Greetings again,
I found a thread from 2012 with a similar title, but the apparent
solution regarding permissions to the rdnc.key file is not applicable in my
case. Please let me know if I've not provided adequate information to help
diagnose this issue. Thanks.

I add a host, and the DNS entries do not arrive in the zone files, despite
Foreman's GUI showing successful updates.

Manually, as the foreman-proxy user I can run the nsupdate command with the
rndc key just fine…Please note the backgrounded tail of /var/log/messages
interspersed in the commands…

[root@firewall named]# tail -f /var/log/messages &
[1] 17575
[root@firewall named]# sudo -u foreman-proxy /bin/bash
bash-4.1$ nsupdate -k /etc/rndc.key
> server 192.168.100.1
> update add test.int.localnet. 14400 IN A 192.168.100.220
> send
May 15 09:49:04 firewall named[16986]: client 192.168.100.1#59795: signer
"foreman" approved
May 15 09:49:04 firewall named[16986]: client 192.168.100.1#59795: updating
zone 'int.localnet/IN': adding an RR at 'test.int.localnet' A
> update add 220.100.168.192.in-addr.arpa. 14400 IN PTR test.int.localnet.
> send
May 15 09:49:24 firewall named[16986]: client 192.168.100.1#59795: signer
"foreman" approved
May 15 09:49:24 firewall named[16986]: client 192.168.100.1#59795: updating
zone '100.168.192.in-addr.arpa/IN': adding an RR at
'220.100.168.192.in-addr.arpa' PTR
> quit
bash-4.1$ exit
[root@firewall named]#

Indeed both the forward and reverse lookups work for test.int.localnet and
192.168.100.220 from a client pointed to the firewall's bind instance. So
I'm going forward to assume that I have bind configured properly for the
foreman-proxy to make updates.

When I add a host in Foreman, I see this in the production.log file:
==> foreman-proxy/proxy.log <==
I, [2013-05-15T10:11:35.794100 #10745] INFO – : Enumerated hosts on
192.168.100.0
D, [2013-05-15T10:11:35.794215 #10745] DEBUG – : Lazy loaded
192.168.100.0/255.255.255.0 records
D, [2013-05-15T10:11:35.794477 #10745] DEBUG – : Added
tomcat1.int.localnet (192.168.100.10 / 08:00:27:aa:88:10) to
192.168.100.0/255.255.255.0
D, [2013-05-15T10:11:35.800056 #10745] DEBUG – : omshell: executed - set
name = "tomcat1.int.localnet"
D, [2013-05-15T10:11:35.800229 #10745] DEBUG – : true
D, [2013-05-15T10:11:35.800335 #10745] DEBUG – : omshell: executed - set
ip-address = 192.168.100.10
D, [2013-05-15T10:11:35.800395 #10745] DEBUG – : true
D, [2013-05-15T10:11:35.800729 #10745] DEBUG – : omshell: executed - set
hardware-address = 08:00:27:aa:88:10
D, [2013-05-15T10:11:35.800792 #10745] DEBUG – : true
D, [2013-05-15T10:11:35.800871 #10745] DEBUG – : omshell: executed - set
hardware-type = 1
D, [2013-05-15T10:11:35.800928 #10745] DEBUG – : true
D, [2013-05-15T10:11:35.801522 #10745] DEBUG – : omshell: executed - set
statements = "filename = &quot;pxelinux.0&quot;; next-server = c0:a8:64:01; option
host-name = &quot;tomcat1.int.localnet&quot;;"
D, [2013-05-15T10:11:35.801605 #10745] DEBUG – : true
D, [2013-05-15T10:11:35.801703 #10745] DEBUG – : omshell: executed - create
D, [2013-05-15T10:11:35.801772 #10745] DEBUG – : true
I, [2013-05-15T10:11:36.121831 #10745] INFO – : Added DHCP reservation
for tomcat1.int.localnet (192.168.100.10 / 08:00:27:aa:88:10)
D, [2013-05-15T10:11:36.607702 #10745] DEBUG – : nsupdate: executed -
update add tomcat1.int.localnet. 86400 A 192.168.100.10
D, [2013-05-15T10:11:56.923817 #10745] DEBUG – : nsupdate: executed -
update add 10.100.168.192.in-addr.arpa. 86400 IN PTR tomcat1.int.localnet
I, [2013-05-15T10:12:17.153779 #10745] INFO – : TFTP: entry for
08:00:27:aa:88:10 created successfully

==> foreman/production.log <==
Started POST "/hosts" for 192.168.100.100 at Wed May 15 10:11:34 -0400 2013
Processing by HostsController#create as
Parameters: {"host"=>{"name"=>"tomcat1", "build"=>"1",
"root_pass"=>"[FILTERED]", "mac"=>"080027AA8810",
"interfaces_attributes"=>{"new_interfaces"=>{"type"=>"Nic::Managed",
"name"=>"", "mac"=>"", "_destroy"=>"false", "ip"=>"admin",
"provider"=>"IPMI", "domain_id"=>"2"}}, "updated_at"=>"1368626831",
"architecture_id"=>"1", "ptable_id"=>"1", "disk"=>"", "is_owned_by"=>"",
"enabled"=>"1", "provision_method"=>"build", "model_id"=>"", "comment"=>"",
"managed"=>"true", "overwrite"=>"false", "hostgroup_id"=>"1",
"compute_resource_id"=>"", "subnet_id"=>"1", "puppetclass_ids"=>[""],
"ip"=>"192.168.100.10", "operatingsystem_id"=>"2",
"progress_report_id"=>"[FILTERED]", "environment_id"=>"1",
"puppet_proxy_id"=>"1", "domain_id"=>"2", "medium_id"=>"1"}, "utf8"=>"â",
"authenticity_token"=>"PUm3cu6Eo56Do0qG9AYsMso8Nq1m5Frw7JpudC4MwlI="}
Create DHCP reservation for
tomcat1.int.localnet-08:00:27:aa:88:10/192.168.100.10
Add DNS A record for tomcat1.int.localnet/192.168.100.10
Add DNS PTR record for 192.168.100.10/tomcat1.int.localnet
Add the TFTP configuration for tomcat1.int.localnet
Fetching required TFTP boot files for tomcat1.int.localnet
Completed 200 OK in 43112ms (Views: 16.2ms | ActiveRecord: 55.4ms)

==> messages <==
May 15 10:10:55 firewall ntpd[1488]: synchronized to LOCAL(0), stratum 10
May 15 10:12:01 firewall ntpd[1488]: synchronized to 10.238.74.11, stratum 3

Notice that the time span of the /var/log/messages entries seems to cover
the time where foreman was creating the host. Also there aren't any named
messages similar to those when I ran the commands manually as the
foreman-proxy user (noted above).

Any ideas? Thank you!

Just trying - did you try to freeze the zone before checking your zone
file?

rndc feeze your.zone.lan

LZ

It would appear that I missed setting the :dns_server: parameter in
settings.yaml. I'm not sure why it would be needed when the dns server and
foreman server are the same system, but perhaps it's because the system is
also a firewall with three interfaces.

My test lab is within virtualbox on my laptop, so in order to have all the
test vm's able to talk to each other, I have them on an Internal network
which the foreman/puppet/dns/dhcp server acts as a gateway to the vbox NAT
subnet.

This just happened to me too. My machine has multiple NICs also. This is a
really nasty issue since there aren't any error logs. Thanks for the
solution