Bug 1720200 - REST API-based DNS conflict check
Summary: REST API-based DNS conflict check
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Infoblox integration
Version: 6.5.0
Hardware: Unspecified
OS: Unspecified
high
high vote
Target Milestone: 6.6.0
Assignee: Lukas Zapletal
QA Contact: Perry Gagne
URL:
Whiteboard:
Depends On: 1724201 1746581
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-13 11:31 UTC by Lukas Zapletal
Modified: 2019-10-30 20:21 UTC (History)
6 users (show)

Fixed In Version: rubygem-infoblox-3.0.0, rubygem-smart_proxy_dns_infoblox-1.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-22 12:47:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 27046 High Closed REST API-based DNS conflict check 2020-01-14 10:02:14 UTC
Red Hat Product Errata RHSA-2019:3172 None None None 2019-10-22 12:47:49 UTC

Description Lukas Zapletal 2019-06-13 11:31:32 UTC
Infoblox DNS provider have a single setting called dns_server which is used for two purposes:

- HTTP endpoint which is used to communicate with Infoblox
- DNS resover used to do conflict checks by common DNS code

It's very common to configure Infoblox in a way that the API node does not provide DNS resolver. Currently it's not possible to do such configuration and a manual hotfix is needed:

Nn dns_common.rb (find it on the filesystem) change this line:

  @server = server || "localhost"

to

  @server = "1.2.3.4"

where 1.2.3.4 is IP address of (preferably) authoritative DNS server from the Infoblox cluster, or a caching DNS server.

Comment 4 Lukas Zapletal 2019-06-13 11:38:31 UTC
Created redmine issue https://projects.theforeman.org/issues/27046 from this bug

Comment 5 Lukas Zapletal 2019-06-26 12:40:44 UTC
The solution is more complicated and it needs incompatible changes in the smart proxy core DNS API. Therefore this is a temporary solution to override DNS server to query during DNS add/remove operations.

Comment 6 Bryan Kearney 2019-06-26 14:05:57 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27046 has been resolved.

Comment 7 Lukas Zapletal 2019-06-28 07:17:48 UTC
So after discussion with Ewoud I worked on a proper fix - DNS conflict check does not use system resolver but Infoblox REST API now.

Comment 25 errata-xmlrpc 2019-10-22 12:47:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172


Note You need to log in before you can comment on or make changes to this bug.