Section 18.2.4, DNS Loads Zone Database from the File Despite eDirectory Availability
Section 18.2.6, Insufficient Permissions for LDAP Admin User
Section 18.2.7, Failed to create the DNS Server Object for the Virtual NCP Server
Section 18.2.11, Error Message When You Add RootServInfo That Gives an Undefined Attribute
Section 18.2.12, Removal of DNS Schema Post Usage of Remove Schema Option of dns-maint
Section 18.2.13, Dynamic DNS (DDNS) Fails To Work After Migrating From NetWare to OES
Cause: DNS service configured with service proxy fails to come up after upgrading to OES 2018 or later. This is because the service proxy users are not migrated to OES Credential Store (OCS).
Action: To resolve this issue, perform the following:
Login as root user.
Run yast2 novell-dns and then enter eDirectory user password.
Specify the DNS proxy user password.
Click Next and continue with DNS configuration.
Verify the DNS service is up and running by using the following command:
systemctl status novell-named.service
Verify the service entry is present in OES Credential Store by using the following command:
oescredstore -l
Cause: NIT is unable to fetch the updated UID of the named user. This causes failure of novell-named service start on cluster nodes.
Action:
Verify the UID of the named user using the command nitconfig getuserinfo fromname <named-user-context>.
For example, nitconfig getuserinfo fromname .cn=named.o=dnsclustzorg.T=CLUST-TREE.
If the UID is not shown as 44, execute the following commands:
namconfig cache_refresh to refresh the cache.
systemctl restart novell-nit.service to restart NIT daemon.
To ensure that the named UID is shown as 44, execute the command nitconfig getuserinfo fromname <named-user-context> again.
If novell-named is unable to access eDirectory and reports the error: NWCallsInit failed with error code:-1 , you must verify if the rcnovell-xregd service is started by executing the following command:
rcnovell-xregd status or systemctl status novell-xregd.service
If the service is running and you still observe this error then you need to rebuild the xtier registry. For more information, refer to TID 7008478.
Cause: The zone database files are modified without updating the SOA serial number. DNS compares the SOA serial number from the file as well as eDirectory. When the serial numbers are same, DNS loads the zone from the file instead of eDirectory. If there is a difference in the serial numbers, it ignores the file and reads from eDirectory. This improves the DNS load time performance.
Action: If administrator modifies the zone database files, the SOA serial number also requires to be modified.
Action: Remove the zone database files and load DNS. The zone database is read from eDirectory and dumped into the files.
Cause: The DNS schema is not synchronized in the eDirectory tree.
Action: If you are attaching the Linux server to an existing NetWare tree where DNS is not installed, make sure you extend the DNS schema before installing DNS on the Linux tree. If you are attaching the Linux server to an existing NetWare tree where DNS is installed, make sure the RootServerInfo object on NetWare does not have redundant create and delete permissions for the DNSDHCP-Group object at the entry level permissions.
Cause: The LDAP user has insufficient permissions for eDirectory objects.
Action: Ensure that adequate permissions are assigned to the user as per Section 6.1.2, eDirectory Permissions
Cause: Preferred nodes are not set to the Virtual NCP server
Action: Set the association between the preferred node and the Virtual NCP server.
If DNS Server fails to load with the following log:
Critical: Unable to read Locator reference from NCP server
Error: Error occurred when getting the Virtual NCP server IP address
Cause: DNS Server is unable to retrieve the Locator reference from NCP Server.
Action: Add DNS-DHCPGroup or Proxy user as trustee of the NCP Server with the following rights:
All Attribute rights - Compare, Read
Entry Rights - Browse
Cause: The daemons required for novell-named to start have not been loaded.
Action: Make sure you have loaded all the dependent daemons. For a list of dependent daemons, see Section 13.5, Starting the DNS Server
Cause: No credentials are set in OES Credential Store.
Action: Verify the credentials set in OES Credential Store by using the oescredstore -l command in the console. If no information is displayed, set the OES Credential Store credentials by using the following command:
oescredstore -s -n dns-ldap -u <username> -p <password>
For example, to set the credentials of the runtime admin dnsadmin, execute the following command:
oescredstore -s -n dns-ldap -u cn=dnsadmin,o=novell -p Password
To reset the OES Credential Store credential for DNS, use dns-maint, dns-inst, or YaST2 to reset the existing user password. However, for an existing DNS runtime user in eDirectory, you must have the correct password before trying to reset. For a new DNS runtime user and update to the OES Credential Store, use dns-maint, dns-inst, or YaST2.
Cause: On the Cluster setup, the /etc/rndc.key file is not same on all the cluster nodes.
Action: Ensure that the /etc/rndc.key file is same by copying it across all the nodes on the cluster setup.
Cause: You are loading novell-named with the chroot (-t) option.
Action: Include the sys_chroot capability in the DNS AppArmor profile.Restart AppArmour using rcapparmor reload command.
Cause: novell-named might have been blocked by the AppArmor process.
Action: Run AppArmor in complain mode to see if novell-named has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide
Cause: novell-named and BIND DNS (named) both leverage rndcbin to perform the start, stop, and status queries. rndc, a popular Linux command line tool, remotely manages DNS. novell-bind continued to support the same feature. For the query operations (start/stop/status), rndcbin sends a command to standard DNS control port and waits for the response. However, it does not check which DNS server is listening on this port. If both the servers are loaded in your system (which is highly unlikely), the server that starts first gets the control port access and listens to it. The status is shown for the server that is loaded and that acquired control over the port. This is because bind-based rndc does not expect two DNS servers running in the system.This behavior is an rndc restriction and is the way DNS servers dictate the control port.
Action: Running two DNS servers on same system is highly unlikely. Leveraging rndcbin for query functionality either for named or novell-named doesn’t cause an issue, provided you explicitly ensure that only one DNS server is running on the system. This ensures that the rndcbin queries correctly identify the DNS server on the system.
Cause: novell-xregd is not running.
Action: Load novell-xregd if it is not running. Then load novell-named again.
Error: [bash] ShellCommand.cc(shellcommand):78. Adding DNS RootServerInfo object failed error_code:17:error_message: Undefined attribute type
Cause: This is a schema synchronization issue.
Action: Ensure that the schema is extended properly, wait for the schema synchronization to occur, then try it again.
Action: See Troubleshooting Schema in the NetIQ eDirectory Administration Guide.
Action: See TID 7003923 for more information.
Cause: After installing and configuring the DNS server, starting the server fails. It exits with a fatal error. This occurs as eDirectory does not respond on NCP port 524.
Action: Open the /etc/hosts file and remove the loopback interface entries. Remove all entries such as 127.0.0.2, 12.0.0.3, and so on, except 127.0.0.1.