Category - LINUX

Creating DNS server for Oracle RAC on VIrtualBox

DNS Server Creation on VirtualBox for ORACLE RAC Database.

In this practice we are going to setup new DNS server on Virtual-Box .We will be using this DNS Server for Oracle RAC Database for SCAN-NAME resolutions.

Setup Details
As we are doing this setup on VirtualBox we need to be sure about few things before starting setup
VrtualBox Host-Adapter has to be enabled and IP range for this DNS HOST must be in same range of ALL RAC setup and Host-adapters as described below.

DNS Server Details
HOSTNAME=>  dnshost.ace2oracle.lab
DOMAIN NAME =>  ace2oracle.lab

RAC Server Details (Node1 and Node2)
# Public   racnoden1.ace2oracle.lab       racnoden1   racnoden2.ace2oracle.lab       racnoden2

VBox Host Adapter details –As this will be our Public IP range for RAC setup and DNS host as well

=> Host Adapter Deails

=> DHCP Server details

=> Create 2 Adapters As below for DNS Host on VirtualBox

1 for DNS (Host-Only)
1 for internet access (Bridge Adapter)

=> Changing Hostname from Localhost to dnshost.ace2oracle.lab

=> Install BIND rpm on DNS server

As this server is having internet we can use below command to install BIND and update Yum repo.

# yum update –y
# yum install bind-libs bind bind-utils

=> Check and verify if installed

[root@dnshost ~]# rpm -qa | grep bind
[root@dnshost ~]# 

=> Assign Fixed IP to HOST-Adapter as below for used as MAIN IP

=> Make it permanent as below for Host-Only Adapter as below and ADD DNS1 at END details as below.

=> Check /etc/resolv.conf file on DNS host

=> Permission issue of /etc/resolv.conf

As we are having bridge Network so permission of file may get overwritten once this Ethernet came up.
So to avoid this we can set below permission on /etc/resolv.conf file .

chattr +i resolv.conf

=>  Edit file /etc/named.conf as below .
ONLY Yellow marked are changed in this file as per my requirements.

[root@dnshost network-scripts]#  cat /etc/named.conf
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 {;; };
listen-on-v6 port 53 { ::1; };
directory  "/var/named";
dump-file  "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";
 allow-query     { localhost;; };

  - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  - If you are building a RECURSIVE (caching) DNS server, you need to enable
  - If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
recursion yes;

 dnssec-enable yes;
dnssec-validation yes;

 /* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

 managed-keys-directory "/var/named/dynamic";

 pid-file "/run/named/";
session-keyfile "/run/named/session.key";

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
type hint;
file "";

zone "ace2oracle.lab" IN {
        type master;
        file "";
        allow-update { none; };
zone "" IN {
        type master;
        file "";
        allow-update { none; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@dnshost network-scripts]# 

=> Now we will create Forward and Reverse zone file as below.

Go to cd /var/named

[root@ldnshostnamed]# pwd

[root@dnshost named]#touch

=> Create Forward Zone File as below

[root@dnshost named]# cat
$TTL    86400
@               IN SOA  localhost root.localhost (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           localhost

localhost       IN A  
dnshost     IN A
ntpsource      IN A
racnoden1            IN A
racnoden2            IN A
racnoden1-vip        IN A
racnoden2-vip        IN A
racnode-scan        IN A
racnode-scan        IN A
racnode-scan        IN A
[root@dnshost named]# 

=> Create Reverse Zone File

[root@dnshost named]# cat
@       IN      SOA     ace2oracle.lab.     root.ace2oracle.lab. (      2
                                                1H )         IN NS      ace2oracle.lab.

200     IN PTR  dnshost.ace2oracle.lab.
201     IN PTR  ntpsource.ace2oracle.lab.
101     IN PTR  racnoden1.ace2oracle.lab.
102     IN PTR  racnoden2.ace2oracle.lab.
103     IN PTR  racnoden1-vip.ace2oracle.lab.
104     IN PTR  racnoden2-vip.ace2oracle.lab.
105     IN PTR  racnode-scan.ace2oracle.lab.
106     IN PTR  racnode-scan.ace2oracle.lab.
107     IN PTR  racnode-scan.ace2oracle.lab.
[root@dnshost named]# 

=> Change and check ownership of both the files.

[root@dnshost named]# chown root:named

=> Check for enabling on autostart

[root@dnshost named]# chkconfig named on

Note: Forwarding request to 'systemctl enable named.service'.


=> Restart services as below

service named restart

=> Disable Firewall as below
[root@dnshost named]#  systemctl stop firewalld
[root@dnshost named]#
[root@dnshost named]#
[root@dnshost named]# firewall-cmd --state
not running
[root@dnshost named]#  systemctl status firewalld
‚óŹ firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Mon 2022-06-06 07:29:39 EDT; 15s ago
     Docs: man:firewalld(1)
  Process: 797 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 797 (code=exited, status=0/SUCCESS)

Jun 06 07:16:54 dnshost.ace2oracle.lab systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 06 07:16:55 dnshost.ace2oracle.lab systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 06 07:16:55 dnshost.ace2oracle.lab firewalld[797]: WARNING: AllowZoneDrifting is enabled. 
This is considered an insecure configuration option. It will be removed in a future release. P...ling it now.
Jun 06 07:29:39 dnshost.ace2oracle.lab systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 06 07:29:39 dnshost.ace2oracle.lab systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@dnshost named]# 

=> Check for Forward and Reverse Lookup as below
[root@dnshost named]# nslookup racnoden1

Name: racnoden1.ace2oracle.lab

[root@dnshost named]#
[root@dnshost named]#
[root@dnshost named]# nslookup racnoden2

Name: racnoden2.ace2oracle.lab

[root@dnshost named]#
[root@dnshost named]# nslookup name = racnoden1.ace2oracle.lab.

[root@dnshost named]# nslookup name = racnoden2.ace2oracle.lab.

[root@dnshost named]# 

=> Enter below entry in /etc/resolve.con on RAC nodes and restart DNS

[root@localhost named]# cat /etc/resolv.conf
# Generated by NetworkManager
search ace2oracle.lab

=> Extra task for consistency (MOST IMPORTANT) <=

1->If your network is controlled by NetworkManager, you might find the "/etc/resolv.conf" gets overwritten when specific network adapters are restarted.
If this is the case, you may need to append the following settings in the network adapter scripts under the "/etc/sysconfig/network-scripts/" directory.
On all adapters

2->now change permission as below
chattr -i "/etc/resolv.conf"

3-> After network restart edit "/etc/resolv.conf" and put down to current DNS as below .

[root@dnshost named]# cat /etc/resolv.conf
# Generated by NetworkManager
search ace2oracle.lab
[root@dnshost named]#