Database Reference
In-Depth Information
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (
PROTOCOL = IPC
)(KEY = TEN))
(ADDRESS = (PROTOCOL = TCP)(HOST =dbserver.oradbpro.com)(PORT = 1521))
)
)
)
By default, an Oracle9
i
TNS Listener is unprotected against
STOP
commands from remote
nodes. Instead of using a TNS Listener password to prevent someone from another host within
the network from shutting down the TNS Listener, you could also use valid node checking. The
downside is that the list of invited nodes has to include all the machines that may access the
TNS Listener. These could still be used to remotely stop the TNS Listener, but might be trusted
systems. This is interesting news for installations that run clustering software, which protects
the ORACLE TNS Listener against node failure, but does not support TNS Listener passwords
(e.g., VERITAS Cluster Server prior to release 4).
If you want to take a more relaxed approach, you may set only
tcp.excluded_nodes
and list
systems that you are certain may not connect to the TNS Listener, and thus the instance(s)
served by the TNS Listener. All nodes not mentioned will be able to connect. Host names and
IP addresses may be used at the same time.
There's no sense in setting both
tcp.invited_nodes
and
tcp.excluded_nodes
at the same
time, since even nodes not mentioned explicitly as excluded nodes will still be excluded when
tcp.invited_nodes
is set. If a node name is contained in both
tcp.excluded_nodes
and
tcp.
invited_nodes
,
tcp.invited_nodes
takes precedence and the node is allowed access. In Oracle9
i
, if
there is a single node name that cannot be resolved to an IP address, this error is logged to the
trace file:
[12-JUL-2007 21:25:10:162] nttcnp: Validnode Table **NOT** used; err 0x1f7
Valid node checking is switched off when this error occurs. Unfortunately, the Oracle9
i
LSNRCTL utility does not write an error message to the terminal. In the presence of invalid host
names, Oracle10
g
lsnrctl
startup
fails with “TNS-12560: TNS:protocol adapter error” and
“TNS-00584: Valid node checking configuration error”. Using
oerr
on TNS-00584 gives this:
$ oerr tns 584
00584, 00000, "Valid node checking configuration error"
// *Cause:Valid node checking specific Oracle Net configuration is invalid.
// *Action:Ensure the hosts specified in the "invited_nodes" and "excluded_nodes"
// are valid. For further details, turn on tracing and reexecute the operation.
If TNS Listener tracing is enabled, the trace file will contain a message similar to the following:
[12-JUL-2007 23:27:16:808] snlinGetAddrInfo: Name resolution failed for
wrong.host.name
[12-JUL-2007 23:27:16:808] nttcnp: Validnode Table **NOT** used; err 0x248
