Centos下高可用主從同步DNS服務部署
阿新 • • 發佈:2017-07-12
高可用 dns
/* */ ~]# ll /etc/named.conf
-rw-r----- 1 root named 1311 7月 11 17:39 /etc/named.conf
其中/etc/named.conf其實就是/var/named/chroot/etc/named.conf,在啟動後會在/var/named/chroot/etc生成相關配置文件。一、背景介紹
在日常工作中,為解決內網域名解析問題,時長會配置DNS服務來提供解析。這時DNS服務就起到了為所有內部服務提供連通的基礎,變得非常重要了。所以在服務啟動後還是應該考慮服務的高可用和數據的完整性。
網友有很多LVS+Keepalived+Bind的負載均衡高可用的解決方案,非常不錯。不過自建DNS常用在公司內部平臺之間的調用,所以負載均衡的意義並不是太大。當然,高可用還是需要保證的。本文章介紹通過Keepalived+Bind實現高可用主從同步DNS服務
二、基礎環境
Master DNS:10.61.100.51
Slave DNS:10.61.100.52
VIP:10.61.100.50
三、bind配置
3.1、安裝bind(主從)
# yum install bind bind-chroot 安裝包的作用就不做過多的介紹了
安裝完成後會生成下面的文件
[[email protected] ~]# ll /var/named/chroot/ 總用量 20 drwxr-x--- 2 root named 4096 7月 11 16:55 dev drwxr-x--- 5 root named 4096 7月 11 19:31 etc drwxr-xr-x 2 root root 4096 7月 11 19:31 lib64 drwxr-xr-x 3 root root 4096 7月 11 16:55 usr drwxr-x--- 6 root named 4096 7月 11 16:55 var [[email protected]
3.2、創建named.conf配置文件(主從都要配置,從配置在下面給出)
vim /etc/named.conf
options {
directory "/var/named";
listen-on { any; };
version "[wowoohr-1.0]";
forwarders { 202.96.209.5;
114.114.114.114;
};
recursion yes;
allow-query {0.0.0.0/0;};
};
logging{
channel default_log {
file "/etc/log/dns-default.log" versions 10 size 1m;
severity info;
};
channel lamer_log {
file "/etc/log/dns-lamer.log" versions 3 size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query_log {
file "/etc/log/dns-query.log" versions 10 size 10m;
severity info;
};
channel security_log {
file "/etc/log/dns-security.log" versions 3 size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category lame-servers { lamer_log; };
category security { security_log; };
category queries { query_log; };
category default { default_log; };
};
zone "." {
type hint;
file "/etc/named.root";
};
zone "myshebao.com" {
type master;
file "/etc/master/test.com.zone ";
allow-transfer { 10.61.100.52; };
};3.3、創建named.root配置文件(主從都要配置且配置一樣,故從配置不在給出)
[[email protected] etc]# cat named.root ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.root ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jan 29, 2004 ; related version of root zone: 2004012900 ; ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; operated by VeriSign, Inc. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 ; ; operated by RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ; ; operated by ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 ; ; operated by WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 ; End of File
3.4、根據配置文件創建相關目錄(主配置)
[[email protected] etc]# cd /var/named/chroot/etc/ [[email protected] etc]# mkdir log master [[email protected] etc]# chown named:named log/ -R
3.5、創建zone區域文件(主配置)
[[email protected] etc]# vim master/test.com.zone
$TTL 1D
@ IN SOA ns1.test.com. yull.test.com. (
2017071104 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.test.com.
IN NS ns2.test.com.
ns1 IN A 10.61.100.51
ns2 IN A 10.61.100.52
redis IN A 10.61.100.51
db IN A 10.61.100.533.6、啟動named服務(主配置)
# service named start
3.7、從服務器named.conf配置。註意從服務器也需要named.root文件
[[email protected] ~]# cat /etc/named.conf
options {
directory "/var/named";
listen-on { any; };
version "[wowoohr-1.0]";
forwarders { 202.96.209.5;
114.114.114.114;
};
recursion yes;
allow-query {0.0.0.0/0;};
};
logging{
channel default_log {
file "/etc/log/dns-default.log" versions 10 size 1m;
severity info;
};
channel lamer_log {
file "/etc/log/dns-lamer.log" versions 3 size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query_log {
file "/etc/log/dns-query.log" versions 10 size 10m;
severity info;
};
channel security_log {
file "/etc/log/dns-security.log" versions 3 size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category lame-servers { lamer_log; };
category security { security_log; };
category queries { query_log; };
category default { default_log; };
};
zone "." {
type hint;
file "/etc/named.root";
};
zone "myshebao.com" {
type slave;
file "/etc/slave/test.com.zone";
masters {
10.61.100.51;
};
allow-transfer { none; };
};3.8、創建相關目錄文件(從)
[[email protected] etc]# cd /var/named/chroot/etc/ [[email protected] etc]# mkdir log slave [[email protected] etc]# chown named:named log/ -R
3.9、啟動named服務(從)
# service named start
如成功配置,則會在從的/var/named/chroot/etc/slave下同步test.com.zone配置文件。
四、Keepalived高可用配置
4.1、安裝Keepalived(主從)
# yum -y install keepalived
4.2、修改配置文件
設計思路:
當 Master 與 Slave 均運作正常時, Master負責服務,Slave負責Standby;
當 Master 掛掉,Slave 正常時, Slave接管服務;
當 Master 恢復正常,恢復Master身份
然後依次循環。需要註意的是修改數據只能在Master修改。
[[email protected] etc]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_dns {
script "/etc/keepalived/scripts/dns_check.sh"
interval 2
}
vrrp_instance V_DNS {
state MASTER
interface eth0
virtual_router_id 153
priority 100 #從服務器修改為80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_dns
}
virtual_ipaddress {
10.61.100.50
}
notify_master /etc/keepalived/scripts/dns_master.sh
notify_backup /etc/keepalived/scripts/dns_backup.sh
notify_fault /etc/keepalived/scripts/dns_fault.sh
notify_stop /etc/keepalived/scripts/dns_stop.sh
}上述中的腳本因為Keepalived在轉換狀態時會依照狀態來呼叫:
通過dns_check.sh來檢測服務可用性
當進入Master狀態時會呼叫notify_master
當進入Backup狀態時會呼叫notify_backup
當發現異常情況時進入Fault狀態呼叫notify_fault
當Keepalived程序終止時則呼叫notify_stop
4.3、編輯相關腳本(主從)
# vim /etc/keepalived/scripts/dns_check.sh #!/bin/bash ALIVE=`netstat -ntpl |grep "53"` if [ $? == 0 ];then exit 0 else exit 1 fi
# vim /etc/keepalived/scripts/dns_master.sh LOGFILE="/var/log/keepalived-dns-state.log" echo "[master]" >> $LOGFILE date >> $LOGFILE echo "Being master...." >> $LOGFILE 2>&1 echo "Run reload cmd ..." >> $LOGFILE service named reload >> $LOGFILE 2>&1
# vim /etc/keepalived/scripts/dns_backup.sh LOGFILE="/var/log/keepalived-dns-state.log" echo "[backup]" >> $LOGFILE date >> $LOGFILE service named reload >> $LOGFILE 2>&1 echo "Being slave...." >> $LOGFILE 2>&1
# vim /etc/keepalived/scripts/dns_fault.sh #!/bin/bash LOGFILE=/var/log/keepalived-dns-state.log echo "[fault]" >> $LOGFILE date >> $LOGFILE
# vim /etc/keepalived/scripts/dns_stop.sh #!/bin/bash LOGFILE=/var/log/keepalived-dns-state.log echo "[stop]" >> $LOGFILE date >> $LOGFILE
4.4、給腳本都加上可執行權限:
# sudo chmod +x /etc/keepalived/scripts/*.sh
4.5、啟動Keepalived服務
# service keepalived start
五、驗證
[[email protected] etc]# netstat -ntpl |grep 53 tcp 0 0 10.61.100.50:53 0.0.0.0:* LISTEN 12314/named tcp 0 0 10.61.100.51:53 0.0.0.0:* LISTEN 12314/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 12314/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 12314/named tcp 0 0 ::1:953 :::* LISTEN 12314/named
[[email protected] ~]# vim /etc/keepalived/scripts/dns_stop.sh [[email protected] ~]# netstat -ntpl |grep 53 tcp 0 0 10.61.100.52:53 0.0.0.0:* LISTEN 8220/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 8220/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8220/named tcp 0 0 ::1:953 :::* LISTEN 8220/named
可以看到VIP已經綁定在Master上,同時可以模擬Master掛掉。VIP會自動漂移到Slave上,帶Master恢復後,會再次回到Master上,保證服務可用性。
本文出自 “亮公子” 博客,請務必保留此出處http://iyull.blog.51cto.com/4664834/1946451
Centos下高可用主從同步DNS服務部署