blanchet
Guru
- Joined
- Apr 17, 2018
- Messages
- 516
Abstract
In many small deployments, VMware vCenter depends on a virtual name server hosted on the same VMware cluster. If the name server goes down, vCenter becomes unresponsive, and then the administrator has to use the local ESXI interface to repair the name server to recover his access to vCenter. Obviously, to avoid such a dependency, vCenter could connect its ESXi nodes by IP instead of names, but it is unconvenient.
Therefore, this guide explains how to setup a minimal external DNS running on FreeNAS 11.2u6 to avoid losing access to vCenter when the virtual name server is unavailable.
Setup
This guide explains how to setup a jail with dnsmasq in a shared IP jail to provide only a domain name server (DNS). If you want to use also dnsmasq as a DHCP server, you have to setup a VNET jail, which is not explained in this guide.
Convention
In this guide, I use the following values
Jail creation with iocage
Login to the FreeNAS shell with SSH
Jail configuration
When you are in the jail shell, install dnsmasq
edit the configuration file
The option
Edit the file
Enable the dnsmasq service
Check that the service runs
Query the DNS with drill
Conclusion
Now you can configure vCenter to use this new DNS.
In many small deployments, VMware vCenter depends on a virtual name server hosted on the same VMware cluster. If the name server goes down, vCenter becomes unresponsive, and then the administrator has to use the local ESXI interface to repair the name server to recover his access to vCenter. Obviously, to avoid such a dependency, vCenter could connect its ESXi nodes by IP instead of names, but it is unconvenient.
Therefore, this guide explains how to setup a minimal external DNS running on FreeNAS 11.2u6 to avoid losing access to vCenter when the virtual name server is unavailable.
Setup
This guide explains how to setup a jail with dnsmasq in a shared IP jail to provide only a domain name server (DNS). If you want to use also dnsmasq as a DHCP server, you have to setup a VNET jail, which is not explained in this guide.
Convention
In this guide, I use the following values
Pool name | tank1 |
Domain name | example.com |
jail name | jaildns |
jail IP address | 192.168.100.2 |
Ethernet Interface | cxl0 |
Login to the FreeNAS shell with SSH
Code:
iocage activate tank1 # activate the pool only if you have never created any jails iocage create -r 11.2-RELEASE --name jaildns # create a new jail iocage set ip4_addr="cxl0|192.168.100.2/24" jaildns # configure the IP address iocage set allow_raw_sockets=1 jaildns # optional: allow ping in the jail iocage set boot=on jaildns # auto-boot when freenas start iocage start jaildns # start the jail iocage console jaildns # enter in the jail
Jail configuration
When you are in the jail shell, install dnsmasq
Code:
pkg install dnsmasq
edit the configuration file
/usr/local/etc/dnsmasq.conf
Code:
domain-needed no-resolv server=8.8.8.8 # Google DNS to forward requests local=/example.com/ listen-address=192.168.100.2 # to prevent binding on lo0 bind-interfaces expand-hosts domain=example.com
The option
listen-address=192.168.100.2
is very important, otherwise dnsmasq will try to bind also on lo0, which has no IP address in the jail, and then name resolution will fail.Edit the file
/etc/hosts
which will be used by dnsmasqCode:
127.0.0.1 localhost 192.168.100.2 jaildns 192.168.100.10 vcenter 192.168.100.11 esxi-one 192.168.100.12 esxi-two
Enable the dnsmasq service
Code:
sysrc dnsmasq_enable="YES" service dnsmasq start
Check that the service runs
sockstat -4 -p 53
Code:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS nobody dnsmasq 89633 4 udp4 192.168.100.2:53 *:* nobody dnsmasq 89633 5 tcp4 192.168.100.2:53 *:*
Query the DNS with drill
drill vcenter @192.168.100.2
Code:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35828 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; vcenter. IN A ;; ANSWER SECTION: vcenter. 0 IN A 192.168.100.10
Conclusion
Now you can configure vCenter to use this new DNS.
Last edited: