Multiple Fully Functional DNS/Domain Servers

Multiple Fully Functional DNS/Domain Servers

Product Lline:  VERDE

It's a rare request that a customer has a security need to have separate, fully functioning multiple DNS/Domain servers.  In order to support this request/requirement, there are no changes to VERDE.  The only change is to the VERDE Cluster Master server's networking files.

This first section is for the single VERDE server.  My example supports 2 Active Directory Domains.  You can have more.

You will ADD your own ‘server=/’ statements to replace the ‘server=/google.com/8.8.8.8’ statement.
 

Here are my ‘server=’ examples
:


1.  Install ‘dnsmasq’
      # yum –enablerepo=base install dnsmasq

2.  Make sure it starts everytime system boots
      # chkconfig dnsmasq on
3.   Backup original dnsmasq.conf and copy the following lines to dnsmasq.conf
      # cp /etc/dnsmasq.conf{,.original}
      # cat > /etc/dnsmasq.conf
      domain-needed
      bogus-priv
      no-resolv 
      server=/google.com/8.8.8.8 
      server=1.1.1.1 
      #
4,  Start dnsmasq
       # service dnsmasq start
5.   Replace content of /etc/resolv.conf with following
       # cat > /etc/resolv.conf
       nameserver 127.0.0.1
      #



If you have a multi-Cluster Master/Candidate environment, you need to implement one of the following 2 solutions:

1.  Setup dnsmasq on all the CM candidates and start dnsmasq whenever the candidate switches itself as CM. This CM switching needs to be aware of starting the dnsmasq service.
or
2.  Keep a separate node in the cluster for dnsmasq and point all CM candidates to use the dnsmasq node for DNS. The sysadmin should make sure /etc/resolv.conf points to the dnsmasq node on every CM candidate. Basically every dns query should go to the dnsmasq node.