Temporary DNS Records

Using `/etc/hosts` to Augment Public DNS Records

This appendix describes a technique which can be used temporarily to test your TLS setup without requiring public DNS by using entries within your /etc/hosts file. This allows testing only from the computer on which you modify this file.

Warning

Do not forget to revert the temporary changes to your /etc/hosts file, once you have setup the public DNS entries within your organization.

Obtain the EXTERNAL-IP of the LoadBalancer service you wish to test by inspecting the target service in Kubernetes:

kubectl get svc <target-service>

You should see output like the following:

NAME               TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)                      AGE
<target-service>   LoadBalancer   10.110.77.164   <xx.xx.xx.xx>     80:31869/TCP,443:31047/TCP   20s

Note

It is possible that the value of EXTERNAL-IP is a DNS name instead of an IP address. If this is the case, then use the dig command to find the IP address for the next step.

# replace <dns-name> with the hostname you want to resolve to an IP address
dig +short <dns-name>

Now update your /etc/hosts file, adding a line like the following. Make sure to replace xx.xx.xx.xx with the IP address from the EXTERNAL-IP column in the output of the previous command. Replace connect.rstudio.com with the FQDN used for your TLS certificate.

# file: /etc/hosts
xx.xx.xx.xx    connect.rstudio.com

Next, we can use netcat to make sure our new DNS record resolves to the correct host.

nc -vz connect.rstudio.com 443

Output:

Connection to connect.rstudio.com port 443 [tcp/https] succeeded!

Using /etc/hosts to Augment Public DNS Records

Using `/etc/hosts` to Augment Public DNS Records