mercredi 3 juin 2015

How to configure a internal dns for Exalogic system :

Prerequisites
Packages
Following package are necessary for dns Server :
bind
Following package are necessary for testing dns client :
bind-utils

Installation 
On DNS server : 
On domain Name server, installation can be made with yum repository.
- To install named, execute the following command :
# yum install bind –skip-broken

Note : '--skip-broken' option is added to do not upgrade packages dependencies.

- To configure named as a service :
# chkconfig named on

- To start named service :
# service named start

On clients :
On every clients :
bind-utils package installation can be made with yum repository.
To install named, execute the following command :
# yum install bind-utils

Configure named
These actions must be made only on vServer host named service
/etc/named.conf
- Create a file /etc/named.conf with the following content :

options {
        directory "/var/named";

        # hide version string for security
        version "not currently available";

        # Listen to the loopback device and internal networks only
        listen-on { 127.0.0.1; 172.16.0.100; 172.17.0.100; 192.168.0.100; 10.10.0.100; };
        #listen-on-v6 { ::1; };

        # Do not query from the specified source port range
        avoid-v4-udp-ports { range 1 32767; };
        avoid-v6-udp-ports { range 1 32767; };

        # forward all DNS queries to enterprise DNS
        forwarders { 172.30.121.25; 172.30.182.11; };
        forward only;

        # expire negative answers ASAP.
        # do not cache dns query failure
        max-ncache-ttl 1; # 1 seconds

        # disable non-relevant operations
        allow-transfer { none; };
        allow-update-forwarding { none; };
        allow-notify { none; };
};
zone "exa-admin.el01.com" in{
        type master;
        file "exa-admin.el01.com";
        allow-update{192.168.0.0/21; 10.10.0.0/24; 10.10.1.0/26; 10.10.1.64/26; 10.10.1.128/26;    };
        notify yes;
};

zone "exa-internal.el01.com" in{
        type master;
        file "exa-internal.el01.com";
        allow-update{192.168.0.0/21; 10.10.0.0/24; 10.10.1.0/26; 10.10.0.64/26; 10.10.0.128/26; };
        notify yes;
};

zone "168.192.in-addr.arpa" {
       type master;
       file "192.168";
       allow-update{192.168.0.0/21; };
        notify yes;
};

zone "0.17.172.in-addr.arpa" {
       type master;
       file "172.17.0";
       allow-update{172.17.0.0/16; 192.168.0.0/21; };
        notify yes;
};

zone "0.10.10.in-addr.arpa" {
       type master;
       file "10.176.40";
       allow-update{172.16.0.0/16; 192.168.0.0/21; };
        notify yes;
};

zone "1.10.10.in-addr.arpa" {
       type master;
       file "10.176.41";
       allow-update{172.16.0.0/16; 192.168.0.0/21; };
        notify yes;
};

This file creates an internal zone (exa-internal.el01.com) for IpoIB addressing and a zone (exa-admin.el01.com) for EoIB addressing.
The first one is exclusive in exalogic rack.
The second one is a sub-zone of global name service for company.

Internal IpoIB zone manages IpoIB-default network and IpoIB-vserver-shared-storage network.

For each zone, the reverse zone is managed too.

Zones files 
- Create file /var/named/exa-admin.el01.com :
$ORIGIN .
$TTL 172800 ; 2 days
exa-admin.el01.com IN SOA ns1.exa-admin.el01.com. root.exa-admin.el01.com. (
2003080803 ; serial
43200      ; refresh (12 hours)
900        ; retry (15 minutes)
1814400    ; expire (3 weeks)
10800      ; minimum (3 hours)
)
NS ns1.exa-admin.el01.com.
MX 10 ns1.exa-admin.el01.com.
$ORIGIN exa-admin.el01.com.
$TTL 172800 ; 2 days
ns1 A 192.168.0.100

- Create file /var/named/exa-internal.el01.com :
$ORIGIN .
$TTL 172800 ; 2 days
exa-internal.el01.com IN SOA ns1.exa-internal.el01.com. root.exa-internal.el01.com. (
2003080803 ; serial
43200      ; refresh (12 hours)
900        ; retry (15 minutes)
1814400    ; expire (3 weeks)
10800      ; minimum (3 hours)
)
NS ns1.exa-internal.el01.com.
MX 10 ns1.exa-internal.el01.com.
$ORIGIN exa-internal.el01.com.
el01sn-priv A 172.17.0.5
$TTL 172800 ; 2 days
ldap CNAME ldap-master
ldap-master A 192.168.0.100
ldap-slave A 192.168.0.200
ns1 A 192.168.0.100


Reverse zones files
- Create a file for each reverse dns, there is a sample file for one zone :
$ORIGIN .
$TTL 604800 ; 1 week
0.10.10.in-addr.arpa IN SOA ns1.exa-admin.el01.com. root.exa-admin.el01.com. (
3          ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
3600       ; minimum (1 hour)
)
NS ns1.exa-admin.el01.com.
$ORIGIN 0.10.10.in-addr.arpa.
$TTL 86400 ; 1 day

Clients
Configure name server 
On every clients :
- Configure /etc/resolv.conf
domain  exa-internal.el01.com
search exa-internal.el01.com exa-admin.el01.com mydomain.com
nameserver 192.168.0.100

- Configure /etc/nsswitch.conf
Be sure, that for host, you have configured :
hosts files dns

Nsupdate
Nsupdate is used to push or update informations about vServer.
There is a sample or script to execute to provide some informations.

# cat /tmp/nsreg.info
server 192.168.0.100
zone exa-internal.el01.com.
update delete myvserver-1.exa-internal.el01.com. A
update add myvserver-1.exa-internal.el01.com. 86400 A 192.168.0.10
send
server 192.168.0.100
zone 0.10.10.in-addr.arpa
update add 10.0.10.10.in-addr.arpa. 86400 IN PTR myvserver-1.exa-admin.el01.com.
send
zone 0.168.192.in-addr.arpa
update add 10.0.168.192.in-addr.arpa. 86400 IN PTR  myvserver-1.exa-internal.el01.com.
send

To execute the script :
# nsupdate -d -v /tmp/nsreg.info


Note : A script in /etc/rc.d/init.d/nsupdate can be used to update dns each time a vServer is rebooted.
This script can be added to OEL template.

Aucun commentaire:

Enregistrer un commentaire