SCAN (Single Client Access Name) Set Up Using DNS

Setting up a SCAN allow clients connecting to databases (or instances) in a RAC to use a single name to connect to any database (or instance). It could be considered an alias for all the databases in the cluster. Unlike TNS entries with VIP which need to be modified each time an instance is added or removed, TNS entries with SCAN IP does not need to be modified. SCAN was first introduced with 11gR2 and had additional features added with 12c. For more read the SCAN white paper.
As a prerequisite for RAC, SCAN could be setup either using DNS or GNS (Grid Naming Service). For non-production, test environment a single IP with same hostname could be added to /etc/hosts files of all the RAC nodes to get the installation going but this is not recommended (See 887522.1Instead of DNS or GNS, Can we use '/etc/hosts' to resolve SCAN?) and prerequisite for SCAN check will fail (887471.1),but the installation will complete.
Setting up the SCAN comes under network administrators job role. It's for DBA to request "at least one single name that resolves to three IP addresses using a round robin algorithm". This post list the steps to setup a SCAN using DNS configuration. It will setup a single client access name that resolve to three IPs in a round robin fashion. Nevertheless it is recommended that a network administrator is consulted when setting up SCAN for a production system.
1. Verify DNS related rpms are installed. It would require following three rpms

# rpm -qa | grep bind
bind-libs-9.8.2-0.17.rc1.el6.x86_64
bind-9.8.2-0.17.rc1.el6.x86_64
bind-utils-9.8.2-0.17.rc1.el6.x86_64

2. Note down the hostname and the IP of the server where the SCAN is setup. Also find out the DNS IP (that is already configured)

# hostname
hpc6.mydomain.net

# ifconfig
em1       Link encap:Ethernet  HWaddr 00:26:B9:FE:7D:E0
          inet addr:192.168.0.104  Bcast:192.168.0.255  Mask:255.255.255.0

cat /etc/resolve.conf
search mydomain.net
nameserver 11.6.9.2

These values will be referred in subsequent steps.
3. Setting up the DNS involves adding IP and ports the DNS service listen on to the /etc/named.conf file. The default /etc/named.conf file looks like as follows

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Add new entries to configure the DNS and the SCAN

options {
        listen-on port 53 { 192.168.0.104; 127.0.0.1; }; #IP of the DNS server (noted on step 2)
#       listen-on-v6 port 53 { ::1; }; # IPv6 disabled
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
forwarders { 11.6.9.2; };  # main DNS IP, anything that cannot be resolved will be forwarded to this IP
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};


zone "mydomain.net" IN {
        type master;
        file "mydomain.net.zone"; # forward lookups entry file
        allow-update { none; };
};


zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "rev.mydomain.net.zone"; # reverse lookup entry file
        allow-update { none; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

4. Create forward lookup and reverse lookup files in /var/named. The forward lookup file was named "mydomain.net.zone" for the zone "mydomain.net" in step 3.

cat /var/named/mydomain.net.zone

$TTL 86400
@          IN     SOA    hpc6.mydomain.net.  root.hpc6.mydomain.net. (
                         42 ; serial (d. adams)
                         3H ; refresh
                        15M ; retry
                         1W ; expiry
                         1D ) ; minimum
          IN   NS     hpc6.mydomain.net.
hpc6       IN   A      192.168.0.104
rac-scan        IN      A       192.168.0.86
rac-scan        IN      A       192.168.0.93
rac-scan        IN      A       192.168.0.94

Note the places where the hostname of the server where SCAN is setup being used. Create the reverse lookup file as follows

cat rev.mydomain.net.zone
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 1H
@       IN      SOA     hpc6.mydomain.net.     root.hpc6.mydomain.net. (      2
                                                3H
                                                1H
                                                1W
                                                1H )
0.168.192.in-addr.arpa.         IN NS      hpc6.mydomain.net.

104     IN PTR  hpc6.mydomain.net.
86     IN PTR  rac-scan.mydomain.net.
94     IN PTR  rac-scan.mydomain.net.
93     IN PTR  rac-scan.mydomain.net.

5. Validity of these configuration files could be checked with named-checkconf and named-checkzone.

# named-checkconf /etc/named.conf

# named-checkzone mydomain.net /var/named/mydomain.net.zone
zone mydomain.net/IN: loaded serial 42
OK

# named-checkzone 0.168.192.in-addr.arpa  /var/named/rev.mydomain.net.zone
zone 0.168.192.in-addr.arpa/IN: loaded serial 2
OK

However no error in this step is no guarantee that SCAN will work as expected. It could only be verified with a dig command (shown on a later step).
6. Edit the resolve.conf file and add the new DNS server IP (server IP itself)

cat /etc/resolve.conf 

search mydomain.net
nameserver 192.168.0.104

Also add entry to /etc/hosts

/etc/hosts as below
192.168.0.104   hpc6.mydomain.net        hpc6

7. Start the DNS service

# /etc/init.d/named start

If the first time start of the service get stuck on the following step

# /etc/init.d/named start
Generating /etc/rndc.key:

run the following command and start the service again

# rndc-confgen -a -r /dev/urandom
wrote key file "/etc/rndc.key"

# /etc/init.d/named start

Once started verify that DNS service is listening on port (53 in this case) defined on the names.conf file

netstat -ntl
tcp        0      0 192.168.0.104:53            0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN

8. Using dig command verify that forward lookup and reverse lookup are functioning properly.

# dig hpc6.mydomain.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> hpc6.mydomain.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52260
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;hpc6.mydomain.net.              IN      A

;; ANSWER SECTION:
hpc6.mydomain.net.       86400   IN      A       192.168.0.104

;; AUTHORITY SECTION:
mydomain.net.            86400   IN      NS      hpc6.mydomain.net.

;; Query time: 0 msec
;; SERVER: 192.168.0.104#53(192.168.0.104)
;; WHEN: Wed Aug 28 16:12:44 2013
;; MSG SIZE  rcvd: 64

Check if the query status is NOERROR and answer is 1. This confirms that query was answered without any errors. Check the reverse look as well

# dig -x 192.168.0.104

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> -x 192.168.0.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30913
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;104.0.168.192.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
104.0.168.192.in-addr.arpa. 3600 IN     PTR     hpc6.mydomain.net.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 3600    IN      NS      hpc6.mydomain.net.

;; ADDITIONAL SECTION:
hpc6.mydomain.net.       86400   IN      A       192.168.0.104

;; Query time: 0 msec
;; SERVER: 192.168.0.104#53(192.168.0.104)
;; WHEN: Wed Aug 28 16:13:09 2013
;; MSG SIZE  rcvd: 104

9. If there are errors recheck the zone files and correct any mistakes. Once the dig command return no error then run the lookup command to see the name resolved to 3 IPs in a round robin fashion.

# nslookup rac-scan # lookup 1
Server:         192.168.0.104
Address:        192.168.0.104#53

Name:   rac-scan.mydomain.net
Address: 192.168.0.94
Name:   rac-scan.mydomain.net
Address: 192.168.0.86
Name:   rac-scan.mydomain.net
Address: 192.168.0.93

# nslookup rac-scan # lookup 2
Server:         192.168.0.104
Address:        192.168.0.104#53

Name:   rac-scan.mydomain.net
Address: 192.168.0.86
Name:   rac-scan.mydomain.net
Address: 192.168.0.93
Name:   rac-scan.mydomain.net
Address: 192.168.0.94

# nslookup rac-scan # lookup 3
Server:         192.168.0.104
Address:        192.168.0.104#53

Name:   rac-scan.mydomain.net
Address: 192.168.0.93
Name:   rac-scan.mydomain.net
Address: 192.168.0.94
Name:   rac-scan.mydomain.net
Address: 192.168.0.86

10. To use it in a RAC configuration edit the /etc/resolve.conf file of the RAC nodes and add the IP of the server where SCAN is setup

cat /etc/resolve.conf 

search mydomain.net
nameserver 192.168.0.104