搭建满足 oracle rac scn 的 dns 服务器

版权声明：本文为博主原创文章，转载请标明出处。 https://blog.csdn.net/ctypyb2002/article/details/89512715

os: centos 7.4

在安装 oracle rac 时,使用 scan 需要使用 dns,所以搭建一个简单测试dns.
testcluster1-scan.peiyongbin.com
192.168.56.141
192.168.56.142
192.168.56.143

版本

# lsb_release -a
LSB Version:	:core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch:trialuse-4.1-amd64:trialuse-4.1-noarch
Distributor ID:	CentOS
Description:	CentOS Linux release 7.4.1708 (Core) 
Release:	7.4.1708
Codename:	Core

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:7b:60:a0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.6/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 814sec preferred_lft 814sec
    inet6 fe80::4314:f1b1:76f4:9949/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:b2:b4:5e brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.100/24 brd 192.168.56.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::8d62:4987:9164:60e0/64 scope link 
       valid_lft forever preferred_lft forever

安装

# yum -y install bind*

# systemctl status named;
# systemctl enable named;

# which named
/usr/sbin/named

/etc/named.conf

# vi /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.56.100; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "peiyongbin.com" IN {
    type master;
    file "named.peiyongbin.com";
};

zone "56.168.192.in-addr.arpa" IN {
    type master;
    file "named.192.168.56";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/var/named/named.peiyongbin.com

正解数据库文件中必须要有$TTL、SOA、NS、A记录。

# vi /var/named/named.peiyongbin.com 

$TTL 1D
@       IN SOA  dns1.peiyongbin.com. www.peiyongbin.com. (
                2018042501      ; serial
                        1D      ; refresh
                        1H      ; retry
                        1W      ; expire
                        3H )    ; minimum
@                               IN      NS      dns1.peiyongbin.com. ;
dns1.peiyongbin.com.               IN      A       192.168.56.100 ;
testcluster1-scan.peiyongbin.com.  IN      A       192.168.56.141 ;
testcluster1-scan.peiyongbin.com.  IN      A       192.168.56.142 ;
testcluster1-scan.peiyongbin.com.  IN      A       192.168.56.143 ;
testcluster2-scan.peiyongbin.com.  IN      A       192.168.56.241 ;
testcluster2-scan.peiyongbin.com.  IN      A       192.168.56.242 ;
testcluster2-scan.peiyongbin.com.  IN      A       192.168.56.243 ;

/var/named/named.192.168.56

反解数据库文件必须有$TTL、SOA、NS、PTR记录

# vi /var/named/named.192.168.56

$TTL 1D
@       IN SOA  dns1.peiyongbin.com. www.peiyongbin.com. (
                        2018042501      ; serial
                                1D      ; refresh 
                                1H      ; retry 
                                1W      ; expire
                                3H )    ; minimum 
@                       IN      NS      dns1.peiyongbin.com. ;
100                     IN      PTR     www.peiyongbin.com. ;
100                     IN      PTR     testcluster1-scan.peiyongbin.com. ;
100                     IN      PTR     testcluster2-scan.peiyongbin.com. ;

测试

dns 服务器上重启 named

# systemctl restart named

# systemctl status named

随便一台linux 机器上操作

# vi /etc/resolv.conf

options attempts: 2
options timeout: 1
search testcluster1-scan.peiyongbin.com peiyongbin.com
nameserver 192.168.56.100


# vi /etc/nsswitch.conf 

hosts: files dns nis

# dig testcluster1-scan.peiyongbin.com
# dig -x 192.168.56.141

# nslookup testcluster1-scan.peiyongbin.com
Server:		192.168.56.100
Address:	192.168.56.100#53

Name:	testcluster1-scan.peiyongbin.com
Address: 192.168.56.141
Name:	testcluster1-scan.peiyongbin.com
Address: 192.168.56.143
Name:	testcluster1-scan.peiyongbin.com
Address: 192.168.56.142

好了,一个能满足oracle rac scan 测试的dns服务器就搭建完成.
参考: