|
|
|
|
@ -14,9 +14,9 @@ or root account, it is possible to instead forward appropriate queries to Consul
|
|
|
|
|
running on an unprivileged port, from another DNS server.
|
|
|
|
|
|
|
|
|
|
In this guide, we will demonstrate forwarding from [BIND](https://www.isc.org/downloads/bind/)
|
|
|
|
|
as well as [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html).
|
|
|
|
|
as well as [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) and [iptables](http://www.netfilter.org/).
|
|
|
|
|
For the sake of simplicity, BIND and Consul are running on the same machine in this example,
|
|
|
|
|
but this is not required.
|
|
|
|
|
but this is only required for iptables.
|
|
|
|
|
|
|
|
|
|
It is worth mentioning that, by default, Consul does not resolve DNS
|
|
|
|
|
records outside the `.consul.` zone unless the
|
|
|
|
|
@ -126,6 +126,18 @@ for additional details):
|
|
|
|
|
#cache-size=65536
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### iptables Setup
|
|
|
|
|
|
|
|
|
|
On Linux systems that support it, incoming requests and requests to localhost can use iptables
|
|
|
|
|
to forward ports on the same machine without a secondary service.
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600
|
|
|
|
|
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600
|
|
|
|
|
iptables -t nat -A OUTPUT -d localhost -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600
|
|
|
|
|
iptables -t nat -A OUTPUT -d localhost -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Testing
|
|
|
|
|
|
|
|
|
|
First, perform a DNS query against Consul directly to be sure that the record exists:
|
|
|
|
|
|
fusiondog
9 years ago