From Linux NFS

(Difference between revisions)

Weston Andros Adamson (Talk | contribs)
(Created page with "This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (Kerberos, etc). To use a fake DNS domain, you must run a named server locally and configur...")
Newer edit →

Revision as of 03:23, 20 July 2011

This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (Kerberos, etc).

To use a fake DNS domain, you must run a named server locally and configure all of the clients to use it as their only nameserver.

Install and configure a server for the fake DNS domain

DNS domain: example.fake

Hosts:

server.example.fake (192.168.56.20)
client1.example.fake (192.168.56.40)

Install named on the server

 [root@server ~]# sudo yum install bind

Configure the DNS zone

This creates a DNS zone for "example.fake".

Three services are defined for use with FreeIPA (XXX link??).

Create the file "/var/named/example.fake.zone":

$TTL 3D
@       IN      SOA     ns1.example.fake. hostmaster.example.fake. (
                       201107111       ; serial#
                       3600            ; refresh, seconds
                       3600            ; retry, seconds
                       3600            ; expire, seconds
                       3600 )          ; minimum, seconds

                NS      ns1             ; Inet Address of nameserver
example.fake.   MX      10 mail         ; Primary Mail Exchanger

ns1             A       192.168.56.20
server          A       192.168.56.20

client1         A       192.168.56.40

ipa             CNAME   build

; DNS auto discovery of services
_ldap._tcp      SRV 10 10 389 server.example.fake.
_kerberos._udp  SRV 10 10 88 server.example.fake.
_kerberos._tcp  SRV 10 10 88 server.example.fake.

Configure the reverse mapping

Create the file "/var/named/192-168-56.zone":

$TTL 2d  ; 172800 seconds
$ORIGIN 56.168.192.IN-ADDR.ARPA.
@       IN        SOA        ns1.example.fake.  hostmaster.example.fake. (
                            201107111          ; serial number
                            3600               ; refresh, seconds
                            3600               ; retry, seconds
                            3600               ; expire, seconds
                            3600 )             ; minimum, seconds

                IN      NS      ns1.example.fake.
20              IN      PTR     server.example.fake.
40              IN      PTR     client1.example.fake.

Modify named config

Add these sections to file "/etc/named.conf":

zone "example.fake" IN {
	type master;
	file "example.fake.zone";
};

zone "56.168.192.in-addr.arpa" IN {
	type master;
	file "192-168-56.zone";
};

There are a few other things that I needed to configure in my test setup. You probably don't want to turn off dnssec in real world setups!

In the "options" section:

change the "listen-on" option to include the server's external address ""{ localhost; 192.168.56.20; }"
change "allow-query" option to "{ localhost; 192.168.56.0/24 }"
change "dnssec-enable" option to "no"
change "dnssec-validation" option to "no"

The resulting /etc/named.conf:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; 192.168.56.20; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 192.168.56.0/24; };
	recursion yes;

	dnssec-enable yes;
	dnssec-validation no;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "example.fake" IN {
        type master;
        file "example.fake.zone";
};

zone "56.168.192.in-addr.arpa" IN {
        type master;
        file "192-168-56.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Restart named

[root@server ~]# service named restart
Restarting named (via systemctl):                          [  OK  ]

Configure the client(s) and server to use the local DNS server

The server and all clients should use this name server (with this testing environment). With a real DNS server, clients shouldn't require this configuration.

Edit file "/etc/sysconfig/network-scripts/ifcfg-eth0" (or whatever is appropriate) and change the DNS1 line to:

DNS1=192.168.56.20

Restart the network service to pick up the change.

[root@server ~]# service network restart
Restarting network (via systemctl):                        [  OK  ]

And verify that it worked:

[root@server ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search example.fake
nameserver 192.168.56.20

[root@server ~]# nslookup server.example.fake
Server:		192.168.56.20
Address:	192.168.56.20#53

Name:	server.example.fake
Address: 192.168.56.20

Fake DNS Realm

From Linux NFS

Revision as of 03:23, 20 July 2011

Contents

Install and configure a server for the fake DNS domain

Install named on the server

Configure the DNS zone

Configure the reverse mapping

Modify named config

Restart named

Configure the client(s) and server to use the local DNS server

Views

Personal tools

Navigation

Search

Toolbox