Plugins » foreman_setup

Good question. what I did was I used the GUI, which in one of the steps instructed me to use the foreman-installer command. I had previously used foreman-installer to setup foreman, using just a single host for both proxy and head BTW.

ok. so the command I got out of that setup included the following flag for foreman-installer:

  --foreman-proxy-dns-reverse=64.15.8.10.in-addr.arpa \

This is incorrect for the reasons I described above. here is what it should be:

  --foreman-proxy-dns-reverse=15.8.10.in-addr.arpa \

NOTE: the missing "64."

so the logic that generates that flag needs a tweak to ensure it always removes the last octet from the network address provided on the previous page.

BTW you can't work around this issue by shortening the network address to just 3 octets. that will throw an "address family mismatch" error

I would also argue that some amount of sanity checking needs to occur on the smart proxy side to stop these zones from being generated.

Couple of other important notes:

• There is an RFC (2317) which allows for the generation of sub-octet sized reverse lookup zones. googling for that finds a litany of issues, so although enabling that support in bind (assuming it exists) would solve this issue, it seems like it would be problematic and thus a poor choice for a default way of operating.
• A full list of DNS RFC's are linked below. I didn't take the time to read through them but I'm sure that since RFC 2317 exists theres and RFC that establishes the problem that RFC 2317 addresses as the norm:
  http://www.isc.org/community/rfcs/dns/

I also face a similar issue on Foreman 3.7.1 with the following subnet: 93.104.246.64/26

When I create or edit a host on this subnet, the following messages appear in the proxy logs:

E, [2015-01-19T13:07:02.990181 #29026] ERROR -- : Cannot find DNS entry for 76.246.104.93.in-addr.arpa
192.168.180.40 - - [19/Jan/2015 13:07:02] "DELETE /dns/76.246.104.93.in-addr.arpa HTTP/1.1" 404 52 0.0092

Foreman should actually try to add the following entry when the subnet is not one of /24, /16 or /8:

*76.26-64*.246.104.93.in-addr.arpa

---

Associated zone:

zone "26-64.246.104.93.in-addr.arpa" {
    file "/var/named/dynamic/db.26-64.246.104.93.in-addr.arpa";
    ...
};

And the corresponding zone file:

$ORIGIN .
$TTL 10800    ; 3 hours
26-64.246.104.93.in-addr.arpa IN SOA ns.example.com. admin.example.com. (
                2015000002 ; serial
                86400      ; refresh (1 day)
                3600       ; retry (1 hour)
                604800     ; expire (1 week)
                3600       ; minimum (1 hour)
                )
            NS    ns.example.com.
$ORIGIN 26-64.246.104.93.in-addr.arpa.
...

Dear all,

any news about this BUG, we have the same problem with Foreman 1.15.

All the best
Diego