Description
After running Configuration Wizard on an appliance whose Allowed Domains List is empty, Captive Portal pages do not load. Additionally, named service is unable to start.
> service named-chroot status
Redirecting to /bin/systemctl status named-chroot.service
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2021-03-16 14:13:53 EDT; 2min 11s ago
Process: 1297 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
bash[1297]: /etc/named.conf:164: forwarders declared in root zone and in general conf...mmon:1
bash[1297]: /etc/named.conf:210: forwarders declared in root zone and in general conf...mmon:1
<...>
systemd[1]: named-chroot.service: control process exited, code=exited status=1
systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
systemd[1]: Unit named-chroot.service entered failed state.
systemd[1]: named-chroot.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
/var/log/messages show similar entries:
bash: /etc/named.conf:164: forwarders declared in root zone and in general configuration: zones.common:1
bash: /etc/named.conf:210: forwarders declared in root zone and in general configuration: zones.common:1
bash: /etc/named.conf:256: forwarders declared in root zone and in general configuration: zones.common:1
To view the Allowed Domains List, login to the Administration UI and navigate to System -> Settings -> Control -> Allowed Domains.
When Configuration Wizard is run on an appliance with an empty Allowed Domains list, the DNS (named) service does not start. An additional line is added to the zones.common file of the Server/Application Server. The file content looks similar to the following:
///////////////////////////////////////////////////////////////////
//version - CUSTOM written from ZonesFileTable.jsp
// These are common zones that are used for PC Updates
// Add new zones as needed
// Reminder: These should be Domains and not hosts or URL's
// Change the Forwarder IP to point at the customer DNS server
// You will need to restart DNS after making changes to this file
//////////////////////////////////////////////////////////////////
forwarders { 10.107.32.36;10.100.2.31; };
The "forwarders" line prevents the named service from starting.
Scope
Version: 8.2 and above
Solution
Workaround Option 1.
UI Method (Recommended)
Add a single domain to the Allowed Domains List. It does not have to be a legitimate domain.
1) Navigate to System -> Settings -> Control -> Allowed Domains.
2) Click Add Domain.
3) Enter a name to act as a placeholder such as "doNotDelete.PlaceHolder.com" (without quotes)
4) Click OK.
5) Click Save Settings.
Portal Pages should now be accessible. Additionally, Configuration Wizard can be modified and the DNS service should restart as expected.
Workaround Option 2.
CLI Method.
1) Login to the CLI as root of the Server/Application server.
2) Modify /var/named/chroot/etc/zones.common and remove the "forwarders" line and save.
3) Restart the named service.
service named-chroot restart
4) Verify named services are running.
service named-chroot status
5) Make a copy of the the file to be used after future Configuration Wizard modifications
cp /var/named/chroot/etc/zones.common /var/named/chroot/etc/zones.common.fix
Portal Pages should now be accessible.
Important: To prevent the behavior from returning, add a domain to the Allowed Domains list (Workaround Option 1). Otherwise, the below procedure must be followed after each Configuration Wizard modification:
1) Login to the CLI as root of the Server/Application server.
2) Run the below two commands:
cp /var/named/chroot/etc/named.conf.fix /var/named/chroot/etc/named.conf
service named-chroot restart
Solution: Addressed in versions 8.8.6 and 9.1.0.
ID 546489.
