Error connecting to DNS server

Sometimes the VM provisioning fails because of the below error: (90% of the time the provisioning works but this error appears random).

“2020-01-08T09:00:54 [W|app|b46f6] Error connecting to 'prod..intra’ domain DNS servers: nsa1..intra - check query_local_nameservers and dns_conflict_timeout settings”

**Expected outcome:

**Foreman and Proxy versions:1.20.2

**Foreman and Proxy plugin versions: N/A

**Distribution and version:Red Hat Enterprise Linux Server release 7.6 (Maipo)

Full Log:foreman.log (3.6 KB)

I do see this has been fixed in 1.24 release : Bug #27160: Foreman fails to find IP address for boot server if main resolver is down - Foreman

I’d wait until 1.24.1 for a fix of the migration. Bug #27585: default dns timeout value is nil - Foreman

1 Like

Hi,
I`m not sure that this problem is related to the Bug #27160.

In this case we have a foreman(GUI) VM and two separate foreman-proxies VM(s)
All the 3 VM(s) do not have the nsa1.*****.intra dns server in their /etc/resolv.conf

The “nsa1.*****.intra” is the DNS used by the two forman-proxies via the dns_nsupdate.yml provider.

Ive checked the nsa1.*****.intra logs and couldnt find anything during the time-frame of the error that might point to an issue on the DNS.

Let me explain - Foreman tries to find the DNS record on the DNS proxy directly (ignoring /etc/resolv.conf), unless query_local_nameservers is set to true. In that case, Foreman uses system resolver.

So check if Foreman can do DNS request (UDP) against the DNS proxy configured.

Hi,

Let me explain - Foreman tries to find the DNS record on the DNS proxy directly

Did you mean that: foreman tries to query the SOA DNS server directly in this case nsa1.*****.intra (which is not a foreman proxy).

If this is the case it can query it without any issue.

Furthermore this error appears randomly, 90% of the time we don`t receive this error and the provisioning works fine.

Yes exactly. It literally performs the DNS lookup UDP query against the SOA.

Check your network, maybe a UDP packet being dropped? Also check the timeout value, Foreman only performs one lookup and by default its kinda short I think 5 seconds (dns_conflict_timeout setting), increase that. In 1.24 it’s now an array where you can specify multiple tries like [5, 5, 10, 30] seconds.

Thanks for the info.

Ive increased the timeout to 10s but from the logs it seems that it tries several times before exiting.. if Im not mistaken.

No, it actually does only one try but it performs it multiple times (as multiple orchestration steps are executed). Increase it furtner.