[BBLISA] DNS v. /etc/hosts with Oracle 10g RAC (on Solaris 10)
Dean Anderson
dean at av8.com
Thu Sep 21 22:21:46 EDT 2006
I haven't used Oracle 10g RAC, but I can tell you this:
The Solaris c library resolver uses the NSS switch to select between
/etc/hosts, dns, nis, nis+ etc. Oracle has never previously supplied
its own resolver. I don't know why they would start now. So, unless
Oracle has changed to use its own resolver (unlikely, but one should
perhaps check), choice doesn't matter for mere operation, since the
Oracle programs doesn't "know" your selection. The Oracle executables
use the c library, and the c library does the "right thing" per the
system administrator. Your Groups 1 and 2 are both right.
However, the following general issues, which apply to all applications,
ought to be considered. (I suspect this is the basis for your third
group's concerns):
DNS can be spoofed fairly easily. There is a only a 16 bit identifier
which is used to match query with response. If the spoofer hits the
right number before the real dns server responds, they win. This isn't
hard or even easilly noticable on a fast or gig ethernet. By contrast,
/etc/hosts can't be spoofed, so it is most secure, but harder to
maintain over a lot of hosts. NIS+ is also secure, but tedious. NIS is
to be avoided like plague.
Fortunately, the NSS allows one to combine multiple services in a
particular order.
Hope that helps.
--Dean
On Thu, 21 Sep 2006, Adam S. Moskowitz wrote:
> I'm trying to resolve a question about Oracle 10g RAC on Solaris 10 and
> the use of /etc/hosts versus DNS. Specifically, I'm trying to find out
> which mechanism we can use for name/address resolution for the RAC-
> private interconnects (that is, the network connections reserved for
> RAC's use between the nodes in the cluster). If it matters we are not
> using any sort of clustering software except that which is part of 10g
> RAC itself.
>
> I have one set of folks saying "DNS ought to be fine"; another group is
> saying "well, we've always used /etc/hosts, but we're willing to try
> using DNS instead"; a third group is saying "Oracle says don't use DNS";
> one person in the third group is even saying it's dangerous to put those
> addresses in DNS. Who's a poor sysadmin to believe?
>
> We know that using /etc/hosts will work, but for lots of reasons we'd
> rather use DNS if at all possible. So, is anyone out there running
> Oracle 10g RAC, on Solaris 10, using DNS for all name/address resolution?
>
> Please, DO NOT respond with what ought to work, or speculations about
> what might work, or even why one way is better than the other. The
> *ONLY* answers I'm hoping to find are from folks who are using DNS as
> described above.
>
> OK, well, there's another answer I'd be interested to hear: If you're
> running 10g RAC on Solaris 10 and you tried to use DNS, had it fail, and
> then switched to using /etc/hosts and with *NO OTHER CHANGES* had it
> start working.
>
> Thanks,
> AdamM
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
>
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the bblisa
mailing list