When trying to PXE boot a server with the default configuration, the dhcp lease gets next-server set to external IP for domain rather than the correct internal IP. It appears when the proxy attempts to guess next server (resolves the name of the proxy) it’s not using the correct name server?
Does anyone know how the PXE boot / TFTP server IP address actually gets resolved prior to putting it into the dhcp lease? I see there is an option to override it in tftp.yaml under proxy settings, but I’m curious why it’s unable to get the correct resolution for the proxy domain name. If I manually try to resolve proxy FQDN from the proxy host or any other host on the internal network it provides the correct IP, so it seems pxeboot process/tftp next server guessing is forcing resolution through a specific name server such as 188.8.131.52 or something, idk.
Internal IP of proxy server is provided by resolving through gateway for subnet, rather than resolving against a public name server such as 184.108.40.206
Under the hood it is always an IP, the wrong IP is being used though.
To clarify, I have a smart proxy running TFTP with internal IP 192.168.1.2 being set by internal name server, but public name server has a wildcard for the domain and assigns public IP 220.127.116.11.
When the smart proxy (proxy.domain.com) creates a DHCP lease using default settings (not overriding tftp server address in tftp.yml) it puts IP 18.104.22.168 as next server, not 192.168.1.2. I’m not sure why though since if I resolve proxy.domain.com from the host or subnet it properly returns 192.168.1.2 so the internal name server works as expected. It seems that when selecting the IP for the proxy it is hard coded to query some public name server and not use the default for the subnet.
Hey, you can set this setting via installer which drops /etc/foreman-proxy/settings.d/tftp.yaml file option named tftp_servername. However if you don’t provide it, Foreman server (not proxy) attemts to reverse resolve Smart Proxy URL to an IP and that one is used as a fallback mechanism.
So either fix your DNS or explicitly set TFTP server name option to solve that out.