DNS Forwarders without a DNS domain?


#1

Hi folks,

Our data center network is broken up into two main networks:

  1. Our production networks with public IPs.
  2. A provisioning network on a private network, 192.168.100.x. The Foreman server has a network proxy, and provisioning hosts can route through that proxy to reach public Yum & Apt mirrors, etc.

We don’t really DNS domain on the provisioning network, as all of those IPs are temporary. However, we do want DNS forwarders on the provisoning network, as that allows the new nodes to be able to look up hosts like mirrors.centos.org and mirrors.ubuntu.org, etc. Using foreman-installer, is it possible to disable the DNS service and still manage the DNS forwarders?

Our foreman-answers.yaml file has these settings for DNS:

  dns: true
  dns_listen_on: https
  dns_managed: true
  dns_provider: nsupdate
  dns_interface: ens224
  dns_zone: example.org
  dns_reverse:
  dns_server: 127.0.0.1
  dns_ttl: 86400
  dns_tsig_keytab: "/etc/foreman-proxy/dns.keytab"
  dns_tsig_principal: foremanproxy/foreman.example.org@EXAMPLE.ORG
  dns_forwarders:
  - IP.of.our.internal.dns.server
  - 8.8.8.8
  - 4.4.4.4

-= Stefan


#2

As DNS is just for managing the DNS server, it is probably not what you want.

You want to set --foreman-proxy-dhcp-nameservers and --foreman-proxy-dhcp-search-domains to managed DNS options for DHCP if you use PXE or set the domain server for the subnet when using static network configuration. Both will result in /etc/resolv.conf containing nameserver lines.


#3

I think the installer will always deploy a domain configuration, so if you only want to use BIND as a caching/forwarding server then turn it off in the installer and configure it yourself.


#4

Excellent. Passing on the DNS options via DHCP using --foreman-proxy-dhcp-nameservers=1.2.3.4,1.2.3.6 seems to be working, and allows me to remove the DNS server from our configuration. That simplifies our configuration quite a bit.