I cannot stress this enough – DNS resolution is crucial to vSphere components.
For once, you have the case where vSphere’s SSO service uses Active Directory for Authentication. As you probably know, Active Directory *does not work* without DNS which is used so that relevant SRV records could be found.
Secondly, you have the case of network communication between the different vSphere components whereby, for example, you could easily run into problems if your vCenters and your ESXi hosts do not know each other by name, in a consistent fashion.
DNS resolution must not only work, but also, be fast in order to avoid timeouts. I have seen for example authentication issues caused by such time-outs.
MY DNS SETUP
My VCAP-LAB environment will be, at some stage, integrated with Active Directory which requires a DNS server able to resolve queries for SRV records. Upon installing/promoting a server to become a Domain Controller, there is the option of installing a DNS server and having it automatically configured for that functionality.
Another option is to use an existent DNS server, though in this case, I would have to configure all the relevant SRV records manually.
I have opted in having the DNS server installed during Active Directory configuration. Though this also means I will end-up with two DNS servers.
- 10.0.0.0 /24 – this is the VCAP-LAB range which will be subnetted accordingly, providing connectivity into the Storage, vMotion, Fault-Tollerance and Virtual Machines networks.
- 192.168.1.0 /24 – this is my LAN which is also the management network across both environments without routing between the two networks (see note below).
An example of this is the FreeNAS storage virtual devices – they are setup with two vNICs, each connected to a separate virtual network using the two ranges above. I could then connect to vFreeNAS-01 for management purposes using the IP address of 192.168.1.x; but I could also use the 10.0.0.x IP address for communicating with the virtual ESXi hosts, within my VCAP-LAB.
I am also making use of two DNS domains:
- vcap-lab.cm domain – this will be associated to the 10.0.0.0 range;the Win2k3 server VM will host the master zone for this domain
- home.cm domain – linked to the 192.168.1.0 (management) range; here, my always-on LAN DNS server will host the master zone
The diagram …
Scenario 1: Let’s say I’m sitting at the management station (laptop) within my LAN and that I’m trying to resolve serverX.vcap-lab.cm. A query is then sent to 192.168.1.248 which is configured to forward queries for this domain to 192.168.1.231. Once a reply from the VCAP-LAB DNS server is received, the local LAN DNS server will reply to the management station.
Scenario 2: A query is sent to resolve serverY.home.cm. In this case, the query is not forwarded since the LAN DNS server holds all the records for the home.cm domain.
DNS resolution will work similarly for requests initiated from within the VCAP-LAB environment.