How to setup a named DNS service on Oracle Linux 7.9 Server:
[root@rac1 ~]# hostname -i
192.168.1.11
[root@rac1 ~]# hostname
rac1
[root@rac1 ~]# hostname -f
rac1.dell.com
[root@rac1 ~]# hostnamectl
Static hostname: rac1
Icon name: computer-vm
Chassis: vm
Machine ID: bd06479dddfe40369e55335880714c92
Boot ID: b11d88410e4542f0ad22ee7c944136de
Virtualization: vmware
Operating System: Oracle Linux Server 7.9
CPE OS Name: cpe:/o:oracle:linux:7:9:server
Kernel: Linux 5.4.17-2102.201.3.el7uek.x86_64
Architecture: x86-64
[root@rac1 ~]# rpm -qa bind
bind-9.11.4-26.P2.el7_9.5.x86_64
[root@rac1 ~]# rpm -qa bind-utils
bind-utils-9.11.4-26.P2.el7_9.5.x86_64
[root@rac1 ~]# rpm -qa nmap
nmap-6.40-19.el7.x86_64
[root@rac1 ~]#
[root@rac1 ~]# cat /etc/hosts
##-- Public-IP
192.168.1.11 rac1.dell.com rac1
192.168.1.12 rac2.dell.com rac2
192.168.1.13 rac3.dell.com rac3
##-- Private-IP
10.0.0.11 rac1-priv.dell.com rac1-priv
10.0.0.12 rac2-priv.dell.com rac2-priv
10.0.0.13 rac3-priv.dell.com rac3-priv
##-- Virtual-IP
192.168.1.21 rac1-vip.dell.com rac1-vip
192.168.1.22 rac2-vip.dell.com rac2-vip
192.168.1.23 rac3-vip.dell.com rac3-vip
##-- SCAN IP
192.168.1.30 dellc-scan.dell.com dellc-scan
192.168.1.31 dellc-scan.dell.com dellc-scan
192.168.1.32 dellc-scan.dell.com dellc-scan
##-- Storage-IP
192.168.1.40 san.dell.com san
[root@rac1 ~]#
Configure DNS Server
[root@rac1 ~]# ip addr show | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.1.11/24 brd 192.168.1.255 scope global noprefixroute ens33
inet6 fe80::2e14:a1be:dbea:f424/64 scope link noprefixroute
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
[root@rac1 ~]#
[root@rac1 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.1.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.1.0/24;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "dell.com" IN { # must be domain name only for forward zone
type master;
file "for.zone"; # optional can give any file name for forward zone
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN { # must be server IP ex-192.168.1.11
type master;
file "rev.zone"; # optional can give any file name for reverse zone
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@rac1 ~]#
Create forward and reverse Zone files:
[root@rac1 ~]# vi /var/named/for.zone
@ IN SOA rac1.dell.com. root.dell.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS rac1.dell.com.
@ IN NS rac2.dell.com.
@ IN NS rac3.dell.com.
@ IN NS rac1-vip.dell.com.
@ IN NS rac2-vip.dell.com.
@ IN NS rac3-vip.dell.com.
@ IN NS dellc-scan.dell.com.
@ IN A 192.168.1.11
@ IN A 192.168.1.12
@ IN A 192.168.1.13
rac1 IN A 192.168.1.11
rac2 IN A 192.168.1.12
rac3 IN A 192.168.1.13
rac1-vip IN A 192.168.1.21
rac2-vip IN A 192.168.1.22
rac3-vip IN A 192.168.1.23
dellc-scan IN A 192.168.1.30
dellc-scan IN A 192.168.1.31
dellc-scan IN A 192.168.1.32
[root@rac1 ~]#
[root@rac1 ~]# vi /var/named/rev.zone
$TTL 86400
@ IN SOA rac1.dell.com. root.dell.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS rac1.dell.com.
@ IN PTR dell.com.
11 IN PTR rac1.dell.com.
12 IN PTR rac2.dell.com.
13 IN PTR rac3.dell.com.
21 IN PTR rac1-vip.dell.com.
22 IN PTR rac2-vip.dell.com.
23 IN PTR rac3-vip.dell.com.
30 IN PTR dellc-scan.dell.com.
31 IN PTR dellc-scan.dell.com.
32 IN PTR dellc-scan.dell.com.
rac1.dell.com. IN A 192.168.1.11
rac2.dell.com. IN A 192.168.1.12
rac3.dell.com. IN A 192.168.1.13
rac1-vip.dell.com. IN A 192.168.1.21
rac2-vip.dell.com. IN A 192.168.1.22
rac3-vip.dell.com. IN A 192.168.1.23
dellc-scan.dell.com. IN A 192.168.1.30
dellc-scan.dell.com. IN A 192.168.1.31
dellc-scan.dell.com. IN A 192.168.1.32
[root@rac1 ~]#
Start Named Services:
Configuring Permissions, Ownership, and SELinux
[root@rac1 ~]# chgrp named -R /var/named
[root@rac1 ~]# chown -v root:named /etc/named.conf
[root@rac1 ~]# restorecon -rv /var/named
[root@rac1 ~]#
[root@rac1 ~]# netstat -ant | grep -w 53
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
[root@rac1 ~]# grep listen-on /etc/named.conf
listen-on port 53 { 127.0.0.1; 192.168.1.11; };
[root@rac1 ~]# ping -c 1 `hostname`
PING rac1.dell.com (192.168.1.11) 56(84) bytes of data.
64 bytes from rac1.dell.com (192.168.1.11): icmp_seq=1 ttl=64 time=0.032 ms
--- rac1.dell.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.032/0.032/0.032/0.000 ms
[root@rac1 ~]#
[root@rac1 ~]# systemctl enable named
[root@rac1 ~]# systemctl restart named stop/start
[root@rac1 ~]#
[root@rac1 ~]# netstat -ant | grep -w 53
tcp 0 0 192.168.1.11:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
[root@rac1 ~]#
At this point we should have DNS server configured to be listening on at least two sockets:
192.168.1.11:53
127.0.0.1:53
Test DNS configuration and zone files for any syntax errors:
[root@rac1 ~]# named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.
[root@rac1 ~]# named-checkzone rac1.dell.com /var/named/for.zone
/var/named/for.zone:1: no TTL specified; using SOA MINTTL instead
zone rac1.dell.com/IN: loaded serial 2011071001
OK
[root@rac1 ~]#
[root@rac1 ~]#
[root@rac1 ~]# named-checkzone rac1.dell.com /var/named/rev.zone
/var/named/rev.zone:15: ignoring out-of-zone data (rac2.dell.com)
/var/named/rev.zone:16: ignoring out-of-zone data (rac3.dell.com)
zone rac1.dell.com/IN: loaded serial 2011071001
OK
[root@rac1 ~]#
Informational Named:
[root@rac1 ~]# systemctl status named to remove warning form status:
[root@rac1 ~]# grep OPTIONS /etc/sysconfig/named
# OPTIONS="whatever" -- These additional options will be passed to named
OPTIONS="-4"
[root@rac1 ~]# systemctl restart named
-----------------------------------------------
Firewall Settings
[root@rac1 ~]#
[root@rac1 ~]# systemctl start firewalld
[root@rac1 ~]#
[root@rac1 ~]# systemctl status firewalld
[root@rac1 ~]#
[root@rac1 ~]# systemctl enable firewalld enable is not required, as need to stop firewall after dns configured
[root@rac1 ~]#
[root@rac1 ~]# firewall-cmd --zone=public --add-port=53/tcp --permanent
success
[root@rac1 ~]# firewall-cmd --zone=public --add-port=53/udp --permanent
success
[root@rac1 ~]# firewall-cmd --reload
success
[root@rac1 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports: 53/tcp 53/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@rac1 ~]#
Check whether DNS port 53 is accessible using tcp/UDP protocol from same or some other external host. You will need root privileges for this:
[root@rac1 ~]# nmap -p 53 192.168.1.11
Starting Nmap 6.40 ( http://nmap.org ) at 2021-08-29 21:02 +03
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for rac1.dell.com (192.168.1.11)
Host is up (0.00017s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds
[root@rac1 ~]#
[root@rac1 ~]# nmap -sU -p 53 192.168.1.11
Starting Nmap 6.40 ( http://nmap.org ) at 2021-08-29 21:02 +03
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for rac1.dell.com (192.168.1.11)
Host is up (0.00054s latency).
PORT STATE SERVICE
53/udp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
[root@rac1 ~]#
Informational Firewall
[root@rac1 ~]# systemctl status firewalld to remove warning form status:
[root@rac1 ~]# grep AllowZoneDrifting /etc/firewalld/firewalld.conf
# AllowZoneDrifting
AllowZoneDrifting=yes
[root@rac1 ~]# systemctl restart firewalld
-----------------------------------------------
Update entries in resolve.conf and network adapter
[root@rac1 ~]#
[root@rac1 ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-e*
DNS="192.168.1.11"
[root@rac1 ~]# grep dns /etc/NetworkManager/NetworkManager.conf
dns=none
[root@rac1 ~]#
[root@rac1 ~]# vi /etc/sysconfig/network-scripts/ifcg-e*
DNS="192.168.1.11"
[root@rac1 ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search dell.com
nameserver 192.168.1.11
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
[root@rac1 ~]#
[root@rac1 ~]# systemctl restart network
[root@rac1 ~]# dig rac1.dell.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> rac1.dell.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34309
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, AUTHORITY: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rac1.dell.com. IN A
;; ANSWER SECTION:
rac1.dell.com. 86400 IN A 192.168.1.11
;; AUTHORITY SECTION:
dell.com. 86400 IN NS rac2.dell.com.
dell.com. 86400 IN NS rac1-vip.dell.com.
dell.com. 86400 IN NS rac2.dell.com.
dell.com. 86400 IN NS rac2-vip.dell.com.
dell.com. 86400 IN NS rac3.dell.com.
dell.com. 86400 IN NS rac1.dell.com.
dell.com. 86400 IN NS rac3-vip.dell.com.
dell.com. 86400 IN NS dellc-scan.dell.com.
;; ADDITIONAL SECTION:
rac2.dell.com. 86400 IN A 192.168.1.12
rac3.dell.com. 86400 IN A 192.168.1.13
rac1-vip.dell.com. 86400 IN A 192.168.1.21
rac2-vip.dell.com. 86400 IN A 192.168.1.22
rac3-vip.dell.com. 86400 IN A 192.168.1.23
dellc-scan.dell.com. 86400 IN A 192.168.1.30
dellc-scan.dell.com. 86400 IN A 192.168.1.31
dellc-scan.dell.com. 86400 IN A 192.168.1.32
;; Query time: 0 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Sun Aug 29 23:38:27 +03 2021
;; MSG SIZE rcvd: 142
[root@rac1 ~]#
[root@rac1 ~]# nslookup rac1
Server: 192.168.1.11
Address: 192.168.1.11#53
Name: rac1.dell.com
Address: 192.168.1.11
nslookup dellc-scan
nslookup dellc-scan
nslookup dellc-scan
nslookup rac1-vip
nslookup rac2-vip
nslookup rac3-vip
nslookup rac1
nslookup rac2
nslookup rac3
Update node2 entries:
[root@rac2 ~]# hostname -i
192.168.1.12
[root@rac2 ~]# hostname -f
rac2.dell.com
[root@rac2 ~]#
to make DNS Entry persistent always and to avoid override of resolve.conf RedHat Enterprise Linux Server 7
Final output should be looking like :- save the file and reboot and test it.
...
[main]
dns=none
#plugins=ifcfg-rh,ibft
...
[root@rac2 ~]# grep dns /etc/NetworkManager/NetworkManager.conf
dns=none
[root@rac2 ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search dell.com
nameserver 192.168.1.11
[root@rac2 ~]# nslookup dellc-scan
================================================================================================================
This document helps those who would like to configure DNS in Linux 7
Further follow the ORACLE Installation Guides for your DB, RAC, and EBS installation
Thanks for Reading
Regards,
Mohammed Areefuddin.
Suggested Topics :
Linux | DATABASE | RMAN | RAC | EBS |
| R1229 M7 Clone | ||||
| RAC DataGuard | Pluggable DB Clone | |||
| appsutil for DB | ||||
| JDK JRE upgrade | ||||
| Add EBS Node | ||||
No comments:
Post a Comment