Setting up DNS

Steps to set up the DNS server for IBM Storage Fusion HCI System appliance.

Before you begin

Note: Ensure that the VIP address for Ingress and API are in the same subnet as machine CIDR.

About this task

Forward and reverse lookup must match to ensure that no network spoofing exists. It is a security issue where the hostname points to a wrong IP address. For MAC address, IBM Storage Fusion HCI System installation needs static IPs for its nodes and each node has its own specific hostname. To facilitate this requirement, DHCP is setup to map MAC address with an IP and hostname. In DNS service, similar mapping is configured between IP and hostname and vice-verse.
Note: The samples in this procedure are based on Red Hat® Enterprise Linux. If you are on Microsoft® Linux®, then use equivalent commands.

Procedure

  1. Run the following command to suspend updates to all dynamic zones:
    rndc freeze
  2. Edit your forward lookup (zonefile.db) at /var/named/ folder:
    Note: Forward look up returns the IP address of a hostname.
    Samples forward lookup file:
    $TTL 1W
    @       IN      SOA     ns1.isf.mycompany.com.      root (
                            2021052608      ; serial
                            3H              ; refresh (3 hours)
                            30M             ; retry (30 minutes)
                            2W              ; expiry (2 weeks)
                            1W )            ; minimum (1 week)
            
    ;
    ns1                 IN  A       <dns-vip-ip>
    api                 IN  A       10.44.100.143
    
    
    ; Ingress LB (apps)
    *.apps          IN      A       10.44.100.144  //<wildcard-ingress-lb-ip>;
    ; bootstrap entry
    bootstrap        IN      A       10.44.100.151
    ; Create entries for the master nodes
    control-1-ru2        IN      A       10.44.100.145
    control-1-ru3     IN      A       10.44.100.146
    control-1-ru4       IN      A       10.44.100.147
    ;
    ; Create entries for the worker nodes
    compute-1-ru5       IN      A       10.44.100.148
    compute-1-ru6       IN      A       10.44.100.149
    compute-1-ru7      IN      A       10.44.100.150
    ; AFM nodes
    compute-1-ru23      IN      A       10.44.100.156
    compute-1-ru24      IN      A       10.44.100.157
    ; GPU nodes
    compute-1-ru25      IN      A       10.44.100.158
    compute-1-ru27      IN      A       10.44.100.159
    ;
    ;EOF
  3. Edit the reverse lookup file (reverse.db) at /var/named/reverse.db folder.

    Reverse look up returns the hostname of an IP address.

    Sample reverse lookup file:
    $TTL 1W
    @	IN	SOA	ns1.isf.mycompany.com.	root (
    			2021052608	; serial
    			3H		; refresh (3 hours)
    			30M		; retry (30 minutes)
    			2W		; expiry (2 weeks)
    			1W )	; minimum (1 week)
    	IN	NS	ns1.isf.mycompany.com.
    ;
    143	IN	PTR	api.isf.mycompany.com.
    151	IN	PTR	bootstrap.isf.mycompany.com.
    ;
    ; syntax is "last octet" and the host must have fqdn with trailing dot
    145	IN	PTR	control-1-ru2.isf.mycompany.com.
    146	IN	PTR	control-1-ru3.isf.mycompany.com.
    147	IN	PTR	control-1-ru4.isf.mycompany.com.
    ;
    148	IN	PTR	compute-1-ru5.isf.mycompany.com.
    149	IN	PTR	compute-1-ru6.isf.mycompany.com.
    150	IN	PTR	compute-1-ru7.isf.mycompany.com.
    156	IN	PTR	compute-1-ru23.isf.mycompany.com.
    157	IN	PTR	compute-1-ru24.isf.mycompany.com.
    158	IN	PTR	compute-1-ru25.isf.mycompany.com.
    159	IN	PTR	compute-1-ru27.isf.mycompany.com.
    ;
    ;EOF

    In this example, the IP addresses 10.44.100.143-159 points to the corresponding fully qualified domain name.

  4. Ensure that your named.conf file in the /etc folder contains details of your forward and reverse lookup files.
    Sample named.conf file:
    [root@provisioner named]# cat /etc/named.conf
    
    options {
    	listen-on port 53 { any; };
    	listen-on-v6 port 53 { ::1; };
    	directory 	"/var/named";
    	dump-file 	"/var/named/data/cache_dump.db";
    	statistics-file "/var/named/data/named_stats.txt";
    	memstatistics-file "/var/named/data/named_mem_stats.txt";
    	allow-query     { any; };
        .......
        .......
    ###### Add what's between these comments ###########
    zone "isf.mycompany.com" IN {
    	type	master;
    	file	"zonefile.db";
    };
    zone "100.44.10.in-addr.arpa" IN {
    	type	master;
    	file	"reverse.db";
    };
    ########################################################
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
  5. On the DNS server, run the following commands to open the firewall port for DNS:
    firewall-cmd --zone=public --add-service=dns --permanent
    firewall-cmd --reload