一、背景介绍
在日常工作中,为解决内网域名解析问题,时长会配置DNS服务来提供解析。这时DNS服务就起到了为所有内部服务提供连通的基础,变得非常重要了。所以在服务启动后还是应该考虑服务的高可用和数据的完整性。
网友有很多LVS+Keepalived+Bind的负载均衡高可用的解决方案,非常不错。不过自建DNS常用在公司内部平台之间的调用,所以负载均衡的意义并不是太大。当然,高可用还是需要保证的。本文章介绍通过Keepalived+Bind实现高可用主从同步DNS服务
二、基础环境
Master DNS:10.61.100.51
Slave DNS:10.61.100.52
VIP:10.61.100.50
三、bind配置
3.1、安装bind(主从)
#yuminstallbindbind-chroot安装包的作用就不做过多的介绍了
[root@ip-10-61-100-51~]#ll/var/named/chroot/ 总用量20 drwxr-x---2rootnamed40967月1116:55dev drwxr-x---5rootnamed40967月1119:31etc drwxr-xr-x2rootroot40967月1119:31lib64 drwxr-xr-x3rootroot40967月1116:55usr drwxr-x---6rootnamed40967月1116:55var [root@ip-10-61-100-51~]#ll/etc/named.conf -rw-r-----1rootnamed13117月1117:39/etc/named.conf 其中/etc/named.conf其实就是/var/named/chroot/etc/named.conf,在启动后会在/var/named/chroot/etc生成相关配置文件。
3.2、创建named.conf配置文件(主从都要配置,从配置在下面给出)
vim/etc/named.conf options{ directory"/var/named"; listen-on{any;}; version"[wowoohr-1.0]"; forwarders{202.96.209.5; 114.114.114.114; }; recursionyes; allow-query{0.0.0.0/0;}; }; logging{ channeldefault_log{ file"/etc/log/dns-default.log"versions10size1m; severityinfo; }; channellamer_log{ file"/etc/log/dns-lamer.log"versions3size1m; severityinfo; print-severityyes; print-timeyes; print-categoryyes; }; channelquery_log{ file"/etc/log/dns-query.log"versions10size10m; severityinfo; }; channelsecurity_log{ file"/etc/log/dns-security.log"versions3size1m; severityinfo; print-severityyes; print-timeyes; print-categoryyes; }; categorylame-servers{lamer_log;}; categorysecurity{security_log;}; categoryqueries{query_log;}; categorydefault{default_log;}; }; zone"."{ typehint; file"/etc/named.root"; }; zone"myshebao.com"{ typemaster; file"/etc/master/test.com.zone"; allow-transfer{10.61.100.52;}; };
3.3、创建named.root配置文件(主从都要配置且配置一样,故从配置不在给出)
[root@ip-10-61-100-51etc]#catnamed.root ;Thisfileholdstheinformationonrootnameserversneededto ;initializecacheofInternetdomainnameservers ; ;ThisfileismadeavailablebyInterNIC ;underanonymousFTPas ;file/domain/named.root ;onserverFTP.INTERNIC.NET ;-OR-RS.INTERNIC.NET ; ;lastupdate:Jan29,2004 ;relatedversionofrootzone:2004012900 ; ; ;formerlyNS.INTERNIC.NET ; .3600000INNSA.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET.3600000A198.41.0.4 ; ;formerlyNS1.ISI.EDU ; .3600000NSB.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET.3600000A192.228.79.201 ; ;formerlyC.PSI.NET ; .3600000NSC.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET.3600000A192.33.4.12 ; ;formerlyTERP.UMD.EDU ; .3600000NSD.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET.3600000A128.8.10.90 ; ;formerlyNS.NASA.GOV ; .3600000NSE.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET.3600000A192.203.230.10 ; ;formerlyNS.ISC.ORG ; .3600000NSF.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET.3600000A192.5.5.241 ; ;formerlyNS.NIC.DDN.MIL ; .3600000NSG.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET.3600000A192.112.36.4 .3600000NSE.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET.3600000A192.203.230.10 ; ;formerlyNS.ISC.ORG ; .3600000NSF.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET.3600000A192.5.5.241 ; ;formerlyNS.NIC.DDN.MIL ; .3600000NSG.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET.3600000A192.112.36.4 ; ;formerlyAOS.ARL.ARMY.MIL ; .3600000NSH.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET.3600000A128.63.2.53 ; ;formerlyNIC.NORDU.NET ; .3600000NSI.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET.3600000A192.36.148.17 ; ;operatedbyVeriSign,Inc. ; .3600000NSJ.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET.3600000A192.58.128.30 ; ;operatedbyRIPENCC ; .3600000NSK.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET.3600000A193.0.14.129 ; ;operatedbyICANN ; .3600000NSL.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET.3600000A198.32.64.12 ; ;operatedbyWIDE ; .3600000NSM.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET.3600000A202.12.27.33 ;EndofFile
3.4、根据配置文件创建相关目录(主配置)
[root@ip-10-61-100-51etc]#cd/var/named/chroot/etc/ [root@ip-10-61-100-51etc]#mkdirlogmaster [root@ip-10-61-100-51etc]#chownnamed:namedlog/-R
3.5、创建zone区域文件(主配置)
[root@ip-10-61-100-51etc]#vimmaster/test.com.zone $TTL1D @INSOAns1.test.com.yull.test.com.( 2017071104;serial 1D;refresh 1H;retry 1W;expire 3H);minimum INNSns1.test.com. INNSns2.test.com. ns1INA10.61.100.51 ns2INA10.61.100.52 redisINA10.61.100.51 dbINA10.61.100.53
3.6、启动named服务(主配置)
#servicenamedstart
3.7、从服务器named.conf配置。注意从服务器也需要named.root文件
[root@ip-10-61-100-52~]#cat/etc/named.conf options{ directory"/var/named"; listen-on{any;}; version"[wowoohr-1.0]"; forwarders{202.96.209.5; 114.114.114.114; }; recursionyes; allow-query{0.0.0.0/0;}; }; logging{ channeldefault_log{ file"/etc/log/dns-default.log"versions10size1m; severityinfo; }; channellamer_log{ file"/etc/log/dns-lamer.log"versions3size1m; severityinfo; print-severityyes; print-timeyes; print-categoryyes; }; channelquery_log{ file"/etc/log/dns-query.log"versions10size10m; severityinfo; }; channelsecurity_log{ file"/etc/log/dns-security.log"versions3size1m; severityinfo; print-severityyes; print-timeyes; print-categoryyes; }; categorylame-servers{lamer_log;}; categorysecurity{security_log;}; categoryqueries{query_log;}; categorydefault{default_log;}; }; zone"."{ typehint; file"/etc/named.root"; }; zone"myshebao.com"{ typeslave; file"/etc/slave/test.com.zone"; masters{ 10.61.100.51; }; allow-transfer{none;}; };
3.8、创建相关目录文件(从)
[root@ip-10-61-100-52etc]#cd/var/named/chroot/etc/ [root@ip-10-61-100-52etc]#mkdirlogslave [root@ip-10-61-100-52etc]#chownnamed:namedlog/-R
3.9、启动named服务(从)
#servicenamedstart
如成功配置,则会在从的/var/named/chroot/etc/slave下同步test.com.zone配置文件。
四、Keepalived高可用配置
4.1、安装Keepalived(主从)
#yum-yinstallkeepalived
设计思路:
当 Master 与 Slave 均运作正常时,Master负责服务,Slave负责Standby;
当 Master 挂掉,Slave 正常时,Slave接管服务;
当 Master 恢复正常,恢复Master身份
然后依次循环。需要注意的是修改数据只能在Master修改。
[root@ip-10-61-100-51etc]#cat/etc/keepalived/keepalived.conf !ConfigurationFileforkeepalived global_defs{ notification_email{ yu.liang.liang@wowoohr.com } notification_email_fromAlexandre.Cassen@firewall.loc smtp_server192.168.200.1 smtp_connect_timeout30 router_idLVS_DEVEL } vrrp_scriptchk_dns{ script"/etc/keepalived/scripts/dns_check.sh" interval2 } vrrp_instanceV_DNS{ stateMASTER interfaceeth0 virtual_router_id153 priority100#从服务器修改为80 advert_int1 authentication{ auth_typePASS auth_pass1111 } track_script{ chk_dns } virtual_ipaddress{ 10.61.100.50 } notify_master/etc/keepalived/scripts/dns_master.sh notify_backup/etc/keepalived/scripts/dns_backup.sh notify_fault/etc/keepalived/scripts/dns_fault.sh notify_stop/etc/keepalived/scripts/dns_stop.sh }
上述中的脚本因为Keepalived在转换状态时会依照状态来呼叫:
通过dns_check.sh来检测服务可用性
当进入Master状态时会呼叫notify_master
当进入Backup状态时会呼叫notify_backup
当发现异常情况时进入Fault状态呼叫notify_fault
当Keepalived程序终止时则呼叫notify_stop
4.3、编辑相关脚本(主从)
#vim/etc/keepalived/scripts/dns_check.sh #!/bin/bash ALIVE=`netstat-ntpl|grep"53"` if[$?==0];then exit0 else exit1 fi
#vim/etc/keepalived/scripts/dns_master.sh LOGFILE="/var/log/keepalived-dns-state.log" echo"[master]">>$LOGFILE date>>$LOGFILE echo"Beingmaster....">>$LOGFILE2>&1 echo"Runreloadcmd...">>$LOGFILE servicenamedreload>>$LOGFILE2>&1
#vim/etc/keepalived/scripts/dns_backup.sh LOGFILE="/var/log/keepalived-dns-state.log" echo"[backup]">>$LOGFILE date>>$LOGFILE servicenamedreload>>$LOGFILE2>&1 echo"Beingslave....">>$LOGFILE2>&1
#vim/etc/keepalived/scripts/dns_fault.sh #!/bin/bash LOGFILE=/var/log/keepalived-dns-state.log echo"[fault]">>$LOGFILE date>>$LOGFILE
#vim/etc/keepalived/scripts/dns_stop.sh #!/bin/bash LOGFILE=/var/log/keepalived-dns-state.log echo"[stop]">>$LOGFILE date>>$LOGFILE
4.4、给脚本都加上可执行权限:
#sudochmod+x/etc/keepalived/scripts/*.sh
4.5、启动Keepalived服务
#servicekeepalivedstart
五、验证
[root@ip-10-61-100-51etc]#netstat-ntpl|grep53 tcp0010.61.100.50:530.0.0.0:*LISTEN12314/named tcp0010.61.100.51:530.0.0.0:*LISTEN12314/named tcp00127.0.0.1:530.0.0.0:*LISTEN12314/named tcp00127.0.0.1:9530.0.0.0:*LISTEN12314/named tcp00::1:953:::*LISTEN12314/named
[root@ip-10-61-100-52~]#vim/etc/keepalived/scripts/dns_stop.sh [root@ip-10-61-100-52~]#netstat-ntpl|grep53 tcp0010.61.100.52:530.0.0.0:*LISTEN8220/named tcp00127.0.0.1:530.0.0.0:*LISTEN8220/named tcp00127.0.0.1:9530.0.0.0:*LISTEN8220/named tcp00::1:953:::*LISTEN8220/named
可以看到VIP已经绑定在Master上,同时可以模拟Master挂掉。VIP会自动漂移到Slave上,带Master恢复后,会再次回到Master上,保证服务可用性。