Fake DNS Realm
From Linux NFS
(Created page with "This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (Kerberos, etc). To use a fake DNS domain, you must run a named server locally and configur...") |
|||
Line 1: | Line 1: | ||
- | This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (Kerberos, etc). | + | This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (with Kerberos, etc). |
- | To use a fake DNS domain, you must run a named server locally and configure all of the clients to use it as | + | To use a fake DNS domain, you must run a named server locally and configure all of the clients to use it as the only nameserver. |
- | + | ||
- | + | ||
DNS domain: '''example.fake''' | DNS domain: '''example.fake''' | ||
Line 10: | Line 8: | ||
* '''server.example.fake''' (192.168.56.20) | * '''server.example.fake''' (192.168.56.20) | ||
* '''client1.example.fake''' (192.168.56.40) | * '''client1.example.fake''' (192.168.56.40) | ||
+ | |||
+ | = Install and configure a server for the fake DNS domain = | ||
+ | |||
+ | The first step is to install the name server ("bind", aka "named") on the server (192.168.56.20). | ||
== Install named on the server == | == Install named on the server == | ||
Line 51: | Line 53: | ||
== Configure the reverse mapping == | == Configure the reverse mapping == | ||
+ | |||
+ | This defines the reverse mapping for the hosts you just defined. Services and CNAMEs don't need to have reverse mappings, but the A records they point to do (as do all A records). | ||
Create the file "/var/named/192-168-56.zone": | Create the file "/var/named/192-168-56.zone": | ||
Line 71: | Line 75: | ||
== Modify named config == | == Modify named config == | ||
+ | |||
+ | Named needs to be configured to use the new zone files and to run as the DNS server for the local network. | ||
Add these sections to file "/etc/named.conf": | Add these sections to file "/etc/named.conf": | ||
Line 86: | Line 92: | ||
</pre> | </pre> | ||
- | + | Then edit the "options" section of the same file "/etc/named.conf": | |
- | + | * change the "listen-on" option to include the server's external address "{ localhost; 192.168.56.20; }" | |
- | + | * change "allow-query" option to "{ localhost; 192.168.56.0/24; }" | |
- | * change the "listen-on" option to include the server's external address | + | |
- | * change "allow-query" option to "{ localhost; 192.168.56.0/24 }" | + | |
* change "dnssec-enable" option to "no" | * change "dnssec-enable" option to "no" | ||
* change "dnssec-validation" option to "no" | * change "dnssec-validation" option to "no" | ||
+ | |||
+ | '''WARNING:''' Turning off DNSsec is probably not a good idea. Be careful. | ||
The resulting /etc/named.conf: | The resulting /etc/named.conf: | ||
Line 154: | Line 160: | ||
== Restart named == | == Restart named == | ||
+ | |||
+ | Restart named to pick up the changes: | ||
<pre> | <pre> | ||
Line 160: | Line 168: | ||
</pre> | </pre> | ||
- | = | + | = All hosts should use the fake DNS server = |
+ | |||
+ | All of the hosts within this testing environment should be configured to use server.example.fake (192.168.56.20) as their only DNS server. This is only needed because the example uses a fake domain name. This step is not required with a real DNS domain. | ||
- | + | == Configure server and client(s) to use the fake DNS server == | |
- | Edit file "/etc/sysconfig/network-scripts/ifcfg-eth0" (or whatever is appropriate) and change the DNS1 line to: | + | Edit file "/etc/sysconfig/network-scripts/ifcfg-eth0" (or whatever is appropriate) and change the "DNS1" line to: |
<pre> | <pre> | ||
Line 170: | Line 180: | ||
</pre> | </pre> | ||
- | Restart | + | You should make sure there aren't any other "DNS" lines. |
+ | |||
+ | == Restart network to pick up the change == | ||
<pre> | <pre> | ||
Line 177: | Line 189: | ||
</pre> | </pre> | ||
- | + | == Test fake DNS domain == | |
+ | |||
+ | Make sure the right nameserver is being used: | ||
<pre> | <pre> | ||
- | [root@ | + | [root@client1 ~]# cat /etc/resolv.conf |
# Generated by NetworkManager | # Generated by NetworkManager | ||
search example.fake | search example.fake | ||
nameserver 192.168.56.20 | nameserver 192.168.56.20 | ||
</pre> | </pre> | ||
+ | |||
+ | Lookup the server: | ||
<pre> | <pre> | ||
- | [root@ | + | [root@client1 ~]# nslookup server.example.fake |
Server: 192.168.56.20 | Server: 192.168.56.20 | ||
Address: 192.168.56.20#53 | Address: 192.168.56.20#53 | ||
Line 193: | Line 209: | ||
Name: server.example.fake | Name: server.example.fake | ||
Address: 192.168.56.20 | Address: 192.168.56.20 | ||
+ | |||
</pre> | </pre> | ||
+ | |||
+ | Now do the reverse lookup on the server: | ||
+ | |||
+ | <pre> | ||
+ | [root@client1 ~]# nslookup 192.168.56.20 | ||
+ | Server: 192.168.56.20 | ||
+ | Address: 192.168.56.20#53 | ||
+ | |||
+ | 20.56.168.192.in-addr.arpa name = server.example.fake. | ||
+ | |||
+ | </pre> | ||
+ | |||
+ | = Common problems = | ||
+ | |||
+ | XXX |
Revision as of 03:45, 20 July 2011
This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (with Kerberos, etc).
To use a fake DNS domain, you must run a named server locally and configure all of the clients to use it as the only nameserver.
DNS domain: example.fake
Hosts:
- server.example.fake (192.168.56.20)
- client1.example.fake (192.168.56.40)
Contents |
Install and configure a server for the fake DNS domain
The first step is to install the name server ("bind", aka "named") on the server (192.168.56.20).
Install named on the server
[root@server ~]# sudo yum install bind
Configure the DNS zone
This creates a DNS zone for "example.fake".
Three services are defined for use with FreeIPA (XXX link??).
Create the file "/var/named/example.fake.zone":
$TTL 3D @ IN SOA ns1.example.fake. hostmaster.example.fake. ( 201107111 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds NS ns1 ; Inet Address of nameserver example.fake. MX 10 mail ; Primary Mail Exchanger ns1 A 192.168.56.20 server A 192.168.56.20 client1 A 192.168.56.40 ipa CNAME build ; DNS auto discovery of services _ldap._tcp SRV 10 10 389 server.example.fake. _kerberos._udp SRV 10 10 88 server.example.fake. _kerberos._tcp SRV 10 10 88 server.example.fake.
Configure the reverse mapping
This defines the reverse mapping for the hosts you just defined. Services and CNAMEs don't need to have reverse mappings, but the A records they point to do (as do all A records).
Create the file "/var/named/192-168-56.zone":
$TTL 2d ; 172800 seconds $ORIGIN 56.168.192.IN-ADDR.ARPA. @ IN SOA ns1.example.fake. hostmaster.example.fake. ( 201107111 ; serial number 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds IN NS ns1.example.fake. 20 IN PTR server.example.fake. 40 IN PTR client1.example.fake.
Modify named config
Named needs to be configured to use the new zone files and to run as the DNS server for the local network.
Add these sections to file "/etc/named.conf":
zone "example.fake" IN { type master; file "example.fake.zone"; }; zone "56.168.192.in-addr.arpa" IN { type master; file "192-168-56.zone"; };
Then edit the "options" section of the same file "/etc/named.conf":
- change the "listen-on" option to include the server's external address "{ localhost; 192.168.56.20; }"
- change "allow-query" option to "{ localhost; 192.168.56.0/24; }"
- change "dnssec-enable" option to "no"
- change "dnssec-validation" option to "no"
WARNING: Turning off DNSsec is probably not a good idea. Be careful.
The resulting /etc/named.conf:
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.56.20; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.56.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation no; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "example.fake" IN { type master; file "example.fake.zone"; }; zone "56.168.192.in-addr.arpa" IN { type master; file "192-168-56.zone"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
Restart named
Restart named to pick up the changes:
[root@server ~]# service named restart Restarting named (via systemctl): [ OK ]
All hosts should use the fake DNS server
All of the hosts within this testing environment should be configured to use server.example.fake (192.168.56.20) as their only DNS server. This is only needed because the example uses a fake domain name. This step is not required with a real DNS domain.
Configure server and client(s) to use the fake DNS server
Edit file "/etc/sysconfig/network-scripts/ifcfg-eth0" (or whatever is appropriate) and change the "DNS1" line to:
DNS1=192.168.56.20
You should make sure there aren't any other "DNS" lines.
Restart network to pick up the change
[root@server ~]# service network restart Restarting network (via systemctl): [ OK ]
Test fake DNS domain
Make sure the right nameserver is being used:
[root@client1 ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.fake nameserver 192.168.56.20
Lookup the server:
[root@client1 ~]# nslookup server.example.fake Server: 192.168.56.20 Address: 192.168.56.20#53 Name: server.example.fake Address: 192.168.56.20
Now do the reverse lookup on the server:
[root@client1 ~]# nslookup 192.168.56.20 Server: 192.168.56.20 Address: 192.168.56.20#53 20.56.168.192.in-addr.arpa name = server.example.fake.
Common problems
XXX