Tuesday, June 4, 2013

The Do-It-Yourself DNS server setup

Introduction

In preparation for an Oracle Real Application Clusters (RAC) setup I decided to install a private DNS server, so my SCAN information for RAC could be serviced without relying on 3rd parties such as the local IT department. This blog shows the steps to take to set up a minimal DNS server for use with e.g. a development RAC environment. Detailed configuration of DNS falls outside of the scope of this blog.

For the demonstration on how to set up such a DNS server, the following assumptions are made:
  • the DNS server is running Oracle Enterprise Linux 5 Update 9. Red Hat Enterprise Linux 5 (or any derivatives) should also be usable; for other types of systems, consult the documentation on what utilities to use and system packatges to install, and at what locations the various configuration files are located
  • the DNS server will service a domain called ztm.nl
  • the DNS server will have a fixed IP address of 192.168.128.254
  • the DNS server will service addresses in the 192.168.128.x subnet
  • the subnet gateway is located at 192.168.128.1
  • the RAC SCAN name to be registered is clusscan, and 3 SCAN IP addresses will be configured for RAC use
  • for sake of the example, 4 additional hosts (resp. clus1, clus2, clus1-vip, and clus2-vip) will be registered in the DNS server

The following steps I took to set up a minimal DNS server environment:

Step 1: Installing Linux

The first step is to install Enterprise Linux. For this, a minimal installation is chosen, based on Oracle Enterprise Linux 5 Update 9. After having installed the Linux system, the Oracle public YUM repository is configured for any updates using:
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo

Step 2: Configuring the system with a fixed IP address

The next step is to make sure that your to-be DNS server has a static IP address. This can be done by using the system-config-network utility or by manually setting the IP address using ifconfig, like in:
# ifconfig eth0 192.168.128.254

The end result should look similar to:
Configuring a fixed IP address

Step 3: Install missing packages

After these initial installation steps, any missing packages necessary for the DNS environment should be installed:
# yum install bind-chroot
# yum install caching-nameserver
# yum install system-config-bind

Step 4: Initial DNS configuration file creation

Then the configuration files for the DNS server will be created with initial data (which will be modified to match our domain):
# cd /var/named/chroot/var/named/
# cp localdomain.zone for.ztm.nl
# cp named.local rev.ztm.nl
# chown root:named for.ztm.nl
# chown root:named rev.ztm.nl
# cd /var/named/chroot/etc
# cp named.caching-nameserver.conf named.conf
# chown root:named named.conf

Step 5: Editing of the DNS configuration

Edit the following files and add/modify the respective lines displayed (in case they are missing or have different values):
  • /etc/sysconfig/network:
    HOSTNAME=dns.ztm.nl
  • /etc/sysconfig/network-scripts/ifcfg-eth0:
    PEERDNS=no
  • /etc/resolv.conf:
    search ztm.nl
    nameserver 192.168.128.254
  • /etc/hosts:
    192.168.128.254 dns.ztm.nl dns
  • /var/named/chroot/etc/named.conf:
    options {
            listen-on port 53 { 127.0.0.1; 192.168.128.254; };
            allow-query { localhost; 192.168.128.0/24; }
            ...
    };
    and:
    view localhost_resolver {
            match-clients { localhost; 192.168.128.0/24; };
            match-destinations { localhost; 192.168.128.0/24; };
            ...
    };
  • /etc/named.rfc1912.zones:
    zone "ztm.nl" IN {
            type master;
            file "for.ztm.nl";
            allow-update { none; };
    };

    zone "128.168.192.in-addr.arpa" IN {
            type master;
            file "rev.ztm.nl";
            allow-update { none; };
    };
  • /var/named/chroot/var/named/for.ztm.nl:
    $TTL    86400
    @               IN SOA  dns.ztm.nl. root.dns.ztm.nl. (
                                          42        ; serial (d. adams)
                                          3H        ; refresh
                                          15M       ; retry
                                          1W        ; expiry
                                          1D )      ; minimum
                    IN NS           dns.ztm.nl.
    dns             IN A            192.168.128.254
    clus1           IN A            192.168.128.101
    clus1-vip       IN A            192.168.128.102
    clus2           IN A            192.168.128.103
    clus2-vip       IN A            192.168.128.104
    clusscan        IN A            192.168.128.105
    clusscan        IN A            192.168.128.106
    clusscan        IN A            192.168.128.107
  • /var/named/chroot/var/named/rev.ztm.nl:
    $TTL    86400
    @       IN      SOA     dns.ztm.nl. root.dns.ztm.nl.   (
                                          1997022700 ; Serial
                                          28800      ; Refresh
                                          14400      ; Retry
                                          3600000    ; Expire
                                          86400 )    ; Minimum
            IN      NS      dns.ztm.nl.
    254     IN      PTR     dns.ztm.nl.
    101     IN      PTR     clus1.ztm.nl.
    102     IN      PTR     clus1-vip.ztm.nl.
    103     IN      PTR     clus2.ztm.nl.
    104     IN      PTR     clus2-vip.ztm.nl.
    105     IN      PTR     clusscan.ztm.nl.
    106     IN      PTR     clusscan.ztm.nl.
    107     IN      PTR     clusscan.ztm.nl.
DNS can also be managed using the Bind configuration GUI. For this, configure the DNS server environment by issuing:
# system-config-bind

Step 6: Firewall configuration

In case the Linux firewall is turned on, the firewall should be configured to allow access to the DNS server. For this, start the firewall configuration utility:
# system-config-securitylevel

In the "Other ports" section on the "Firewall Options" tab, add port 53 with protocol UDP. Then press the Apply (or OK) button for the firewall configuration changes to take effect.
Adding the DNS port to the firewall configuration

Step 7: Restart the DNS server and test the setup

Restart the DNS daemon, make sure it's started at system startup, and check if the addresses can be resolved properly:
# service named restart
# chkconfig named on
# dig -x 192.168.128.254

If you get all four sections (question, answer, additional, and authority) reported as "1", the DNS server has been configured properly.

Checking the DNS name resolution

Otherwise, check for failures in configuring the DNS server using the previous steps.

Step 8: Client configuration

On the client machines (in this case the RAC cluster members) the name resolution file /etc/resolv.conf should be altered to contain:
search ztm.nl
nameserver 192.168.128.254

Here again with dig (or any other name resolution tool such as nslookup) the resolution can be tested to see if everything has been set up properly. You should get the same responses as on the DNS server itself. Any errors (i.e. sections not being reported properly) indicate a DNS setup failure.

Leave a comment in case you benefited from this blog.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)