dns
一、背景介绍
在日常工作中,为解决内网域名解析问题,时长会配置 DNS 服务来提供解析。这时 DNS 服务就起到了为所有内部服务提供连通的基础,变得非常重要了。所以在服务启动后还是应该考虑服务的高可用和数据的完整性。
网友有很多 LVS+Keepalived+Bind 的负载均衡高可用的解决方案,非常不错。不过自建 DNS 常用在公司内部平台之间的调用,所以负载均衡的意义并不是太大。当然,高可用还是需要保证的。本文章介绍通过 Keepalived+Bind 实现高可用主从同步 DNS 服务
二、基础环境
Master DNS:10.61.100.51
Slave DNS:10.61.100.52
VIP:10.61.100.50
三、bind 配置
3.1、安装 bind(主从)
- # yum install bind bind - chroot 安装包的作用就不做过多的介绍了
安装完成后会生成下面的文件
- [[email protected] ~]# ll /
- var / named / chroot / 总用量 20 drwxr - x--- 2 root named 4096 7月 11 16 : 55 dev drwxr - x--- 5 root named 4096 7月 11 19 : 31 etc drwxr - xr - x 2 root root 4096 7月 11 19 : 31 lib64 drwxr - xr - x 3 root root 4096 7月 11 16 : 55 usr drwxr - x--- 6 root named 4096 7月 11 16 : 55
- var [[email protected] ~]# ll / etc / named.conf - rw - r----- 1 root named 1311 7月 11 17 : 39 / etc / named.conf其中 / etc / named.conf其实就是 /
- var / named / chroot / etc / named.conf,在启动后会在 /
- var / named / chroot / etc生成相关配置文件。
3.2、创建 named.conf 配置文件(主从都要配置,从配置在下面给出)
- vim / etc / named.conf options { directory "/var/named"; listen - on { any;
- }; version "[wowoohr-1.0]"; forwarders { 202.96.209.5; 114.114.114.114;
- }; recursion yes; allow - query {
- 0.0.0.0 / 0;
- };
- };
- logging {
- channel default_log { file "/etc/log/dns-default.log" versions 10 size 1m; severity info;
- };
- channel lamer_log { file "/etc/log/dns-lamer.log" versions 3 size 1m; severity info; print - severity yes; print - time yes; print - category yes;
- };
- channel query_log { file "/etc/log/dns-query.log" versions 10 size 10m; severity info;
- };
- channel security_log { file "/etc/log/dns-security.log" versions 3 size 1m; severity info; print - severity yes; print - time yes; print - category yes;
- };
- category lame - servers { lamer_log;
- };
- category security { security_log;
- };
- category queries { query_log;
- };
- category
- default { default_log;
- };
- };
- zone "." { type hint; file "/etc/named.root";
- };
- zone "myshebao.com" { type master; file "/etc/master/test.com.zone "; allow - transfer { 10.61.100.52;
- };
- };
3.3、创建 named.root 配置文件(主从都要配置且配置一样,故从配置不在给出)
- [[email protected] etc]# cat named.root; This file holds the information on root name servers needed to; initialize cache of Internet domain name servers;; This file is made available by InterNIC; under anonymous FTP as; file / domain / named.root; on server FTP.INTERNIC.NET; - OR - RS.INTERNIC.NET;; last update: Jan 29,
- 2004; related version of root zone: 2004012900;;; formerly NS.INTERNIC.NET;. 3600000 IN NS A.ROOT - SERVERS.NET.A.ROOT - SERVERS.NET. 3600000 A 198.41.0.4;; formerly NS1.ISI.EDU;. 3600000 NS B.ROOT - SERVERS.NET.B.ROOT - SERVERS.NET. 3600000 A 192.228.79.201;; formerly C.PSI.NET;. 3600000 NS C.ROOT - SERVERS.NET.C.ROOT - SERVERS.NET. 3600000 A 192.33.4.12;; formerly TERP.UMD.EDU;. 3600000 NS D.ROOT - SERVERS.NET.D.ROOT - SERVERS.NET. 3600000 A 128.8.10.90;; formerly NS.NASA.GOV;. 3600000 NS E.ROOT - SERVERS.NET.E.ROOT - SERVERS.NET. 3600000 A 192.203.230.10;; formerly NS.ISC.ORG;. 3600000 NS F.ROOT - SERVERS.NET.F.ROOT - SERVERS.NET. 3600000 A 192.5.5.241;; formerly NS.NIC.DDN.MIL;. 3600000 NS G.ROOT - SERVERS.NET.G.ROOT - SERVERS.NET. 3600000 A 192.112.36.4. 3600000 NS E.ROOT - SERVERS.NET.E.ROOT - SERVERS.NET. 3600000 A 192.203.230.10;; formerly NS.ISC.ORG;. 3600000 NS F.ROOT - SERVERS.NET.F.ROOT - SERVERS.NET. 3600000 A 192.5.5.241;; formerly NS.NIC.DDN.MIL;. 3600000 NS G.ROOT - SERVERS.NET.G.ROOT - SERVERS.NET. 3600000 A 192.112.36.4;; formerly AOS.ARL.ARMY.MIL;. 3600000 NS H.ROOT - SERVERS.NET.H.ROOT - SERVERS.NET. 3600000 A 128.63.2.53;; formerly NIC.NORDU.NET;. 3600000 NS I.ROOT - SERVERS.NET.I.ROOT - SERVERS.NET. 3600000 A 192.36.148.17;; operated by VeriSign,
- Inc.;. 3600000 NS J.ROOT - SERVERS.NET.J.ROOT - SERVERS.NET. 3600000 A 192.58.128.30;; operated by RIPE NCC;. 3600000 NS K.ROOT - SERVERS.NET.K.ROOT - SERVERS.NET. 3600000 A 193.0.14.129;; operated by ICANN;. 3600000 NS L.ROOT - SERVERS.NET.L.ROOT - SERVERS.NET. 3600000 A 198.32.64.12;; operated by WIDE;. 3600000 NS M.ROOT - SERVERS.NET.M.ROOT - SERVERS.NET. 3600000 A 202.12.27.33; End of File
3.4、根据配置文件创建相关目录(主配置)
- [[email protected] etc]# cd /
- var / named / chroot / etc / [[email protected] etc]# mkdir log master[[email protected] etc]# chown named: named log / - R
3.5、创建 zone 区域文件(主配置)
- [[email protected] etc]# vim master / test.com.zone
- $TTL 1D@ IN SOA ns1.test.com. yull.test.com. ( 2017071104 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum
- IN NS ns1.test.com. IN NS ns2.test.com.
- ns1 IN A 10.61.100.51 ns2 IN A 10.61.100.52
- redis IN A 10.61.100.51 db IN A 10.61.100.53
3.6、启动 named 服务(主配置)
- # service named start
3.7、从服务器 named.conf 配置。注意从服务器也需要 named.root 文件
- [[email protected] ~]# cat / etc / named.conf options { directory "/var/named"; listen - on { any;
- }; version "[wowoohr-1.0]"; forwarders { 202.96.209.5; 114.114.114.114;
- }; recursion yes; allow - query {
- 0.0.0.0 / 0;
- };
- };
- logging {
- channel default_log { file "/etc/log/dns-default.log" versions 10 size 1m; severity info;
- };
- channel lamer_log { file "/etc/log/dns-lamer.log" versions 3 size 1m; severity info; print - severity yes; print - time yes; print - category yes;
- };
- channel query_log { file "/etc/log/dns-query.log" versions 10 size 10m; severity info;
- };
- channel security_log { file "/etc/log/dns-security.log" versions 3 size 1m; severity info; print - severity yes; print - time yes; print - category yes;
- };
- category lame - servers { lamer_log;
- };
- category security { security_log;
- };
- category queries { query_log;
- };
- category
- default { default_log;
- };
- };
- zone "." { type hint; file "/etc/named.root";
- };
- zone "myshebao.com" { type slave; file "/etc/slave/test.com.zone"; masters { 10.61.100.51;
- }; allow - transfer { none;
- };
- };
3.8、创建相关目录文件(从)
- [[email protected] etc]# cd /
- var / named / chroot / etc / [[email protected] etc]# mkdir log slave[[email protected] etc]# chown named: named log / - R
3.9、启动 named 服务(从)
- # service named start
如成功配置,则会在从的 / var/named/chroot/etc/slave 下同步 test.com.zone 配置文件。
四、Keepalived 高可用配置
4.1、安装 Keepalived(主从)
- # yum - y install keepalived
4.2、修改配置文件
设计思路:
当 Master 与 Slave 均运作正常时, Master 负责服务,Slave 负责 Standby;
当 Master 挂掉,Slave 正常时, Slave 接管服务;
当 Master 恢复正常,恢复 Master 身份
然后依次循环。需要注意的是修改数据只能在 Master 修改。
- [[email protected] etc]# cat / etc / keepalived / keepalived.conf ! Configuration File
- for keepalived
- global_defs { notification_email { [email protected]
- } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL
- }
- vrrp_script chk_dns { script "/etc/keepalived/scripts/dns_check.sh" interval 2
- }
- vrrp_instance V_DNS { state MASTER interface eth0 virtual_router_id 153 priority 100 #从服务器修改为80 advert_int 1 authentication { auth_type PASS auth_pass 1111
- } track_script { chk_dns
- }
- virtual_ipaddress { 10.61.100.50
- } notify_master / etc / keepalived / scripts / dns_master.sh notify_backup / etc / keepalived / scripts / dns_backup.sh notify_fault / etc / keepalived / scripts / dns_fault.sh notify_stop / etc / keepalived / scripts / dns_stop.sh
- }
上述中的脚本因为 Keepalived 在转换状态时会依照状态来呼叫:
通过 dns_check.sh 来检测服务可用性
当进入 Master 状态时会呼叫 notify_master
当进入 Backup 状态时会呼叫 notify_backup
当发现异常情况时进入 Fault 状态呼叫 notify_fault
当 Keepalived 程序终止时则呼叫 notify_stop
4.3、编辑相关脚本(主从)
- # vim / etc / keepalived / scripts / dns_check.sh
- # ! /bin/bash ALIVE = `netstat - ntpl | grep "53"`
- if [ $ ? == 0 ];
- then exit 0
- else exit 1 fi
- # vim / etc / keepalived / scripts / dns_master.sh
- LOGFILE = "/var/log/keepalived-dns-state.log"echo "[master]" >> $LOGFILE date >> $LOGFILE echo "Being master...." >> $LOGFILE 2 > &1 echo "Run reload cmd ..." >> $LOGFILE service named reload >> $LOGFILE 2 > &1
- # vim / etc / keepalived / scripts / dns_backup.sh
- LOGFILE = "/var/log/keepalived-dns-state.log"echo "[backup]" >> $LOGFILE date >> $LOGFILE service named reload >> $LOGFILE 2 > &1 echo "Being slave...." >> $LOGFILE 2 > &1
- # vim / etc / keepalived / scripts / dns_fault.sh
- # ! /bin/bash LOGFILE = /var/log / keepalived - dns - state.log echo "[fault]" >> $LOGFILE date >> $LOGFILE
- # vim / etc / keepalived / scripts / dns_stop.sh
- # ! /bin/bash LOGFILE = /var/log / keepalived - dns - state.log echo "[stop]" >> $LOGFILE date >> $LOGFILE
4.4、给脚本都加上可执行权限:
- # sudo chmod + x / etc / keepalived / scripts
- /*.sh*/
4.5、启动 Keepalived 服务
- # service keepalived start
五、验证
- [[email protected] etc]# netstat - ntpl | grep 53 tcp 0 0 10.61.100.50 : 53 0.0.0.0 : * LISTEN 12314 / named tcp 0 0 10.61.100.51 : 53 0.0.0.0 : * LISTEN 12314 / named tcp 0 0 127.0.0.1 : 53 0.0.0.0 : * LISTEN 12314 / named tcp 0 0 127.0.0.1 : 953 0.0.0.0 : * LISTEN 12314 / named tcp 0 0 : :1 : 953 : ::* LISTEN 12314 / named
- [[email protected] ~]# vim / etc / keepalived / scripts / dns_stop.sh[[email protected] ~]# netstat - ntpl | grep 53 tcp 0 0 10.61.100.52 : 53 0.0.0.0 : * LISTEN 8220 / named tcp 0 0 127.0.0.1 : 53 0.0.0.0 : * LISTEN 8220 / named tcp 0 0 127.0.0.1 : 953 0.0.0.0 : * LISTEN 8220 / named tcp 0 0 : :1 : 953 : ::* LISTEN 8220 / named
可以看到 VIP 已经绑定在 Master 上,同时可以模拟 Master 挂掉。VIP 会自动漂移到 Slave 上,带 Master 恢复后,会再次回到 Master 上,保证服务可用性。
来源: http://www.bubuko.com/infodetail-2165084.html