在CentOS集群上部署DNS服务

Kubernetes集群搭建中记录了构建6台机器的集群用以跑K8s的搭建过程,本文记录在集群内搭建一个DNS服务、让各个机器在集群内可通过域名可访问其他机器的过程。集群机器的IP、Hostname等的设计如下:

Hostname IP Address 备注说明
worker-st.xcluster.io 192.168.99.100 DNS Master
worker-01.xcluster.io 192.168.99.101 作为K8s集群的master节点,DNS Slave
worker-02.xcluster.io 192.168.99.102 作为K8s集群的1号Node机器,负责跑Pods
worker-03.xcluster.io 192.168.99.103 作为K8s集群的2号Node机器,负责跑Pods
worker-04.xcluster.io 192.168.99.104 作为K8s集群的3号Node机器,负责跑Pods
worker-05.xcluster.io 192.168.99.105 作为K8s集群的4号Node机器,负责跑Pods

选择192.168.99.100和192.168.99.101作为DNS服务器的主DNS和DNS Slave。


安装DNS Server

在两台机器上都执行相同的安装操作来安装named服务:

1
$ sudo yum install bind bind-utils -y

安装完成以后通过如下命令设置为系统自启动服务,启动|停止|重启服务,及查看服务状态:

1
2
3
$ sudo systemctl enable named
$ sudo systemctl start|stop|restart named
$ sudo systemctl status named

DNS服务的配置文件为/etc/named.conf


配置DNS Server

配置Master

编辑配置文件/etc/named.conf,在listen-on当中添加主DNS的IP地址(本机IP:192.168.99.100)、添加allow-queryallow-transfer选项,并添加我们即将配置的xcluster.io域名的zone配置文件路径;添加后如下:

1
2
3
4
5
6
7
8
options {
listen-on port 53 { 127.0.0.1; 192.168.99.100;};
# 省略其他配置
allow-query { localhost; 192.168.99.0/24;}; ### 子网范围 ###
allow-transfer { localhost; 192.168.99.101; }; ### DNS Slave的IP地址 ###
# 省略其他配置
include "/etc/named/xcluster.io.zones";
}

然后新建/etc/named/xcluster.io.zones文件,为xcluster.io指定zone配置信息:

1
2
3
4
5
6
7
8
9
10
11
zone "xcluster.io" IN {
type master;
file "forward.xcluster";
allow-update { none; };
};

zone "99.168.192.in-addr.arpa" IN { # 注意到命名开始是IP地址里面的网络号的反写
type master;
file "reverse.xcluster";
allow-update { none; };
};

我们在zone文件中指定了具体的配置文件,接下来我们将创建和配置这两个文件,他们要放置在/var/named目录下:

  • /var/named/forward.xcluster.io

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    $TTL 86400
    @ IN SOA masterdns.xcluster.io. root.xcluster.io. (
    2021010401 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
    )
    @ IN NS masterdns.xcluster.io.
    @ IN NS secondarydns.xcluster.io.
    @ IN A 192.168.99.100
    @ IN A 192.168.99.101
    masterdns IN A 192.168.99.100
    secondarydns IN A 192.168.99.101

    worker-st.xcluster.io IN A 192.168.99.100
    worker-01.xcluster.io IN A 192.168.99.101
    worker-02.xcluster.io IN A 192.168.99.102
    worker-03.xcluster.io IN A 192.168.99.103
    worker-04.xcluster.io IN A 192.168.99.104
    worker-05.xcluster.io IN A 192.168.99.105

    其中16~21行是我们指定的A记录配置。

  • /var/named/reverse.xcluster.io

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    $TTL 86400
    @ IN SOA masterdns.xcluster.io. root.xcluster.io. (
    2021010401 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
    )
    @ IN NS masterdns.xcluster.io.
    @ IN NS secondarydns.xcluster.io.
    @ IN PTR xcluster.io.
    100 IN PTR masterdns.xcluster.io.
    101 IN PTR secondarydns.xcluster.io.
    masterdns IN A 192.168.99.100
    secondarydns IN A 192.168.99.101

    100 IN PTR worker-st.xcluster.io # 注意到第一列是IP地址里面的地址号
    101 IN PTR worker-01.xcluster.io
    102 IN PTR worker-02.xcluster.io
    103 IN PTR worker-03.xcluster.io
    104 IN PTR worker-04.xcluster.io
    105 IN PTR worker-05.xcluster.io

    其中17~22行是我们指定的反向记录配置。


配置Slave

类似Master的配置,编辑配置文件/etc/named.conf,在listen-on当中添加DNS Slave的IP地址(本机IP:192.168.99.101)、添加allow-query(这里没有了allow-transfer)选项,并添加我们即将配置的xcluster.io域名的zone配置文件路径;添加后如下:

1
2
3
4
5
options {
listen-on port 53 { 127.0.0.1; 192.168.99.100;};
# 省略其他配置
include "/etc/named/xcluster.io.zones";
}

注意,/etc/named/xcluster.io.zones的内容和master中的将有所不同:

1
2
3
4
5
6
7
8
9
10
zone "xcluster.io" IN {
type slave;
file "slaves/forword.xcluster";
masters { 192.168.99.100; };
};
zone "99.168.192.in-addr.arpa" IN {
type slave;
file "slaves/reverse.xcluster";
masters { 192.168.99.100; };
};

配置完以后,Slave将根据该配置自动从Master中同步xcluster.io的zones配置,同步过来的配置存放在/var/named/slaves文件夹下。


配置检查

通过named-checkconf命令检查conf文件配置是否合法(合法时无输出),通过named-checkzone命令检查zone配置是否合法(合法时输出如下):

1
2
3
4
$ sudo named-checkconf /etc/named.conf
$ sudo named-checkzone xcluster.io /var/named/forward.xcluster
zone xcluster.io/IN: loaded serial 2021010401
OK

防火墙和SELinux设置

如果Master、Slave启用了防火墙和SELinux,则需要做如下配置:

1
2
3
4
5
$ sudo firewall-cmd --permanent --add-port=53/tcp
$ sudo firewall-cmd --reload

$ sudo chgrp named -R /var/named
$ sudo restorecon -rv /var/named

修改配置使用该DNS服务

在集群设置中,我们使用了两张网卡(eth0和eth1),其中eth0是DHCP方式分配IP,eth1是静态分配,在集群各个机器的/etc/sysconfig/network-scripts目录下修改ifcfg-eth0ifcfg-eth1两个网卡的内容,指定DNS:

1
2
3
PEERDNS="no"
DNS1="192.168.99.100"
DNS2="192.168.99.101"

重启网络:

1
$ sudo systemctl restart network

查看/etc/resolv.conf,发现已经被修改为使用了我们配置的DNS服务:

1
2
3
4
# Generated by NetworkManager
search xcluster.io
nameserver 192.168.99.100
nameserver 192.168.99.101

在master、salve上通过dig命令查询配置的DNS记录信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[[email protected] network-scripts]# dig masterdns.xcluster.io

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> masterdns.xcluster.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62978
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.xcluster.io. IN A

;; ANSWER SECTION:
masterdns.xcluster.io. 86400 IN A 192.168.99.100

;; AUTHORITY SECTION:
xcluster.io. 86400 IN NS secondarydns.xcluster.io.
xcluster.io. 86400 IN NS masterdns.xcluster.io.

;; ADDITIONAL SECTION:
secondarydns.xcluster.io. 86400 IN A 192.168.99.101

;; Query time: 1 msec
;; SERVER: 192.168.99.100#53(192.168.99.100)
;; WHEN: Mon Jan 04 14:27:48 CST 2021
;; MSG SIZE rcvd: 123

[[email protected] network-scripts]#

可以看到18、19行就是我们刚配置的nameserver,PING一个域名看看结果:

1
2
3
4
5
6
7
8
9
10
11
[[email protected] network-scripts]# ping worker-st.xcluster.io
PING worker-st.xcluster.io.xcluster.io (192.168.99.100) 56(84) bytes of data.
64 bytes from worker-st.xcluster.io.99.168.192.in-addr.arpa (192.168.99.100): icmp_seq=1 ttl=64 time=0.274 ms
64 bytes from worker-st.xcluster.io.99.168.192.in-addr.arpa (192.168.99.100): icmp_seq=2 ttl=64 time=0.575 ms
64 bytes from worker-st.xcluster.io.99.168.192.in-addr.arpa (192.168.99.100): icmp_seq=3 ttl=64 time=0.294 ms
64 bytes from worker-st.xcluster.io.99.168.192.in-addr.arpa (192.168.99.100): icmp_seq=4 ttl=64 time=0.370 ms
^C
--- worker-st.xcluster.io.xcluster.io ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.274/0.378/0.575/0.119 ms
[[email protected] network-scripts]#

从结果可以看到域名是从worker-st.xcluster.io.99.168.192.in-addr.arpa解析出来的,域名服务器搭建完成。


参考文档

评论

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×