QA:Testcase freeipav2 dns integration

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Created page with '{{QA/Test_Case |description=DNS integration testing. |setup= # Make sure you have a working FreeIPA server (see QA:Testcase_freeipav2_installation) # Make sure the CLI works ...')
 
 
Line 2: Line 2:
 
|description=DNS integration testing.
 
|description=DNS integration testing.
 
|setup=
 
|setup=
# Make sure you have a working FreeIPA server (see [[QA:Testcase_freeipav2_installation]])
+
# Make sure you have a working FreeIPA server (see [[QA:Testcase_freeipav2_installation]]) installed with DNS
 
# Make sure the CLI works as expected (see [[QA:Testcase_freeipav2_cli]])
 
# Make sure the CLI works as expected (see [[QA:Testcase_freeipav2_cli]])
  
 
|actions=
 
|actions=
TODO
+
=== DNS integration overview ===
 +
The DNS integration is done using the <tt>dns</tt> plugin. Please see ipa help dns to see a more detailed overview.
 +
 
 +
=== Checking what zones are available ===
 +
Upon installing the FreeIPA server with DNS integration, a forward and reverse zone will be available. Try listing them
 +
and checking what kind of records are stored in the zones:
 +
ipa dnszone-find
 +
  Zone name: example.com
 +
  Authoritative name server: ipa.example.com
 +
  Administrator e-mail address: root.example.com
 +
  SOA serial: 2011140201
 +
  SOA refresh: 3600
 +
  SOA retry: 900
 +
  SOA expire: 1209600
 +
  SOA minimum: 3600
 +
  Active zone: TRUE
 +
 +
  Zone name: 122.168.192.in-addr.arpa.
 +
  Authoritative name server: ipa.example.com
 +
  Administrator e-mail address: root.122.168.192.in-addr.arpa.
 +
  SOA serial: 2011140201
 +
  SOA refresh: 3600
 +
  SOA retry: 900
 +
  SOA expire: 1209600
 +
  SOA minimum: 3600
 +
  Active zone: TRUE
 +
----------------------------
 +
Number of entries returned 2
 +
----------------------------
 +
ipa dnsrecord-find example.com
 +
  Record name: @
 +
  NS record: example.com
 +
  <output trimmed>
 +
 
 +
=== Adding a new zone ===
 +
A new zone is added using the <tt>dnszone-add</tt> command:
 +
ipa dnszone-add example.com --name-server nameserver.example.com \
 +
                            --ip-address 192.168.1.1 \
 +
                            --admin-email admin@example.com
 +
 
 +
Please note that in the current FreeIPA version, the zone will not be automatically registered in nameserver until its instance
 +
is restarted. Also the name server must either be resolvable, or you need to use the <tt>ip-address</tt> option to add a forward
 +
record at the same time as seen in the previous example.
 +
 
 +
Reload the nameserver to register the zone:
 +
service named reload
 +
 
 +
Verify the zone has been added:
 +
ipa dnszone-show example.com
 +
 
 +
We can now proceed to adding records into the new zone.
 +
 
 +
=== Adding and managing a record ===
 +
A typical example is an A record with an IP address:
 +
ipa dnsrecord-add example.com www --a-rec 192.168.1.2
 +
 
 +
The new record should be immediatelly visible:
 +
ipa dnsrecord-show example.com www
 +
 
 +
Find A records with value 192.168.1.2 in zone example.com:
 +
ipa dnsrecord-find example.com --a-rec 192.168.1.2
 +
 
 +
To check the entry is resolvable by DNS, you can either try the internal <tt>dns-resolve</tt> command:
 +
ipa dns-resolve www.example.com
 +
 
 +
Or use the <tt>dig</tt> command (install <tt>bind-utils</tt> to get it):
 +
dig www.example.com
 +
 
 +
Some records have more complex RDATA format. The SRV records, for example.
 +
The followting commands add new SRV records for LDAP servers. Three quarters of the requests
 +
should go to fast.example.com, one quarter to slow.example.com. If neither
 +
is available, switch to backup.example.com.
 +
  ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 3 389 fast.example.com"
 +
  ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 1 389 slow.example.com"
 +
  ipa dnsrecord-add example.com _ldap._tcp --srv-rec="1 1 389 backup.example.com"
 +
 
 +
Verify the records were added with either <tt>dnsrecord-show</tt>:
 +
ipa dnsrecord-show example.com _ldap._tcp
 +
  Record name: _ldap._tcp
 +
  SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 backup.example.com
 +
 
 +
You can also resolve the records with <tt>dig</tt>:
 +
dig -t SRV  _ldap._tcp.example.com
  
 
|results=
 
|results=
 
All the test steps should end with the specified results.
 
All the test steps should end with the specified results.
 
}}
 
}}

Latest revision as of 20:38, 14 February 2011

Contents

Description

DNS integration testing.

Setup

  1. Make sure you have a working FreeIPA server (see QA:Testcase_freeipav2_installation) installed with DNS
  2. Make sure the CLI works as expected (see QA:Testcase_freeipav2_cli)

How to test

DNS integration overview

The DNS integration is done using the dns plugin. Please see ipa help dns to see a more detailed overview.

Checking what zones are available

Upon installing the FreeIPA server with DNS integration, a forward and reverse zone will be available. Try listing them and checking what kind of records are stored in the zones:

ipa dnszone-find
  Zone name: example.com
  Authoritative name server: ipa.example.com
  Administrator e-mail address: root.example.com
  SOA serial: 2011140201
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE

  Zone name: 122.168.192.in-addr.arpa.
  Authoritative name server: ipa.example.com
  Administrator e-mail address: root.122.168.192.in-addr.arpa.
  SOA serial: 2011140201
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
----------------------------
Number of entries returned 2
----------------------------
ipa dnsrecord-find example.com
 Record name: @
 NS record: example.com
 <output trimmed>

Adding a new zone

A new zone is added using the dnszone-add command:

ipa dnszone-add example.com --name-server nameserver.example.com \
                            --ip-address 192.168.1.1 \
                            --admin-email admin@example.com

Please note that in the current FreeIPA version, the zone will not be automatically registered in nameserver until its instance is restarted. Also the name server must either be resolvable, or you need to use the ip-address option to add a forward record at the same time as seen in the previous example.

Reload the nameserver to register the zone:

service named reload

Verify the zone has been added:

ipa dnszone-show example.com

We can now proceed to adding records into the new zone.

Adding and managing a record

A typical example is an A record with an IP address:

ipa dnsrecord-add example.com www --a-rec 192.168.1.2

The new record should be immediatelly visible:

ipa dnsrecord-show example.com www

Find A records with value 192.168.1.2 in zone example.com:

ipa dnsrecord-find example.com --a-rec 192.168.1.2

To check the entry is resolvable by DNS, you can either try the internal dns-resolve command:

ipa dns-resolve www.example.com

Or use the dig command (install bind-utils to get it):

dig www.example.com

Some records have more complex RDATA format. The SRV records, for example. The followting commands add new SRV records for LDAP servers. Three quarters of the requests should go to fast.example.com, one quarter to slow.example.com. If neither is available, switch to backup.example.com.

 ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 3 389 fast.example.com"
 ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 1 389 slow.example.com"
 ipa dnsrecord-add example.com _ldap._tcp --srv-rec="1 1 389 backup.example.com"

Verify the records were added with either dnsrecord-show:

ipa dnsrecord-show example.com _ldap._tcp
  Record name: _ldap._tcp
  SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 backup.example.com

You can also resolve the records with dig:

dig -t SRV  _ldap._tcp.example.com

Expected Results

All the test steps should end with the specified results.