Proxy is returning DNS entry exists when my DNS (Infoblox) server has no record of it

harper5 · February 17, 2021, 9:53pm

Problem:
I had to change the provisioning NIC of my host. At first, it wouldn’t let me update the existing host because of this error so I deleted the host and re-added it with the new mac address. Now, when I try to unset the build flag, I see “Failed to cancel pending build for host.example.com with the following errors: Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists” 10.13.97.13 is the OLD IP. The new one that the DHCP server has picked for my host is different. Re-adding the host had its pain points but I was successful. The build flag was automatically set. Now, I need to update the OS and parameters and unset/set the Build flag but it won’t let me.

Expected outcome:
If DNS is reporting a conflict, I ought to be able to find that conflict somewhere. I’ve checked reservations and our DNS server and there is no name, IP, or mac address conflict that I can find. I would expect to find it. Given that I can’t, I would expect it to not claim that it exists.

Foreman and Proxy versions:
Foreman: 1.20.1
Smartproxy: 1.20.3
I tried to upgrade Foreman to match the smartproxy but had to role back due to a message about “migrations pending” that never went away.

Foreman and Proxy plugin versions:
rubygem-smart_proxy_dns_infoblox.noarch 0.0.7

Distribution and version:
CentOS 7.4

Other relevant data:
Foreman production log:

2021-02-17T14:40:45 [I|app|] Started GET "/notification_recipients" for 10.35.132.40 at 2021-02-17 14:40:45 -0500
2021-02-17T14:40:45 [I|app|f3017] Processing by NotificationRecipientsController#index as JSON
2021-02-17T14:40:45 [I|app|f3017] Current user set to user.name (admin)
2021-02-17T14:40:45 [I|app|f3017] Completed 200 OK in 39ms (Views: 0.4ms | ActiveRecord: 9.4ms)
2021-02-17T14:40:46 [I|app|] Started GET "/hosts/host.example.com/cancelBuild" for 10.35.132.40 at 2021-02-17 14:40:46 -0500
2021-02-17T14:40:46 [I|app|2e3cf] Processing by HostsController#cancelBuild as HTML
2021-02-17T14:40:46 [I|app|2e3cf]   Parameters: {"id"=>"host.example.com"}
2021-02-17T14:40:46 [I|app|2e3cf] Current user set to user.name (admin)
2021-02-17T14:40:47 [W|app|2e3cf] IPv4 DNS record host.example.com/10.13.97.13 already exists
2021-02-17T14:40:47 [W|app|2e3cf] Not queueing Nic::Managed: ["Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists"] and ["Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists"]
2021-02-17T14:40:47 [W|app|2e3cf] Not queueing Nic::Managed: ["Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists"] and ["Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists"]
2021-02-17T14:40:47 [W|app|2e3cf] Not queueing Discovery reboot: Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists
2021-02-17T14:40:47 [W|app|2e3cf] Failed to set Build on host.example.com: ["Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists"]
2021-02-17T14:40:47 [E|app|2e3cf] Failed to save: Conflict IPv4 DNS record host.example.com/10.13.97.13 already exists

Smart proxy proxy.log:

2021-02-17T16:03:40  [D] accept: 10.13.105.221:50066
2021-02-17T16:03:40  [D] Rack::Handler::WEBrick is invoked.
2021-02-17T16:03:40 d67450de [I] Started GET /10.13.97.0/mac/3c:ec:ef:1e:a4:68 
2021-02-17T16:03:40 d67450de [D] verifying remote client 10.13.105.221 against trusted_hosts ["foreman.example.com", "10.13.105.221"]
2021-02-17T16:03:40 d67450de [I] Finished GET /10.13.97.0/mac/3c:ec:ef:1e:a4:68 with 200 (1.12 ms)
2021-02-17T16:03:40  [D] close: 10.13.105.221:50066
2021-02-17T16:03:40  [D] accept: 10.13.105.221:50068
2021-02-17T16:03:40  [D] Rack::Handler::WEBrick is invoked.
2021-02-17T16:03:40 d67450de [I] Started GET /10.13.97.0/ip/10.13.97.43 
2021-02-17T16:03:40 d67450de [D] verifying remote client 10.13.105.221 against trusted_hosts ["foreman.example.com", "10.13.105.221"]
2021-02-17T16:03:40 d67450de [I] Finished GET /10.13.97.0/ip/10.13.97.43 with 200 (0.72 ms)
2021-02-17T16:03:40  [D] close: 10.13.105.221:50068

(the times may not match exactly…I re-issued the request (clicked the button) to get all of the isolated errors a few minutes apart…same thing happens each time)

ekohl · February 18, 2021, 12:24am

In version 1.0.0 of smart_proxy_dns_infoblox the conflict detection was rewritten to query Infoblox itself rather than a DNS recursor which may cache things:

You should update to a supported version.

Pending migrations means you should run foreman-rake db:migrate (and until a more recent version also foreman-rake db:seed).

lzap · February 18, 2021, 9:45am

Also make sure to read:

https://docs.theforeman.org/nightly/Provisioning_Guide/index-foreman.html#chap-Infoblox-Integration

Specifically:

DHCP Infoblox Record Type Considerations

Use only the --foreman-proxy-plugin-dhcp-infoblox-record-type fixedaddress option to configure the DHCP and DNS modules.

Configuring both DHCP and DNS Infoblox modules with the host record type setting causes DNS conflicts and is not supported. If you install the Infoblox module on Smart Proxy server with the --foreman-proxy-plugin-dhcp-infoblox-record-type option set to host, you must unset both DNS Smart Proxy and Reverse DNS Smart Proxy options because Infoblox does the DNS management itself. You cannot use the host option without creating conflicts and, for example, being unable to rename hosts in Foreman.

harper5 · February 19, 2021, 6:48pm

I came back the next day and it was no longer an issue. Looks like DNS cache was the culprit. I had looked at the plugin’s project home page and thought 0.0.7 was the latest but I found the 1.0.0 version on rubygems.org and got it installed.

I will try another foreman upgrade and run your command. Thanks for taking the time to respond to my multiple concerns.

harper5 · February 19, 2021, 6:49pm

I am pretty sure the person before me configured this part of it correctly and your statement confirms my understanding of the configuration option. Thanks for the response!