Hi folks, here’s another “pre” post. What I mean by that is that in the process of creating a demo and the surrounding article, I found I needed to create a sidebar article in order to show how configure an important component. In this case, the requirement to fulfill forward and reverse name server resolution in RHV has lead me to create a basic DNS server. In this case, “dnsmasq” is a perfect solution…
Let me be clear here: I am NOT recommending dnsmasq for production DNS. For production I would recommend deploying BIND, Red Hat IdM, or something else. I’m using dnsmasq because I need something for my home lab and I think you might benefit from the configuration I’m using in your home or test lab. I don’t have that many systems, and a lightweight service like dnsmasq will work nicely.
The RHV 4 documentation is very clear about the requirement for FQDN and fully functional DNS. Simply relying on “/etc/hosts” isn’t going to cut it anymore. Dnsmasq will provide a great and simple solution for small labs. For the uninitiated, dnsmasq provides DHCP, TFTP, DNS, and DNS forwarding. We’ll really only be concerned with the DNS and DNS forwarding features in this particular tutorial
On my RHEL 7 server, dnsmasq was already installed, so it was just a matter of configuring a few lines, restarting the service, and then poking a hole through the firewall.
After making a copy of the configuration file (/etc/dnsmasq.conf), I created a new one:
# Configuration file for dnsmasq. # #block incomplete requests domain-needed #prevent non-routable addresseses from being forwarded bogus-priv #my private mini "almost" cloud domain=fog.com #add "fog.com" to short hostnames expand-hosts #ensure local queries are answered only be dnsmasq local=/fog.com/ #enable reverse lookups!! server=/0.168.192.in-addr.arpa/127.0.0.1#8600 #listen on the loopback listen-address=127.0.0.1 #listen on this IP listen-address=192.168.0.100 #listen only to the "listen addresses" bind-interfaces #upstream DNS servers server=126.96.36.199
# systemctl restart dnsmasq # systemctl enable dnsmasq
Allow DNS requests from your clients to get to the service:
# firewall-cmd --permanent --add-port=53/tcp # firewall-cmd --permanent --add-port=53/udp # firewall-cmd --reload # firewall-cmd --list-all
On the hosts in my lab, it’s just a matter of pointing them at the server running dnsmasq. So either:
Line in /etc/sysconfig/network-scripts/ifcfg-ethX file:
And then simply use the “dig” or “host” command to test:
[root@rhvi network-scripts]# dig rhvh01 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> rhvh01 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50507 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;rhvh01. IN A ;; ANSWER SECTION: rhvh01. 0 IN A 192.168.0.91 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Nov 03 12:53:59 EDT 2016 ;; MSG SIZE rcvd: 40 [root@rhvi ~]# dig -x 192.168.0.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.0.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20587 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;188.8.131.52.in-addr.arpa. IN PTR ;; ANSWER SECTION: 184.108.40.206.in-addr.arpa. 0 IN PTR rhvi.fog.com. ;; Query time: 0 msec ;; SERVER: 192.168.0.100#53(192.168.0.100) ;; WHEN: Thu Nov 03 12:54:32 EDT 2016 ;; MSG SIZE rcvd: 70
In the “answer section” above, we see that we got resolution and the reply came from the local server. We follow that up with a reverse lookup (with the “-x” option).
In the example below, we’re in a remote host pointed at the DNS (dnsmasq) server, inquiring about the RHV-M server that we’re about to deploy in hosted engine configuration (hint-hint)..
[root@rhvh01 ~]# host rhvm rhvm.fog.com has address 192.168.0.90 [root@rhvh01 ~]# host 192.168.0.90 220.127.116.11.in-addr.arpa domain name pointer rhvm.fog.com. [root@rhvh01 ~]#
That’s it, really… easy to set up on the server and client side…
The following blogs/links were incredibly helpful in getting me up and running!!
Hope this helps,