What if you have an application such as OVirt/RHEV-M that relies on DNS services records and you dont have the possibility to add them to the DNS servers because the DNS admins do not like to do its job?
Fake them! DNSMasq is your friend 🙂 Install dnsmasq on the server in question and configure /etc/resolv.conf to query first dnsmask on localhost.
yum -y install dnsmasq chkconfig dnsmasq on
Assuming your subdomain is called example.com and your ldap and kerberos providers are ipa1.example.com and ipa2.example.com, configure dnsmasq as following:
cat << EOF >> /etc/dnsmasq.conf srv-host =_kerberos._udp.example.com,ipa1.example.com,88 srv-host =_kerberos._udp.example.com,ipa2.example.com,88 srv-host =_kerberos._tcp.example.com,ipa1.example.com,88 srv-host =_kerberos._tcp.example.com,ipa2.example.com,88 srv-host =_kerberos-master._tcp.example.com,ipa1.example.com,88 srv-host =_kerberos-master._tcp.example.com,ipa2.example.com,88 srv-host =_kerberos-master._udp.example.com,ipa1.example.com,88 srv-host =_kerberos-master._udp.example.com,ipa2.example.com,88 srv-host =_kpasswd._tcp.example.com,ipa1.example.com,88 srv-host =_kpasswd._tcp.example.com,ipa2.example.com,88 srv-host =_kpasswd._udp.example.com,ipa1.example.com,88 srv-host =_kpasswd._udp.example.com,ipa2.example.com,88 srv-host =_ldap._tcp.example.com,ipa1.example.com,389 srv-host =_ldap._tcp.example.com,ipa2.example.com,389 txt-record=_kerberos.example.com,"EXAMPLE.COM" EOF
Add the follwing line to /etc/resolv.conf and make sure 127.0.0.1 is the first DNS server to be queried.
Start dnsmasq and have fun 🙂
service dnsmask start
2 thoughts on “Providing SRV and TXT records for Kerberos and LDAP with dnsmasq”
I had a lot of issue with my ipa server trust AD/DNS and now it resolved with your script!
Thanks you 🙂
Great help, much appreciated!