skydns 测试记录
kevin.Zhu 发布于:2019-10-28 19:55 分类:又一文摘 有 12 人浏览,获得评论 0 条
https://blog.csdn.net/signmem/article/details/78849668
目的
1 搭建 skydns + etcd 集群
2 把原有的 powerdns 数据迁移至 skydns 中(不可行)
1
2
缺陷
无法支持多个域名, 一个 skydns 只有一个唯一域名, 由启动时候 domain 定义
没有主从 DNS 服务器的概念, 即, 无法实现与其他标准 DNS 信息同步功能
DNS SOA 记录不会 INCREMENT
skydns 支持一个提供类似 DNS 功能的小程序, 意义上并不是一个真正的 DNS 服务器
1
2
3
4
环境
角色 主机名 ipaddr os 备注
skydns terry.rhel7.vclound.com 10.199.201.142 centos7
skydns qemu-test3.vclound.com 10.199.205.226
etcd qemu-test6.vclound.com 10.199.205.229
etcd qemu-test3.vclound.com 10.199.205.226
etcd qemu-test8.vclound.com 10.199.205.231
说明
etcd 集群用于存储 dns 数据与信息
skydns 从 etcd 中读取 dns 信息
skydns 没有主从角色之分, 因为数据源来自同一个 etcd 集群
1
2
3
软件包
skydns rpm 下载 for centos 7
etcd 使用 centos7 官方自带软件
skydns 配置
/etc/skydns/skydns.conf
ETCD_MACHINES="http://10.199.205.229:2380,http://10.199.205.226:2380,http://10.199.205.231:2380"
SKYDNS_ADDR="0.0.0.0:53"
SKYDNS_NAMESERVERS="10.199.129.21:53,10.199.129.22:53"
1
2
3
说明
ETCD_MACHINES
指定当前 etcd 集群地址
SKYDNS_ADDR
本地 dns 监听地址
SKYDNS_NAMESERVERS
上层 DNS 服务器
1
2
3
4
5
6
7
8
与 docker 比较
可选地, 根据业务场景, 使用 docker 启动 skydns
docker 下启动 skydns 需要在 etcd 中具备配置 /skydns/config key (value 即上面的 ADDR 配置, NAMESERVER 配置)
rpm 版本使用配置文件进行启动, 无需在 skydns 启动前预先配置 etcd
由于当前所有宿主机都要依赖 skydns 因此无法使用 docker 环境管理服务, ( 鸡与蛋的问题 )
1
2
3
4
optional
etcd 配置方法
另一种配置方法, 只需要在 skydns.conf 中配置对应的 etcd 连接地址即可.
其他配置选项在 etcd 中进行配置
[root@qemu-test8 ~]# etcdctl set /skydns/config '{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}'
{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}
1
2
参考作用
dns_addr: IP:port on which SkyDNS should listen, defaults to 127.0.0.1:53.
domain: domain for which SkyDNS is authoritative, defaults to skydns.local..
dnssec: enable DNSSEC
hostmaster: hostmaster email address to use.
local: optional unique value for this skydns instance, default is none. This is returned when queried for local.dns.skydns.local.
round_robin: enable round-robin sorting for A and AAAA responses, defaults to true. Note that packets containing more than one CNAME are exempt from this (see issue #128 on Github).
nameservers: forward DNS requests to these (recursive) nameservers (array of IP:port combination), when not authoritative for a domain. This defaults to the servers listed in /etc/resolv.conf. Also see no_rec.
no_rec: never (ever) provide a recursive service (i.e. forward to the servers provided in -nameservers).
read_timeout: network read timeout, for DNS and talking with etcd.
ttl: default TTL in seconds to use on replies when none is set in etcd, defaults to 3600.
min_ttl: minimum TTL in seconds to use on NXDOMAIN, defaults to 30.
scache: the capacity of the DNSSEC signature cache, defaults to 10000 signatures if not set.
rcache: the capacity of the response cache, defaults to 0 messages if not set.
rcache_ttl: the TTL of the response cache, defaults to 60 if not set.
ndots: how many labels a name should have before we allow forwarding. Default to 2.
systemd: bind to socket(s) activated by systemd (ignores -addr).
path-prefix: backend(etcd) path prefix, defaults to skydns (i.e. if it is set to mydns, the SkyDNS's configuration object should be stored under the key /mydns/config).
etcd3: flag that toggles the etcd version 3 support by skydns during runtime. Defaults to false.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
service 文件
[Unit]
Description=SkyDNS service
#After=etcd.service <- 假如 etcd 不在本地, 那么这里需要屏蔽
[Service]
Type=simple
EnvironmentFile=-/etc/skydns/skydns.conf
User=skydns <- 默认使用 skydns 用户启动, 但该用户无法启用 < 1024 端口的服务
ExecStart=/usr/bin/skydns
[Install]
WantedBy=multi-user.target
1
2
3
4
5
6
7
8
9
10
11
12
授权服务启动
setcap cap_net_bind_service+ep /usr/bin/skydns (允许该命令可以监听 53 端口)
systemctl daemon-reload
1
2
服务管理
systemctl start skydns
systemctl stop skydns
1
2
验证
[root@terry ~]# lsof -i:53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
skydns 26956 skydns 5u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 6u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 7u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 8u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 9u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 10u IPv6 898567 0t0 TCP *:domain (LISTEN)
[root@terry ~]# nslookup www.baidu.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.39
Name: www.a.shifen.com
Address: 14.215.177.38
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
域名定义
ex: 当前要在 skydns 中定义 vclound.com 域
主机名解析同样以 key-value 方式存储到 etcd
域名需要以目录机构方式进行定义
举例: /skydns/com/vclound/key 即代表 key.vclound.com 的主机名, 而 value 则对应其属性, 例如 ipaddress
1
2
3
4
5
NS record
每个域中都必须具有至少一个 NS 记录
以上文域名为例
假如只有一个 dns 服务器, 那么可以存储信息到 /skydns/com/vclound/ns 位置
假如只有两个或以上的 dns 服务器, 那么必须存储信息到 /skydns/com/vclound/ns/ns1 /skydns/com/vclound/ns/ns2 中
1
2
3
4
设定 NS
[root@qemu-test8 tmp]# etcdctl set /skydns/com/vclound/dns/ns/ns1 '{"host":"10.199.201.142"}'
{"host":"10.199.201.142"}
[root@qemu-test8 tmp]# etcdctl set /skydns/com/vclound/dns/ns/ns2 '{"host":"10.199.205.226"}'
{"host":"10.199.205.226"}
1
2
3
4
验证 NS
[root@terry ~]# dig -t NS vclound.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t NS vclound.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16610
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;vclound.com. IN NS
;; ANSWER SECTION:
vclound.com. 30 IN NS ns1.ns.dns.vclound.com.
vclound.com. 30 IN NS ns2.ns.dns.vclound.com.
;; ADDITIONAL SECTION:
ns1.ns.dns.vclound.com. 30 IN A 10.199.201.142
ns2.ns.dns.vclound.com. 30 IN A 10.199.205.226
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 17:46:20 CST 2017
;; MSG SIZE rcvd: 104
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
验证 SOA
从验证可以知道, 域名对应默认的标准 DNS 是 ns.dns.vclound.com
[root@terry ~]# dig -t SOA vclound.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t SOA vclound.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42524
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;vclound.com. IN SOA
;; ANSWER SECTION:
vclound.com. 30 IN SOA ns.dns.vclound.com. hostmaster.skydns.local. 1513069200 28800 7200 604800 60
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 17:48:27 CST 2017
;; MSG SIZE rcvd: 95
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
验证 dns alias
[root@terry ~]# dig -t A ns.dns.vclound.com.
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t A ns.dns.vclound.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24770
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.dns.vclound.com. IN A
;; ANSWER SECTION:
ns.dns.vclound.com. 30 IN A 10.199.201.142
ns.dns.vclound.com. 30 IN A 10.199.205.226
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 17:50:12 CST 2017
;; MSG SIZE rcvd: 68
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
添加 A 记录
说明
添加 vhost.vclound.com
etcd 对应 key 位置 /skydns/com/vclound/vhost value 为对应 IP 地址
1
2
例子
etcdctl set /skydns/com/vclound/qemu-test3 '{"host": "10.199.205.226"}'
{"host": "10.199.205.226"}
1
2
验证
[root@terry ~]# nslookup qemu-test3.vclound.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: qemu-test3.vclound.com
Address: 10.199.205.226
1
2
3
4
5
6
多域名验证
测试
单域测试, skydns 可以正常启动
[root@qemu-test8 tmp]# etcdctl get /skydns/config
{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}
1
2
多域名测试, skydns 无法启动
[root@qemu-test8 tmp]# etcdctl set /skydns/config '{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":["vclound.com.","ceph.com."]}'
{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":["vclound.com.","ceph.com."]}
1
2
参考日志错误
Dec 12 18:22:41 terry systemd: Started SkyDNS service.
Dec 12 18:22:41 terry systemd: Starting SkyDNS service...
Dec 12 18:22:41 terry skydns: 2017/12/12 18:22:41 skydns: failed to unmarshal config: json: cannot unmarshal array into Go value of type string <--- 这里出现类型错误
Dec 12 18:22:41 terry systemd: skydns.service: main process exited, code=exited, status=1/FAILURE
Dec 12 18:22:41 terry systemd: Unit skydns.service entered failed state.
Dec 12 18:22:41 terry systemd: skydns.service failed.
1
2
3
4
5
6
源码分析
https://github.com/skynetservices/skydns/blob/master/server/config.go
config.Domain = dns.Fqdn(strings.ToLower(config.Domain)) <- 域名只支持字符, 不支持 array
1
总结
skydns 只是一个类似 dns 功能的软件
不可以吧 skydns 作为一个标准 DNS 方法使用
1
2
参考
skydns v2
skydns howto
etcd cluster
————————————————
版权声明:本文为CSDN博主「Terry_Tsang」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/signmem/article/details/78849668