Jeff Taylor's Weblog
-
Analytics
December 19, 2014
DNS Bind Server configuration on Solaris 11.2
This blog is part of the SPARC T5-4 RAC and WebLogic Cluster series:
- Background
- SPARC T5-4 LDoms for RAC and WebLogic Clusters
- Onion Security
- DNS Bind Server configuration on Solaris 11.2
- NFS root access for Oracle RAC on Sun ZFS Storage 7x20 Appliance
Virtualized layout of T5-4 Servers:
| Application | OHS | WLS Cluster Nodes | RAC Node | ||||
| Non Global Zones | n/a | proj-2-ohs | proj-2-z1 | proj-2-z2 | z3..z14 | proj-2-z15 | n/a |
| Global Zone | proj-2-control | proj-2-wls | proj-2-db | ||||
| LDom | Primary | Guest | Guest | ||||
| T5-4 Server | |||||||
Network Connectivity:
Each Solaris Zone is dual ported to isolate network layers, as discussed in Onion Security
DNS Configuration:
Normally, I use systems
were the naming is defined in the corporate DNS server. For this test,
the private subnets needed a private DNS server. Here are the files that are used to configure the DNS Server.
| /etc/named.conf |
| options { directory "/var/named"; pid-file "/var/named/tmp/pid"; dump-file "/var/named/dump/named_dump.db"; statistics-file "/var/named/named.stats"; forward first; forwarders { 130.35.249.52; 130.35.249.41; 192.135.82.132; }; }; zone "jdbc.bigcorp.com" { type master; file "jdbc.db"; }; zone "30.168.192.in-addr.arpa" { type master; file "30.168.192.db"; }; zone "http.bigcorp.com" { type master; file "jdbc.db"; }; zone "40.168.192.in-addr.arpa" { type master; file "40.168.192.db"; }; logging { category "default" { "debug"; }; category "general" { "debug"; }; category "database" { "debug"; }; category "security" { "debug"; }; category "config" { "debug"; }; category "resolver" { "debug"; }; category "xfer-in" { "debug"; }; category "xfer-out" { "debug"; }; category "notify" { "debug"; }; category "client" { "debug"; }; category "unmatched" { "debug"; }; category "network" { "debug"; }; category "update" { "debug"; }; category "queries" { "debug"; }; category "dispatch" { "debug"; }; category "dnssec" { "debug"; }; category "lame-servers" { "debug"; }; channel "debug" { file "/tmp/nameddbg" versions 2 size 50m; print-time yes; print-category yes; }; }; |
| HTTP Network | |
| /var/named/http.db | /var/named/40.168.192.db |
| $TTL 3h @ IN SOA proj-1-db jeff ( 2013022744 ;serial (change after every update) 3600 ;refresh (1 hour) 3600 ;retry (1 hour) 604800 ;expire (1 week) 38400 ;minimum (1 day) ) IN NS proj-1-db.bigcorp.com proj-1-z1 IN A 192.168.40.51 proj-1-z2 IN A 192.168.40.52 proj-1-z3 IN A 192.168.40.53 proj-1-z4 IN A 192.168.40.54 proj-1-z5 IN A 192.168.40.55 proj-2-z1 IN A 192.168.40.71 proj-2-z2 IN A 192.168.40.72 proj-2-z3 IN A 192.168.40.73 proj-2-z4 IN A 192.168.40.74 proj-2-z5 IN A 192.168.40.75 proj-3-oats IN A 192.168.40.103 proj-4-oats IN A 192.168.40.104 proj-1-obiee IN A 192.168.40.221 proj-1-ohs IN A 192.168.40.231 | $TTL 3h @ IN SOA proj-1-db.http.bigcorp.com. jeff.http.bigcorp.com. ( 2013022744 ;serial (change after every update) 3600 ;refresh (1 hour) 3600 ;retry (1 hour) 604800 ;expire (1 week) 38400 ;minimum (1 day) ) IN NS proj-1-db.bigcorp.com. 51 IN PTR proj-1-z1.http.bigcorp.com. 52 IN PTR proj-1-z2.http.bigcorp.com. 53 IN PTR proj-1-z3.http.bigcorp.com. 54 IN PTR proj-1-z4.http.bigcorp.com. 55 IN PTR proj-1-z5.http.bigcorp.com. 71 IN PTR proj-2-z1.http.bigcorp.com. 72 IN PTR proj-2-z2.http.bigcorp.com. 73 IN PTR proj-2-z3.http.bigcorp.com. 74 IN PTR proj-2-z4.http.bigcorp.com. 75 IN PTR proj-2-z5.http.bigcorp.com. 103 IN PTR proj-3-oats.http.bigcorp.com. 104 IN PTR proj-4-oats.http.bigcorp.com. 221 IN PTR proj-1-obiee.http.bigcorp.com. 231 IN PTR proj-1-ohs.http.bigcorp.com. |
| JDBC Network | |
| /var/named/jdbc.db | /var/named/30.168.192.db |
| $TTL 3h @ IN SOA proj-1-db jeff ( 2013022744 ;serial (change after every update) 3600 ;refresh (1 hour) 3600 ;retry (1 hour) 604800 ;expire (1 week) 38400 ;minimum (1 day) ) IN NS proj-1-db proj-1-z1 IN A 192.168.30.51 proj-1-z2 IN A 192.168.30.52 proj-1-z3 IN A 192.168.30.53 proj-1-z4 IN A 192.168.30.54 proj-1-z5 IN A 192.168.30.55 proj-2-z1 IN A 192.168.30.71 proj-2-z2 IN A 192.168.30.72 proj-2-z3 IN A 192.168.30.73 proj-2-z4 IN A 192.168.30.74 proj-2-z5 IN A 192.168.30.75 proj-1-db-vip IN A 192.168.30.101 proj-2-db-vip IN A 192.168.30.102 proj-scan IN A 192.168.30.103 proj-scan IN A 192.168.30.104 proj-scan IN A 192.168.30.105 proj-1-db IN A 192.168.30.201 proj-2-db IN A 192.168.30.202 proj-1-obiee IN A 192.168.30.221 proj-1-ohs IN A 192.168.30.231 proj-2-ohs IN A 192.168.30.232 | $TTL 3h @ IN SOA proj-1-db.jdbc.bigcorp.com. jeff.jdbc.bigcorp.com. ( 2013022744 ;serial (change after every update) 3600 ;refresh (1 hour) 3600 ;retry (1 hour) 604800 ;expire (1 week) 38400 ;minimum (1 day) ) IN NS proj-1-db.jdbc.bigcorp.com. 51 IN PTR proj-1-z1.jdbc.bigcorp.com. 52 IN PTR proj-1-z2.jdbc.bigcorp.com. 53 IN PTR proj-1-z3.jdbc.bigcorp.com. 54 IN PTR proj-1-z4.jdbc.bigcorp.com. 55 IN PTR proj-1-z5.jdbc.bigcorp.com. 71 IN PTR proj-2-z1.jdbc.bigcorp.com. 72 IN PTR proj-2-z2.jdbc.bigcorp.com. 73 IN PTR proj-2-z3.jdbc.bigcorp.com. 74 IN PTR proj-2-z4.jdbc.bigcorp.com. 75 IN PTR proj-2-z5.jdbc.bigcorp.com. 101 IN PTR proj-1-vip.jdbc.bigcorp.com. 102 IN PTR proj-2-vip.jdbc.bigcorp.com. 103 IN PTR proj-scan.jdbc.bigcorp.com. 104 IN PTR proj-scan.jdbc.bigcorp.com. 105 IN PTR proj-scan.jdbc.bigcorp.com. 201 IN PTR proj-1-db.jdbc.bigcorp.com. 202 IN PTR proj-2-db.jdbc.bigcorp.com. 221 IN PTR proj-1-obiee.jdbc.bigcorp.com. 231 IN PTR proj-1-ohs.jdbc.bigcorp.com. 232 IN PTR proj-2-ohs.jdbc.bigcorp.com. |
Configuring a DNS Server:
# mkdir /var/named
# mkdir /var/named/dump
# mkdir /var/named/tmp
# pkg install pkg:/service/network/dns/bind
# named-checkconf -z /etc/named.conf
zone jdbc.bigcorp.com/IN: loaded serial 2013022744
zone 30.168.192.in-addr.arpa/IN: loaded serial 2013022744
zone http.bigcorp.com/IN: loaded serial 2013022744
zone 40.168.192.in-addr.arpa/IN: loaded serial 2013022744
Start the DNS Server:
# svcadm enable network/dns/server
Configure the DNS Client:
root@proj-1-db:~# svccfg -s network/dns/client
svc:/network/dns/client> setprop config/search = astring: ("jdbc.bigcorp.com" "bigcorp.com")
svc:/network/dns/client> setprop config/nameserver = net_address: (192.168.30.201)
svc:/network/dns/client> refresh
svc:/network/dns/client> quit
Test DNS:
root@proj-1-db:~# nslookup proj-2-z4
Server: 192.168.30.201
Address: 192.168.30.201#53
Name: proj-2-z4.jdbc.bigcorp.com
Address: 192.168.30.74
I didn't use DNS for the Storage network (20) or Cluster Interconnect (10), instead, I just used /etc/hosts.
root@proj-1-db:~# cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost loghost
192.168.30.201 proj-1-db
## RAC Private /24 Subnet
192.168.10.201 proj-1-db-priv
192.168.10.202 proj-2-db-priv
## Storage /24 Subnet
192.168.20.201 proj-1-db-stor
192.168.20.202 proj-2-db-stor
192.168.20.205 proj-5-s7420-stor
WebLogic Server Zones will have 3 IP's, each:
root@proj-2-z1:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
z1/v4 static ok xx.xx.xx.xx/20 # Management Subnet
jdbc_z1/v4 static ok 192.168.30.71/24 # JDBC Subnet
http_z1/v4 static ok 192.168.40.71/24 # HTTP Subnet
lo0/v6 static ok ::1/128
When Oracle Clusterware is up, the database LDom will have many IP's
root@proj-1-db:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok xx.xx.xx.xx/20 # Management Subnet
net1/v4 static ok 192.168.20.201/24 # Storage Subnet
net2/v4 static ok 192.168.10.201/24 # Clusterware interconnect
net3/v4 static ok 192.168.30.201/24 # JDBC Subnet
net3/v4a static ok 192.168.30.103/24 # SCAN
net3/v4d static ok 192.168.30.105/24 # SCAN
net3/v4e static ok 192.168.30.101/24 # VIP
lo0/v6 static ok ::1/128
Join the discussion
Comments ( 1 )
Any idea when/if Oracle will release a newer version of BIND for Solaris 11? v9.6 went EOL Jan 2014, and just released it in this recent patch wave.
https://kb.isc.org/article/AA-01109/0/BIND-9.6-ESV-R11-Release-Notes.html