so your pxe server has nsh installed on it, and you are manually starting the nsh client and cd'd to one of the target systems?
if you look in the rscd.log on the target server when you get the error, what is the log line? can you attach that rscd.log ?
yes.. NSH is installed and cd'd to one of the target systems.
rscd.log on target machine shows: "rscd - <IP address of source (pxe server)> 4637 0/0 (root): nsh: Host not authorized
Ok, so what is in the exports file on the target ? it’s showing that the ip of the pxe is not allowed to connect.
the exports file has the server name of the source server
<server name> rw, user=root
As I mentioned earlier it works if I restart the rscd agent on the target server.
So how long does it take your dns cache to refresh w/ the new ip?
The DNS refresh is done immediately.
And from the target if you ping the hostname, right after the ip change, you resolve the new ip ? the rscd should use the OS’s dns caching, I don’t believe it does its own caching.
when I ping the servername it does reolve to new ip.
Based on our findings it looks like when the rscd is started it stores the ip address in a cache. Which may be creating its own cache.
Yes. We can resolve to the new IP once the IP change is done. I feel rscd on the targethost has cached the IP address in it.. so even though hostname exists in /etc/rsc/exports file, its not resolving and taking the IP..
If I add the changed IP to /etc/rsc/exports file on one of the targethost, cd //<targethost> will work.. Then even if I remove the IP address, cd //<targethost> works fine. But this is not feasible bcos I've to add this changed IP to many servers and remove it later.
Open a ticket w/ support… I’d expected it to use whatever the os has for a cache, not it’s own.
I don't think this is a host resolution issue, because I tested it and (unless it changed in whatever version you're using) the error thrown when the resolution fails is this:
(Not_available): (Not_available): Failed to resolve Host entry: <hostname>
By "Host entry" it refers to the host entry in exports. I purposely added a host that was not in the dns. I then manually added it to the server's hosts file and it passed. So if you get the error saying it's not authorized, there must be something else at play.
i actually see the behaviour too.
- access server1 from server2 via nsh
- update bind w/ the new ip for server2, reload named
- reip server2
- no authorization to access host on server1
- restart rscd on server1
- now i can access server1 from server2
So this proves that the RSCD agent only loads/cache the IP address of the hosts in exports during startup and never refreshes it until it's restarted.
Have you tried appending the same line again in the exports file without restarting the agent to see if it would trigger a refresh (because the file changed)?