Creating a DNS server

For the installation of the new RAC environment I will need the DNS server. Here are the steps to configure it
I have prepared the VM virtual server with 512 MB RAM and 15GB file system. I have installed the oracle enterprise linux.
Now I will show, how to configure the DNS:Here is the network configuration:

[root@dns ~]# cd /etc/sysconfig/
[root@dns sysconfig]# cat network
NETWORKING=yes
HOSTNAME=dns.example.com
GATEWAY=192.168.0.1

eth0 interface configuration:

[root@dns network-scripts]# cat ifcfg-eth0 
DEVICE=”eth0″
BOOTPROTO=none
NM_CONTROLLED=”yes”
ONBOOT=yes
UUID=”4d41fdfc-475f-4701-8cb0-2e20b0727c3e”
HWADDR=00:0C:29:9C:1F:1C
IPADDR=192.168.0.111
PREFIX=24
GATEWAY=192.168.0.1
DNS1=192.168.0.111
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME=”System eth0″

/etc/hosts configuration:

[root@dns etc]# cat hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.111 dns.example.com dns

Now we will install bind package:

[root@dns etc]# yum install bind
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
Package           Arch                Version                                     Repository               Size
=================================================================================================================
Installing:
bind              x86_64              32:9.8.2-0.17.rc1.0.2.el6_4.4               ol6_latest              4.0 M

Transaction Summary
=================================================================================================================
Install       1 Package(s)

Total download size: 4.0 M
Installed size: 7.3 M
Is this ok [y/N]: y
Downloading Packages:
bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64.rpm                                                | 4.0 MB     00:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64                                                     1/1
Verifying  : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64                                                     1/1

Installed:
bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4

Check the status of the service:

[root@dns etc]# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
named is stopped

configure the named.conf :

[root@dns etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 192.168.0.111; };
listen-on-v6 port 53 { ::1; };
directory       “/var/named”;
dump-file       “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query     { localhost; 192.168.0.1/24; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “example.com” IN {
type master;
file “example.zone”;
};

zone “0.168.192.in-addr.arpa” IN {
type master;
file “example.reverse”;
};

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

example.zone file located in the /var/named directory:

[root@dns named]# cat example.zone 
$TTL 86400
$ORIGIN example.com.
@   1D           IN      SOA   dns.example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
; main domain name servers
IN      NS     dns.example.com.
dns       IN      A      192.168.0.111

rac11gnode1        IN      A      192.168.0.112
rac11gnode2        IN      A      192.168.0.113
rac11gnode3        IN      A      192.168.0.114
rac11gnode1-vip    IN      A      192.168.0.212
rac11gnode2-vip    IN      A      192.168.0.213
rac11gnode3-vip    IN      A      192.168.0.214
rac11gcluster-scan IN      A      192.168.0.115
IN      A      192.168.0.116
IN      A      192.168.0.117

example.reverse file located in teh /var/named directory:

[root@dns named]# cat example.reverse 
$TTL    86400 ; 24 hours could have been written as 24h or 1d
@  1D  IN        SOA example.com.     hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS   dns.example.com.
111              IN PTR  dns.example.com.
112              IN PTR  rac11gnode1.example.com.
113              IN PTR  rac11gnode2.example.com.
114              IN PTR  rac11gnode3.example.com.
212              IN PTR  rac11gnode1-vip.example.com.
213              IN PTR  rac11gnode2-vip.example.com.
214              IN PTR  rac11gnode3-vip.example.com.
115              IN PTR  rac11gcluster-scan.example.com
116              IN PTR  rac11gcluster-scan.example.com
117              IN PTR  rac11gcluster-scan.example.com

edit the /etc/resolv.con file:

[root@dns named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.111
search example.com

Add following lines to the iptables, so all your servers will be able to connect to dns server on port 53:

-A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
-A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT

Now, you can check, if its working:

[root@dns log]# nslookup rac11gnode1
Server:         192.168.0.111
Address:        192.168.0.111#53

Name:   rac11gnode1.example.com
Address: 192.168.0.112

reverse lookup:

[root@dns log]# nslookup 192.168.0.112
Server:         192.168.0.111
Address:        192.168.0.111#53

112.0.168.192.in-addr.arpa      name = rac11gnode1.example.com.

When the DNS is working, we can configure the ntp daemon, ass I will use this server also as the NTP server.

Edit the /etc/ntp.conf file:

[root@dns log]# cat /etc/ntp.conf 
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
restrict 195.113.144.201 mask 255.255.255.245 nomodify notrap noquery

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 195.113.144.201
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0     # local clock
#fudge  127.127.1.0 stratum 10

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

Add following line to iptables, to allow your servers to acces ntp server on port 123:

[root@dns log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
-A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state –state NEW -p udp –dport 123 -j ACCEPT
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT