RFE: Change DNS duplicate checking to be an option


As asked in this support ticket: Ignore duplicate DNS in case of external nameservers I am asking for an enhancement on foreman.

There are many cases to think of when you want to add an host to foreman and not to check if this host is already known in the DNS environment. Currently foreman always checks if a host is known and denies to add or change a hosts if a duplicate is found.

In our specific case the host added is indeed known at our DNS service, which is separately managed. The DNS proxy is not enabled and thus active so this check should not be made. (in this environment Foreman does not manage the DNS and DHCP servers)

Another example could be a different (test)cluster which has it’s own DNS server and dns-proxy but ignores the authoritative DNS servers effectively ignoring DNS entries. So if a host in this cluster resolves any entry the local (foreman managed) DNS server should give different answer from the external authoritative DNS servers. The duplicate checking is done by the Foreman server (and not the proxy, where I think it should be done) and in this case also denies updating.
While this example is more fore test environments we do actually have these kinds of setups.

The proposed change in the support ticket should solve these issues.


Thanks for describing the motivation, I actually miss how to do the change. As we discussed in the thread, creating an option called Check DNS for conflicts would do it. If set to false, Foreman will not do the DNS check.

It’s oneliner patch with one test.

For me the proposed option would be fine if this means you can set globally in settings.
I assume if you try to really create an duplicate the nsupdate (which we use) would deny the update anyway.

Better would be, I think, to make this an option per domain and subnet or even overridable per host. This would be most flexible but I am not sure if this is relatively easy to add.

So I’d say please add the oneliner and let the proxy decide if you can add or not in case if you disable the check.

In general we use Redmine to track actual changes. This is more of a discussion board.

I know, but I cannot add an issue there? I have created an account but it seems I need some authorisation to be able to submit RFE’s?

We did have an issue with sending email from Redmine. Perhaps you registered during that time? I can take a look but maybe a private conversation on IRC is easier? My nick on freenode is ewoud.

Indeed, Redmine email should now be fixed - if IRC isn’t your thing, drop me a private message with the Redmine account details and I can fix it up for you.

The redmine has been fixed. Thanks for this.

Also I created the RFE at redmine: Feature #22471: Change DNS duplicate checking to be an option - Foreman