ssh登录非常慢

通过ssh登陆一台linux主机非常慢,基本上每次都在10s以上

1
2
3
4
5
[root@localhost ~]# time ssh 192.168.146.104

real 0m13.730s
user 0m0.014s
sys 0m0.009s

通过ssh -vvv查看建立链接的过程中详细日志,找出最慢的地方出现在哪里

[root@localhost ~]# ssh -vvv 192.168.146.104
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.146.104 [192.168.146.104] port 22.
debug1: Connection established.             <<== 说明发起的连接已经建立成功  
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
...
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
...
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 170/320
debug2: bits set: 1026/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1277
debug3: check_host_in_hostfile: host 192.168.146.104 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 192.168.146.104 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug1: Host '192.168.146.104' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:6
debug2: bits set: 1032/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1293
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1345
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug3: Wrote 68 bytes for a total of 1413    <<==这一步完后大概等了10s        


debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
...

所以通过上面的ssh详细日志可以得出

  • tcp连接是成功建立的
  • ssh的握手连接是持续进行send和received的
  • SSH2_MSG_SERVICE_REQUEST在发送一个68bytes的包时等待了10s

所以在建立链接成功以后,等待了服务端返回某种响应,看起来不像是网络问题,而更可能是服务端的sshd服务的问题。

查看服务端的进程

1
2
3
4
5
[root@testyum .ssh]# ps -ef --sort start_time | grep [s]shd
root 45251 1 0 08:48 ? 00:00:00 sshd: root@pts/1
root 46417 1 0 08:57 ? 00:00:00 sshd: root@pts/2
root 46596 1 0 08:58 ? 00:00:00 /usr/sbin/sshd -D
root 48669 46596 0 09:27 ? 00:00:00 sshd: root@pts/3

这里服务端sshd进程是正常运行的,监听端口是22,而当客户端发起ssh连接的过程中,新增了两个进程accepted和net

1
2
3
4
5
6
[root@testyum .ssh]# ps -ef --sort start_time | grep [s]shd
root 45251 1 0 08:48 ? 00:00:00 sshd: root@pts/1
root 46417 1 0 08:57 ? 00:00:00 sshd: root@pts/2
root 46596 1 0 08:58 ? 00:00:00 /usr/sbin/sshd -D
root 48994 46596 0 09:30 ? 00:00:00 sshd: [accepted]
sshd 48995 48994 0 09:30 ? 00:00:00 sshd: [net]

到这里可以判断服务端也确实建立了连接,置于为什么需要10s,可以用strace命令来进行进一步的分析。

  • -r: 打印每个系统调用开始的时间戳
  • -T: 打印每个系统调用花费的时间
  • -f: 跟踪和记录子进程
  • -p: 关联pid并跟踪
1
strace -o /tmp/1.trc -r -T -f -p 46596

将得到的结果根据消耗时间进行排序,找出消耗时间最长的系统调用

1
2
3
4
5
6
7
8
9
10
11
[root@testyum ~]# sort -nrk 2 /tmp/1.trc | head
46596 5.137961 accept(3, {sa_family=AF_INET, sin_port=htons(51889), sin_addr=inet_addr("192.168.146.43")}, [16]) = 5 <0.000030>
50382 5.005162 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}]) <0.000017>
50382 5.004525 close(4) = 0 <0.000010>
50382 0.040266 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 <0.000016>
50383 0.039898 read(3, "\v\3239\0033~\260\220\223\4\230x\356\307d\204\302@\314\237\314\272o\261\7\371\3477{\352\3251"..., 8192) = 52 <0.000020>
50418 0.011046 recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\0015\0\0\0\6\0\0\0\211\0\0\0", 16}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 16 <0.000020>
50383 0.005337 read(3, "\252g\25\232\306h\225\373\245\250\300\207\275\205\360Pm1\245\275r\204Q\324\224\5\331Nb\3556\311"..., 8192) = 644 <0.000006>
50383 0.002997 read(3, "\0\0\0\f\n\25\0\0\0\0\0\0\0\0\0\0", 8192) = 16 <0.000016>
50383 0.002341 read(3, "\0\0\1\f\5 \0\0\1\1\0\272\212\352\200\242\213`\207\27dF\2648mo\213$\275t\264\353"..., 8192) = 272 <0.000016>
50383 0.002071 write(3, "\0\0\1\24\10\37\0\0\1\1\0\3600\305\23\325\306iO\260\2259\354\371\330)\6\10\251b\200\355"..., 280) = 280 <0.000053>

poll([{fd=4, events=POLLOUT}], 1, 0) = 1这个系统调用等待了5s,这里可以知道它是在读取文件4fd=4

转过头去从原始trace里去找到descriptor #4是指向的什么,这里通过关键字socket,connect,= 4 <等去搜索

1
2
50382      0.000081 socket(AF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4 <0.000017>
50382 0.000038 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16) = 0 <0.000032>

这个socket()已经创建了一个internet socket(AF_INET),根据SOCK_DGRAM判断是一个UDP socket,下面的conect ()根据建立的socket去访问192.168.0.1的53端口,因为udp的无状态性质,所以并不会去检查目标主机是否存在和是否响应,所以connect()调用很快就完成了。

我去ping 192.168.0.1这个地址发现无法ping通,通过搜索知道53端口是DNS服务

1
2
3
[root@testyum ~]# grep " 53/" /etc/services
domain 53/tcp # name-domain server
domain 53/udp

当发起ssh连接时,sshd服务会去访问DNS服务器,通过nslookup这个ip

1
2
3
[root@testyum ~]# nslookup 192.168.0.1
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached

超过10s后,直接报错了,检查服务端的dns配置

1
2
3
[root@testyum ~]# cat /etc/resolv.conf 
search localdomain
nameserver 192.168.0.1

这个ip设置的有问题,修改成正确的以后重试

1
2
3
4
[root@localhost ~]# time ssh 192.168.146.104
real 0m0.397s
user 0m0.017s
sys 0m0.014s

另外也可以直接修改sshd_config的配置,注释掉UseDNS yes

linux下帐号密码过期

早上看到告警备份失败,检查发现今天并未发起备份任务,查看定时任务时报错

1
2
3
4
[oracle@ ~]$ crontab -l

Authentication token is no longer valid; new one required
You (oracle) are not allowed to access to (crontab) because of pam configuration.

看提示是oracle用户的认证有问题,不允许其调用crontab任务,可能跟pam配置文件的设置有关。

检查secure日志文件,查看具体报错信息

1
2
3
4
5
6
7
vim /var/log/secure

su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
su: pam_unix(su-l:session): session closed for user oracle
su: pam_unix(su-l:session): session closed for user oracle
su: pam_unix(su-l:session): session opened for user oracle by root(uid=0)
crontab: pam_unix(crond:account): expired password for user oracle (password aged)

看样子是因为oracle帐号密码超期了。

在/etc/shadow文件中以加密的方式储存了每个linux用户的账户信息,和一些账户的其他熟悉

1
oracle:$6$w/9VcJHK$h767lV6RlyMu:17974:1:90:7:::

密码的超期信息主要包含6个方面,如/etc/shadow看到的结果,比如90天超期,还剩7天时进行告警等。可以通过修改这个文件来进行属性的变更,但是不建议这样做。而是通过命令的方式来进行配置,命令可以修改密码的超期时间。

列出当前用户的超期信息

1
2
3
4
5
6
7
8
[root@ cron]# chage -l oracle
Last password change : Mar 19, 2019
Password expires : Jun 23, 2019
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

这里可以禁用掉超期限制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@ cron]# chage oracle
Changing the aging information for oracle
Enter the new value, or press ENTER for the default

Minimum Password Age [1]: 0
Maximum Password Age [90]: 99999
Last Password Change (YYYY-MM-DD) [2019-03-19]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [-1]:

# 重新查看超期信息
[root@ cron]# chage -l oracle
Last password change : Mar 19, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

# crontab -l查看正常
[oracle@ ~]$ crontab -l
00 17 * * 2,6 /backup/rman_level0.sh 2>/dev/null
00 17 * * 1,3,4,5,7 /backup/rman_level1.sh 2>/dev/null

构建本地yum源

近期准备重新搭建最新的zabbix4.2,ansible等等,显而易见这些软件都需要通过yum安装会方便的多,而且便于管理以及以后的升级。公司千台以上的机器,基本都放在内网环境当中,于是就有必要搭建本地源环境,之前搭建的不是太完善,结合这个机会,重新整理一遍,尽可能涵盖到日常所用的所有软件。

首先当然需要准备一台可以访问互联网的机器

1
2
yum -y install createrepo
yum -y install yum-utils

Nginx源

1
2
3
4
5
6
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

reposync -r nginx repo

cd /repodata/data/nginx/7
createrepo .

PIP源

创建pip源目录

1
2
mkdir -p /repodata/data/pypi
cd /repodata/data/pypi

安装pip2pi软件

1
pip install pip2pi

需要安装哪些包,可以一起写在requirements.txt文件里

1
pip2pi /repodata/data/pypi -r requirements.txt

也可以单独安装某个包pymysql

1
pip2pi /repodata/data/pypi pymysql

在对应目录下会生成一个simple目录,和相关下载的文件

1
2
3
4
[root@localhost pypi]# ll
total 52
-rw-r--r-- 1 root root 47738 May 19 16:00 PyMySQL-0.9.3-py2.py3-none-any.whl
drwxr-xr-x 3 root root 4096 May 19 16:00 simple

建立索引

1
dir2pi /repodata/data/pypi

这样源就配置好了,接下只需要在其他机器上配置这个源地址就可以了

编辑~/.pip/pip.conf

1
2
3
4
[global]
index-url = https://127.0.0.1/pypi/simple/
[install]
trusted-host= 127.0.0.1

内网机安装pymysql

1
2
3
4
5
6
[root@localhost .pip]# pip install pymysql
Collecting pymysql
Downloading http://127.0.0.1/pypi/simple/pymysql/PyMySQL-0.9.3-py2.py3-none-any.whl (47kB)
100% |████████████████████████████████| 51kB 43.7MB/s
Installing collected packages: pymysql
Successfully installed pymysql-0.9.3

互联网源

这里主要是通过互联网同步zabbix源、epel源和centos源,(centos主要是因为自带的redhat有些包不存在,只有通过centos源去获取)。

一个shell脚本,通过rsync连接到互联网上的rsync服务器去定时同步

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
RsyncPerm='-avSH --delete-after --no-iconv --bwlimit=10000'
Epel='/repodata/data/epel'
Redhat_zabbix='/repodata/data/zabbix/4.4'
zabbix_nosupport='/repodata/data/zabbix/non-supported'
Centos='/repodata/data/centos'
Mysql='/repodata/data/mysql'
Percona='/repodata/data/percona'
Elasticstack='/repodata/data/elasticstack'
pypi='/repodata/data/pypi'
LogFile='/repodata/log'
Date=`date +%Y-%m-%d`


function CheckStatus(){
if [ $? -eq 0 ];then
echo -e "Rsync is success!">>$LogFile/$Date.log
else
echo -e "Rsync is fail!">>$LogFile/$Date.log
fi
}

epel()
{
###rsync epel
echo "=====================================================================================================" >>$LogFile/$Date.log
echo `date` >>$LogFile/$Date.log
echo 'Now start to rsync redhat epel!' >>$LogFile/$Date.log
echo "=====================================================================================================" >>$LogFile/$Date.log
rsync $RsyncPerm rsync://ftp.iij.ad.jp/pub/linux/Fedora/archive/epel/5/x86_64/ $Epel/5 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/epel/6/x86_64/ $Epel/6 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/ $Epel/7 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/epel/8/Everything/x86_64/ $Epel/8 >>$LogFile/$Date.log
CheckStatus
}

centos()
{
###rsync centos
echo "=====================================================================================================" >>$LogFile/$Date.log
echo `date` >>$LogFile/$Date.log
echo 'Now start to rsync centos !' >>$LogFile/$Date.log
echo "=====================================================================================================" >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.163.com/centos/6/os/x86_64/ $Centos/6 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.163.com/centos/7/os/x86_64/ $Centos/7 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.163.com/centos/8/BaseOS/x86_64/os/ $Centos/8 >>$LogFile/$Date.log
CheckStatus
}

mysql()
{
###rsync mysql
echo "=====================================================================================================" >>$LogFile/$Date.log
echo `date` >>$LogFile/$Date.log
echo 'Now start to rsync Mysql!' >>$LogFile/$Date.log
echo "=====================================================================================================" >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/mysql/yum/ $Mysql >>$LogFile/$Date.log
CheckStatus
}

percona()
{
###rsync percona
echo "=====================================================================================================" >>$LogFile/$Date.log
echo `date` >>$LogFile/$Date.log
echo 'Now start to rsync Percona!' >>$LogFile/$Date.log
echo "=====================================================================================================" >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/percona/yum/release/5/RPMS/x86_64/ $Percona/5 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/percona/yum/release/6/RPMS/x86_64/ $Percona/6 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/percona/yum/release/7/RPMS/x86_64/ $Percona/7 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/percona/yum/release/8/RPMS/x86_64/ $Percona/8 >>$LogFile/$Date.log
CheckStatus
}

elasticstack()
{
###rsync elasticstack
echo "=====================================================================================================" >>$LogFile/$Date.log
echo `date` >>$LogFile/$Date.log
echo 'Now start to rsync Elasticstack!' >>$LogFile/$Date.log
echo "=====================================================================================================" >>$LogFile/$Date.log
rsync $RsyncPerm rsync://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/ $Elasticstack >>$LogFile/$Date.log
CheckStatus
}

zabbix()
{
###rsync zabbix 4.4
echo "=====================================================================================================" >>$LogFile/$Date.log
echo `date` >>$LogFile/$Date.log
echo 'Now start to rsync redhat zabbix version 4.4!' >>$LogFile/$Date.log
echo "=====================================================================================================" >>$LogFile/$Date.log
rsync $RsyncPerm rsync://repo.zabbix.com/mirror/zabbix/4.4/rhel/5/x86_64/ $Redhat_zabbix/5 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://repo.zabbix.com/mirror/zabbix/4.4/rhel/6/x86_64/ $Redhat_zabbix/6 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://repo.zabbix.com/mirror/zabbix/4.4/rhel/7/x86_64/ $Redhat_zabbix/7 >>$LogFile/$Date.log
rsync $RsyncPerm rsync://repo.zabbix.com/mirror/non-supported/rhel/ $zabbix_nosupport >>$LogFile/$Date.log
CheckStatus
}

action=$1
[ -z $1 ] && action=all
case "$action" in
epel)
epel
;;
centos)
centos
;;
mysql)
mysql
;;
percona)
percona
;;
elasticstack)
elasticstack
;;
zabbix)
zabbix
;;
all)
epel
centos
mysql
percona
elasticstack
zabbix
;;
*)
echo -e "Usage: ./`basename $0` [epel|centos|mysql|percona|elasticstack|zabbix|all]"
;;
esac

OEL7上配置dns服务

搭建rac的时候如果选择多个scan ip 则需要考虑配置dns server,多个虚拟机也可以考虑作为公用的dns服务器

安装相关packages

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@xb ~]# yum install bind* -y
Loaded plugins: refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.68.rc1.el6_10.1 will be installed
---> Package bind-chroot.x86_64 32:9.8.2-0.68.rc1.el6_10.1 will be installed
---> Package bind-devel.x86_64 32:9.8.2-0.68.rc1.el6_10.1 will be installed
---> Package bind-dyndb-ldap.x86_64 0:2.3-8.el6 will be installed
---> Package bind-libs.x86_64 32:9.8.2-0.68.rc1.el6_10.1 will be installed
---> Package bind-sdb.x86_64 32:9.8.2-0.68.rc1.el6_10.1 will be installed
---> Package bind-utils.x86_64 32:9.8.2-0.68.rc1.el6_10.1 will be installed
--> Finished Dependency Resolution

主要文件

1
2
3
4
5
6
7
8
9
10
11
/etc/named #named目录
/etc/named.conf #主配置文件
/etc/rc.d/init.d/named #BIND开机自动时启动的脚本
/usr/sbin/named #named进程程序文件
/usr/sbin/rndc #远程控制named进程的工具
/usr/sbin/rndc-confgen #产生rndc密钥的工具
/usr/share/doc/bind-9.8.2 # 帮助文档和例子文件
/usr/share/man/man5/ #手册
/usr/share/man/man8/#手册
/var/named # Bind配置文件的默认存放目录
/var/run/named #named进程PID文件存放的目录

修改named.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

...省略
zone "oracle.com" IN {
type master;
file "oracle.com.zone";
allow-transfer {192.0.2.1;};
};
zone "2.0.192.in-addr.arpa" IN {
type master;
file "2.0.192.in-addr.arpa.zone";
};

新增了两个zone,oracle.com.zone作为正向解析域,2.0.192.in-addr.arpa.zone为反向解析域,文件位于/var/named/下面

配置oracle.com.zone

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$TTL    86400
@ SOA oracle.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ NS dns.oracle.com.
dns A 192.0.2.20
rac1 A 192.0.2.11
rac2 A 192.0.2.12
rac-scan A 192.0.2.15
rac-scan A 192.0.2.16
rac-scan A 192.0.2.17
rac1-vip A 192.0.2.13
rac2-vip A 192.0.2.14

配置2.0.192.in-addr.arpa.zone

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$TTL    86400
@ IN SOA oracle.com. root.dns.oracle.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.oracle.com.
11 IN PTR rac1.oracle.com.
12 IN PTR rac2.oracle.com.
13 IN PTR rac1-vip.oracle.com.
14 IN PTR rac2-vip.oracle.com.
15 IN PTR rac-scan.
16 IN PTR rac-scan.
17 IN PTR rac-scan.

修改/etc/resolv.conf

1
2
3
# Generated by NetworkManager
search oracle.com
nameserver 192.0.2.20

验证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@xb etc]# ping rac1.oracle.com
PING rac1.oracle.com (192.0.2.11) 56(84) bytes of data.
64 bytes from rac1.oracle.com (192.0.2.11): icmp_seq=1 ttl=64 time=1.19 ms
64 bytes from rac1.oracle.com (192.0.2.11): icmp_seq=2 ttl=64 time=0.390 ms
64 bytes from rac1.oracle.com (192.0.2.11): icmp_seq=3 ttl=64 time=0.468 ms
^C
--- rac1.oracle.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2594ms
rtt min/avg/max/mdev = 0.390/0.683/1.192/0.361 ms
[root@xb etc]# nslookup rac-scan
Server: 192.0.2.20
Address: 192.0.2.20#53

Name: rac-scan.oracle.com
Address: 192.0.2.15
Name: rac-scan.oracle.com
Address: 192.0.2.16
Name: rac-scan.oracle.com
Address: 192.0.2.17