Bind DNS Configuration For Oracle Cluster

MICHAEL
1 0
Read Time:8 Minute, 33 Second

[root@node1 grid]# cat /var/named/forward.ankinimbom
$TTL 86400
@ IN SOA node1.ankinimbom.com. root.ankinimbom.com. (
211071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimun TTL
)
@ IN NS node1.ankinimbom.com.
@ IN A 192.168.1.10
@ IN A 192.168.1.11
@ IN A 192.168.1.12
@ IN A 192.168.1.13
@ IN A 192.168.1.14
@ IN A 192.168.1.15
@ IN A 192.168.1.16
node1 IN A 192.168.1.10
node2 IN A 192.168.1.11
node-scan IN A 192.168.1.14
node-scan IN A 192.168.1.15
node-scan IN A 192.168.1.16
[root@node1 grid]#
[root@node1 grid]#
[root@node1 grid]#
[root@node1 grid]#
[root@node1 grid]# cat /var/named/reverse.ankinimbom
$TTL 86400
@ IN SOA node1.ankinimbom.com. root.node1.ankinimbom.com. (
211071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimun TTL
)
@ IN NS node1.ankinimbom.com.
@ IN PTR ankinimbom.com.
node1 IN A 192.168.1.10
node2 IN A 192.168.1.11
node-scan IN A 192.168.1.14
node-scan IN A 192.168.1.15
node-scan IN A 192.168.1.16
10 IN PTR node1.ankinimbom.com.
11 IN PTR node2.ankinimbom.com.
14 IN PTR node-scan.ankinimbom.com.
15 IN PTR node-scan.ankinimbom.com.
16 IN PTR node-scan.ankinimbom.com.
[root@node1 grid]#
[root@node1 grid]#
[root@node1 grid]#
[root@node1 grid]#
[root@node1 grid]# cd /var/named
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# ll
total 24
drwxr-x—. 7 root named 56 Jun 1 04:37 chroot
drwxrwx—. 2 named named 22 Jul 21 12:29 data
drwxrwx—. 2 named named 58 Jul 22 11:06 dynamic
drwxrwx—. 2 root named 6 Nov 22 2019 dyndb-ldap
-rw-r–r–. 1 root named 1163 Jul 21 12:24 forward.ankinimbom
-rw-r—–. 1 root named 2253 Apr 5 2018 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
-rw-r–r–. 1 root named 1192 Jul 21 12:25 reverse.ankinimbom
drwxrwx—. 2 named named 6 Jun 1 04:37 slaves
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1;192.168.1.10; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { any; };

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

zone “ankinimbom.com” IN {
type master;
file “forward.ankinimbom”;
allow-update { none; };
};
zone “1.168.192.in-addr.arpa” IN {
type master;
file “reverse.ankinimbom”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# systemctl start named.service
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# systemctl status named.service
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-07-22 10:05:19 CDT; 1h 8min ago
Process: 1548 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1494 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z “$NAMEDCONF”; else echo “Checking of zon e files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 1556 (named)
Tasks: 4
CGroup: /system.slice/named.service
└─1556 /usr/sbin/named -u named -c /etc/named.conf

Jul 22 10:05:19 node1.ankinimbom.com named[1556]: zone localhost/IN: loaded serial 0
Jul 22 10:05:19 node1.ankinimbom.com named[1556]: zone ankinimbom.com/IN: loaded serial 211071001
Jul 22 10:05:19 node1.ankinimbom.com named[1556]: zone localhost.localdomain/IN: loaded serial 0
Jul 22 10:05:19 node1.ankinimbom.com named[1556]: all zones loaded
Jul 22 10:05:19 node1.ankinimbom.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jul 22 10:05:19 node1.ankinimbom.com named[1556]: running
Jul 22 10:05:29 node1.ankinimbom.com named[1556]: managed-keys-zone: Unable to fetch DNSKEY set ‘.’: timed out
Jul 22 10:05:29 node1.ankinimbom.com named[1556]: resolver priming query complete
Jul 22 10:05:39 node1.ankinimbom.com named[1556]: resolver priming query complete
Jul 22 11:05:39 node1.ankinimbom.com named[1556]: managed-keys-zone: Unable to fetch DNSKEY set ‘.’: timed out
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# nslookup node-scan
Server: 192.168.1.10
Address: 192.168.1.10#53

Name: node-scan.ankinimbom.com
Address: 192.168.1.15
Name: node-scan.ankinimbom.com
Address: 192.168.1.14
Name: node-scan.ankinimbom.com
Address: 192.168.1.16

[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# dig 192.168.1.10

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> 192.168.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48030
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.168.1.10. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020072200 1800 900 604800 86400

;; Query time: 1035 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Wed Jul 22 11:19:48 CDT 2020
;; MSG SIZE rcvd: 116

[root@node1 named]#
[root@node1 named]#
[root@node1 named]# dig ankinimbom.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> ankinimbom.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48689
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ankinimbom.com. IN A

;; ANSWER SECTION:
ankinimbom.com. 86400 IN A 192.168.1.16
ankinimbom.com. 86400 IN A 192.168.1.14
ankinimbom.com. 86400 IN A 192.168.1.12
ankinimbom.com. 86400 IN A 192.168.1.15
ankinimbom.com. 86400 IN A 192.168.1.11
ankinimbom.com. 86400 IN A 192.168.1.13
ankinimbom.com. 86400 IN A 192.168.1.10

;; AUTHORITY SECTION:
ankinimbom.com. 86400 IN NS node1.ankinimbom.com.

;; ADDITIONAL SECTION:
node1.ankinimbom.com. 86400 IN A 192.168.1.10

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Wed Jul 22 11:20:35 CDT 2020
;; MSG SIZE rcvd: 191

[root@node1 named]#
[root@node1 named]#
[root@node1 named]# nslookup ankinimbom.com
Server: 192.168.1.10
Address: 192.168.1.10#53

Name: ankinimbom.com
Address: 192.168.1.15
Name: ankinimbom.com
Address: 192.168.1.13
Name: ankinimbom.com
Address: 192.168.1.11
Name: ankinimbom.com
Address: 192.168.1.14
Name: ankinimbom.com
Address: 192.168.1.10
Name: ankinimbom.com
Address: 192.168.1.12
Name: ankinimbom.com
Address: 192.168.1.16

[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# dig node1

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> node1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20139
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;node1. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020072200 1800 900 604800 86400

;; Query time: 978 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Wed Jul 22 11:22:06 CDT 2020
;; MSG SIZE rcvd: 109

[root@node1 named]#
[root@node1 named]#
[root@node1 named]#
[root@node1 named]# dig node2

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> node2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15664
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;node2. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020072200 1800 900 604800 86400

;; Query time: 138 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Wed Jul 22 11:22:20 CDT 2020
;; MSG SIZE rcvd: 109

[root@node1 named]# nslookup node1
Server: 192.168.1.10
Address: 192.168.1.10#53

Name: node1.ankinimbom.com
Address: 192.168.1.10

[root@node1 named]#
[root@node1 named]#
[root@node1 named]# nslookup node2
Server: 192.168.1.10
Address: 192.168.1.10#53

Name: node2.ankinimbom.com
Address: 192.168.1.11

[root@node1 named]#

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Like

Subscribe US Now

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This