Problem: New DNS entries are not found on backup or slave servers

Knowledge Base Community
, , , ,
#1

Problem:

New DNS entries are not found on backup or slave servers.

Environment

  • Many DNS or large zones (approx above 50) configured.
  • UCR-variable set to “dns/backend=ldap
  • UCS replication is fine:
root@ucs:/usr/lib/nagios/plugins# ./check_univention_replication 
OK: replication complete (nid=2868 lid=2868)
  • "dig reports an error “SERVFAIL”:
# dig @localhost ucs.multi.ucs 

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @localhost ucs.multi.ucs 
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26216
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
ucs.multi.ucs.             IN      A

;; Query time: 219 msec
;; SERVER: localhost#53(127.0.0.1)
;; WHEN: Mon Apr 25 10:05:15 2011
;; MSG SIZE  rcvd: 35

Solution

This is a bug which monitors starting times of a service and tries to restart the service in case of timeout. Please update your systems to at least UCS 4.4-4 e503 and set your variable:

ucr set dns/timeout-start=180 # or use a larger value

As long as it is not fixed you might edit (at your own risk!) the related file /usr/lib/univention-bind/ldap and replace the 30 second timeout with a higher value (i.e. 120):
Change
/usr/bin/timeout 30 /bin/sh -c \
to
/usr/bin/timeout 120 /bin/sh -c \
to

Additional note: This might happen when using samba4 as backend, too. To fix (at your own risk) change the timeout line as shown above in the files samba4, too.

Mastodon