Skip to content

Infrastructure (DNS)

Jump to bottom Edit New page
LionsPhil edited this page Jun 5, 2015 · 1 revision

It can be helpful to set up a DNS server amongst your Plumage Client/Server setups, so your configurations can refer servers by name. Apart from possibly making your configurations a little more readable, this will test your DNS resolver if you are putting your load through a non-transparent proxy. Depending on what the device you're testing does, you might also test reverse-DNS of the client addresses.

This isn't strictly part of Plumage setup; you can do this any way you like, or not at all. This page just documents one way to achieve it that may save you some research time.

Don't use this as a guide for setting up live DNS servers. This is just enough to get you an isolated test environment and is likely not best practice for the wider world. (In particular we use very low TTL values.)

Using bind9

bind9 is packaged for Debian and Ubuntu and can be set up reasonably simply on the Server if you don't have a third box on the test switch.

  • Install bind9 (e.g. apt-get install bind9)
  • (Optional) Edit /etc/bind/named.conf.options to add a forwarder. This lets your device under test still do other DNS lookups by delegating through to your normal DNS server. The downside is you should be careful not to accidentally point your test configurations to DNS names not in this server, or they'll start hitting your production one:
forwarders {
    10.0.0.1;
};
  • Still in /etc/bind/named.conf.options, let the proxy under test use this server (since we assume the test environment is firewalled, this sets very open security), and specify which address to listen on:
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
listen-on { 10.80.2.2; };
  • Edit /etc/bind/named.conf.local and add zones for forward and reverse lookups of your agent addresses. We use a fictional TLD here to avoid conflicts with the real world (although this is becoming harder as more TLDs open up):
zone "plumage.testing" {
    type master;
    file "/etc/bind/plumage-forward.db";
}

zone "2.80.10.in-addr.arpa" IN {
    type master;
    file "/etc/bind/plumage-reverse.db";
}
  • Create /etc/bind/plumage-forward.db mapping from names to addresses:
$TTL 60
@       IN      SOA     plumagedns.mycompany.example. none.example.com. ( 2015022400 60 60 60 60 )
                NS      plumagedns.mycompany.example.
agent00         A       10.80.2.3
agent01         A       10.80.2.4
agent02         A       10.80.2.5

...

agent63         A       10.0.132.66
  • Create /etc/bind/plumage-reverse.db mapping from addresses to names:
$TTL 60
@       IN      SOA     plumagedns.mycompany.example none.example.com ( 2015022400 60 60 60 60 )
@       IN      NS      plumagedns.mycompany.example.
3       IN      PTR     agent00.plumage.testing.
4       IN      PTR     agent01.plumage.testing.

...

66      IN      PTR     agent63.plumage.testing.
  • Get Bind to restart or reload its config (e.g. sudo /etc/init.d/bind9 force-reload)
  • Check your system log for any errors
  • Try doing some lookups through your DNS server to test it:
  • dig @10.80.2.2 agent00.plumage.testing. should give you an answer like 10.80.2.3
  • dig @10.80.2.2 -x 10.80.2.3 should give you an answer like agent00.plumage.testing.
  • dig @10.80.2.2 with a real domain name should resolve it if you chose to enable forwarding

Plumage wiki content is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Add a custom sidebar
Clone this wiki locally