What if you have an application such as OVirt/RHEV-M that relies on DNS services records and you dont have the possibility to add them to the DNS servers because the DNS admins do not like to do its job?
Fake them! DNSMasq is your friend 🙂 Install dnsmasq on the server in question and configure /etc/resolv.conf to query first dnsmask on localhost.
yum -y install dnsmasq chkconfig dnsmasq on
Assuming your subdomain is called example.com and your ldap and kerberos providers are ipa1.example.com and ipa2.example.com, configure dnsmasq as following:
cat << EOF >> /etc/dnsmasq.conf srv-host =_kerberos._udp.example.com,ipa1.example.com,88 srv-host =_kerberos._udp.example.com,ipa2.example.com,88 srv-host =_kerberos._tcp.example.com,ipa1.example.com,88 srv-host =_kerberos._tcp.example.com,ipa2.example.com,88 srv-host =_kerberos-master._tcp.example.com,ipa1.example.com,88 srv-host =_kerberos-master._tcp.example.com,ipa2.example.com,88 srv-host =_kerberos-master._udp.example.com,ipa1.example.com,88 srv-host =_kerberos-master._udp.example.com,ipa2.example.com,88 srv-host =_kpasswd._tcp.example.com,ipa1.example.com,88 srv-host =_kpasswd._tcp.example.com,ipa2.example.com,88 srv-host =_kpasswd._udp.example.com,ipa1.example.com,88 srv-host =_kpasswd._udp.example.com,ipa2.example.com,88 srv-host =_ldap._tcp.example.com,ipa1.example.com,389 srv-host =_ldap._tcp.example.com,ipa2.example.com,389 txt-record=_kerberos.example.com,"EXAMPLE.COM" EOF
Add the follwing line to /etc/resolv.conf and make sure 127.0.0.1 is the first DNS server to be queried.
nameserver 127.0.0.1
Start dnsmasq and have fun 🙂
service dnsmask start
Great job!
I had a lot of issue with my ipa server trust AD/DNS and now it resolved with your script!
Thanks you 🙂
Great help, much appreciated!