Support #4435
closed
only able to create PTR records in Foreman (dns is set in Domains)
Description
HOSTNAME: puppet01.oadr
OS: redhat
RELEASE: CentOS release 6.4 (Final)
FOREMAN: 1.3.1
RUBY: ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
PUPPET: 3.3.2
I have DNS running on a separate server and foreman can create PTR records but when I update domains to point to the DNS server I get the following error updating/adding hosts:
Net::Error
execution expired
lib/net/dns.rb:36:in `rescue in lookup'
lib/net/dns.rb:15:in `lookup'
lib/net/dns.rb:61:in `dns_lookup'
lib/net/dns/a_record.rb:28:in `conflicts'
lib/net.rb:27:in `conflicting?'
app/models/concerns/orchestration/dns.rb:121:in `dns_conflict_detected?'
app/models/concerns/orchestration.rb:47:in `valid?'
app/models/concerns/foreman/sti.rb:29:in `save_with_type'
app/controllers/hosts_controller.rb:85:in `create'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
if I change the resolv.conf on the foreman server to the IP of the foreman server (it was set to the IP of the DNS server) I don't get the error but foreman also doesn't update the DNS (A or PTR).
I can manually add records using the nsupdate command and using curl to pass through the foreman server (curl -i -d "fqdn=www02.oadr&value=10.199.200.13&type=A" http://10.199.202.64:8443/dns/).
also none of the records exist in DNS (nslookup returns nothing from the DNS server)
Updated by Dominic Cleal about 10 years ago
- Tracker changed from Bug to Support
- Status changed from New to Feedback
A timeout is usually symptomatic of Foreman being unable to access one of your authoritative nameservers, assuming you still have query_local_nameservers set to the default of false. In particular, check your SOA for the zone being managed and that the Foreman host can query (e.g. with dig) the master listed in the SOA and others specified by NS records.
Updated by TJ Walker about 10 years ago
Here is the response of dig on the foreman host:
[root@puppet01 ~]# cat /etc/resolv.conf
search oadr
nameserver 10.199.202.64
[root@puppet01 ~]# dig oadr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> oadr
;; global options: +cmd
;; Got answer:
;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 26121
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;oadr. IN A
;; AUTHORITY SECTION:
oadr. 3600 IN SOA ns01.oadr. root.oadr. 4 86400 3600 604800 3600
;; Query time: 1 msec
;; SERVER: 10.199.202.64#53(10.199.202.64)
;; WHEN: Tue Feb 25 13:25:16 2014
;; MSG SIZE rcvd: 68
I changed query_local_nameservers to true and still get the same error.If I remove the DNS server from More>Domains>oadr but keep it in Subnets then I can create a new host and in the foreman-proxy proxy.log I can see foreman issuing the command to create the PTR record:
D, [2014-02-25T18:28:19.208902 #5733] DEBUG -- : running /usr/bin/nsupdate k /etc/rndc.key : nsupdate: executed - server 10.199.202.64
D, [2014-02-25T18:28:19.212589 #5733] DEBUG -
D, [2014-02-25T18:28:19.219492 #5733] DEBUG -- : nsupdate: executed - update add 22.200.199.10.in-addr.arpa. 86400 IN PTR test.oadr
db.oadr located in /var/named/dynamic/ has the same file permissions as the PTR zones:rw-r--r-. 1 named named 356 Feb 24 23:06 db.200.199.10.in-addr.arparw-r--r-. 1 named named 2106 Feb 25 18:28 db.200.199.10.in-addr.arpa.jnlrw-r--r-. 1 named named 336 Feb 24 21:47 db.202.199.10.in-addr.arparw-r--r-. 1 named named 777 Jan 23 12:57 db.202.199.10.in-addr.arpa.jnlrw-r--r-. 1 named named 542 Feb 24 22:12 db.204.199.10.in-addr.arparw-r--r-. 1 named named 542 Feb 24 22:13 db.206.199.10.in-addr.arparw-r--r-. 1 named named 1060 Feb 24 23:10 db.oadrrw-r--r-. 1 named named 1017 Feb 24 22:54 db.oadr.jnl
Here is the content of the zone file:
$TTL 10800
@ IN SOA ns01.oadr. root.oadr. (
1 ;Serial
86400 ;Refresh
3600 ;Retry
604800 ;Expire
3600 ;Negative caching TTL
)
@ IN NS ns01.oadr.
ns01.oadr. IN A 10.199.202.64
thanks for your help.
Updated by TJ Walker about 10 years ago
I found the problem. I needed to chown named:named /var/named/chroot/etc/* (it was owned by root)
One last question I have some hosts that were created while this was broken, can I use hammer to update DNS for hosts that are missing in DNS?
Updated by Dominic Cleal about 10 years ago
- Status changed from Feedback to Resolved
Ah interesting, glad you found it.
You can't trigger this at the moment unfortunately (#2799 + related bugs), but there's a thread with some nice code (in the fifth post) on foreman-users that can recreate DNS records via the proxy server:
https://groups.google.com/forum/#!topic/foreman-users/86fEMd7sico