Foreman should use reverse DNS proxy to check for existing PTR records


We use an extremely distributed setup where DNS is completely handled of the remote side. So we serve DNS in combination with an extra smart-proxy for that DNS server. The DNS server handles forward and reverse zone currently without any delegation from an upstream DNS.
If we now configure the remote subnet with that smart proxy as Reverse DNS Proxy we get an PTR-Record because foreman uses the DNS-Server from its host machine to check for existing PTR records. The Nameserver from the foreman host also resolves the given subnet (private subnet).

Expected outcome:

Foreman should use DNS-Server for the reverse zone for checking for reverse entries.

Foreman and Proxy versions:


Somewhat related is Bug #13419: DNS updates do not work unless foreman server uses the authoritative DNS server as it's nameserver in resolv.conf - Foreman. I that setting query_local_nameservers to true makes it query the resolver configured in /etc/resolv.conf.

IMHO we should drop this query on the Foreman side entirely and only rely on the Foreman Proxy, at least if a DNS proxy is configured.

1 Like

Correct, we also would expect that foreman would rely on foreman proxy. Maybe it’s a good idea to have an setting to configure the behavior of foreman at this point.

1 Like

Possibly a setting but I want to consider DNS conflict resolution. Perhaps we should fully offload it to smart proxies and drop all conflict resolution from Foreman itself.

One thought is to implement a Smart Proxy DNS provider that only does conflict detection, but thinking about it, it’d be quite unnatural to use.

How much would people care about DNS conflict resolution if you’re not using DNS integration at all? Can we safely drop it?