Bug #2668
open
Foreman appears to be incorrectly checking the local resolvers rather than SOA
Added by Jon Fautley over 11 years ago.
Updated about 7 years ago.
Description
It would appear that Foreman is checking the existence of DNS records (A/PTR, for provisioning) by querying the resolvers configured on the local system, rather than those configured in the managed zone's SOA.
This is irrespective of the setting of query_local_nameservers.
- Assignee deleted (
Dominic Cleal)
It looks like this is specifically on PTR records, the original error was: "Failed to save: Conflict DNS PTR Records 123.12.123.1/<old.hostname> already exists"
I see app/models/orchestration/dns.rb queries the domain model for its SOA nameservers and gets a new DNS resolver with these configured, but doesn't do the equivalent for the subnet and reverse DNS zone.
- Has duplicate Bug #3526: reverse_dns_record_attrs definition is missing the :resolver attribute added
- Related to Bug #13696: Rebuild Config deletes PTR records but does not add them added
I can confirm this issue. I've got a dnsmasq server as my 'main' DNS, which Foreman uses. The Foreman host has a BIND server which only serves the domains managed by Foreman. The dnsmasq server forwards any requests to these domains to the BIND server. Caching on the dnsmasq server caused Foreman to believe there were conflicting PTR records. Turning off the caching on the dnsmasq server resolved the issue.
- Description updated (diff)
I wonder why the Foreman is doing a DNS request at all. I thought the Proxy did this so it shouldn't be needed. This also requires that the foreman has an entire view of the system and while that's generally what you want with DNS, there are situations where firewalls can be in the way.
- Priority changed from Normal to Urgent
- Difficulty set to trivial
I did hit into this now as well, this feature should be turned off entirely, or atleast add configuration possiblity to turn this off. Imagine this situation, you have in DNS *.example.com, which is CNAME to host1.example.com A 191.168.0.1. Now you want to create host2.example.com with 191.168.0.2, but bum, Conflict IPv4 DNS record because it did resolve host1.example.com A 191.168.0.1. And this is happening even when foreman has DNS proxy set for this subnet - instead doing it via proxy (which would work), it uses local resolver and everything is broken. I even added codewrap around that creates correct A record before foreman host is created, but this fails too, as it takes some time to DNS refresh so foreman can resolve it good, which again was workarounded by some sleep() but this all is just not right.
- Priority changed from Urgent to Normal
Thanks for your comment, I'm afraid this does not qualify to Urgent Priority, so resetting it back.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by