一、背景介绍
在日常工作中,为解决内网域名解析问题,时长会配置DNS服务来提供解析。这时DNS服务就起到了为所有内部服务提供连通的基础,变得非常重要了。所以在服务启动后还是应该考虑服务的高可用和数据的完整性。
网友有很多LVS+Keepalived+Bind的负载均衡高可用的解决方案,非常不错。不过自建DNS常用在公司内部平台之间的调用,所以负载均衡的意义并不是太大。当然,高可用还是需要保证的。本文章介绍通过Keepalived+Bind实现高可用主从同步DNS服务
二、基础环境
Master DNS:10.61.100.51
Slave DNS:10.61.100.52
VIP:10.61.100.50
三、bind配置
3.1、安装bind(主从)
|
1
|
# yum install bind bind-chroot 安装包的作用就不做过多的介绍了
|
安装完成后会生成下面的文件
|
1
2
3
4
5
6
7
8
9
10
|
[root@ip-10-61-100-51 ~]
# ll /var/named/chroot/
总用量 20
drwxr-x--- 2 root named 4096 7月 11 16:55 dev
drwxr-x--- 5 root named 4096 7月 11 19:31 etc
drwxr-xr-x 2 root root 4096 7月 11 19:31 lib64
drwxr-xr-x 3 root root 4096 7月 11 16:55 usr
drwxr-x--- 6 root named 4096 7月 11 16:55 var
[root@ip-10-61-100-51 ~]
# ll /etc/named.conf
-rw-r----- 1 root named 1311 7月 11 17:39
/etc/named
.conf
其中
/etc/named
.conf其实就是
/var/named/chroot/etc/named
.conf,在启动后会在
/var/named/chroot/etc
生成相关配置文件。
|
3.2、创建named.conf配置文件(主从都要配置,从配置在下面给出)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
vim
/etc/named
.conf
options {
directory
"/var/named"
;
listen-on { any; };
version
"[wowoohr-1.0]"
;
forwarders { 202.96.209.5;
114.114.114.114;
};
recursion
yes
;
allow-query {0.0.0.0
/0
;};
};
logging{
channel default_log {
file
"/etc/log/dns-default.log"
versions 10 size 1m;
severity info;
};
channel lamer_log {
file
"/etc/log/dns-lamer.log"
versions 3 size 1m;
severity info;
print-severity
yes
;
print-
time
yes
;
print-category
yes
;
};
channel query_log {
file
"/etc/log/dns-query.log"
versions 10 size 10m;
severity info;
};
channel security_log {
file
"/etc/log/dns-security.log"
versions 3 size 1m;
severity info;
print-severity
yes
;
print-
time
yes
;
print-category
yes
;
};
category lame-servers { lamer_log; };
category security { security_log; };
category queries { query_log; };
category default { default_log; };
};
zone
"."
{
type
hint;
file
"/etc/named.root"
;
};
zone
"myshebao.com"
{
type
master;
file
"/etc/master/test.com.zone "
;
allow-transfer { 10.61.100.52; };
};
|
3.3、创建named.root配置文件(主从都要配置且配置一样,故从配置不在给出)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
[root@ip-10-61-100-51 etc]
# cat named.root
; This
file
holds the information on root name servers needed to
; initialize cache of Internet domain name servers
;
; This
file
is made available by InterNIC
; under anonymous FTP as
;
file
/domain/named
.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
|
3.4、根据配置文件创建相关目录(主配置)
|
1
2
3
|
[root@ip-10-61-100-51 etc]
# cd /var/named/chroot/etc/
[root@ip-10-61-100-51 etc]
# mkdir log master
[root@ip-10-61-100-51 etc]
# chown named:named log/ -R
|
3.5、创建zone区域文件(主配置)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@ip-10-61-100-51 etc]
# vim master/test.com.zone
$TTL 1D
@ IN SOA ns1.
test
.com. yull.
test
.com. (
2017071104 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.
test
.com.
IN NS ns2.
test
.com.
ns1 IN A 10.61.100.51
ns2 IN A 10.61.100.52
redis IN A 10.61.100.51
db IN A 10.61.100.53
|
3.6、启动named服务(主配置)
|
1
|
# service named start
|
3.7、从服务器named.conf配置。注意从服务器也需要named.root文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
[root@ip-10-61-100-52 ~]
# cat /etc/named.conf
options {
directory
"/var/named"
;
listen-on { any; };
version
"[wowoohr-1.0]"
;
forwarders { 202.96.209.5;
114.114.114.114;
};
recursion
yes
;
allow-query {0.0.0.0
/0
;};
};
logging{
channel default_log {
file
"/etc/log/dns-default.log"
versions 10 size 1m;
severity info;
};
channel lamer_log {
file
"/etc/log/dns-lamer.log"
versions 3 size 1m;
severity info;
print-severity
yes
;
print-
time
yes
;
print-category
yes
;
};
channel query_log {
file
"/etc/log/dns-query.log"
versions 10 size 10m;
severity info;
};
channel security_log {
file
"/etc/log/dns-security.log"
versions 3 size 1m;
severity info;
print-severity
yes
;
print-
time
yes
;
print-category
yes
;
};
category lame-servers { lamer_log; };
category security { security_log; };
category queries { query_log; };
category default { default_log; };
};
zone
"."
{
type
hint;
file
"/etc/named.root"
;
};
zone
"myshebao.com"
{
type
slave;
file
"/etc/slave/test.com.zone"
;
masters {
10.61.100.51;
};
allow-transfer { none; };
};
|
3.8、创建相关目录文件(从)
|
1
2
3
|
[root@ip-10-61-100-52 etc]
# cd /var/named/chroot/etc/
[root@ip-10-61-100-52 etc]
# mkdir log slave
[root@ip-10-61-100-52 etc]
# chown named:named log/ -R
|
3.9、启动named服务(从)
|
1
|
# service named start
|
如成功配置,则会在从的/var/named/chroot/etc/slave下同步test.com.zone配置文件。
四、Keepalived高可用配置
4.1、安装Keepalived(主从)
|
1
|
# yum -y install keepalived
|
4.2、修改配置文件
设计思路:
当 Master 与 Slave 均运作正常时, Master负责服务,Slave负责Standby;
当 Master 挂掉,Slave 正常时, Slave接管服务;
当 Master 恢复正常,恢复Master身份
然后依次循环。需要注意的是修改数据只能在Master修改。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@ip-10-61-100-51 etc]
# cat /etc/keepalived/keepalived.conf
! Configuration File
for
keepalived
global_defs {
notification_email {
yu.liang.liang@wowoohr.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_dns {
script
"/etc/keepalived/scripts/dns_check.sh"
interval 2
}
vrrp_instance V_DNS {
state MASTER
interface eth0
virtual_router_id 153
priority 100
#从服务器修改为80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_dns
}
virtual_ipaddress {
10.61.100.50
}
notify_master
/etc/keepalived/scripts/dns_master
.sh
notify_backup
/etc/keepalived/scripts/dns_backup
.sh
notify_fault
/etc/keepalived/scripts/dns_fault
.sh
notify_stop
/etc/keepalived/scripts/dns_stop
.sh
}
|
上述中的脚本因为Keepalived在转换状态时会依照状态来呼叫:
通过dns_check.sh来检测服务可用性
当进入Master状态时会呼叫notify_master
当进入Backup状态时会呼叫notify_backup
当发现异常情况时进入Fault状态呼叫notify_fault
当Keepalived程序终止时则呼叫notify_stop
4.3、编辑相关脚本(主从)
|
1
2
3
4
5
6
7
8
9
|
# vim /etc/keepalived/scripts/dns_check.sh
#!/bin/bash
ALIVE=`
netstat
-ntpl |
grep
"53"
`
if
[ $? == 0 ];
then
exit
0
else
exit
1
fi
|
|
1
2
3
4
5
6
7
8
|
# vim /etc/keepalived/scripts/dns_master.sh
LOGFILE=
"/var/log/keepalived-dns-state.log"
echo
"[master]"
>> $LOGFILE
date
>> $LOGFILE
echo
"Being master...."
>> $LOGFILE 2>&1
echo
"Run reload cmd ..."
>> $LOGFILE
service named reload >> $LOGFILE 2>&1
|
|
1
2
3
4
5
6
7
|
# vim /etc/keepalived/scripts/dns_backup.sh
LOGFILE=
"/var/log/keepalived-dns-state.log"
echo
"[backup]"
>> $LOGFILE
date
>> $LOGFILE
service named reload >> $LOGFILE 2>&1
echo
"Being slave...."
>> $LOGFILE 2>&1
|
|
1
2
3
4
5
6
|
# vim /etc/keepalived/scripts/dns_fault.sh
#!/bin/bash
LOGFILE=
/var/log/keepalived-dns-state
.log
echo
"[fault]"
>> $LOGFILE
date
>> $LOGFILE
|
|
1
2
3
4
5
6
|
# vim /etc/keepalived/scripts/dns_stop.sh
#!/bin/bash
LOGFILE=
/var/log/keepalived-dns-state
.log
echo
"[stop]"
>> $LOGFILE
date
>> $LOGFILE
|
4.4、给脚本都加上可执行权限:
|
1
|
# sudo chmod +x /etc/keepalived/scripts/*.sh
|
4.5、启动Keepalived服务
|
1
|
# service keepalived start
|
五、验证
|
1
2
3
4
5
6
|
[root@ip-10-61-100-51 etc]
# netstat -ntpl |grep 53
tcp 0 0 10.61.100.50:53 0.0.0.0:* LISTEN 12314
/named
tcp 0 0 10.61.100.51:53 0.0.0.0:* LISTEN 12314
/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 12314
/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 12314
/named
tcp 0 0 ::1:953 :::* LISTEN 12314
/named
|
|
1
2
3
4
5
6
|
[root@ip-10-61-100-52 ~]
# vim /etc/keepalived/scripts/dns_stop.sh
[root@ip-10-61-100-52 ~]
# netstat -ntpl |grep 53
tcp 0 0 10.61.100.52:53 0.0.0.0:* LISTEN 8220
/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 8220
/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8220
/named
tcp 0 0 ::1:953 :::* LISTEN 8220
/named
|
可以看到VIP已经绑定在Master上,同时可以模拟Master挂掉。VIP会自动漂移到Slave上,带Master恢复后,会再次回到Master上,保证服务可用性。
本文转自 亮公子 51CTO博客,原文链接:http://blog.51cto.com/iyull/1946451
