Fake DNS Realm
From Linux NFS
This document describes the basic setup of a fake DNS domain for use in testing NFSv4 (Kerberos, etc).
To use a fake DNS domain, you must run a named server locally and configure all of the clients to use it as their only nameserver.
Contents |
Install and configure a server for the fake DNS domain
DNS domain: example.fake
Hosts:
- server.example.fake (192.168.56.20)
- client1.example.fake (192.168.56.40)
Install named on the server
[root@server ~]# sudo yum install bind
Configure the DNS zone
This creates a DNS zone for "example.fake".
Three services are defined for use with FreeIPA (XXX link??).
Create the file "/var/named/example.fake.zone":
$TTL 3D
@ IN SOA ns1.example.fake. hostmaster.example.fake. (
201107111 ; serial#
3600 ; refresh, seconds
3600 ; retry, seconds
3600 ; expire, seconds
3600 ) ; minimum, seconds
NS ns1 ; Inet Address of nameserver
example.fake. MX 10 mail ; Primary Mail Exchanger
ns1 A 192.168.56.20
server A 192.168.56.20
client1 A 192.168.56.40
ipa CNAME build
; DNS auto discovery of services
_ldap._tcp SRV 10 10 389 server.example.fake.
_kerberos._udp SRV 10 10 88 server.example.fake.
_kerberos._tcp SRV 10 10 88 server.example.fake.
Configure the reverse mapping
Create the file "/var/named/192-168-56.zone":
$TTL 2d ; 172800 seconds
$ORIGIN 56.168.192.IN-ADDR.ARPA.
@ IN SOA ns1.example.fake. hostmaster.example.fake. (
201107111 ; serial number
3600 ; refresh, seconds
3600 ; retry, seconds
3600 ; expire, seconds
3600 ) ; minimum, seconds
IN NS ns1.example.fake.
20 IN PTR server.example.fake.
40 IN PTR client1.example.fake.
Modify named config
Add these sections to file "/etc/named.conf":
zone "example.fake" IN {
type master;
file "example.fake.zone";
};
zone "56.168.192.in-addr.arpa" IN {
type master;
file "192-168-56.zone";
};
There are a few other things that I needed to configure in my test setup. You probably don't want to turn off dnssec in real world setups!
In the "options" section:
- change the "listen-on" option to include the server's external address ""{ localhost; 192.168.56.20; }"
- change "allow-query" option to "{ localhost; 192.168.56.0/24 }"
- change "dnssec-enable" option to "no"
- change "dnssec-validation" option to "no"
The resulting /etc/named.conf:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.56.20; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.56.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.fake" IN {
type master;
file "example.fake.zone";
};
zone "56.168.192.in-addr.arpa" IN {
type master;
file "192-168-56.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Restart named
[root@server ~]# service named restart Restarting named (via systemctl): [ OK ]
Configure the client(s) and server to use the local DNS server
The server and all clients should use this name server (with this testing environment). With a real DNS server, clients shouldn't require this configuration.
Edit file "/etc/sysconfig/network-scripts/ifcfg-eth0" (or whatever is appropriate) and change the DNS1 line to:
DNS1=192.168.56.20
Restart the network service to pick up the change.
[root@server ~]# service network restart Restarting network (via systemctl): [ OK ]
And verify that it worked:
[root@server ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.fake nameserver 192.168.56.20
[root@server ~]# nslookup server.example.fake Server: 192.168.56.20 Address: 192.168.56.20#53 Name: server.example.fake Address: 192.168.56.20
