From Fedora Project Wiki

Description

DNS integration testing.

Setup

  1. Make sure you have a working FreeIPA server (see QA:Testcase_freeipav2_installation) installed with DNS
  2. Make sure the CLI works as expected (see QA:Testcase_freeipav2_cli)

How to test

DNS integration overview

The DNS integration is done using the dns plugin. Please see ipa help dns to see a more detailed overview.

Checking what zones are available

Upon installing the FreeIPA server with DNS integration, a forward and reverse zone will be available. Try listing them and checking what kind of records are stored in the zones:

ipa dnszone-find
  Zone name: example.com
  Authoritative name server: ipa.example.com
  Administrator e-mail address: root.example.com
  SOA serial: 2011140201
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE

  Zone name: 122.168.192.in-addr.arpa.
  Authoritative name server: ipa.example.com
  Administrator e-mail address: root.122.168.192.in-addr.arpa.
  SOA serial: 2011140201
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
----------------------------
Number of entries returned 2
----------------------------
ipa dnsrecord-find example.com
 Record name: @
 NS record: example.com
 <output trimmed>

Adding a new zone

A new zone is added using the dnszone-add command:

ipa dnszone-add example.com --name-server nameserver.example.com \
                            --ip-address 192.168.1.1 \
                            --admin-email admin@example.com

Please note that in the current FreeIPA version, the zone will not be automatically registered in nameserver until its instance is restarted. Also the name server must either be resolvable, or you need to use the ip-address option to add a forward record at the same time as seen in the previous example.

Reload the nameserver to register the zone:

service named reload

Verify the zone has been added:

ipa dnszone-show example.com

We can now proceed to adding records into the new zone.

Adding and managing a record

A typical example is an A record with an IP address:

ipa dnsrecord-add example.com www --a-rec 192.168.1.2

The new record should be immediatelly visible:

ipa dnsrecord-show example.com www

Find A records with value 192.168.1.2 in zone example.com:

ipa dnsrecord-find example.com --a-rec 192.168.1.2

To check the entry is resolvable by DNS, you can either try the internal dns-resolve command:

ipa dns-resolve www.example.com

Or use the dig command (install bind-utils to get it):

dig www.example.com

Some records have more complex RDATA format. The SRV records, for example. The followting commands add new SRV records for LDAP servers. Three quarters of the requests should go to fast.example.com, one quarter to slow.example.com. If neither is available, switch to backup.example.com.

 ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 3 389 fast.example.com"
 ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 1 389 slow.example.com"
 ipa dnsrecord-add example.com _ldap._tcp --srv-rec="1 1 389 backup.example.com"

Verify the records were added with either dnsrecord-show:

ipa dnsrecord-show example.com _ldap._tcp
  Record name: _ldap._tcp
  SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 backup.example.com

You can also resolve the records with dig:

dig -t SRV  _ldap._tcp.example.com

Expected Results

All the test steps should end with the specified results.