Project

General

Profile

Bug #34675

Allow suppression of record_conflicts

Added by James Shewey 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

When provisioning a new host, a DNS record is created if a DNS smart proxy is created. During this process, the smart proxy pings the address to verify it is not assigned:

https://github.com/theforeman/smart-proxy/blob/f7553f7de9aff7f8528328646b02ff18bc5e0c5d/modules/dns_common/dns_common.rb#L158

However, in the right configuration, such as the use of a PowerDNS recursor in front of an Authoritative Server (AS) (if using the Power DNS smart proxy for example: https://github.com/theforeman/smart_proxy_dns_powerdns), this caches a negative response. Subsequent requests to the cache will then report that this record does not exist and if the caching period is less than the build time. This can cause later issues with post-install tasks like joining a FreeIPA domain (which checks records are properly configured for security purposes)or Puppet/Ansible/Salt attachment & formulas.

A settings option to suppress these checks would allow a workaround for this problem as a solution on the DNS server side can be non-trivial.

Also available in: Atom PDF