Failed to sync TRUENAS catalog

fungshui · May 9, 2024, 8:01pm

I have encounter the following error on my TrueNAS SCALE server:

#### Failed to sync TRUENAS catalog: [EFAULT] Failed to clone 'https://github.com/truenas/charts.git' repository at '/var/run/middleware/ix-applications/catalogs/github_com_truenas_charts_git_master' destination: [EFAULT] Failed to clone 'https://github.com/truenas/charts.git' repository at '/var/run/middleware/ix-applications/catalogs/github_com_truenas_charts_git_master' destination: Cloning into '/var/run/middleware/ix-...

2024-05-09 18:15:59 (Europe/London)

I have tried to curl the corresponding resources. It reported the following error:

$ curl 'https://github.com/truenas/charts.git'

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

I googled a bit and some mentioned the ntp problem hence I checked the date. It was correct.

$ date
Thu May  9 20:48:51 BST 2024

How do I fix it?

fungshui · May 9, 2024, 9:02pm

I have identified the problem. It is caused by a misconfigured BIND9 zone file.

Stux · May 9, 2024, 9:16pm

liexu · May 11, 2024, 9:07am

Hello, Can you share more about the repair process? thanks~

fungshui · May 11, 2024, 9:41pm

Sure. I have set up an internal BIND9 master server which provides a closed DNS look up for a domain “home.ngs”. A reverse-proxy server is running on a Synology NAS. Hence I have directed wildcard look up (*.home.ngs) to it.

Unfortunately for reasons beyond my comprehension. It seems matched “github.com” or “github.com.home.ngs” on the curl/nslookup/ping commands but dig worked fine.

I have to remove the line domain in /etc/resolv.conf of TrueNAS SCALE 24.04.0 via WebUI in order to fix it as shown below.

domain home.ngs    # removed
nameserver 10.27.0.40
nameserver 10.27.0.50

The content of BIND9 master record of /etc/bind/zones/db.home.ngs as following:

;
; BIND data file for home.ngs
;
$ORIGIN home.ngs.
$TTL    7d  ; Time to live for a week
@   IN  SOA ns.home.ngs. hostmaster.home.ngs. (
            2024042400
            7d
            1d
            28d
            7d )
                IN      NS      ns.home.ngs.
                IN      NS      ns2.home.ngs.
        IN  A   10.27.0.50
                IN      TXT     "Ng's Home LAN"
;
; Addresses for the canonical names
;
@       IN  A   10.27.0.50
ns      IN  A   10.27.0.50
ns2     IN  A   10.27.0.40
ds918plus           IN      A       10.27.0.50
;
; Aliases
;
*               IN      CNAME   ds918plus

essinghigh · May 11, 2024, 9:50pm

Default behavior of dig is not to search domain/search-list.

root@arch:~ # dig A +short truenas
root@arch:~ # dig A +short +search truenas
192.168.2.1

fungshui · May 11, 2024, 11:29pm

Do you mind telling me how to fix it without losing the default domain? Thanks.

essinghigh · May 11, 2024, 11:50pm

Try adding “.” as an “additional domain”

I thought it wouldn’t add it as a search value, but apparently it does. Lovely. I’m not too sure if it will work though.

EDIT, again (probably about number 4-5 by now):
I’ve just tested it on my end and it works

root@truenas[~]# nslookup truenas
Server:         192.168.2.1
Address:        192.168.2.1#53

Name:   truenas
Address: 0.0.0.0

root@truenas[~]# nano /etc/resolv.conf
root@truenas[~]# nslookup truenas
Server:         192.168.2.1
Address:        192.168.2.1#53

Name:   truenas.example.lan
Address: 192.168.2.1

fungshui · May 12, 2024, 5:59pm

@essinghigh

I am not familiar with these. How to add a “.” domain? Is it a zone config file on the DNS server?

Btw, the current bind9 settings was working fine. All the clients on the LAN have not problem until I have reinstalled TrueNAS SCALE 24.04.0 and restored the old configurations in order to convert the boot pool into a mirror with a smaller drive added.

essinghigh · May 12, 2024, 6:08pm

In TrueNAS: Network → Global Settings → Additional Domains

fungshui · May 12, 2024, 6:56pm

Thanks a ton.

I have added the additional “.” domain with the “home.ngs” as the domain together. It works well.

But strangely, it also works after I removed the additional “.” domain afterwards. I don’t really know what is going on here.

essinghigh · May 12, 2024, 7:00pm

May be TrueNAS not properly removing search . from /etc/resolv.conf, not sure. Could also be some form of DNS caching linux does, it’s not something I’ve ever looked in to.

Glad to hear it’s working though