Category - LINUX

Creating DNS server for Oracle RAC on VIrtualBox

DNS Server Creation on VirtualBox for ORACLE RAC Database.

In this practice we are going to setup new DNS server on Virtual-Box .We will be using this DNS Server for Oracle RAC Database for SCAN-NAME resolutions.

Setup Details
As we are doing this setup on VirtualBox we need to be sure about few things before starting setup
VrtualBox Host-Adapter has to be enabled and IP range for this DNS HOST must be in same range of ALL RAC setup and Host-adapters as described below.

DNS Server Details
IP=>  192.168.56.200
HOSTNAME=>  dnshost.ace2oracle.lab
DOMAIN NAME =>  ace2oracle.lab

RAC Server Details (Node1 and Node2)
# Public
192.168.56.101   racnoden1.ace2oracle.lab       racnoden1
192.168.56.102   racnoden2.ace2oracle.lab       racnoden2

VBox Host Adapter details –As this will be our Public IP range for RAC setup and DNS host as well

=> Host Adapter Deails



=> DHCP Server details



=> Create 2 Adapters As below for DNS Host on VirtualBox

1 for DNS (Host-Only)
1 for internet access (Bridge Adapter)



STEPS TO SETUP AND CONFIGURE DNS
=> Changing Hostname from Localhost to dnshost.ace2oracle.lab


=> Install BIND rpm on DNS server

As this server is having internet we can use below command to install BIND and update Yum repo.

# yum update –y
# yum install bind-libs bind bind-utils

=> Check and verify if installed

[root@dnshost ~]# rpm -qa | grep bind
bind-export-libs-9.11.4-26.P2.el7_9.9.x86_64
bind-license-9.11.4-26.P2.el7_9.9.noarch
rpcbind-0.2.0-49.el7.x86_64
bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64
bind-utils-9.11.4-26.P2.el7_9.9.x86_64
bind-9.11.4-26.P2.el7_9.9.x86_64
keybinder3-0.3.0-1.el7.x86_64
bind-libs-9.11.4-26.P2.el7_9.9.x86_64
[root@dnshost ~]# 

=> Assign Fixed IP to HOST-Adapter as below for used as MAIN IP



=> Make it permanent as below for Host-Only Adapter as below and ADD DNS1 at END details as below.



=> Check /etc/resolv.conf file on DNS host



=> Permission issue of /etc/resolv.conf

As we are having bridge Network so permission of file may get overwritten once this Ethernet came up.
So to avoid this we can set below permission on /etc/resolv.conf file .

chattr +i resolv.conf



=>  Edit file /etc/named.conf as below .
ONLY Yellow marked are changed in this file as per my requirements.

[root@dnshost network-scripts]#  cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 192.168.56.200; };
listen-on-v6 port 53 { ::1; };
directory  "/var/named";
dump-file  "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";
 allow-query     { localhost; 192.168.56.0/24; };

 /*
  - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  - If you are building a RECURSIVE (caching) DNS server, you need to enable
    recursion.
  - If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
*/
recursion yes;

 dnssec-enable yes;
dnssec-validation yes;

 /* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

 managed-keys-directory "/var/named/dynamic";

 pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "ace2oracle.lab" IN {
        type master;
        file "ace2oracle.lab.zone";
        allow-update { none; };
};
zone "56.168.192.in-addr.arpa." IN {
        type master;
        file "56.168.192.in-addr.arpa";
        allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@dnshost network-scripts]# 

=> Now we will create Forward and Reverse zone file as below.

Go to cd /var/named

[root@ldnshostnamed]# pwd
/var/named

[root@dnshost named]#touch ace2oacle.lab.zone 56.168.192.in-addr.arpa

=> Create Forward Zone File as below

[root@dnshost named]# cat ace2oracle.lab.zone
$TTL    86400
@               IN SOA  localhost root.localhost (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           localhost

localhost       IN A            127.0.0.1
dnshost     IN A    192.168.56.200
ntpsource      IN A    192.168.56.201
racnoden1            IN A    192.168.56.101
racnoden2            IN A    192.168.56.102
racnoden1-vip        IN A    192.168.56.103
racnoden2-vip        IN A    192.168.56.104
racnode-scan        IN A    192.168.56.105
racnode-scan        IN A    192.168.56.106
racnode-scan        IN A    192.168.56.107
[root@dnshost named]# 

=> Create Reverse Zone File

[root@dnshost named]# cat 56.168.192.in-addr.arpa
$ORIGIN 56.168.192.in-addr.arpa.
$TTL 1H
@       IN      SOA     ace2oracle.lab.     root.ace2oracle.lab. (      2
                                                3H
                                                1H
                                                1W
                                                1H )
56.168.192.in-addr.arpa.         IN NS      ace2oracle.lab.

200     IN PTR  dnshost.ace2oracle.lab.
201     IN PTR  ntpsource.ace2oracle.lab.
101     IN PTR  racnoden1.ace2oracle.lab.
102     IN PTR  racnoden2.ace2oracle.lab.
103     IN PTR  racnoden1-vip.ace2oracle.lab.
104     IN PTR  racnoden2-vip.ace2oracle.lab.
105     IN PTR  racnode-scan.ace2oracle.lab.
106     IN PTR  racnode-scan.ace2oracle.lab.
107     IN PTR  racnode-scan.ace2oracle.lab.
[root@dnshost named]# 

=> Change and check ownership of both the files.

[root@dnshost named]# chown root:named  ace2oacle.lab.zone 56.168.192.in-addr.arpa



=> Check for enabling on autostart

[root@dnshost named]# chkconfig named on

Note: Forwarding request to 'systemctl enable named.service'.

[root@dnshostnamed]#

=> Restart services as below

service named restart

=> Disable Firewall as below
[root@dnshost named]#  systemctl stop firewalld
[root@dnshost named]#
[root@dnshost named]#
[root@dnshost named]# firewall-cmd --state
not running
[root@dnshost named]#  systemctl status firewalld
‚óŹ firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Mon 2022-06-06 07:29:39 EDT; 15s ago
     Docs: man:firewalld(1)
  Process: 797 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 797 (code=exited, status=0/SUCCESS)

Jun 06 07:16:54 dnshost.ace2oracle.lab systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 06 07:16:55 dnshost.ace2oracle.lab systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 06 07:16:55 dnshost.ace2oracle.lab firewalld[797]: WARNING: AllowZoneDrifting is enabled. 
This is considered an insecure configuration option. It will be removed in a future release. P...ling it now.
Jun 06 07:29:39 dnshost.ace2oracle.lab systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 06 07:29:39 dnshost.ace2oracle.lab systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@dnshost named]# 

=> Check for Forward and Reverse Lookup as below
[root@dnshost named]# nslookup racnoden1
Server:  192.168.56.200
Address: 192.168.56.200#53

Name: racnoden1.ace2oracle.lab
Address: 192.168.56.101

[root@dnshost named]#
[root@dnshost named]#
[root@dnshost named]# nslookup racnoden2
Server:  192.168.56.200
Address: 192.168.56.200#53

Name: racnoden2.ace2oracle.lab
Address: 192.168.56.102

[root@dnshost named]#
[root@dnshost named]# nslookup 192.168.56.101
101.56.168.192.in-addr.arpa name = racnoden1.ace2oracle.lab.

[root@dnshost named]# nslookup 192.168.56.102
102.56.168.192.in-addr.arpa name = racnoden2.ace2oracle.lab.

[root@dnshost named]# 

=> Enter below entry in /etc/resolve.con on RAC nodes and restart DNS

[root@localhost named]# cat /etc/resolv.conf
# Generated by NetworkManager
search ace2oracle.lab
nameserver 192.168.56.200
nameserver 192.168.1.1

=> Extra task for consistency (MOST IMPORTANT) <=

1->If your network is controlled by NetworkManager, you might find the "/etc/resolv.conf" gets overwritten when specific network adapters are restarted.
If this is the case, you may need to append the following settings in the network adapter scripts under the "/etc/sysconfig/network-scripts/" directory.
On all adapters
DNS1=192.168.56.200
DOMAIN=ace2oracle.lab

2->now change permission as below
chattr -i "/etc/resolv.conf"

3-> After network restart edit "/etc/resolv.conf" and put 192.168.1.1 down to current DNS as below .

[root@dnshost named]# cat /etc/resolv.conf
# Generated by NetworkManager
search ace2oracle.lab
nameserver 192.168.56.200
nameserver 192.168.1.1
[root@dnshost named]#