Dynamic Registration of Non-1521 standard ports in Oracle
Dynamic Registration of dynamic registry and static registration are important ways to establish a connection between Oracle instances and listeners. From the current trend, the default listener + Dynamic Registration has become the default Oracle standard configuration. In some scenarios, you may need to modify the standard listening configuration and registration mode for security reasons. This article describes how to implement dynamic Registration of Non-port 1521.
1. Default listening and 1521 Port
The core configuration files of Oracle Net Service are listener. ora, tnsnames. ora, and sqlnet. ora. The listener. ora file is the configuration file for listener-related information. The content of listener personalized parameters is set in this file.
By default, the listener. ora file is not available in the $ ORACLE_HOME/network/admin directory.
[Oracle @ aaalife admin] $ ls-l
-Rw-r -----. 1 oracle oinstall 332 Aug 7 tnsnames. ora
In this case, Oracle will use the default port 1521 to support a listener program for the default configuration file. In addition, the program supports dynamic registration.
[Oracle @ aaalife admin] $ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 01:08:10
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Starting/u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.4.0-Production
Log messages written to/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening on: (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:08:10
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
-- The path of the listener configuration file is not described here.
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
The listener supports no services
The command completed successfully
For an Oracle instance at the other end of the registration behavior, by default, the Oracle instance performs a dynamic registration action and registers the action to the listening program listening on port 1521.
[Oracle @ aaalife admin] $ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 01:14:54
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:08:10
Uptime 0 days 0 hr. 6 min. 43 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
Services Summary...
Service "aaadb" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
Service "aaadbXDB" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
The command completed successfully
2. Non-Default port listener
In some security scenarios, we are required to modify the listening port to a non-1521 port to avoid scanning intrusion. In fact, this is of little significance to the attack scanning program, because hackers usually scan all ports for attacks.
To modify the port number, you must create a special listener. ora file for configuration. The following describes how to configure a non-standard listener program.
[Oracle @ aaalife admin] $ cat listener. ora
# Listener. ora Network Configuration File:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
# Generated by Oracle configuration tools.
MY_LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP) (HOST = localhost) (PORT = 1531 ))
(ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC1531 ))
)
)
ADR_BASE_LISTENER =/u01/app/oracle
The configuration file contains a listener on port 1531. View the listener information below.
[Oracle @ aaalife admin] $ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 01:27:53
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Starting/u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.4.0-Production
System parameter file is/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Log messages written to/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening on: (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
The listener supports no services
The command completed successfully
Port 1521 listeners are displayed by default. At the same time, it is found that two listeners are running on the current server.
[Oracle @ aaalife admin] $ lsnrctl status listener
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 01:30:13
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 0 hr. 2 min. 19 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
Services Summary...
Service "aaadb" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
Service "aaadbXDB" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
The command completed successfully
[Oracle @ aaalife admin] $
[Oracle @ aaalife admin] $ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 01:30:29
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = localhost) (PORT = 1531 )))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:17:52
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1531 )))
(DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = EXTPROC1531 )))
The listener supports no services
The command completed successfully
The above information shows several details:
Ü we configured a custom listener my_listener In the listener. ora file to listen to port 1531. However, the current default listener still exists and can run on port 1521. The my_listener listener runs on port 1531;
Ü the Dynamic Registration of Oracle instances is performed on the listener on port 1521, and port 1531 is not registered;
The problem of the default listener is well solved, as long as we keep only one listener. So, how can I have an Oracle instance register at Port 1531 instead of port 1521?
The solution is to use local_listener to configure parameters. By default, this parameter is null.
SQL> show parameter listener;
NAME TYPE VALUE
-----------------------------------------------------------------------------
Listener_networks string
Local_listener string
Remote_listener string
This parameter is used to specify the listener to which the Oracle instance registers. For non-standard port registration, you must modify the registration listening information parameters.
SQL> show parameter local
NAME TYPE VALUE
-----------------------------------------------------------------------------
Local_listener string (ADDRESS_LIST = (Address = (Protoc ol = tcp) (HOST = AAALIFE) (Port = 1531 )))
Log_archive_local_first boolean TRUE
Parallel_force_local boolean FALSE
Note: The modification range of local_listener supports the both mode. You do not need to restart the instance if it takes effect immediately.
The listener status is as follows:
[Oracle @ aaalife dbs] $ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 02:32:25
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 1 hr. 4 min. 32 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1521 )))
The listener supports no services
The command completed successfully
[Oracle @ aaalife dbs] $ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 02:32:33
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = localhost) (PORT = 1531 )))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 01:17:52
Uptime 0 days 1 hr. 14 min. 41 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1531 )))
(DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = EXTPROC1531 )))
Services Summary...
Service "aaadb" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
Service "aaadbXDB" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
The command completed successfully
The instance dynamically registers with port 1531, and the original 1521 default listener does not have registration information.
Then, there is another problem, that is, the local_listener setting value. This value is written using a bracket expression, which is used internally by Oracle Net Service. From the management perspective, this policy is not a good method. We directly write the port number in the database parameters, which not only exposes deployment information, but also has some problems in the migration and change actions.
Therefore, Oracle officially supports configuring local_listener by using the listener alias method.
3. Set the listener alias
An interesting phenomenon is that the configuration of local_listener varies greatly between MOS and network colleagues. The official opinion of MOS is to set the listener alias, and the network colleagues select the "Bracket expression" without exception ".
In my experiment, the listener alias is directly set, which is not recognized by Oracle.
SQL> alter system set local_listener = 'my _ listener 'scope = both;
Alter system set local_listener = 'my _ listener 'scope = both
*
ERROR at line 1:
ORA-02097: parameter cannot be modified because specified the value is invalid
ORA-00119: invalid specification for system parameter LOCAL_LISTENER
ORA-00132: syntax error or unresolved network name 'my _ listener'
Oracle cannot parse the my_listener name because it is neither a bracket expression nor a set alias. This is strange. We have clearly defined the name in the listener. ora file.
Oracle official explanation of error 00132 is as follows:
[Oracle @ aaalife admin] $ oerr ora 00132
00132,000 00, "syntax error or unresolved network name '% S '"
// * Cause: Listener address has syntax error or cannot be resolved.
// * Action: If a network name is specified, check that it corresponds
// To an entry in TNSNAMES. ORA or other address repository
// As configured for your system. Make sure that the entry
// Is syntactically correct.
Oracle believes that the corresponding name of my_listener cannot be found in the tnsnames. ora file on the server side. Tnsnames. ora is the place where the name of the local connection is saved. Does it mean that the alias here must be defined in the tnsnames. ora file. We are familiar with defining local naming aliases. How is the listener program alias defined?
After querying early Oracle documents and treatments, you can find the definition formats and methods in one corner.
[Oracle @ aaalife admin] $ cat tnsnames. ora # tnsnames. ora Network Configuration File:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames. ora
# Generated by Oracle configuration tools.
MY_LISTENER =
(Description =
(Address = (protocol = tcp) (host = AAALIFE) (port = 1531 )))
The tnsping command has the side effects of parsing the format. Can it be successful?
[Oracle @ aaalife admin] $ tnsping my_listener
TNS Ping Utility for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 20:43:58
Copyright (c) 1997,201 3, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (description = (address = (protocol = tcp) (host = AAALIFE) (port = 1531 )))
OK (0 msec)
Resolution is successful, at least there is no big problem in the format.
SQL> alter system set local_listener = 'my _ LISTENER 'scope = both;
System altered.
SQL> show parameter local;
NAME TYPE VALUE
-----------------------------------------------------------------------------
Local_listener string MY_LISTENER
Log_archive_local_first boolean TRUE
Parallel_force_local boolean FALSE
Start manual registration to view the listener status.
SQL> alter system register;
System altered.
[Oracle @ aaalife admin] $ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0-Production on 07-SEP-2015 20:50:47
Copyright (c) 1991,201 3, Oracle. All rights reserved.
Connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = localhost) (PORT = 1531 )))
STATUS of the LISTENER
------------------------
Alias my_listener
Version TNSLSNR for Linux: Version 11.2.0.4.0-Production
Start Date 07-SEP-2015 19:48:50
Uptime 0 days 1 hr. 1 min. 59 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener. ora
Listener Log File/u01/app/oracle/diag/tnslsnr/aaalife/my_listener/alert/log. xml
Listening Endpoints Summary...
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = localhost) (PORT = 1531 )))
(DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = EXTPROC1531 )))
Services Summary...
Service "aaadb" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
Service "aaadbXDB" has 1 instance (s ).
Instance "aaadb", status READY, has 1 handler (s) for this service...
The command completed successfully
Set successfully. In the listener status, my_listener appears as the alias in the status information.
4. Conclusion
Dynamic Registration is the most common registration mode. Multiple configuration files (Oracle Net Service), Oracle parameters, listener settings are intertwined and affect each other. During this period, there are multiple factors such as network adapter, domain name resolution, and so on, which are prone to faults. Multi-experiment and multi-test can help us to gain a deeper understanding of the system and be more comfortable in our daily work.