Creating a DNS server

For the installation of the new RAC environment I will need the DNS server. Here are the steps to configure it
I have prepared the VM virtual server with 512 MB RAM and 15GB file system. I have installed the oracle enterprise linux.
Now I will show, how to configure the DNS:Here is the network configuration:

[root@dns ~]# cd /etc/sysconfig/
[root@dns sysconfig]# cat network

eth0 interface configuration:

[root@dns network-scripts]# cat ifcfg-eth0 
NAME=”System eth0″

/etc/hosts configuration:

[root@dns etc]# cat hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 dns

Now we will install bind package:

[root@dns etc]# yum install bind
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

Package           Arch                Version                                     Repository               Size
bind              x86_64              32:9.8.2-0.17.rc1.0.2.el6_4.4               ol6_latest              4.0 M

Transaction Summary
Install       1 Package(s)

Total download size: 4.0 M
Installed size: 7.3 M
Is this ok [y/N]: y
Downloading Packages:
bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64.rpm                                                | 4.0 MB     00:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64                                                     1/1
Verifying  : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64                                                     1/1

bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4

Check the status of the service:

[root@dns etc]# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
named is stopped

configure the named.conf :

[root@dns etc]# cat named.conf
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {
listen-on port 53 {;; };
listen-on-v6 port 53 { ::1; };
directory       “/var/named”;
dump-file       “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query     { localhost;; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;

logging {
channel default_debug {
file “data/”;
severity dynamic;

zone “” IN {
type master;
file “”;

zone “” IN {
type master;
file “example.reverse”;

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”; file located in the /var/named directory:

[root@dns named]# cat 
$TTL 86400
@   1D           IN      SOA (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
; main domain name servers
IN      NS
dns       IN      A

rac11gnode1        IN      A
rac11gnode2        IN      A
rac11gnode3        IN      A
rac11gnode1-vip    IN      A
rac11gnode2-vip    IN      A
rac11gnode3-vip    IN      A
rac11gcluster-scan IN      A
IN      A
IN      A

example.reverse file located in teh /var/named directory:

[root@dns named]# cat example.reverse 
$TTL    86400 ; 24 hours could have been written as 24h or 1d
@  1D  IN        SOA (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
111              IN PTR
112              IN PTR
113              IN PTR
114              IN PTR
212              IN PTR
213              IN PTR
214              IN PTR
115              IN PTR
116              IN PTR
117              IN PTR

edit the /etc/resolv.con file:

[root@dns named]# cat /etc/resolv.conf
# Generated by NetworkManager

Add following lines to the iptables, so all your servers will be able to connect to dns server on port 53:

-A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
-A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT

Now, you can check, if its working:

[root@dns log]# nslookup rac11gnode1


reverse lookup:

[root@dns log]# nslookup
Address:      name =

When the DNS is working, we can configure the ntp daemon, ass I will use this server also as the NTP server.

Edit the /etc/ntp.conf file:

[root@dns log]# cat /etc/ntp.conf 
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict -6 ::1
restrict mask nomodify notrap noquery

# Hosts on local network are less restricted.
#restrict mask nomodify notrap

# Use public servers from the project.
# Please consider joining the pool (

#broadcast autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast autokey            # multicast server
#multicastclient              # multicast client
#manycastserver         # manycast server
#manycastclient autokey # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server     # local clock
#fudge stratum 10

# Enable public key cryptography.

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

Add following line to iptables, to allow your servers to acces ntp server on port 123:

[root@dns log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
-A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
-A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT
-A INPUT -s -m state –state NEW -p udp –dport 123 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited