Foreman appears to be incorrectly checking the local resolvers rather than SOA
|Found in release:||1.14.3||Pull request:|
|Velocity based estimate||-|
It would appear that Foreman is checking the existence of DNS records (A/PTR, for provisioning) by querying the resolvers configured on the local system, rather than those configured in the managed zone's SOA.
This is irrespective of the setting of query_local_nameservers.
#1 Updated by Dominic Cleal almost 5 years ago
- Assigned To deleted (
It looks like this is specifically on PTR records, the original error was: "Failed to save: Conflict DNS PTR Records 126.96.36.199/<old.hostname> already exists"
I see app/models/orchestration/dns.rb queries the domain model for its SOA nameservers and gets a new DNS resolver with these configured, but doesn't do the equivalent for the subnet and reverse DNS zone.
#4 Updated by Simon Wydooghe about 2 years ago
I can confirm this issue. I've got a dnsmasq server as my 'main' DNS, which Foreman uses. The Foreman host has a BIND server which only serves the domains managed by Foreman. The dnsmasq server forwards any requests to these domains to the BIND server. Caching on the dnsmasq server caused Foreman to believe there were conflicting PTR records. Turning off the caching on the dnsmasq server resolved the issue.
#5 Updated by Ewoud Kohl van Wijngaarden over 1 year ago
- Description updated (diff)
I wonder why the Foreman is doing a DNS request at all. I thought the Proxy did this so it shouldn't be needed. This also requires that the foreman has an entire view of the system and while that's generally what you want with DNS, there are situations where firewalls can be in the way.
#6 Updated by Zdenek Janda 9 months ago
- Priority changed from Normal to Urgent
- Difficulty set to trivial
- Found in release set to 1.14.3
I did hit into this now as well, this feature should be turned off entirely, or atleast add configuration possiblity to turn this off. Imagine this situation, you have in DNS *.example.com, which is CNAME to host1.example.com A 188.8.131.52. Now you want to create host2.example.com with 184.108.40.206, but bum, Conflict IPv4 DNS record because it did resolve host1.example.com A 220.127.116.11. And this is happening even when foreman has DNS proxy set for this subnet - instead doing it via proxy (which would work), it uses local resolver and everything is broken. I even added codewrap around that creates correct A record before foreman host is created, but this fails too, as it takes some time to DNS refresh so foreman can resolve it good, which again was workarounded by some sleep() but this all is just not right.