DNSMASQ to the rescue

This post will endeavour to describe a problem I encountered at work a while ago, and ended up fixing by deploying dnsmasq.

The problem

One of the legacy pieces of code I used to look after was a monolithic java application, deployed onto a web application server platform. In order for end users to engage its functionality, their accounts had to be authenticated with the company’s central identity and access management solution - which in this case was Windows Active Directory. The application used a library called JCIFS to integrate with the Windows AD infrastructure, but unfortunately this integration was rather näive, in that it used a DNS A record to discover which AD servers to connect to. If you’ve worked with AD at all, you probably already know that it uses a plethora of DNS SRV records in addition to basic A records, but at the time this application was originally written, JCIFS didn’t appear to support using SRV records to determine the right domain controllers to connect to.

AD and SRV records

If you aren’t familiar with AD and SRV records, then perhaps a short explanation is in order. Most people are somewhat familiar with a DNS A record, even if they don’t know that’s what it’s actually called. It’s nearly always the address they type in the address bar of their web browser (although sometimes it might be a CNAME - but let’s not digress too far). In simple terms an A record is a mapping of a human readable address like “www.google.com” to an actual IP address.

SRV records