Multiple DNS servers with dnscmd smart proxy provider


Hello All!

In our particular scenario, we have about 20 odd domains however they are spread across multiple ‘authoritative’ DNS servers (Mostly ADI zones)

For example:
domain1.internal “authoritative” will be
domain2.internal “authoritative” will be

We’re using the dnscmd provider for the DNS smart proxy that’s installed on a dedicated windows server, however it appears dnscmd only allows for 1 DNS server to be specified with the :dns_server: setting.

My question is, is it possible to configure / map multiple dns servers with dnscmd provider? I have searched around however I was unable to find anything definitive.


Expected outcome:

Foreman and Proxy versions:

foreman 1.22.2
foreman-proxy 1.22.2

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

No, it is one Smart Proxy for managing one Service, but you can have multiple Smart Proxies with the same feature associated to different Subnets.

I have similar environments at customers where I have setup things like dnscmd for the office network, nsupdate for bind in one datacenter and nsupdate with gssapi for AD in another datacenter, and it works pretty fine. To prevent mixing things up everything is sorted into different locations.

For ISC DHCP, there was a patch that allowed to comment out the dns_server option and nsupdate would connect automatically to the authoritative DNS server. I have never finished the patch tho due to some technical issues with our settings, it needs more love.

If you are interested and this would work for dnscmd, you can try to finish that patch (if the behavior of the tool is the same).

Note that conflict detection (which depends on dns_server for various providers) would be very unreliable with that patch. dns_dnscmd is one of those. The implication is that you would have a recursor that looks at DNS records. Since a recursor will cache records, conflict detection will look at old records. TTLs of a day are not that uncommon so errors can show up for problems that are already solved.

You also have no control on the Foreman side where a domain ends up. I’d recommend multiple smart proxies so in Foreman it’s clear exactly where a domain lives.

I haven’t thought about that when creating the patch, I am going to close the reported issue with this explanation then.

When I initially reviewed your patch I didn’t either, but it occurred to me right after you closed the PR.

1 Like