[Bug 1487283] [NEW] DNS forwarding doesn't work because MAAS enables dnssec

Alexander List 1487283 at bugs.launchpad.net
Fri Aug 21 03:40:27 UTC 2015 

Public bug reported:

I have a MAAS server that uses a box running dnsmasq as a DNS forwarder.

With MAAS enabling dnssec by default, I get errors like these and DNS
resolution from the MAAS provisioned machines doesn't work beyond what
MAAS manages.

Aug 21 01:29:17 maas-region-hkg named[1147]: error (no valid RRSIG) resolving 'mediawiki/DS/IN': <ipv4addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (network unreachable) resolving 'mediawiki/DS/IN': <ipv6addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (network unreachable) resolving 'mediawiki/DS/IN': <ipv6addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (insecurity proof failed) resolving 'mediawiki/AAAA/IN': <ipv4addr>#53
Aug 21 01:29:17 maas-region-hkg named[1147]: error (insecurity proof failed) resolving 'mediawiki/A/IN': <ipv4addr>#53

/etc/bind/named.conf options contains this stanza:

//
// This file is managed by MAAS. Although MAAS attempts to preserve changes
// made here, it is possible to create conflicts that MAAS can not resolve.
//
// DNS settings available in MAAS (for example, forwarders and
// dnssec-validation) should be managed only in MAAS.

I I disable dnssec, name resolution works, and I didn't find a place in
the web UI where I can disable dnssec.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: maas 1.7.6+bzr3376-0ubuntu2~14.04.1
ProcVersionSignature: Ubuntu 3.19.0-25.26~14.04.1-generic 3.19.8-ckt2
Uname: Linux 3.19.0-25-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: amd64
Date: Fri Aug 21 02:55:27 2015
InstallationDate: Installed on 2015-08-10 (10 days ago)
InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: maas
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: maas (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1487283

Title:
  DNS forwarding doesn't work because MAAS enables dnssec

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1487283/+subscriptions

More information about the Ubuntu-server-bugs mailing list