DNS in a test environment

A playground for Oracle software most likely requires a DNS (Domain Name System) server somewhere in the network, whether it be for a simple Data Guard setup, or for checking out what Real Application Clusters (RAC for short) has to offer.

Setting up a minimal DNS server for your own private domain is relatively simple to perform using a tool such as VirtualBox. The steps I present here will use the BIND (Berkeley Internet Name Domain) implementation which is freely available on Linux, run from within a VirtualBox environment.

The setup I present here uses the following pieces of software:

• VirtualBox 7.0.10
• For the guest OS: Oracle Enterprise Linux 9.2

Installing VirtualBox is a trivial task and won't be discussed here. Detailed configuration of DNS also falls outside the scope of this blog. Refer to e.g. the BIND documentation on the Red Hat site for more details on the intricacies of BIND.

The steps I followed for setting up my own DNS server include:

• configure a host-only network in VirtualBox
• configure a VM for running BIND
• installing OEL9.2 into the VM
• configuring BIND

Using these steps a DNS server will be built with the following characteristics:

• the domain serviced is named mydomain.nl
• the DNS server will have a fixed IPv4 address of 192.168.128.254
• the DNS server will service IPv4 addresses in the 192.168.128.x subnet
• the subnet gateway is located at 192.168.128.1
• DNS will be setup containing several machines for the various local Oracle tests, including Data Guard and RAC

As indicated, this blog post is making use of Oracle Enterprise Linux 9.2. Red Hat Enterprise Linux 9 (or any derivatives) should also be usable; for other types of systems, please consult the documentation on what utilities to use and system packages to install, and at what locations the various configuration files are located.

Configuring a host-only network in VirtualBox

The first step in the setup is to make sure we have a network to communicate over. As this DNS server will only be used by VMs within VirtualBox on a single host machine, setting up a host-only network is the obvious choice to implement such a network. For this, create a new host-only network and assign a specific IP address range to this network. Open the Network Manager within VirtualBox:

From here, create a new host-only network, select the "Configure Adapter Manually" radio button and enter the IP address of the subnet gateway (192.168.128.1 in our case):

Press the "Apply" button when finished. After that, for ease of use, navigate to the "DHCP Server" tab and enable the DHCP server for the range 192.168.128.100 to 192.168.128.200:

Once again, press "Apply" to commit to the changes. Now we're ready to create a VM using this network.

Configure a VM for running BIND

Now we're ready to create a VM using the network created. For this, select the "New" option in the "Machine" menu:

A wizard pops up to guide us through the definition of a VM. Enter a name for your new VM (we'll chose OL9DNS here), the location where the VM should be created, and the ISO image of the OLE9.2 distribution. As we want to arrange for some specific size, skip the unattended install, and press the "Next" button:

A VM with 2GB of memory and 1 CPU is more than enough for a DNS server to run; press "Next":

A 20 GB hard disk for storing both the OS and the DNS configuration suffices as welll; press "Next":

End the definition of the VM configuration by pressing the "Finish" button at the summary page:

Now, in order to use our configured network, the VM needs to be altered for this to happen. In the VirtualBox main interface, right-click on the OL9DNS VM just created and select "Settings..." from the popup menu:

Navigate to the "Network" settings and for "Adapter 1" choose "Host-only" attachment type and the virtual network adapter name of the newly created network ("VirtualBox Host-only Ethernet Adapter #3" in our case) as the network:

Next, navigate to the "Adapter 2" tab, enable the adapter, and choose for a bridged network connection to allow us to communicate with the Internet (e.g. for accessing Oracle's YUM repository). When having configured this adapter as well, press "OK" to continue:

Installing OEL9.2 into the VM

So far so good. Now it's time to roll up the sleeves and actually start installing something. First step: the OS which hosts the DNS server. So let's start the newly created VM to initiate the installation process of OEL9.2:

The boot process starts, where we select to skip the medium check and directly commence to the OS installation:

Select the language for the OS to install and continue the installation:

From here we'll present the installation with a particular configuration by providing the necessary information in a particular order:

The following information will be provided:

1. We need to configure the device on which to install the OEL9.2 release. Press the "Installation Destination" button on the main installation screen, which will bring up the following screen:
   
   
   If you don't want to make any adjustments to the default setup, simply press the "Done" button to navigate back to the main installation screen.
2. Next, press the "Software Selection" button to select what to install. For a DNS server we don't need any full-blown GUI environment. Simply choose "Server" and press the "Done" button:
   
3. Next, configure the network by pressing the "Network & Host Name" button:
   
   Here we need to perform actions in a certain order as well:
   1. First, define the proper host name at the bottom left of the page. You'll see the actual host name being changed on the right when pressing the "Apply" button.
   2. Then select the "enp0s3" adapter. This is the OS adapter associated with the 1st adapter defined for the VM and will hence use our host-only network setup.
   3. After having selected the "enp0s3" adapter, press the "Configure" button to start configuring this adapter. As chosen, the IPv4 address of this server will be 192.168.128.254, and the domain we'll use here reads "mydomain.com". This is all done from the "IPv4" tab:
      
      Now press the "Routes..." button to force the adapter to only be used for 192.168.128.x traffic:
      
      Press "OK" to continue with the configuration. We won't be using IPV6, so disable this protocol:
      
      Then press "Save" to save the network changes for this adapter.
   4. Now press the slider on the top right hand side of the screen to enable this adapter for use.
   5. Similarly, we need to configure the Internet facing adapter (enp0s8). Here we simply select the adapter and enable it without any additional configuration, forcing it to access the bridged network and request a DHCP configuration:
      
      In our case an IP address in the 192.168.178.x range is selected and the DNS servers are automatically configured through DHCP as well. This adapter will service our default gateway to the external network (e.g. for access to Oracle's YUM Repository).
   Now the network configuration has been provided, so we can press the "Done" button at the top left of the screen.
4. As a network has been defined, we can set up the date and time characteristics for this VM to use NTP. We only need to select the proper timezone and enable NTP use:
   
   Press "Done" when finished.
5. Finally, for ease of maintenance, we'll enable the use of the root account in this VM:
   
   Enable the root account by entering a valid password, including confirmation of that password. When done, press the "Done" button to move back to the main installation screen.

Back on the main installation screen we now can commence with the actual installation of OEL9.2 by pressing the "Begin installation" button:

A progress window will appear. Once the installation is finished, a reboot is required to wrap up the configuration of the newly installed system:

Finish the installation by making sure that the OS is fully updated with all latest security patches, by logging on to the console as the root account (which we happy enabled) and updating the OS:

# dnf update -y
# reboot

Now the system is ready for the installation and configuration of a DNS server!

Configuring BIND

The last hurdle in the setup of our own DNS server is the installation and configuration of BIND. We will install a default secure BIND server without any change-root support. To install this application, log on to the console of the system as the root account and issue:

# dnf install -y bind bind-utils

Now edit the /etc/named.conf file and change the following entries in the options section of the file:

• adjust the listening address to include our IP address:
  
  # sed -r -i -e '/[[:space:]]listen-on[[:space:]]/s/^.*$/ listen-on port 53 { 127.0.0.1; 192.168.128.254; };/' /etc/named.conf
  We won't adjust the IPv6 listening address, as we don't use that protocol.
• define which IP addresses can query our DNS server:
  
  # sed -r -i -e '/[[:space:]]allow-query[[:space:]]/s/^.*$/ allow-query { localhost; 192.168.128.0/24; };/' /etc/named.conf
• define from what IP addresses recursive queries are allowed:
  
  # sed -r -i -e '/[[:space:]]allow-query[[:space:]]/a \ allow-recursion { localhost; 192.168.128.0/24; };' /etc/named.conf

Let's check what we have done is syntactically correct:

# named-checkconf

Whenever there is an error reported this error should be resolved before continuing the setup. If all's well, then we can bring the BIND server online by opening the relevant firewall ports and enabling the BIND service at the OS level:

# firewall-cmd --permanent --add-service=dns
# firewall-cmd --reload
# systemctl enable --now named

Let's check if we can access our own BIND server:

# dig @localhost www.oracle.com

We should receive an output similar to:

In case no address can be resolved, review the configuration steps carefully.

Now we have configured the DNS listening part, it's up to defining the topology of the network itself. In order to be able to use host names we need to be able to resolve these host names into IP addresses. For this we'll define a forwarder file called /var/named/forward.mydomain.com having the following contents:

$TTL    86400
@               IN SOA  ol9dns.mydomain.com. root.ol9dns.mydomain.com. (
                                      42        ; serial (d. adams)
                                      3H        ; refresh
                                      15M       ; retry
                                      1W        ; expiry
                                      1D )      ; minimum
                IN NS           ol9dns.mydomain.com.
ol9dns          IN A            192.168.128.254
standalone      IN A            192.168.128.10
primary         IN A            192.168.128.11
standby         IN A            192.168.128.12
clus1           IN A            192.168.128.21
clus1-vip       IN A            192.168.128.22
clus2           IN A            192.168.128.23
clus2-vip       IN A            192.168.128.24
clusscan        IN A            192.168.128.25
clusscan        IN A            192.168.128.26
clusscan        IN A            192.168.128.27

In order to have BIND use this file we need to indicate that the file exists. This is done by adding a so-called zone to the BIND zone configuration file:

# cat <<__ZONE__ >> /etc/named.rfc1912.zones

zone "mydomain.com" {
    type master;
    file "forward.mydomain.com";
    allow-query { any; };
    allow-transfer { none; };
};
__ZONE__

In order to check whether BIND can work with it, let's check whether the syntax is OK, and if so, restart BIND to pick up the new configuration:

# named-checkconf
# systemctl restart named

Now let's check whether we can resolve any of our local addresses:

We have lift-off! But wait, this is only one part: from host name to IP address. When we do anything network related we should also be able to resolve an IP address back to a host name. This is where the reverse zone comes into the picture. To define the reverse zone, we create a configuration file /var/named/reverse.mydomain.com with the following contents:

$TTL    86400
@       IN      SOA     ol9dns.mydomain.com. root.ol9dns.mydomain.com.   (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      ol9dns.mydomain.com.
254     IN      PTR     ol9dns.mydomain.com.
10      IN      PTR     standalone.mydomain.com.
11      IN      PTR     primary.mydomain.com.
12      IN      PTR     standby.mydomain.com.
21      IN      PTR     clus1.mydomain.com.
22      IN      PTR     clus1-vip.mydomain.com.
23      IN      PTR     clus2.mydomain.com.
24      IN      PTR     clus2-vip.mydomain.com.
25      IN      PTR     clusscan.mydomain.com.
26      IN      PTR     clusscan.mydomain.com.
27      IN      PTR     clusscan.mydomain.com.

Again we need to make BIND aware of the existence of this configuration file by adding a reverse zone:

# cat <<__REVZONE__ >> /etc/named.rfc1912.zones

zone "128.168.192.in-addr.arpa" {
    type master;
    file "reverse.mydomain.com";
    allow-query { any; };
    allow-transfer { none; };
};
__REVZONE__

Again check for syntax and if everything is in order, restart the BIND server to pick up the configuration changes::

# named-checkconf
# systemctl restart named

Then check whether an IP address can be resolved back into a host name:

In the end we now need to adjust the DNS search order for proper resolution of the host names. To do this, you need to make sure our own DNS server is the first to be queried:

# nmcli connection modify enp0s3 +ipv4.dns 192.168.128.254
# nmcli connection modify enp0s3 +ipv4.dns 84.116.46.21
# nmcli connection modify enp0s3 +ipv4.dns 84.116.46.20
# nmcli connection modify enp0s3 ipv4.dns-priority 1
# nmcli connection modify enp0s8 ipv4.dns-priority 2
# nmcli networking off
# nmcli networking on

Note: these last 2 DNS servers are supplied by my ISP. Use the appropriate DNS servers of your ISP, or use e.g. Google's 8.8.8.8 and 8.8.4.4 servers.

Hooray! This leaves us with a functional DNS server on our 192.168.128.x network!