Uncaught 500 error from API for malformed SOA record

[m33x-7]

Terraform Version

$terraform --version
Terraform v0.12.20
+ provider.powerdns v1.3.0

Affected Resource(s)

• powerdns_record

Terraform Configuration Files

resource "powerdns_record" "a" {
  zone = "example.com"
  name = "test.example.com."
  type = "A"
  ttl  = "86400"
  records = ["192.168.1.1"]
}

Debug Output

https://gist.github.com/m33x-7/4714f03fc12e04640fd075098a1f9ae4#file-apply-trace-1
https://gist.github.com/m33x-7/4714f03fc12e04640fd075098a1f9ae4#file-apply-trace-2
https://gist.github.com/m33x-7/4714f03fc12e04640fd075098a1f9ae4#file-tfstate-after-apply
https://gist.github.com/m33x-7/4714f03fc12e04640fd075098a1f9ae4#file-destroy-trace-1
https://gist.github.com/m33x-7/4714f03fc12e04640fd075098a1f9ae4#file-tfstate-after-destroy

pdns server log:

HTTP ISE for "/api/v1/servers/localhost/zones/example.com": STL Exception: Parsing record content (try 'pdnsutil check-zone'): missing field at the end of record content '  2020072800 28800 7200 604800 86400'

API curl:

curl -v -H "X-API-Key: <--snip-->" http://localhost:8081/api/v1/servers/localhost/zones/example.com
* About to connect() to localhost port 8081 (#0)
*   Trying localhost...
* Connected to localhost (localhost) port 8081 (#0)
> GET /api/v1/servers/localhost/zones/example.com HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8081
> Accept: */*
> X-API-Key: <--snip-->
>
< HTTP/1.1 500 Internal Server Error
< Connection: close
< Content-Length: 21
< Content-Type: text/plain; charset=utf-8
< Server: PowerDNS/4.1.6
<
* Closing connection 0

Panic Output

None

Expected Behavior

On error from the API terraform bails out and doesn't create the record

Actual Behavior

Terraform created the record, even though there was an error, but doesn't see that it's been created so attempts to create it again on further applys, and can't destroy the record.

Steps to Reproduce

1. Create a malformed SOA record, e.g. it's missing MNAME and / or RNAME
2. terraform apply with the above config, record is created
3. terraform apply or terraform plan attempts to create the record again, even though it's in the statefile
4. terraform destroy removes state, but doesn't remove the record

Important Factoids

Malformed SOA record was created by PowerAdmin, likely down to a configuration fault on my end. However outside of using the API DNS lookups are / were working fine.

Fixing the SOA record resolves the issue.

References

None

[mbag]

hi @m33x-7 thanks for reporting issue. I'll try to reproduce, but I need one clarification first. Is it possible to create malformed SOA using PowerDNS API, or do I have to use PowerAdmin (and is this it: https://github.com/poweradmin/poweradmin) or can I use pdnsutil or manually enter record into database?

Just a side note. In API curl section you left API key value in -H "X-API-Key: header, but removed it later on. If this is just some random key then OK, but if it is a production key, then you might want to consider changing it just in case.

[m33x-7]

Hi @mbag thanks for catching that, luckily not a production box but still not something I wanted to escape.

pdnsutil and the api enforce creation of the SOA with all the attributes that are supposed to be there. It looks like we've run into this because PowerAdmin is doing SQL writes directly, and SQL is how we've traditionally managed PowerDNS in production. However in production we're not using PowerAdmin, but a stored proc which is setting everything up correctly.

So at this point it's a pretty contrived failure, if you still want to try replicating it the following should do it:

INSERT INTO domains (name,type) VALUES ('example.com','MASTER');
SELECT id INTO @domain_id FROM domains WHERE name = 'example.com';
INSERT INTO records (domain_id,name,type,content,ttl) VALUES (@domain_id,'example.com','SOA',' 2020072902 10800 3600 604800 86400',86400);