From 712cfcdc91485b70f99b6a6b220d602eab3b8388 Mon Sep 17 00:00:00 2001 From: Shane Lovern Date: Mon, 8 Jul 2024 18:21:37 +0100 Subject: [PATCH] OCPBUGS-34715 - troubleshooting DNS in disconnected environment --- ...shooting-dns-disconnected-env-dnsmasq.adoc | 55 +++++++++++++++ ...-troubleshooting-dns-disconnected-env.adoc | 67 +++++++++++++++++++ ...-nmstate-troubleshooting-node-network.adoc | 4 ++ 3 files changed, 126 insertions(+) create mode 100644 modules/k8s-nmstate-troubleshooting-dns-disconnected-env-dnsmasq.adoc create mode 100644 modules/k8s-nmstate-troubleshooting-dns-disconnected-env.adoc diff --git a/modules/k8s-nmstate-troubleshooting-dns-disconnected-env-dnsmasq.adoc b/modules/k8s-nmstate-troubleshooting-dns-disconnected-env-dnsmasq.adoc new file mode 100644 index 000000000000..2bb44fecdf71 --- /dev/null +++ b/modules/k8s-nmstate-troubleshooting-dns-disconnected-env-dnsmasq.adoc @@ -0,0 +1,55 @@ +// Module included in the following assemblies: +// +// * networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc + +:_mod-docs-content-type: PROCEDURE +[id="troubleshooting-dns-disconnected-env-dnsmasq_{context}"] += Configuring the dnsmasq DNS server + +If you are using `dnsmasq` as the DNS server, you can delegate resolution of the `root-servers.net` domain to another DNS server, for example, by creating a new configuration file that resolves `root-servers.net` using a DNS server that you specify. + +. Create a configuration file that delegates the domain `root-servers.net` to another DNS server by running the following command: ++ +[source,terminal] +---- +$ echo 'server=/root-servers.net/'> /etc/dnsmasq.d/delegate-root-servers.net.conf +---- + +. Restart the `dnsmasq` service by running the following command: ++ +[source,terminal] +---- +$ systemctl restart dnsmasq +---- + +. Confirm that the `root-servers.net` domain is delegated to another DNS server by running the following command: ++ +[source,terminal] +---- +$ journalctl -u dnsmasq|grep root-servers.net +---- ++ +.Example output ++ +[source,terminal] +---- +Jul 03 15:31:25 rhel-8-10 dnsmasq[1342]: using nameserver 192.168.1.1#53 for domain root-servers.net +---- + +. Verify that the DNS server can resolve the NS record for the `root-servers.net` domain by running the following command: ++ +[source,terminal] +---- +$ host -t NS root-servers.net. 127.0.0.1 +---- ++ +.Example output ++ +[source,terminal] +---- +Using domain server: +Name: 127.0.0.1 +Address: 127.0.0.1#53 +Aliases: +root-servers.net name server root-servers.net. +---- diff --git a/modules/k8s-nmstate-troubleshooting-dns-disconnected-env.adoc b/modules/k8s-nmstate-troubleshooting-dns-disconnected-env.adoc new file mode 100644 index 000000000000..45bff98ee3a6 --- /dev/null +++ b/modules/k8s-nmstate-troubleshooting-dns-disconnected-env.adoc @@ -0,0 +1,67 @@ +// Module included in the following assemblies: +// +// * networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc + +:_mod-docs-content-type: PROCEDURE +[id="troubleshooting-dns-disconnected-env_{context}"] += Troubleshooting DNS connectivity issues in a disconnected environment + +If you experience DNS connectivity issues when configuring `nmstate` in a disconnected environment, you can configure the DNS server to resolve the list of name servers for the domain `root-servers.net`. + +== Configuring the bind9 DNS named server + +For a cluster configured to query a `bind9` DNS server, you can add the `root-servers.net` zone to a configuration file that contains at least one NS record. +For example you can use the `/var/named/named.localhost` as a zone file that already matches this criteria. + +.Procedure + +. Add the `root-servers.net` zone at the end of the `/etc/named.conf` configuration file by running the following command: ++ +[source,terminal] +---- +$ cat >> /etc/named.conf <