RHV and DNS

Hi folks, here’s another “pre” post. What I mean by that is that in the process of creating a demo and the surrounding article, I found I needed to create a sidebar article in order to show how configure an important component. In this case, the requirement to fulfill forward and reverse name server resolution in RHV has lead me to create a basic DNS server. In this case, “dnsmasq” is a perfect solution…

Let me be clear here: I am NOT recommending dnsmasq for production DNS. For production I would recommend deploying BIND, Red Hat IdM, or something else. I’m using dnsmasq because I need something for my home lab and I think you might benefit from the configuration I’m using in your home or test lab. I don’t have that many systems, and a lightweight service like dnsmasq will work nicely.

Background

The RHV 4 documentation is very clear about the requirement for FQDN and fully functional DNS. Simply relying on “/etc/hosts” isn’t going to cut it anymore. Dnsmasq will provide a great and simple solution for small labs. For the uninitiated, dnsmasq provides DHCP, TFTP, DNS, and DNS forwarding. We’ll really only be concerned with the DNS and DNS forwarding features in this particular tutorial

Server Side

On my RHEL 7 server, dnsmasq was already installed, so it was just a matter of configuring a few lines, restarting the service, and then poking a hole through the firewall.

After making a copy of the configuration file (/etc/dnsmasq.conf), I created a new one:

# Configuration file for dnsmasq.
#
#block incomplete requests
domain-needed
#prevent non-routable addresseses from being forwarded
bogus-priv
#my private mini "almost" cloud
domain=fog.com
#add "fog.com" to short hostnames
expand-hosts
#ensure local queries are answered only be dnsmasq
local=/fog.com/
#enable reverse lookups!!
server=/0.168.192.in-addr.arpa/127.0.0.1#8600
#listen on the loopback
listen-address=127.0.0.1
#listen on this IP
listen-address=192.168.0.100
#listen only to the "listen addresses"
bind-interfaces
#upstream DNS servers
server=8.8.8.8

Restart dnsmasq:

# systemctl restart dnsmasq
# systemctl enable dnsmasq

Allow DNS requests from your clients to get to the service:

# firewall-cmd --permanent --add-port=53/tcp
# firewall-cmd --permanent --add-port=53/udp
# firewall-cmd --reload
# firewall-cmd --list-all

Client side

On the hosts in my lab, it’s just a matter of pointing them at the server running dnsmasq. So either:

/etc/resolv.conf:

nameserver=<ip_of_dnsmasq_server>

or

Line in /etc/sysconfig/network-scripts/ifcfg-ethX file:

DNS1=<ip_of_dnsmasq_server>

And then simply use the “dig” or “host” command to test:

[root@rhvi network-scripts]# dig rhvh01

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> rhvh01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50507
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;rhvh01.                IN    A

;; ANSWER SECTION:
rhvh01.            0    IN    A    192.168.0.91

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Nov 03 12:53:59 EDT 2016
;; MSG SIZE  rcvd: 40

[root@rhvi ~]# dig -x 192.168.0.100

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20587
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;100.0.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
100.0.168.192.in-addr.arpa. 0    IN    PTR    rhvi.fog.com.

;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Thu Nov 03 12:54:32 EDT 2016
;; MSG SIZE  rcvd: 70

In the “answer section” above, we see that we got resolution and the reply came from the local server. We follow that up with a reverse lookup (with the “-x” option).

In the example below, we’re in a remote host pointed at the DNS (dnsmasq) server, inquiring about the RHV-M server that we’re about to deploy in hosted engine configuration (hint-hint)..

[root@rhvh01 ~]# host rhvm
rhvm.fog.com has address 192.168.0.90
[root@rhvh01 ~]# host 192.168.0.90
90.0.168.192.in-addr.arpa domain name pointer rhvm.fog.com.
[root@rhvh01 ~]#

That’s it, really… easy to set up on the server and client side…

Many thanks

The following blogs/links were incredibly helpful in getting me up and running!!

  • https://www.linux.com/learn/dnsmasq-easy-lan-name-services
  • http://stackoverflow.com/questions/32852975/reverse-dns-lookup-with-consul-and-dnsmasq

Hope this helps,

Captain KVM

 

 

3 thoughts on “RHV and DNS”

  1. Instead of replacing dnsmasq.conf you can drop your config file in ./etc/dnsmasq.d and not have to worry about your config file getting clobbered during a patch run.

Agree? Disagree? Something to add to the conversation?