A few users asked what to do if there is no DNS server available for configuring the SCAN names when installing oracle grid infrastructure.
Most asked if they can use hosts file entries. The short answer is: Nope. The grid infrastructure will install fine but the cluster verification utility will fail.
So my suggestion is as follows: Create your own small DNS server on your rac nodes. This is quite fast and easy and described in this article.
Installing required packages
Oracle Enterprise Linux as well as RedHat and even SuSE ship with rpm packages for the name server “bind”. Bind is developed by the ISC (Internet systems consortium) and is the most used dns server. More information can be found here.
In this article we will install bind on our rac system with oracle enterprise 5 update 3. If you use an other distribution or release your version numbers and/or package names might be different.
So for OEL 5U3 we need at least the following packages installed:
- bind-libs-9.3.4-10.P1.el5
- bind-9.3.4-10.P1.el5
- bind-utils-9.3.4-10.P1.el5
In addition to that you can also install the “bind-chroot” package which runs bind in a chroot environment. A chroot environment increases the security and is recommended for running in production. For our test system we will do not install bind chrootet to keep the complexity low.
Configuring the first (master) dns server
In the first step we will create the master DNS server which will reside on any node. In our case the master dns server resides on node “rac1.regner.de” with ip ip “>adress 172.23.15.1. The secondary dns server will be on node “rac2.regner.de” with ip address 172.23.15.2.
Later we will add a secondary DNS server on the second node. This is required for a working name resolution if one node is down.
Note that for a “quick and dirty” configuration one configured dns server is enough to complete the cluster verification tests. Make sure that you specified all node names (private, public and vip named) in your /etc/hosts file!
Creating the required files
All you need to do is to create the files in the named locations (attention: on SuSE /var/named will be probably /var/lib/named !). If you want to you can replace the string “regner.de” with your domain and correct the host names and IPs.
/etc/named.conf
[root@rac1 named]# cat /etc/named.conf
options {
# The directory statement defines the name server's working directory
directory "/var/named";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
#forwarders { 192.0.2.1; 192.0.2.2; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
#forward first;
# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { none; };
# The next three statements may be needed if a firewall stands between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
#allow-query { 127.0.0.1; };
# If notify notify ">is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
};
logging {
# Log queries to a file limited to a size of 100 MB.
channel query_logging {
file "/var/named/named_querylog"
versions 3 size 100M;
print-time yes; // timestamp log entries
};
category queries {
query_logging;
};
# Or log this kind alternatively to syslog.
channel syslog_queries {
syslog user;
severity info;
};
category queries { syslog_queries; };
# Log general name server errors to syslog.
channel syslog_errors {
syslog user;
severity error;
};
category default { syslog_errors; };
# Don't log lame server messages.
category lame-servers { null; };
};
acl acl_transf { 172.23.15.2; };
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
#zone "." in {
# type hint;
# file "root.hint";
#};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "regner.de" in {
type master;
file "db.regner.de";
allow-transfer { acl_transf; };
};
Note the following line:
acl acl_transf { 172.23.15.2; };
this line will later allow the secondary dns server to fetch the zone files from the master server. In our test environment “rac1.regner.de” (172.23.15.1) is the master dns server while “rac2.regner.de” (172.23.15.2) is the secondary one which fetched the zone files. In your environemt you must adjust the line according to your used IPs. You cannot use names here!
/var/named/127.0.0.zone
$TTL 1W @ IN SOA localhost. root.localhost. ( 42 ; serial (d. adams) 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS localhost. 1 IN PTR localhost.
/var/named/localhost.zone
$TTL 1W @ IN SOA @ root ( 42 ; serial (d. adams) 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS @ IN A 127.0.0.1
/var/named/db.regner.de
$ORIGIN . regner.de SOA rac1.regner.de. rac1.regner.de. ( 22 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS rac1.regner.de. NS rac2.regner.de. $ORIGIN regner.de. rac1 A 172.23.15.1 rac2 A 172.23.15.2 rac1-vip A 172.23.15.10 rac2-vip A 172.23.15.20 rac1-priv A 192.168.181.10 rac2-priv A 192.168.181.20 rac-scan A 172.23.15.3 rac-scan A 172.23.15.4 rac-scan A 172.23.15.5
Starting for the first time
Before staing for the first time we need to change permissions:
[root@rac1 named]# touch /var/named/named_querylog [root@rac1 named]# chown -R named:named /var/named/ [root@rac1 named]# chown named:named /etc/named.conf
After that we can start for the first time by entering:
/etc/init.d/named start
You message log should look like this:
Oct 15 09:51:25 rac1 named[22380]: starting BIND 9.3.4-P1 -u named Oct 15 09:51:25 rac1 named[22380]: found 1 CPU, using 1 worker thread Oct 15 09:51:25 rac1 named[22380]: loading configuration from '/etc/named.conf' Oct 15 09:51:25 rac1 named[22380]: listening on IPv4 interface lo, 127.0.0.1#53 Oct 15 09:51:25 rac1 named[22380]: listening on IPv4 interface bond0, 172.23.15.1#53 Oct 15 09:51:25 rac1 named[22380]: listening on IPv4 interface bond0:3, 172.23.15.10#53 Oct 15 09:51:25 rac1 named[22380]: listening on IPv4 interface bond0:4, 172.23.15.3#53 Oct 15 09:51:25 rac1 named[22380]: listening on IPv4 interface bond0:5, 172.23.15.5#53 Oct 15 09:51:25 rac1 named[22380]: listening on IPv4 interface bond1, 192.168.181.10#53 Oct 15 09:51:25 rac1 named[22380]: command channel listening on 127.0.0.1#953 Oct 15 09:51:25 rac1 named[22380]: command channel listening on ::1#953
There must be no error messages. If you have some errors in the configuration files you need to fix.
Checking configuration
If named started without error messages you can check if host name resolution works. For checking we use “dig” which is part of the bind-utils package. The calling syntax is:
dig @<server> <hostname to query>
In our environment this evaluates to:
[root@rac1 named]# dig @172.23.15.1 rac1.regner.de ; <<>> DiG 9.3.4-P1 <<>> @172.23.15.1 rac1.regner.de ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27024 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rac1.regner.de. IN A ;; ANSWER SECTION: rac1.regner.de. 3600 IN A 172.23.15.1 ;; AUTHORITY SECTION: regner.de. 3600 IN NS rac1.regner.de. ;; Query time: 31 msec ;; SERVER: 172.23.15.1#53(172.23.15.1) ;; WHEN: Thu Oct 15 09:48:07 2009 ;; MSG SIZE rcvd: 62
The output consists of two parts:
- question section
- answer section
The interesting part is in the answer section. We queried for “rac1.regner.de” (see question section) and got the following answer section:
;; ANSWER SECTION: rac1.regner.de. 3600 IN A 172.23.15.1
The answer section states the host named “regner1.regner.de” has the ip address of 172.23.15.1. Just as we configured it in the zone file. If you changed names and/or IPs your adjusted value must appear in the answer section.
The next query will query for the SCAN name we also configured in the zone file:
[root@rac1 named]# dig @172.23.15.1 rac-scan.regner.de ; <<>> DiG 9.3.4-P1 <<>> @172.23.15.1 rac-scan.regner.de ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33081 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;rac-scan.regner.de. IN A ;; ANSWER SECTION: rac-scan.regner.de. 3600 IN A 172.23.15.4 rac-scan.regner.de. 3600 IN A 172.23.15.5 rac-scan.regner.de. 3600 IN A 172.23.15.3 ;; AUTHORITY SECTION: regner.de. 3600 IN NS rac1.regner.de. ;; ADDITIONAL SECTION: rac1.regner.de. 3600 IN A 172.23.15.1 ;; Query time: 3 msec ;; SERVER: 172.23.15.1#53(172.23.15.1) ;; WHEN: Thu Oct 15 09:48:21 2009 ;; MSG SIZE rcvd: 119
This time the answer section contained three IP addresses:
;; ANSWER SECTION: rac-scan.regner.de. 3600 IN A 172.23.15.4 rac-scan.regner.de. 3600 IN A 172.23.15.5 rac-scan.regner.de. 3600 IN A 172.23.15.3
Thats completely fine as oracle needs at least one better three IPs for the scan names. As you can see from the output we configured the recommended amount of three IPs. Oracle will use these IPs for configuring the listeners to listen at this IPs. For more information about SCAN refer here.
Using configuration
In order to use our fresh configured name servers replace the file /etc/resolv.conf with a file like this:
nameserver 172.23.15.1 nameserver 172.23.15.2 search regner.de
The /etc/resolv.conf configures the dns server to use for ip adress resolution. The argument “nameserver” defines the dns server which “search” configures one or more domain suffixes to be appended. In the example listed there are two name servers which will be queried. If one server is unreachable there will be a transparent failover to the second one. The second server will be configured now.
Configuring the second (slave) dns server
Creating the required files
/etc/named.conf
[root@rac2 named]# cat /etc/named.conf
options {
# The directory statement defines the name server's working directory
directory "/var/named";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
#forwarders { 192.0.2.1; 192.0.2.2; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
#forward first;
# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { none; };
# The next three statements may be needed if a firewall stands between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
#allow-query { 127.0.0.1; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
};
logging {
# Log queries to a file limited to a size of 100 MB.
channel query_logging {
file "/var/named/named_querylog"
versions 3 size 100M;
print-time yes; // timestamp log entries
};
category queries {
query_logging;
};
# Or log this kind alternatively to syslog.
channel syslog_queries {
syslog user;
severity info;
};
category queries { syslog_queries; };
# Log general name server errors to syslog.
channel syslog_errors {
syslog user;
severity error;
};
category default { syslog_errors; };
# Don't log lame server messages.
category lame-servers { null; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
#zone "." in {
# type hint;
# file "root.hint";
#};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "regner.de" in {
type slave;
file "db.regner.de";
masters { 172.23.15.1; };
};
/var/named/127.0.0.zone
$TTL 1W @ IN SOA localhost. root.localhost. ( 42 ; serial (d. adams) 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS localhost. 1 IN PTR localhost.
/var/named/localhost.zone
$TTL 1W @ IN SOA @ root ( 42 ; serial (d. adams) 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS @ IN A 127.0.0.1
/var/named/db.regner.de
You do not need to create the zone file because it will be fetched from the master server.
Starting for the first time
Before staring for the first time we need to change permissions:
[root@rac2 named]# touch /var/named/named_querylog [root@rac2 named]# chown -R named:named /var/named/ [root@rac2 named]# chown named:named /etc/named.conf
After that we can start for the first time by entering:
/etc/init.d/named start
You message log should look like this:
Oct 15 10:30:02 rac2 named[23116]: starting BIND 9.3.4-P1 -u named Oct 15 10:30:02 rac2 named[23116]: found 1 CPU, using 1 worker thread Oct 15 10:30:02 rac2 named[23116]: loading configuration from '/etc/named.conf' Oct 15 10:30:02 rac2 named[23116]: listening on IPv4 interface lo, 127.0.0.1#53 Oct 15 10:30:02 rac2 named[23116]: listening on IPv4 interface bond0, 172.23.15.2#53 Oct 15 10:30:02 rac2 named[23116]: listening on IPv4 interface bond0:1, 172.23.15.4#53 Oct 15 10:30:02 rac2 named[23116]: listening on IPv4 interface bond0:2, 172.23.15.20#53 Oct 15 10:30:02 rac2 named[23116]: listening on IPv4 interface bond1, 192.168.181.20#53 Oct 15 10:30:02 rac2 named[23116]: command channel listening on 127.0.0.1#953 Oct 15 10:30:02 rac2 named[23116]: command channel listening on ::1#953
There must be no error messages. If you have some errors in the configuration files you need to fix.
Checking configuration
The first this to check is the existence of the file /var/named/db.regner.de:
[root@rac2 named]# ll /var/named/ total 20 -rw-r--r-- 1 named named 192 Oct 15 10:28 127.0.0.zone drwxrwx--- 2 named named 4096 Jan 21 2009 data -rw-r--r-- 1 named named 498 Oct 15 10:30 db.regner.de -rw-r--r-- 1 named named 158 Oct 15 10:28 localhost.zone -rw-r--r-- 1 named named 0 Oct 15 10:30 named_querylog drwxrwx--- 2 named named 4096 Jan 21 2009 slaves
The file is there and was transfered from the master server.
We will now query the secondary dns server just like we did with the primary server:
[root@rac2 named]# dig @172.23.15.2 rac1.regner.de ; <<>> DiG 9.3.4-P1 <<>> @172.23.15.2 rac1.regner.de ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9789 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;rac1.regner.de. IN A ;; ANSWER SECTION: rac1.regner.de. 3600 IN A 172.23.15.1 ;; AUTHORITY SECTION: regner.de. 3600 IN NS rac1.regner.de. ;; Query time: 227 msec ;; SERVER: 172.23.15.2#53(172.23.15.2) ;; WHEN: Thu Oct 15 10:32:23 2009 ;; MSG SIZE rcvd: 62
[root@rac2 named]# dig @172.23.15.2 rac-scan.regner.de ; <<>> DiG 9.3.4-P1 <<>> @172.23.15.2 rac-scan.regner.de ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52238 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;rac-scan.regner.de. IN A ;; ANSWER SECTION: rac-scan.regner.de. 3600 IN A 172.23.15.5 rac-scan.regner.de. 3600 IN A 172.23.15.3 rac-scan.regner.de. 3600 IN A 172.23.15.4 ;; AUTHORITY SECTION: regner.de. 3600 IN NS rac1.regner.de. ;; ADDITIONAL SECTION: rac1.regner.de. 3600 IN A 172.23.15.1 ;; Query time: 1 msec ;; SERVER: 172.23.15.2#53(172.23.15.2) ;; WHEN: Thu Oct 15 10:32:34 2009 ;; MSG SIZE rcvd: 119
Troubleshooting
If you experience problems check out the following files for more information:
- /var/log/messages
- /var/named/named_querylog
The second file records all received dns queries and can be extremely helpful in debugging dns-related problems.
More Information
For information how to change/add/delete dns records refer to the bind documentation.
Pingback: Oracle 11g Release 2 Install Guide – Grid Infrastructure installation « Ronny Egner's Blog
hi!
is 11gR2 support Dynamic DNS?if yes,can you give its configuration details for SCAN and DDNS?
regards
As far as i know there is no dymanic DNS. But you can install 11g R2 with Domain Delegation to Grid Naming Service. See http://download.oracle.com/docs/cd/E11882_01/install.112/e10812/prelinux.htm#BABEHFBA for more details.
hi
/etc/named.conf
/var/named/127.0.0.zone
/var/named/localhost.zone
These files do not exist by default.in oel 5.4 do i need to just create it?Or do i need to install any packages? i already have :
[root@pc-2 ~]# rpm -qa | grep bind
bind-9.3.6-4.P1.el5
system-config-bind-4.0.3-4.0.1.el5
bind-utils-9.3.6-4.P1.el5
ypbind-1.19-12.el5
bind-chroot-9.3.6-4.P1.el5
bind-libs-9.3.6-4.P1.el5
kdebindings-3.5.4-6.el5
ls /var/named/
chroot data slaves
named directory contains only chroot data and slaves.
do i need to change any over there?
regards
hi
as i did not have them i created them by my own hand but got a result eg.
[root@pc-2 ~]# /etc/init.d/named restart
Stopping named: [ OK ]
Locating /var/named/chroot//etc/named.conf failed:
[FAILED]
[root@pc-2 ~]#
regards
i think it should be done also on slave site
/etc/resolv.conf
nameserver 192.168.1.82
search .de
hi
how to assign Virtual IP in nic configuration??
regards
Hi,
the VIP addresses are created automatically by Grid Infrastructure installer. You are prompted for them during installation.
i am getting INS:- 40910 error during installation of RAC.
Hm.. Does not ring a bell here. Can you provide more details?
hi
All details are here.
http://forums.oracle.com/forums/thread.jspa?threadID=1022163&tstart=0
regards
Hi Ronny
Thankyou for good article. One more question , Is we use GNS we must have both DHCP ans DNS ??
Regards
You need DHCP to issue IPs and you need DNS to register and resolve the host names.
@Ronny Egner
if you followed that forum,they advised me also /etc/hosts entry …..
so …………. it should be both right?ie.DNS + /etc/hosts + /resolv.conf
Basically non-local host names in DNS are enough. If you dont have a working DNS you can put them into your /etc/hosts file.
@Ronny Egner
sorry to say(dnt know the reason).the fact is that: i diid not get vip to work until and unless i mentioned them my /etc/hosts,where as ping results nslookup and dig results was perfect.
if you have any explanation,plz let me know here….
regards
Well, i dont know what caused this. But anyway: Glad to see you solved your problem.
Pingback: Ronny Egners Blog » Oracle 11g Release 2 Install Guide – Grid Infrastructure installation
I have 2 nodes on Solaris 10 and I’m trying to upgrade to the 11gR2 Grid Infrastructure. The SA set up a DNS with a single ip for SCAN. I can nslookup the host, not ping because it’s interface is unplumbed, it was but in testing we detached it as part of the troubleshooting. We can nslookup each node from the other. Any ideas about what else we might need to look at?
For an upgrade you need to configure at least one scan ip. This ip will be a virtual interface residing on top of your public interface. The SCAN ip will be assigned by the clusterware upon installation.
On my Solaris box one node interfaces look like this:
bge0: flags=1000843 mtu 1500 index 2
inet 10.11.64.63 netmask fffffe00 broadcast 10.11.65.255
bge0:1: flags=1040843 mtu 1500 index 2
inet 10.11.65.102 netmask fffffe00 broadcast 10.11.65.255
bge0:2: flags=1040843 mtu 1500 index 2
inet 10.11.65.104 netmask fffffe00 broadcast 10.11.65.255
bge0:3: flags=1040843 mtu 1500 index 2
inet 10.11.65.103 netmask fffffe00 broadcast 10.11.65.255
bge1: flags=1000843 mtu 1500 index 4
inet 192.168.100.2 netmask ffffff00 broadcast 192.168.100.255
bge1 = private interconnect
bge0 = nodes public ip
bge0:0 = nodes vip ip
bge0:1 to bge0:2 = scan IP 1 and scan IP 2
We have:
ce0 = public ip
ce0:1 = vip
ce9 = interconnect
There is no ce0:2 (we only have one ip set aside for now) because we unplumbed it. Is this something the SA should do beforehand or that is done by the installer.
Right now we have the DNS running, we can nslookup on each node but only one dns configured. We have the names configured in the /etc/hosts and the resolv.conf configured. Do you know if there is anything else I should be doing pre-installation or should a working dns be enough. Do you know what oracle uses to check for the available ip? I appreciate you taking the time to answer questions. I have been reading a lot but it seems like some details of the configuration are missing. I have read note 887522.1, the GRID installation guide (kind of painful) and forums but I guess I can’t figure out the “glue” to some of these pieces. Thanks for your help and time!
v/r
Va.
ps Apologize if I ended up posting this somewhere else or twice, I hit submit and it disappeared…
Hi,
the virtual IP for the SCAN IP will be set up by the installer. Do NOT set it up yourself. All you need to setup is a working dns configuration as shown in my guides for linux. You need to make sure the name -scan. resolves to at least one (better three) IPs. These IPs resolved via DNS will be used by the installer (!!! ; not you!) to set up virtual network interfaces.
Ok, so after reading Sayantan’s forum post I saw at the very end… to restart universal installer.. *sigh*
Thanks!
Do we need to add the resolve.conf on both the nodes in the above example?
Yes
Nice Article.
Looking for DNS configuration for 11g R2 grid infrastructure installation….I will try it out.
Thanks for posting this article as it good explanation for DNS setup.
Regards,
VJ
Pingback: Can someone help me in understanding Public ,Private ,VIP&SCAN for RAC11gr2 - Bizzteams
Great tutorial, worked like a charm. Thank you very much!