Providing SRV and TXT records for Kerberos and LDAP with dnsmasq

What if you have an application such as OVirt/RHEV-M that relies on DNS services records and you dont have the possibility to add them to the DNS servers because the DNS admins do not like to do its job?

Fake them! DNSMasq is your friend 🙂 Install dnsmasq on the server in question and configure /etc/resolv.conf to query first dnsmask on localhost.

yum -y install dnsmasq
chkconfig dnsmasq on

Assuming your subdomain is called example.com and your ldap and kerberos providers are ipa1.example.com and ipa2.example.com, configure dnsmasq as following:

cat << EOF >> /etc/dnsmasq.conf
srv-host =_kerberos._udp.example.com,ipa1.example.com,88
srv-host =_kerberos._udp.example.com,ipa2.example.com,88
srv-host =_kerberos._tcp.example.com,ipa1.example.com,88
srv-host =_kerberos._tcp.example.com,ipa2.example.com,88
srv-host =_kerberos-master._tcp.example.com,ipa1.example.com,88
srv-host =_kerberos-master._tcp.example.com,ipa2.example.com,88
srv-host =_kerberos-master._udp.example.com,ipa1.example.com,88
srv-host =_kerberos-master._udp.example.com,ipa2.example.com,88
srv-host =_kpasswd._tcp.example.com,ipa1.example.com,88
srv-host =_kpasswd._tcp.example.com,ipa2.example.com,88
srv-host =_kpasswd._udp.example.com,ipa1.example.com,88
srv-host =_kpasswd._udp.example.com,ipa2.example.com,88
srv-host =_ldap._tcp.example.com,ipa1.example.com,389
srv-host =_ldap._tcp.example.com,ipa2.example.com,389
txt-record=_kerberos.example.com,"EXAMPLE.COM"
EOF

Add the follwing line to /etc/resolv.conf and make sure 127.0.0.1 is the first DNS server to be queried.

nameserver 127.0.0.1

Start dnsmasq and have fun 🙂

service dnsmask start

2 thoughts on “Providing SRV and TXT records for Kerberos and LDAP with dnsmasq

  1. jack says:

    Great job!

    I had a lot of issue with my ipa server trust AD/DNS and now it resolved with your script!
    Thanks you 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *