Foreman dns managed not creating forward dns record

inflatable · October 10, 2021, 6:40pm

Problem:
Foreman is not creating forward dns records in /var/named/dynamic/db.lab.domain.org
Nameresolving of provisioned vms is therefore not working.

Reverse records however are created.

Expected outcome:
Proper entries in /var/named/dynamic/db.lab.domain.org so that ping provisioned hosts work.

Foreman and Proxy versions:
Foreman & proxy 3.0.0
Katello 4.2.0.1

Foreman and Proxy plugin versions:
rubygem-foreman_xen-1.0.1

Distribution and version:
Rocky Linux 8.4

Other relevant data:
named is running, and resolves ptr addresses

Not sure its correct,but /etc/resolv.conf points to another dns server, should it be using its own address? I tried, but I don’t think it helps.

I searched logs for pointers to what might be going on, I can’t find any. named is running and doesn’t log anything, foreman logs don’t show any leads (for me).

I installed as follows:

foreman-installer --scenario katello \
	--foreman-initial-organization "LAB" \
	--foreman-initial-location "LOC" \
	--foreman-initial-admin-username admin \
	--foreman-initial-admin-password password \
	--foreman-proxy-dns true \
	--foreman-proxy-dns-managed true \
	--foreman-proxy-dns-interface eth0 \
	--foreman-proxy-dns-server 127.0.0.1 \
	--foreman-proxy-dns-zone lab.domain.net \
	--foreman-proxy-dns-reverse 0.0.10.in-addr.arpa \
	--foreman-proxy-dhcp true \
	--foreman-proxy-dhcp-managed true \
	--foreman-proxy-dhcp-server 127.0.0.1 \
	--foreman-proxy-dhcp-interface eth0 \
	--foreman-proxy-dhcp-range "10.0.0.100 10.0.0.199" \
	--foreman-proxy-dhcp-gateway 10.0.0.1 \
	--foreman-proxy-dhcp-nameservers 10.0.0.11 \
	--foreman-proxy-tftp true \
	--foreman-proxy-tftp-managed true \
	--foreman-proxy-tftp-servername 10.0.0.11

I reconfigured later with:

foreman-installer \
	--foreman-proxy-dns true \
	--foreman-proxy-dns-managed true \
	--foreman-proxy-dns-interface eth0 \
	--foreman-proxy-dns-server 127.0.0.1 \
	--foreman-proxy-dns-zone lab.domain.net \
	--foreman-proxy-dns-reverse 0.0.10.in-addr.arpa \
	--foreman-proxy-dhcp true \
	--foreman-proxy-dhcp-managed true \
	--foreman-proxy-dhcp-server 127.0.0.1 \
	--foreman-proxy-dhcp-interface eth0 \
	--foreman-proxy-dhcp-range "10.0.0.100 10.0.0.199" \
	--foreman-proxy-dhcp-gateway 10.0.0.1 \
	--foreman-proxy-dhcp-nameservers 10.0.0.11 \
	--foreman-proxy-tftp true \
	--foreman-proxy-tftp-managed true \
	--foreman-proxy-tftp-servername 10.0.0.11

I played around wth adding --foreman-proxy-dns-forwarder, tried rebooting and restarting foreman services. So far no sigar.

Any ideas please?

ekohl · October 11, 2021, 11:51am

I tried to look through the manual, but it looks like this isn’t documented. In the Foreman you have domains (in the menu: Infrastructure → Domains). Each domain can be associated to a Smart Proxy. That controls whether a forward DNS record is created on provisioning. Similarly there are subnets (Infrastructure → Subnets) where you can do the same for reverse DNS.

Note that you must ensure the domains exist on the nameserver: Foreman doesn’t manage the domains themselves.

This the forwarder that named uses. See the named manual for details, but it’s not what you’re looking for.

inflatable · October 11, 2021, 1:01pm

Thanks, I made the subnet and domain, I don’t think its possible to deploy without it? Im not sure though, never tried it .

Its a single subnet/domain for a lab where foreman is supposed to handle all dhcp and name resolving. All services are running. At this point Im not worried about dns forwarders but because it wasn’t working as I expected, I started trying that out (with and without the forwarder).

Im not sure where to look next, I think I configured it correctly if you look at my foreman-installer commands? Firewall is open, named is running, its configured with my domain forward and reverse zones, it contains the SOA record with foreman host, and one test deployment did end up in the reverse zone, but not in the forward zone. I can query foreman dns, and it will resolve itself and the reverse of the test deployment host.

ekohl · October 11, 2021, 1:30pm

It is an option for each domain/subnet. It can be empty (default) in case no DNS management takes place. Have you checked it’s at least set to the right Smart Proxy? If you did, do you see requests for creation/deletion come in on /var/log/foreman-proxy/proxy.log during provisioning?

inflatable · October 11, 2021, 2:50pm

Thanks! That put me on the right track!

I had looked at subnet proxy settings before and they are all set. I hadn’t noticed that it lists DHCP, TFTP and Reverse DNS. It doesn’t list Forward DNS. The DNS Proxy is listed in the Subnet, which was empty.

I changed it, I think its slowly starting to work. I edited a few vm’s, one was added to forward zone, one was not. A new deployed vm was added and removed when I deleted the host.

After a restart of named, all orphaned/missing addresses seems to be fixed.

Long story short, I think its working

Thanks again for the help!