SLES 12 SP4 DNS configuration for RAC setup 12 c
Operating System: SLES 12 SP4 64 bit
- zypper -n install bind-chrootenv
- resolv.conf
- forward.zone
- named.rfc1912.zones
- service named status
- nslookup srv-scan
- /etc/hosts
- resolv.conf
- forward.zone
srv1:/var/lib/named/etc # vi forward.zone
; /var/lib/named/etc/forward.zone
$TTL 86400
@ IN SOA srv-scan.example.com. root.srv-scan.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS srv-scan.example.com.
srv-scan A 192.168.56.91
srv-scan A 192.168.56.92
srv-scan A 192.168.56.93
- named.rfc1912.zones
srv1:/var/lib/named/etc #vi named.rfc1912.zones
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "56.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
#zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
#type master;
#file "named.ip6.local";
#allow-update { none; };
#};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
#zone "0.in-addr.arpa" IN {
#type master;Oracle 11gR2 RAC On VM - INSTALLATION
#www.reachdba.com | www.dbalounge.com | info@dbalounge.com | 011-40581394
#file "named.zero";
#allow-update { none; };
#};
- reverse.zone
srv1:/var/lib/named/etc # vi reverse.zone
; /var/lib/named/etc/reverse.zone
$TTL 86400
@ IN SOA srv-scan.example.com. root.srv-scan.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS srv-scan.example.com.
91 PTR srv-scan.example.com.
92 PTR srv-scan.example.com.
93 PTR srv-scan.example.com.
srv1:/var/lib/named/etc #
- service named status
- service named stop
- service named start
srv1:/var/lib/named/etc # service named status
● named.service - LSB: Domain Name System (DNS) server, named
Loaded: loaded (/etc/init.d/named; bad; vendor preset: disabled)
Active: active (running) since Wed 2021-04-07 12:41:50 IST; 10min ago
Docs: man:systemd-sysv-generator(8)
Process: 11711 ExecStop=/etc/init.d/named stop (code=exited, status=0/SUCCESS)
Process: 11738 ExecStart=/etc/init.d/named start (code=exited, status=0/SUCCESS)
Tasks: 4 (limit: 512)
CGroup: /system.slice/named.service
└─11787 /usr/sbin/named -t /var/lib/named -u named
Apr 07 12:41:50 srv1 named[11787]: managed-keys-zone: loaded serial 0
Apr 07 12:41:50 srv1 named[11787]: zone example.com/IN: loaded serial 0
Apr 07 12:41:50 srv1 named[11787]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
Apr 07 12:41:50 srv1 named[11787]: zone 56.168.192.in-addr.arpa/IN: loaded serial 0
Apr 07 12:41:50 srv1 named[11787]: zone localhost/IN: loaded serial 42
Apr 07 12:41:50 srv1 named[11787]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 42
Apr 07 12:41:50 srv1 named[11787]: all zones loaded
Apr 07 12:41:50 srv1 named[11738]: Starting name server BIND ..done
Apr 07 12:41:50 srv1 systemd[1]: Started LSB: Domain Name System (DNS) server, named.
Apr 07 12:41:50 srv1 named[11787]: running
srv1:/var/lib/named/etc #
- /etc/named.conf
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
options {
# The directory statement defines the name server's working directory
directory "/var/lib/named";
# enable DNSSEC validation
#
# If BIND logs error messages about the root key being expired, you
# will need to update your keys. See https://www.isc.org/bind-keys
#
# dnssec-enable yes (default), indicates that a secure DNS service
# is being used which may be one, or more, of TSIG
# (for securing zone transfers or DDNS updates), SIG(0)
# (for securing DDNS updates) or DNSSEC.
#dnssec-enable yes;
# dnssec-validation yes (default), indicates that a resolver
# (a caching or caching-only name server) will attempt to validate
# replies from DNSSEC enabled (signed) zones. To perform this task
# the server also needs either a valid trusted-keys clause
# (containing one or more trusted-anchors or a managed-keys clause.
#dnssec-validation auto;
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
#forwarders { 192.0.2.1; 192.0.2.2; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
#forward first;
# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { any; };
# The next three statements may be needed if a firewall stands between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
#allow-query { 127.0.0.1; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};
# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "127.0.0.zone";
};
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "56.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named
include "/etc/named.conf.include";
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
srv1:/var/lib/named/etc #
- Check using nslookup
srv1:/var/lib/named/etc # nslookup srv-scan
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: srv-scan.example.com
Address: 192.168.56.93
Name: srv-scan.example.com
Address: 192.168.56.91
Name: srv-scan.example.com
Address: 192.168.56.92
srv1:/var/lib/named/etc # nslookup srv-scan
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: srv-scan.example.com
Address: 192.168.56.92
Name: srv-scan.example.com
Address: 192.168.56.93
Name: srv-scan.example.com
Address: 192.168.56.91
srv1:/var/lib/named/etc # nslookup srv-scan
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: srv-scan.example.com
Address: 192.168.56.93
Name: srv-scan.example.com
Address: 192.168.56.91
Name: srv-scan.example.com
Address: 192.168.56.92
- cat /etc/hosts
# Public
192.168.56.71 srv1.example.com srv1
192.168.56.72 srv2.example.com srv2
# Private
192.168.10.1 srv1-priv.example.com srv1-priv
192.168.10.2 srv2-priv.example.com srv2-priv
# Virtual
192.168.56.81 srv1-vip.example.com srv1-vip
192.168.56.82 srv2-vip.example.com srv2-vip
# SCAN (in production this should be configured in DNS)
192.168.56.91 srv-scan.example.com srv-scan
192.168.56.92 srv-scan.example.com srv-scan
192.168.56.93 srv-scan.example.com srv-scan
No comments:
Post a Comment