Configuring DNS Settings

Ensure host name resolution through Domain Name Services (DNS) is working across all nodes in the cluster, including correct forward and reverse DNS lookups.

DNS is a critical service used by Kubernetes and you must configure it in a way that is compatible with Kubernetes so that the ArcSight Platform operates properly. There are certain DNS related issues, such as older glibc package allows maximum number of DNS search records limited to 6, that prevent the Kubernetes cluster to operate properly.

Kubernetes will configure containers to use the /etc/resolv.conf configuration file of your nodes combined with Kubernetes specific entries. Therefore, for the cluster to operate properly, keep the /etc/resolv.conf configuration file within the limit of two nameservers and two search records. Refer to the Kubernetes documentation on mitigating this issue with package updates and proper DNS configuration content below.

• Understanding the Use of a Fully Qualified Domain Name (FQDN)
• Configuring Secure DNS
• Testing Forward and Reverse DNS Lookup
• Running the Commands

 

Understanding the Use of a Fully Qualified Domain Name (FQDN)

All master and worker nodes must be configured with a Fully Qualified Domain Name (FQDN), and must be in the same subnet. Transformation Hub uses the host system FQDN as its Kafka advertised.host.name.

If the FQDN resolves successfully in the Network Address Translation (NAT) environment, Producers and Consumers will function correctly. If there are network-specific issues resolving FQDN through NAT, DNS will need to be updated to resolve these issues.

Configuration Notes

• localhost must not resolve to an IPv6 address, for example, “::1”. The install process expects only IPv4 resolution to IP address 127.0.0.1. Any ::1 reference must be commented out in the /etc/hosts file.
• The Initial Master Node host name must not resolve to multiple IPv4 addresses, and this includes lookup in /etc/hosts.

 

Configuring Secure DNS

If Secure DNS is being used in the environment where the product is installed, the DNS must be configured so that the ACL allows connections from all of the following:

• Every machine in the Kubernetes cluster, master and worker nodes.
• The network address range of Kubernetes pods in Classless Inter-Domain Routing (CIDR) format. By default, this is 172.16.0.0/16.
• The network address range of Kubernetes services in Classless Inter-Domain Routing (CIDR) format. By default, this is 172.17.17.0/24.
• If the Database is being used, every machine in the Database cluster.

 

Testing Forward and Reverse DNS Lookup

Test that the forward and reverse lookup records for all servers were properly configured.

To test the forward lookup, run the commands on every master and worker node in the cluster and on every producer and consumer system, including:

• All master and worker nodes
• All ArcMC, Logger, and ESM hosts

Use the nslookup or host commands to verify your DNS configuration. (Do not use the ping command.) You must run the nslookup commands on every server specified in your /etc/resolv.conf file. Every server must be able to perform forward and reverse lookup properly and return the exact same results.

If you have a public DNS server specified in your /etc/resolv.conf file (such as the Google public DNS servers 8.8.8.8 or 8.8.4.4), you must remove this from your DNS configuration.

 

Running the Commands

Run the commands as follows. Expected sample output is shown below each command:

 hostname

 hostname -s

 hostname -f

 hostname -d

  nslookup mastern.yourcompany.com

 # nslookup mastern

 # nslookup 192.168.0.1