Project

General

Profile

Actions
Copy link

Bug #13419

open

DNS updates do not work unless foreman server uses the authoritative DNS server as it's nameserver in resolv.conf

Added by Michael Eklund over 9 years ago. Updated over 8 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
DNS
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

If foreman is not using the authoritative name server as a nameserver entry in it's resolv.conf dns proxy calls will not work properly. We have nameserver recursors in our production envirioment, these forward our internal zones to our authoritative name servers. After foreman deleted the dns records I would never see any calls to create the records.

From a log perspective it looks like this:

On foreman server

2016-01-27T12:34:58 [app] [I] Delete the DNS A record for mem03.phx.dealnews.net/10.11.51.2
2016-01-27T12:34:58 [app] [I] Delete the DNS PTR record for 10.11.51.2/mem03.phx.dealnews.net
2016-01-27T12:34:58 [app] [D] Fetching DNS reservation for 10.11.51.2/mem03.phx.dealnews.net

on foreman-proxy

D, [2016-01-27T12:34:58.089412 #24413] DEBUG -- : verifying remote client 10.10.50.170 against trusted_hosts ["cfg01.atl.dealnews.net"]
I, [2016-01-27T12:34:58.092718 #24413]  INFO -- : 10.10.50.170 - - [27/Jan/2016 12:34:58] "DELETE /dns/mem03.phx.dealnews.net HTTP/1.1" 200 - 0.0034

D, [2016-01-27T12:34:58.178689 #24413] DEBUG -- : verifying remote client 10.10.50.170 against trusted_hosts ["cfg01.atl.dealnews.net"]
I, [2016-01-27T12:34:58.181471 #24413]  INFO -- : 10.10.50.170 - - [27/Jan/2016 12:34:58] "DELETE /dns/2.51.11.10.in-addr.arpa HTTP/1.1" 200 - 0.0029

It took me forever to figure out why I was never seeing any POST /dns calls on the proxy. The reason is because the dns records already exist in the dns recursor's cache, so it appears that the calls are bypassed by the following code

  def recreate_a_record
    set_dns_a_record unless dns_a_record.nil? || dns_a_record.valid?
  end

  def recreate_ptr_record
    set_dns_ptr_record unless dns_ptr_record.nil? || dns_ptr_record.valid?
  end

dns_a_record.valid? and dns_ptr_record.valid? return a false true from this code

      # Verifies that a record already exists on the dns server
      def valid?
        logger.debug "Fetching DNS reservation for #{self}" 
        self == dns_lookup(ip)
      end

because they are talking to a cache and the TTL has not hit 0 yet.

Actions
Copy link

Also available in: Atom PDF