Tips & tricks for installing and running ICS products

Setup dnsmasq for proof of concept / development / test environments

Tom Bosmans  9 January 2014 11:05:20
I was growing tired of maintaining different /etc/hosts files on all my Linux virtual machines that run a variety of IBM Collaboration Solutions software.  Installing a full fledged DNS server like bind is a bit overkill, and there are solutions to distribute configuration files around (like cfengine)  , but I ended up looking at dnsmasq (http://www.thekelleys.org.uk/dnsmasq/doc.html).  Not new, not revolutionary, but simple and should to the job.  And it's being used by default in Ubuntu ...

It's a small dns server that can use an /etc/hosts file or another version of such a file, to serve queries for a specific domain.  All other queries are forwarded to the dns server configured in /etc/resolv.conf .  
An added advantage is that you really configure dns in the virtual machines and so can easily conform to the requirements in (most) IBM products of using Fully Qualified hostnames, without a lot of effort.  As an added bonus, would work for all guest Operating systems (Windows, Linux, ...).

In my case, I have VMWare workstation running on my Lenovo W520 laptop running Ubuntu 13.04, with a lot of virtual machines on a NAT virtual network.
There's 2 places where I could run dnsmasq :
- a virtual machine that I generally need anyway (like the one running my IDS Ldap server with WebSeal).  The disadvantage obviously is that this machine should always be up and running.
- the host os  .  This is actually a great place, since it means I only need to maintain a hostfile here and it will be automatically used on my Virtual Machines.  And in Ubuntu (which I'm running), dnsmasq is running by default (started by NetworkManager).  The drawback is that I need to make sure the Virtual machines can connect to it (so punch a hole in the firewall).

So I go with the host OS option :

Ubuntu 12.04


Unfortunately, I can't find a way to modify the NetworkManager-managed dnsmasq.  This is only available from Ubuntu 12.10 onwards ...

So in this case, you'd need to disable the dnsmasq from NetworkManager and install a separate version.  It's not that easy to get right , though , so I did not get this working.


Ubuntu 12.10/13.04/13.10/14.04


- configure dnsmasq : on Ubuntu 12.10 (and higher), dnsmasq is actually already used by NetworkManager.  So if you installl it, you'd have to disable it in the NetworkManager configuration .

The alternative is to add the necessary options that you need to this NetworkManager-managed dnsmasq .  The NetworkManager-managed instance is running with the no-hosts option, which is annoying.
So you need to add a file (dnsmasq.conf) to /etc/NetworkManager/dnsmasq.d/
This in the file , but actually only addn-hosts and local are really required

local=/tb.issc.ibm.com/
addn-hosts=/etc/hosts
interface=lo
interface=vmnet8


For completeness, here what you need to do in a guest OS like CentOS :


- install dnsmasg : eg. yum install dnsmasq

- configure dnsmasq.  There's actually not a lot to configure, just the domain name you want to handle with dnsmasq (your own domain).  In my case, this is tb.issc.ibm.com.
The only change in /etc/dnsmasq.conf I made is adding this entry :

local=/tb.issc.ibm.com/


Start dnsmasq :

service dnsmasq stop
service dnsmasq start


Firewall


- update the firewall configuration :  I added a rule file for my ubuntu firewall into the directory /etc/iptables.d/filter/INPUT named 90-myrules.rule
-I INPUT 2 -i vmnet8 --dport 53 -j ACCEPT

This rule inserts itself at the 2nd position, and allows incoming DNS requests only from the interface vmnet8 (used by the VMWare NAT virtual network).

Virtual machines configuration


Linux


- configure /etc/resolv.conf on the virtual host machines , to use the Host machine as the dns server.  The ip address that you need to use is the ip address for the vmnet8 adapter on your host machine.

user@ThinkPad-W520:/etc/iptables.d/filter/INPUT# ifconfig vmnet8
vmnet8    Link encap:Ethernet  HWaddr 00:50:56:c0:00:08  
inet addr:172.16.231.1
 Bcast:172.16.231.255  Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:256949 errors:0 dropped:0 overruns:0 frame:0
TX packets:221056 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Now edit /etc/resolv.conf :

search issc.ibm.com
nameserver  172.16.231.1


And if you use dhcp in your virtual machines,  make sure that your /etc/resolv.conf is not overwritten on reboot :
Edit  /etc/sysconfig/network-scripts/ifcfg-eth0

vi /etc/sysconfig/network-scripts/ifcfg-eth0

add or modify the entry

PEERDNS=no

This effectively disables updating the dns servers from dhcp (which in the case of VMWare NAT networks, would be set to xx.xx.xx.2 )


Windows


For your Windows Virtual Machines, open the Local Area Connection Properties and then the TCPIP/Ipv4 item:
Image:Setup dnsmasq for proof of concept / development / test environments

Set "Use the following DNS server addresses" and enter the IP address of your host machine (see the Linux section above) .

Image:Setup dnsmasq for proof of concept / development / test environments
Save everything .


Single source hostfile


The result is that I now can easily use hostnames in all configuration in my virtual machines without having to modify multiple hostfiles ...  Should be a real timesaver .
One annoying issue, is that when you change /etc/hosts, you'll need to restart dnsmasq.  On Ubuntu, this means restarting Network Manager :

sudo restart network-manager


The only file you need to maintain, is the /etc/hosts file on your host workstation.  All your virtual machines are immediately up to date!