [{'zone_id':
'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host': '10.35.64.8', 'port': 53, 'id':
'ba2932b2-3f81-4ad5-985c-86ce081fe62d', 'created_at': datetime.datetime(2021,
8, 25, 9, 56, 44), 'updated_at': None, 'version': 1}] was reached.:
designate.exceptions.XFRFailure: XFR failed for debuntu.foo.. No servers in
[{'zone_id': 'ccadec69-4723-4c24-987f-7cb1587cff2c', 'host': '10.35.64.8',
'port': 53, 'id': 'ba2932b2-3f81-4ad5-985c-86ce081fe62d', 'created_at':
datetime.datetime(2021, 8, 25, 9, 56, 44), 'updated_at': None, 'version': 1}]
was reached.
Aug 25 12:56:43 seal08 designate-mdns[116064]: DEBUG designate.service [None
req-b13130f1-3391-4bbc-b026-22f6ffefa71e None None] Handling UDP Request from:
10.35.64.8:38424 {{(pid=116064) _dns_handle_udp
/opt/stack/designate/designate/service.py:317}}
Aug 25 12:56:44 seal08 designate-mdns[116064]: DEBUG
designate.storage.impl_sqlalchemy [None
req-97b992fe-cf4f-4c84-bc3d-88556d9b9abc None None] Fetched zone <Zone
id:'ccadec69-4723-4c24-987f-7cb1587cff2c' type:'SECONDARY' name:'debuntu.foo.'
pool_id:'794ccc2c-d751-44fe-b57f-8894c9f5c842' serial:'1' action:'CREATE'
status:'PENDING'> {{(pid=116064) _find_zones
/opt/stack/designate/designate/storage/impl_sqlalchemy/__init__.py:252}}
Aug 25 12:56:44 seal08 designate-mdns[116058]: DEBUG designate.service [None
req-df0d9bc9-e4d6-43ff-b108-05b4005b4357 None None] Handling TCP Request from:
10.35.64.8:49715 {{(pid=116058) _dns_handle_tcp
/opt/stack/designate/designate/service.py:203}}
Aug 25 12:56:44 seal08 designate-mdns[116058]: DEBUG
designate.storage.impl_sqlalchemy [None
req-e1f94cdb-a9dc-434c-907c-54769d7375b8 None None] Fetched zone <Zone
id:'ccadec69-4723-4c24-987f-7cb1587cff2c' type:'SECONDARY' name:'debuntu.foo.'
pool_id:'794ccc2c-d751-44fe-b57f-8894c9f5c842' serial:'1' action:'CREATE'
status:'PENDING'> {{(pid=116058) _find_zones
/opt/stack/designate/designate/storage/impl_sqlalchemy/__init__.py:252}}
### Note ###
Michael has already found the reason.
From:Michael Johnson
Aug 26, 2021, 8:13 PM (3 days ago)
to me
Ok, so this is a bug in the "dnspython" library designate uses.
Version 1.16 which you had installed has:
if mexpiration is None or mexpiration > expiration:
mexpiration = expiration
Which is broken.
Version 2.0.0rc1 has:
(https://github.com/rthalley/dnspython/blob/v2.0.0rc1/dns/query.py#L925)
if mexpiration is None or \
(expiration is not None and mexpiration > expiration):
mexpiration = expiration
Which works.
[Where problems could occur]
* This small patch improves the robustness of python library code.
Issues should be self evident in errors logged.
[Other Info]
* Jammy+ have the fix. Focal/Bionic don't have it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-designate/+bug/1941988/+subscriptions
--
Mailing list: https://launchpad.net/~sts-sponsors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~sts-sponsors
More help : https://help.launchpad.net/ListHelp
