DNS 设置示例

下面的示例基于 Linux 上的 bind-9.3.4-10，尽管该设置对于 bind 应该是通用的。
在本例中，GNS VIP 是 gns.us.eot.com，IP 为 120.0.0.200。
GNS 子域是 us.eot.com。

主要配置/etc/named.conf：

options {
        directory "/etc/named";
        zone-statistics yes;
        allow-transfer {"none";};
};
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc; };
};
key rndc {
        algorithm hmac-md5;
        secret "tpyCbBuiElAdZMfkirg3RcrCtyql0kW42vT24LxXysM=";
};
zone "." {
        type hint;
        file "root";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0.0";
        notify no;
};
zone "eot.com" {
        type master;
        file "eot.com";
        notify no;
};
zone "0.0.120.in-addr.arpa" {
        type master;
        file "120.x.x.0";
        notify no;
};

主要配置用于子网 120.x.x.0 的单个正向域 eot.com 和反向域。

/etc/named 下的 eot.com 区域配置文件，如上述 named.conf 文件中所定义：

$TTL 3D
@       IN      SOA     eot.com. root.eot.com. (
                        199609206       ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
                NS      eot.com.
                MX      10 eot.com.  ; Primary Mail Exchanger
                TXT     "EOT Domain"
localhost       A       127.0.0.1
eot.com.        A       120..x.x.254
dns             CNAME   eot.com.
$ORoirN         us.eot.com.
@       IN      NS     gns.us.eot.com.
gns.us.eot.com.    IN      A      120.x.x.200

以上设置将子域 us.eot.com 的解析委托给 GNS VIP 120.x.x.200。

DHCP 服务器设置示例

以下示例基于 Linux 上的 dhcp-3.0.5：
/etc/dhcp/dhcp.conf

ddns-update-style interim;
ignore client-updates;
subnet 120.x.x.0 netmask 255.255.255.0 {
  range 120.x.x.201 120.x.x.220;
  default-lease-time 86400;
  option routers 120.x.x.1;
  option ip-forwarding off;
  option broadcast-address 120.x.x.255;
  option subnet-mask 255.255.255.0;
  option time-offset              -28800;
  option ntp-servers 120.x.x.254;
  option domain-name              "us.eot.com";
  option domain-name-servers 120.x.x.254;
}

DHCP 将为客户端提供 120.xx201-120.xx220 范围内的动态 IP，子网掩码为 255.255.255.0，默认租用时间为 86400 秒，时区 -28800 为 PST（GMT-8），使用120.xx1的默认网关和120.xx254的默认ntp和DNS服务器

如果没有此功能，DHCP 服务器将不会为没有有效 MAC 地址的客户端分配 IP。
由于 VIP 和 SCAN VIP 旨在进行故障转移，因此不会为它们分配 MAC 地址。
当 Oracle 从 DHCP 服务器请求这些 VIP 的 IP 时，我们只提供客户端标识符，而不是客户端请求中的 MAC 地址。

DHCP 数据包的 tcpdump 将显示：

**
15:59:09.165705  In 00:10:e0:3a:2c:56 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 414: vlan 2100, p 0, ethertype IPv4, (tos 0x0, ttl  64, id 0, offset 0, flags [DF] , proto: UDP (17), length: 396) 120.x.x.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:00:00:00:00:00, length 368, xid 0x89b5e43f, Flags [Broadcast]
         Client-Ethernet-Address 00:00:00:00:00:00
         sname "racnode1-vip"
         Vendor-rfc1048 Extensions
           Magic Cookie 0x63825363
           DHCP-Message Option 53, length 1: Discover
           MSZ Option 57, length 2: 8
           Client-ID Option 61, length 12: "racnode1-vip"
**

3rd 方 DHCP 服务器如果没有启用支持“客户端标识符”功能，将报告错误：“Oct 7 15:59:09 packet has an invalid hardware address”。

从 cluvfy 验证 DHCP 服务器

以 root 身份验证客户端是否可以从 DHCP 服务器获取 IP：

# [GRID_HOME]/bin/cluvfy comp dhcp -clustername [cluster name]
Verifying DHCP Check
Checking if any DHCP server exists on the network...
At least one DHCP server exists on the network and is listening on port 67
Checking if DHCP server has sufficient free IP addresses for all VIPs...
DHCP server was able to provide sufficient number of IP addresses
The DHCP server response time is within acceptable limits
Verification of DHCP Check was successful.

详细输出如下所示：

# [GRID_HOME]/bin/cluvfy comp dhcp -clustername [cluster name] -verbose
Verifying DHCP Check
Checking if any DHCP server exists on the network...
Checking if network CRS resource is configured and online
Network CRS resource is offline or not configured. Proceeding with DHCP checks.
CRS-10009: DHCP server returned server: 120.x.x.200, loan address : 120.x.x.250/255.255.255.0, lease time: 86400
At least one DHCP server exists on the network and is listening on port 67
Checking if DHCP server has sufficient free IP addresses for all VIPs...
Sending DHCP "DISCOVER" packets for client ID "cluster-scan1-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.250/255.255.255.0, lease time: 86400
Sending DHCP "REQUEST" packets for client ID "cluster-scan1-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.250/255.255.255.0, lease time: 86400
Sending DHCP "DISCOVER" packets for client ID "cluster-scan2-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.249/255.255.255.0, lease time: 86400
Sending DHCP "REQUEST" packets for client ID "cluster-scan2-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.249/255.255.255.0, lease time: 86400
Sending DHCP "DISCOVER" packets for client ID "cluster-scan3-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.248/255.255.255.0, lease time: 86400
Sending DHCP "REQUEST" packets for client ID "cluster-scan3-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.248/255.255.255.0, lease time: 86400
Sending DHCP "DISCOVER" packets for client ID "racnode1-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.247/255.255.255.0, lease time: 86400
Sending DHCP "REQUEST" packets for client ID "racnode1-vip"
CRS-10009: DHCP server returned server: 120.x.x.254, loan address : 120.x.x.247/255.255.255.0, lease time: 86400
CRS-10012: released DHCP server lease for client ID cluster-scan1-vip on port 67
CRS-10012: released DHCP server lease for client ID cluster-scan2-vip on port 67
CRS-10012: released DHCP server lease for client ID cluster-scan3-vip on port 67
CRS-10012: released DHCP server lease for client ID racnode1-vip on port 67
DHCP server was able to provide sufficient number of IP addresses
The DHCP server response time is within acceptable limits
Verification of DHCP Check was successful.

如果以上命令没有以root身份执行，会报如下错误：

PRVF-0055 : User "grid" does not have sufficient authorization to run this command

如果无法从 DHCP 服务器获取 IP，请联系系统管理员或者网络管理员验证 DHCP 服务器设置

Verifying DHCP Check
Checking if any DHCP server exists on the network...
PRVF-5801 : Failed to execute command "/ocw/grid/bin/crsctl discover dhcp -clientid cluster-scan0-vip" on all nodes
PRVF-5704 : No DHCP server were discovered on the public network listening on port 67
Verification of DHCP Check was unsuccessful on all the specified nodes. 
crsctl discover dhcp -clientid giclu-scan0-vip
CRS-10010: unable to discover DHCP server in the network listening on port 67 for client ID cluster-scan0-vip
CRS-4000: Command discover failed, or completed with errors.

网格命名服务 (GNS) 是 11.2 网格基础设施 (GI) 中的一项新功能。
它的设计是为了简化Real Application Cluster (RAC) 的网络配置管理。
使用 GNS 时，无需手动分配节点和单一客户端访问名称 (SCAN) 虚拟 Internet 协议 (VIP) 地址。
它还消除了在域名服务器 (DNS) 中配置 VIP 名称和 SCAN 名称的需要，因为 GNS 为集群提供名称解析。
这意味着 GNS 被配置为集群节点的 DNS 中的委派机构。

• 在公共网络上为 GNS VIP 分配一个静态 IP 地址。
• 将 GNS 设置为 DNS 服务器上集群子域的代理。
• 验证是否存在可由群集节点寻址的 DHCP 服务器。

安装 GI 时，有 2 个选项：

• 配置 GNS 并让它处理集群子域中的名称解析。
• 选择不配置 GNS 并使用 DNS 中定义的 IP 地址配置每个节点和 SCAN 名称。

这篇文章不涉及选项 (2)，因为它旨在介绍如何设置 DNS 服务器和 DHCP 服务器以与 GNS 一起工作。
这篇文章是如何配置 DNS 以将子域委托给 GNS 的示例。
它还涵盖了如何配置 DHCP 来为 SCAN 和节点 VIP 地址分配 IP 地址。

验证委托

要验证委派是否按预期工作，请执行以下 nslookup，一旦 GI 启动并运行，两者都应解析为同一组 IP 地址：

# nslookup [scan-name] [main-DNS-IP]
nslookup [scan-name] [GNS-IP]

例如：

# nslookup scan.us.eot.com 120.x.x.254
# nslookup scan.us.eot.com 120.x.x.200