Section 18.2.1, DNS Loads Zone Database from the File despite eDirectory Availability
Section 18.2.3, Insufficient Permissions for LDAP Admin User
Section 18.2.4, Failed to create the DNS Server object for the Virtual NCP Server
Section 18.2.8, Error message when you add RootServInfo that gives an undefined attribute
Section 18.2.9, Removal of DNS schema post usage of Remove Schema option of dns-maint
Section 18.2.10, Dynamic DNS (DDNS) Fails To Work After Migrating From NetWare to OES Linux
Section 18.2.11, Deleting a huge zone file through iManager throws a “Service Unavailable” error
Cause: The zone database files are modified without updating the SOA serial number. DNS compares the SOA serial number from the file as well as eDirectory. When the serial numbers are same, DNS loads the zone from the file instead of eDirectory. If there is a difference in the serial numbers, it ignores the file and reads from eDirectory. This improves the DNS load time performance.
Action: If administrator modifies the zone database files, the SOA serial number also requires to be modified.
Action: Remove the zone database files and load DNS. The zone database is read from eDirectory and dumped into the files.
Cause: The DNS schema is not synchronized in the eDirectory tree.
Action: If you are attaching the Linux server to an existing NetWare tree where DNS is not installed, make sure you extend the DNS schema before installing DNS on the Linux tree. If you are attaching the Linux server to an existing NetWare tree where DNS is installed, make sure the RootServerInfo object on NetWare does not have redundant create and delete permissions for the DNSDHCP-Group object at the entry level permissions.
Cause: The LDAP user has insufficient permissions for eDirectory objects.
Action: Ensure that adequate permissions are assigned to the user as per Section 6.1.2, eDirectory Permissions
Cause: Preferred nodes are not set to the Virtual NCP server
Action: Set the association between the preferred node and the Virtual NCP server.
If DNS Server fails to load with the following log:
Critical: Unable to read Locator reference from NCP server
Error: Error occurred when getting the Virtual NCP server IP address
Cause: DNS Server is unable to retrieve the Locator reference from NCP Server.
Action: Add DNS-DHCPGroup or Proxy user as trustee of the NCP Server with the following rights:
All Attribute rights - Compare, Read
Entry Rights - Browse
Cause: The daemons required for novell-named to start have not been loaded.
Action: Make sure you have loaded all the dependent daemons. For a list of dependent daemons, see Section 13.6, Starting the DNS Server
Cause: No credentials are set in CASA.
Action: Verify the credentials set in CASA by using the CASAcli -l command in the console. If no information is displayed, set the CASA credentials by using the following command:
KEYVALUE=<DN of runtime user> CASAcli -s -n dns-ldap -k CN
KEYVALUE=<password of runtime user> CASAcli -s -n dns-ldap -k Password
To reset the CASA credential for DNS, use dns-maint, dns-inst, or YaST2 to reset the existing user password. However, for an existing DNS runtime user in eDirectory, you must have the correct password before trying to reset. For a new DNS runtime user and update to the CASA store, use dns-maint, dns-inst, or YaST2.
Cause: On the Cluster setup, the /etc/rndc.key file is not same on all the cluster nodes.
Action: Ensure that the /etc/rndc.key file is same by copying it across all the nodes on the cluster setup.
Cause: You are loading novell-named with the chroot (-t) option.
Action: Include the sys_chroot capability in the DNS AppArmor profile.Restart AppArmour using rcapparmor reload command.
Cause: novell-named might have been blocked by the AppArmor process.
Action: Run AppArmor in complain mode to see if novell-named has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide
Cause: novell-named and BIND DNS (named) both leverage rndcbin to perform the start, stop, and status queries. rndc, a popular Linux command line tool, remotely manages DNS. novell-bind continued to support the same feature. For the query operations (start/stop/status), rndcbin sends a command to standard DNS control port and waits for the response. However, it does not check which DNS server is listening on this port. If both the servers are loaded in your system (which is highly unlikely), the server that starts first gets the control port access and listens to it. The status is shown for the server that is loaded and that acquired control over the port. This is because bind-based rndc does not expect two DNS servers running in the system.This behavior is an rndc restriction and is the way DNS servers dictate the control port.
Action: Running two DNS servers on same system is highly unlikely. Leveraging rndcbin for query functionality either for named or novell-named doesn’t cause an issue, provided you explicitly ensure that only one DNS server is running on the system. This ensures that the rndcbin queries correctly identify the DNS server on the system.
Cause: novell-xregd is not running.
Action: Load novell-xregd if it is not running. Then load novell-named again.
Error: [bash] ShellCommand.cc(shellcommand):78. Adding DNS RootServerInfo object failed error_code:17:error_message: Undefined attribute type
Cause: This is a schema synchronization issue.
Action: Ensure that the schema is extended properly, wait for the schema synchronization to occur, then try it again.
Action:
See Troubleshooting Schema
in the Novell eDirectory 8.8 Troubleshooting Guide.
Action: See TID 7003923 for more information.
Cause: The Tomcat server restarts in the middle of import, export, or delete operation. This is due to the cache time out of Tomcat server.
Action: If the Resource records are not serving the zone, then de-associate the zone from the server using iManager or Java Console.Now, delete the large zone using a separate instance of Java Console as no cache is involved.
or
Action: For importing, Zone Handler can be used as an alternative.
Cause: After installing and configuring the DNS server, starting the server fails. It exits with a fatal error. This occurs as eDirectory does not respond on NCP port 524.
Action: Open the /etc/hosts file and remove the loopback interface entries. Remove all entries such as 127.0.0.2, 12.0.0.3, and so on, except 127.0.0.1.