Make sure you backup files before trying the changes, just to be on the safe side. The following covers getting the forward and reverse dns settings working on a single system. I'll leave the lan admin aspects for some other time.
Contents
Why have matching forward and reverse dns settings
Having matching forward and reverse dns settings match is required by several of the server packages that regularly come up for testing by the qa team. If they match, dns looksup of the systems host name will return an ip address, and a dns lookup of the ip address will return the hostname matching the systems host name. In addition, some packages such as kerberos (krb5 package) will not allow the use of a hostname with a reserved domain name defined in rfc2606, which includes the domain names .test, .example, .invalid, and .localhost http://www.faqs.org/rfcs/rfc2606.html
Some commands and applications respect the settings in the hosts line of /etc/nsswitch.conf, allowing the use of the /etc/hosts file to be used to associate a name with an ip address, but many applications and a few commands such as nslookup bypass that file and use tcp to access a name server, to lookup a dns address. In order to test applications that require matching dns with non reserved domain names the entries must be defined in a dns server. I use bind to achieve this requirement.
An example showing matching dns settings that do not use a reserved domain names from one of my systems ...
$ echo $HOSTNAME x6v.hodgins.homeip.net $ nslookup $HOSTNAME Server: 192.168.10.2 Address: 192.168.10.2#53 Name: x6v.hodgins.homeip.net Address: 192.168.10.114 $ nslookup 192.168.10.114 Server: 192.168.10.2 Address: 192.168.10.2#53 114.10.168.192.in-addr.arpa name = x6v.hodgins.homeip.net.
Note that the above will only work on my lan, as the normal name server for homeip.net will not have my dns entries.
On my system, I redefined the zone homeip.net, which means that if I want to lookup some other host within the homeip.net domain, the easiest way is to temporarily stop my name server.
# host camera.homeip.net Host camera.homeip.net not found: 3(NXDOMAIN) # systemctl stop named.service # host camera.homeip.net camera.homeip.net has address 216.146.39.125
You can use any domain name you want. It doesn't have to be currently in use. Just keep in mind that if it ever does get used, you will not be able to access those hosts while your name server is running.
Requirements for setting up matching forward and reverse dns settings
- The system must be using a statically assigned ip address, or a dynamically assigned address that will not change (i.e. be static).
- Use a hostname, with a syntactically correct domain name that is not reserved by rfc2606. It should be a domain name you normally
will not access over the internet.
- Install and configure a name server. I'll use bind in this example
Select your host and domain name.
For historical reasons I won't get into, I use hodgins.homeip.net as
my domain name. For the rest of this document, I'll select the domain
name of "test.qa". I've chosen that domain name as it's syntactically
correct, and not currently in use. Feel free to use it yourself.
For this example, I'll be changing my current x6v.hodgins.homeip.net
system to use the domain name test.qa, the host name m6.test.qa,
with it's own name server. This system has the static ip address
192.168.10.114 assigned to it.
Install, start and test bind
# urpmi bind http://mirror.math.princeton.edu/pub/mageia/distrib/6/x86_64/media/core/release/bind-9.10.5.P2-1.mga6.x86_64.rpm installing bind-9.10.5.P2-1.mga6.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################################################################################################################### 1/1: bind ########################################################################################################################### # systemctl start named.service # nslookup mageia.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: mageia.com Address: 184.168.221.27
Modify bind to add the domain test.qa, and define the host name m6.
Edit /etc/named.conf and add the lines ...
zone "test.qa" IN { type master; file "test.qa.zone.conf"; allow-update { none; }; }; zone "10.168.192.in-addr.arpa" IN { type master; file "test.qa.reverse.conf"; allow-update { none; }; };
Note the first three parts of the ip address, in reverse order.
Note. I'm not a bind expert, so the below may include things that are not needed or ideal, but it works. :-)
Create the file /var/named/test.qa.zone.conf with the contents ...
$ORIGIN test.qa. $TTL 1D ; any time you make a change to the domain, bump the ; "serial" setting below. the format is easy: ; YYYYMMDDI, with the I being an iterator in case you ; make more than one change during any one day @ IN SOA test.qa hostmaster.test.qa ( 201711211 ; serial 8H ; refresh 4H ; retry 4W ; expire 1D ) ; minimum ; m6.test.qa serves this domain as both the ; name server (NS) and mail exchange (MX) NS m6 MX 10 m6.test.qa ; just in case someone asks for localhost.test.qa localhost A 127.0.0.1 ; our hostnames, in alphabetical order m6 A 192.168.10.114
Create the file /var/named/test.qa.reverse.conf with the contents ...
$ORIGIN 10.168.192.in-addr.arpa. $TTL 1D @ IN SOA test.qa. hostmaster.test.qa. ( 201711211 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200 ; expire (4 weeks) 86400 ; minimum (1 day) ) ; define the authoritative name server NS m6.test.qa. ; our hosts, in numeric order 114 PTR m6.test.qa.
Restart bind and confirm it's working for the new domain name ...
# systemctl restart named.service # nslookup m6.test.qa 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: m6.test.qa Address: 192.168.10.114
Modify the name resolver to use this system as the first name server it tries with ...
# echo "nameserver 127.0.0.1">>/etc/resolvconf/resolv.conf.d/head
Restart the network service and confirm that dns look ups are now working without telling nslookup which dns server to use ...
# systemctl restart network.service # nslookup m6.test.qa Server: 127.0.0.1 Address: 127.0.0.1#53 Name: m6.test.qa Address: 192.168.10.114
Finally, edit the files /etc/hostname and /etc/sysconfig/network, change the hostname to m6.test.qa, reboot for the new host name to take effect.
Confirm the forward and reverse dns lookups are now working ...
$ nslookup m6.test.qa Server: 127.0.0.1 Address: 127.0.0.1#53 Name: m6.test.qa Address: 192.168.10.114 $ nslookup 192.168.10.114 Server: 127.0.0.1 Address: 127.0.0.1#53 114.10.168.192.in-addr.arpa name = m6.test.qa.
That's it. :-) Now you're ready to test packages such as kerberos.