DNS configuration for Oracle 11gR2 SCAN listeners
DNS configuration for Oracle 11gR2 SCAN listeners
Oracle 11gR2 introduces a new concept of a Single Client Access Name (SCAN). Prior to Oracle 11gR2 adding or removing nodes from the cluster required changes in the tnsnames.ora for the node VIP addresses. With SCAN Oracle eliminated the need to change tnsnames.ora entries. SCAN is required for Oracle 11gR2 Grid Infrastructure installation and OUI cannot complete install unless SCAN is defined since the SCAN concept is an essential part during the creation of Oracle RAC 11gR2 database.
SCAN can be defined in following ways:
- In the DNS – a single name that resolves to three IP addresses must be created in DNS. The IP should not be assigned to a NIC as the Oracle Grid Infrastructure will
- Using GNS – instead of listing SCAN static addresses in DNS a sub-domain must be created in DNS for GNS to run that is, we create a static virtual IP address in DNS for GNS. The node VIP and the SCAN VIP are obtained from the DHCP server when using GNS.
- In /etc/hosts on each node of the cluster – a single IP for the whole cluster. Helps bypass the OUI installer limitation of DNS defined SCAN.
Here in the article we will look at how to configure a SCAN entry in the DNS resolvable to three IP addresses instead of GNS using Oracle Enterprise Linux (OEL) 5.5. The BIND DNS server is used in the exercise. We have a RAC cluster on nodes raclinux1, raclinux2 and raclinux3. The public and VIP addresses of the cluster nodes, the SCAN addresses and DNS server IP will be added to a new domain with reverse lookup enabled. The setup is performed on a separate DNS server dnsoel55 acting as NS. The DNS will contain the following mappings.
raclinux1 192.168.20.10
raclinux1-vip 192.168.20.11
raclinux2 192.168.20.20
raclinux2-vip 192.168.20.21
raclinux3 192.168.20.30
raclinux3-vip 192.168.20.31
dnsoel55 192.168.20.50
scan-cluster 192.168.20.100
scan-cluster 192.168.20.101
scan-cluster 192.168.20.102
Install BIND – Make sure the following rpms are installed
[root@dnsoel55 named]# rpm -qa | grep bind
bind-9.3.6-4.P1.el5_4.2
bind-libs-9.3.6-4.P1.el5_4.2
system-config-bind-4.0.3-4.0.1.el5
bind-chroot-9.3.6-4.P1.el5_4.2
bind-utils-9.3.6-4.P1.el5_4.2
[root@dnsoel55 named]#
Make sure DNS information is set while configuring Network Devices.
Configure BIND
We will create a new custom zone gj.com and will list the SCAN, public and VIP nodes of the cluster in the domain in order to map a hostname to an address. We will add a reverse DNS lookup for the entries as well by adding a zone “20.168.192.in-addr.arpa” in order to identify a hostname by the address. In the /etc/named.conf file we will add the following entries.
zone “20.168.192.in-addr.arpa” IN {
type master;
file “gj.com.reverse”;
allow-update { none; };
};
zone “gj.com” IN {
type master;
file “gj.zone”;
allow-update { none; };
};
The custom zone definition is in the gj.zone file as shown in the Appendix. The reverse lookup is in the gj.com.reverse file as shown in the Appendix. Both zone files are in /var/named directory. For each entry that is added in the /etc/named.conf make sure the respective zone files are updated.
Edit the file /etc/resolv.conf to specify the IP of the DNS server and the domain name on each node. The Appendix contains a sample.
Edit /etc/nsswitch.conf to specify lookup order.
hosts: dns files
Start/Stop/Restart the named
[root@dnsoel55 named]# service named stop
Stopping named: [ OK ]
[root@dnsoel55 named]# service named start
Starting named: [ OK ]
[root@dnsoel55 named]#
[root@dnsoel55 named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@dnsoel55 named]#
To start up the named service on boot execute the following command.
[root@dnsoel55 named]# chkconfig named on
[root@dnsoel55 named]#
Optionally use system-config-bind to look at the setup
The gj.com zone appears as show below.
The zone 20.168.192.in-addr.arpa for the reverse lookup appears as show below.
Test
[root@dnsoel55 named]# nslookup dnsoel55 Server: 192.168.30.50 Address: 192.168.30.50#53 Name: dnsoel55.gj.com Address: 192.168.20.50 [root@dnsoel55 named]# nslookup 192.168.20.50 Server: 192.168.30.50 Address: 192.168.30.50#53 50.20.168.192.in-addr.arpa name = dnsoel55.gj.com. [root@dnsoel55 named]# nslookup scan-cluster Server: 192.168.30.50 Address: 192.168.30.50#53 Name: scan-cluster.gj.com Address: 192.168.20.100 Name: scan-cluster.gj.com Address: 192.168.20.101 Name: scan-cluster.gj.com Address: 192.168.20.102 [root@dnsoel55 named]# nslookup 192.168.20.100 Server: 192.168.30.50 Address: 192.168.30.50#53 100.20.168.192.in-addr.arpa name = scan-cluster.gj.com. [root@dnsoel55 named]# nslookup 192.168.20.101 Server: 192.168.30.50 Address: 192.168.30.50#53 101.20.168.192.in-addr.arpa name = scan-cluster.gj.com. [root@dnsoel55 named]# nslookup 192.168.20.102 Server: 192.168.30.50 Address: 192.168.30.50#53 102.20.168.192.in-addr.arpa name = scan-cluster.gj.com. [root@dnsoel55 named]# [root@dnsoel55 named]# dig gj.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> gj.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31152 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;gj.com. IN A ;; AUTHORITY SECTION: gj.com. 86400 IN SOA dnsoel55.gj.com. root.gj.com. 43 10800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 192.168.30.50#53(192.168.30.50) ;; WHEN: Sat Sep 4 05:39:49 2010 ;; MSG SIZE rcvd: 74 [root@dnsoel55 named]# [root@dnsoel55 named]# dig -x 192.168.20.100 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 192.168.20.100 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15707 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;100.20.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.20.168.192.in-addr.arpa. 3600 IN PTR scan-cluster.gj.com. ;; AUTHORITY SECTION: 20.168.192.in-addr.arpa. 3600 IN NS dnsoel55.gj.com. ;; ADDITIONAL SECTION: dnsoel55.gj.com. 86400 IN A 192.168.20.50 ;; Query time: 0 msec ;; SERVER: 192.168.30.50#53(192.168.30.50) ;; WHEN: Sat Sep 4 07:01:34 2010 ;; MSG SIZE rcvd: 117 [root@dnsoel55 named]#
Summary
We looked at the rpms required to install BIND on OEL. We created a custom and reverse lookup zone for the cluster nodes and for the SCAN. The configuration files required for DNS setup were described. We tested the forward and reverse DNS resolution. The above DNS setup will ensure that we have three SCAN IPs for the Oracle 11gR2 Grid Infrastructure installation.
Appendix:
[root@dnsoel55 named]# rpm -qa | grep bind bind-9.3.6-4.P1.el5_4.2 bind-libs-9.3.6-4.P1.el5_4.2 system-config-bind-4.0.3-4.0.1.el5 bind-chroot-9.3.6-4.P1.el5_4.2 bind-utils-9.3.6-4.P1.el5_4.2 [root@dnsoel55 named]# [root@dnsoel55 etc]# cat named.conf options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; zone "20.168.192.in-addr.arpa" IN { type master; file "gj.com.reverse"; allow-update { none; }; }; zone "gj.com" IN { type master; file "gj.zone"; allow-update { none; }; }; zone "." IN { type hint; file "named.root"; }; zone "localdomain." IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost." IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa." IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa." IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa." IN { type master; file "named.zero"; allow-update { none; }; }; include "/etc/rndc.key"; [root@dnsoel55 etc]# [root@dnsoel55 named]# cat gj.zone $ORIGIN gj.com. $TTL 86400 @ IN SOA dnsoel55 root ( 43 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS dnsoel55 raclinux1 IN A 192.168.20.10 raclinux1-vip IN A 192.168.20.11 raclinux2 IN A 192.168.20.20 raclinux2-vip IN A 192.168.20.21 raclinux3 IN A 192.168.20.30 raclinux3-vip IN A 192.168.20.31 dnsoel55 IN A 192.168.20.50 scan-cluster IN A 192.168.20.100 scan-cluster IN A 192.168.20.101 scan-cluster IN A 192.168.20.102 scan-cluster IN A 192.168.20.102 [root@dnsoel55 named]# [root@dnsoel55 named]# cat gj.com.reverse $ORIGIN 20.168.192.in-addr.arpa. $TTL 1H @ IN SOA dnsoel55.gj.com. root.dnsoel55.gj.com. ( 2 3H 1H 1W 1H ) ;;30.168.192.in-addr.arpa. IN NS dnsoel55.gj.com. IN NS dnsoel55.gj.com. 10 IN PTR raclinux1.gj.com. 11 IN PTR raclinux1-vip.gj.com. 20 IN PTR raclinux2.gj.com. 21 IN PTR raclinux2-vip.gj.com. 30 IN PTR raclinux3.gj.com. 31 IN PTR raclinux3-vip.gj.com. 50 IN PTR dnsoel55.gj.com. 100 IN PTR scan-cluster.gj.com. 101 IN PTR scan-cluster.gj.com. 102 IN PTR scan-cluster.gj.com. [root@dnsoel55 named]# [root@dnsoel55 named]# cat /etc/resolv.conf options attempts: 2 options timeout: 1 options attempts: 2 ; generated by /sbin/dhclient-script search gj.com nameserver 192.168.30.50 [root@dnsoel55 named]#
-
Archives
- February 2017 (1)
- November 2016 (1)
- October 2016 (1)
- May 2016 (2)
- March 2016 (3)
- December 2014 (2)
- July 2014 (1)
- June 2014 (6)
- May 2014 (5)
- February 2014 (1)
- December 2012 (2)
- November 2012 (8)
-
Categories
-
RSS
Entries RSS
Comments RSS