DNS Configuration for the SCAN used with Oracle RAC Database 11g Release 2
This article provides the basic DNS configuration steps necessary to use the Single Client Access Name (SCAN) introduced in Oracle 11g Release 2 RAC. Please consider the following caveats before following the instructions here:
- I'm not an network guy and don't claim to know much about DNS.
- The article only discusses the use of BIND as the DNS server on Oracle Linux (a RHEL clone).
- This represents the minimum you can do to make a SCAN work. This should not be considered a best practice guide as it contains nothing about DNS redundancy or security.
- With respect to VMware/VirtualBox RAC installations, this DNS configuration should be done on the host machine, or another virtual machine separate to the RAC cluster if possible. It could be placed on one of the RAC nodes, but this would mean all name resolution would be lost if that RAC node goes offline.
- The server used in this article is called "maggie.localdomain" and as an IP address of "192.168.0.4".
With those caveats in mind, here's what you need to do.
- DNS Installation
- "/etc/named.conf" File
- "/var/named/" Files
- Start the DNS Service
- "/etc/resolv.conf" File
- Test It
- BIND on Windows
Related articles.
DNS Installation
If you are using a free Linux distribution, like Fedora, then you probably already have a YUM repository configured. If you are using Oracle Linux, then follow the configuration instructions on public-yum.oracle.com.
Installation of the DNS server (BIND) could not be simpler. From the command line issue the following command.
# yum install bind-libs bind bind-utils
If you want a GUI DNS editor, you can also install the following package. Personally, I find the GUI editor more confusing than using the configuration files directly.
# yum install system-config-bind
"/etc/named.conf" File
Next we must edit the contents of the "/etc/named.conf" file. Depending on the setup you require, you may need to make lots of changes, or none at all. For my home network I use "localdomain" as my domain and the IP range "192.168.0.*", so this is what I will show here.
We need to make sure the DNS is listening on the correct port for both the local and external IP address. This is done by the "listen-on" setting. This DNS server is only resolving the names of the servers on my network, so I need to make sure that servers on external networks, like the internet, are resolved properly. To do this you add a "forwarder" entry to the end of the "options" section.
options {
// Set IP address correctly.
listen-on port 53 { 127.0.0.1; 192.168.0.4; };
// If allow-query is present, set it to your subnets, or remove it,
// which is the equivalent of "allow-query {any;};"
allow-query { 127.0.0.0; 192.168.0.0; };
//
// Leave the rest of the config as it is.
//
// My Additions
// Forwarder: Anything this DNS can't resolve gets forwarded to my ISPs DNS.
forwarders { 194.168.4.100; 194.168.8.100; };
// End My Additions
};
In this case I'm using the DNS information provided by my ISP, but you could list your ADSL Router if it manages the DNS for you.
Since I'm using "localdomain" as my internal domain, I need to add a zone if one isn't already present.
zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
If you plan to use a different domain simply copy this entry and adjust it to match your domain. For example, if this were an entry for "oracle-base.com" I would create a zone as follows.
zone "oracle-base.com" IN {
type master;
file "oracle-base.com.zone";
allow-update { none; };
};
The "file" parameter specifies the name of the file in the "/var/named/" directory that contains the configuration for this zone.
If you only care about forward lookups then you are now finished with the "/etc/named.conf" file. If you want to also cope with reverse lookups you will need to add an extra zone to cope with those. In the case of a RAC installation, I want to create reverse lookups for my public (192.169.0.*) network, so I must add the following zone entry.
zone "0.168.192.in-addr.arpa." IN {
type master;
file "0.168.192.in-addr.arpa";
allow-update { none; };
};
Examples of the amended default "/etc/named.conf" files can be seen below.
"/var/named/" Files
In the zone definitions we defined the file containing the zone configuration. These files are located in the "/var/named/" directory. If you are using the "chroot" version of BIND, the location of the following files will be "/var/named/chroot/var/named" and you may need to change their group ownership to "named".
For a RAC installation create/edit the file associated with your zone (in my case "/var/named/localdomain.zone") to look like the one below.
$TTL 86400
@ IN SOA localhost root.localhost (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
localhost IN A 127.0.0.1
rac1 IN A 192.168.0.101
rac2 IN A 192.168.0.102
rac1-priv IN A 192.168.1.101
rac2-priv IN A 192.168.1.102
rac1-vip IN A 192.168.0.111
rac2-vip IN A 192.168.0.112
rac-scan IN A 192.168.0.121
rac-scan IN A 192.168.0.122
rac-scan IN A 192.168.0.123
I've kept all the default configuration, but added in my forward lookup information. Notice the three entries for the SCAN.
Next I need to create the "/var/named/0.168.192.in-addr.arpa" file for my public network reverse lookups. This file has the following contents, where "maggie.localdomain" is the name of the DNS server.
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 1H
@ IN SOA maggie.localdomain. root.maggie.localdomain. ( 2
3H
1H
1W
1H )
0.168.192.in-addr.arpa. IN NS maggie.localdomain.
101 IN PTR rac1.localdomain.
102 IN PTR rac2.localdomain.
111 IN PTR rac1-vip.localdomain.
112 IN PTR rac2-vip.localdomain.
121 IN PTR rac-scan.localdomain.
122 IN PTR rac-scan.localdomain.
123 IN PTR rac-scan.localdomain.
Start the DNS Service
With the configuration in place we can start the DNS service, called "named".
# service named start Starting named: [ OK ] #
If there are any problems with your configuration the service will fail to start and the errors should be displayed on screen immediately. If they don't appear check the "/var/log/messages" file.
Issue the following command to make sure the "named" service starts automatically after reboots.
# chkconfig named on
"/etc/resolv.conf" File
The DNS server is now running, but each server must be told to use it. This is done by editing the "/etc/resolv.conf" file on each server, including the RAC nodes. Make sure the file contains the following entries, where the IP address and domain match those of your DNS server and the domain you have configured.
nameserver 192.168.0.4 search localdomain
If your network is controlled by NetworkManager, you might find the "/etc/resolv.conf" gets overwritten when specific network adapters are restarted. If this is the case, you may need to edit the following settings in the network adapter scripts under the "/etc/sysconfig/network-scripts/" directory.
# ol6 : /etc/sysconfig/network-scripts/eth0 (eth1, eth2 etc.) # ol7 : /etc/sysconfig/network-scripts/enp0s3 (enp0s8, enp0s9 etc.) DNS1=192.168.0.4 DOMAIN=localdomain
Test It
You should now be able to test the forward and reverse lookups using the "nslookup" command. The output below shows the forward and reverse lookups of the SCAN address.
# nslookup rac-scan.localdomain Server: 192.168.0.4 Address: 192.168.0.4#53 Name: rac-scan.localdomain Address: 192.168.0.121 Name: rac-scan.localdomain Address: 192.168.0.122 Name: rac-scan.localdomain Address: 192.168.0.123 # nslookup 192.168.0.121 Server: 192.168.0.4 Address: 192.168.0.4#53 121.0.168.192.in-addr.arpa name = rac-scan.localdomain. # nslookup 192.168.0.122 Server: 192.168.0.4 Address: 192.168.0.4#53 122.0.168.192.in-addr.arpa name = rac-scan.localdomain. # nslookup 192.168.0.123 Server: 192.168.0.4 Address: 192.168.0.4#53 123.0.168.192.in-addr.arpa name = rac-scan.localdomain. #
BIND on Windows
The process for configuring BIND on windows is actually almost the same as that for Linux.
- Download the software from here.
- Unzip the software.
- Start "BINDInstall.exe" using "Run as Administrator".
- Set the Target Directory to "c: amed" and the Service Account Name to "named". Leave the defaults and click the "Install" button.
- On completion of the installation, click "OK" and exit the installer.
- Create or edit the file called "C:
amedetc
amed.conf" to have the following contents. Adjust as required.
options { listen-on port 53 { 127.0.0.1; 192.168.0.0/24; }; directory "c: amedzones"; allow-transfer { none; }; recursion no; forwarders { 194.168.4.100; 194.168.8.100; }; }; zone "localdomain." IN { type master; file "localdomain.zone"; allow-transfer { none; }; }; zone "0.168.192.in-addr.arpa." IN { type master; file "0.168.192.in-addr.arpa"; allow-update { none; }; }; - Create the "C: amedzoneslocaldomain.zone" and "C: amedzones�.168.192.in-addr.arpa" as described previously.
- Restart the "ISC Bind" Windows service after any configuration changes.
- Open the Windows firewall to allow TCP and UDP access to port 53.
With that configuration in place, you should be able to perform the following lookup directly on the Windows machine.
C:>nslookup ol7-121-scan.localdomain 127.0.0.1
Server: UnKnown
Address: 127.0.0.1
Name: ol7-121-scan.localdomain
Addresses: 192.168.0.121
192.168.0.122
192.168.0.123
C:>
For more information see:
Hope this helps. Regards Tim...