Virtual servers deployed onto Exalogic can easily be setup to access DNS over the 10GbE network either by configuring the Network Services on the EoIB network. (Select the network that gives access to the 10GbE on your rack and select the "Edit Network Services" action.) or by simply editing the /etc/resolv.conf file on your vServer to point it to the DNS servers in the environment. (This could be put into a template if this approach is preferred.)
 |
| Editing network services in Exalogic Control |
The shared storage is a slightly different kettle of fish. When setup it has direct access to the 1GbE management LAN and it is normally through this network that it would gain access to services such as LDAP/NIS or DNS. However the 1GbE network is not setup to be fault tolerant within Exalogic. As such a route through the 10GbE network that is fault tolerant should be created. A DNS service on an vServer can be easily setup that the shared storage can access, following the same principles as was talked about in an earlier blog posting about setting up LDAP for access via internal vServers.
To achieve a similar setup for DNS the following steps should be done:-
- Create your vServer with access to at least the 10GbE and the vserver-shared-storage networks. (Ensure it is marked for HA or alternatively plan for two vservers both running DNS and part of a distribution group.)
- Configure the vServer to act as a DNS server. Can be done using tools like dnsmasq or from the bind package. The example shown here is using bind to create the service.
- Setup a yum repository that your vServer can access.
- Install the bind package.
# yum install bind --skip-broken
(Notes:-- We include the option --skip-broken so that it does not upgrade the packages that bind relies on. With the rack I tested on there are other utilities that depend on the bind-libs package and upgrading this caused issues with the Infiniband network. Simply ignoring this mismatch and the named daemon is installed and seems to operate successfully.
- Not strictly necessary but for testing purposes the unix command nslookup is quite handy. If this is not already installed then install the bind-utils package.)
- Create the /etc/named.conf file with content along the lines of that shown below.
# cat /etc/named.conf
options {
directory "/var/named";
# Hide version string for security
version "not currently available";
# Listen to the loopback device and internal networks only
listen-on { 127.0.0.1; 172.16.0.14; 172.17.0.41; };
listen-on-v6 { ::1; };
# Do not query from the specified source port range
# (Adjust depending your firewall configuration)
avoid-v4-udp-ports { range 1 32767; };
avoid-v6-udp-ports { range 1 32767; };
# Forward all DNS queries to your DNS Servers
forwarders { 10.5.5.4; 10.5.5.5; };
forward only;
# Expire negative answer ASAP.
# i.e. Do not cache DNS query failure.
max-ncache-ttl 3; # 3 seconds
# Disable non-relevant operations
allow-transfer { none; };
allow-update-forwarding { none; };
allow-notify { none; };
}; - Startup the DNS daemon (named) to ensure it is OK.
# service named start - Set it up to automatically startup.
# chkconfig named on - Configure the Storage to include the vServer shared storage IP address in its list of DNS servers. In our case it is using the Internal vServer IP address of 172.17.0.41 first then would be using other IP addresses via the 1GbE network should that fail.
 |
| Configuring DNS on the ZFS Storage Appliance |
No comments:
Post a Comment