一、背景介绍

在日常工作中，为解决内网域名解析问题，时长会配置DNS服务来提供解析。这时DNS服务就起到了为所有内部服务提供连通的基础，变得非常重要了。所以在服务启动后还是应该考虑服务的高可用和数据的完整性。

网友有很多LVS+Keepalived+Bind的负载均衡高可用的解决方案，非常不错。不过自建DNS常用在公司内部平台之间的调用，所以负载均衡的意义并不是太大。当然，高可用还是需要保证的。本文章介绍通过Keepalived+Bind实现高可用主从同步DNS服务

二、基础环境

Master DNS：10.61.100.51

Slave DNS：10.61.100.52

VIP：10.61.100.50

三、bind配置

3.1、安装bind（主从）

#yuminstallbindbind-chroot安装包的作用就不做过多的介绍了

安装完成后会生成下面的文件

[root@ip-10-61-100-51~]#ll/var/named/chroot/
总用量20
drwxr-x---2rootnamed40967月1116:55dev
drwxr-x---5rootnamed40967月1119:31etc
drwxr-xr-x2rootroot40967月1119:31lib64
drwxr-xr-x3rootroot40967月1116:55usr
drwxr-x---6rootnamed40967月1116:55var
[root@ip-10-61-100-51~]#ll/etc/named.conf
-rw-r-----1rootnamed13117月1117:39/etc/named.conf
其中/etc/named.conf其实就是/var/named/chroot/etc/named.conf，在启动后会在/var/named/chroot/etc生成相关配置文件。

3.2、创建named.conf配置文件（主从都要配置，从配置在下面给出）

vim/etc/named.conf
options{
directory"/var/named";
listen-on{any;};
version"[wowoohr-1.0]";
forwarders{202.96.209.5;
114.114.114.114;
};
recursionyes;
allow-query{0.0.0.0/0;};
};
 
logging{
channeldefault_log{
file"/etc/log/dns-default.log"versions10size1m;
severityinfo;
};
channellamer_log{
file"/etc/log/dns-lamer.log"versions3size1m;
severityinfo;
print-severityyes;
print-timeyes;
print-categoryyes;
};
channelquery_log{
file"/etc/log/dns-query.log"versions10size10m;
severityinfo;
};
channelsecurity_log{
file"/etc/log/dns-security.log"versions3size1m;
severityinfo;
print-severityyes;
print-timeyes;
print-categoryyes;
};
categorylame-servers{lamer_log;};
categorysecurity{security_log;};
categoryqueries{query_log;};
categorydefault{default_log;};
};
 
 
zone"."{
typehint;
file"/etc/named.root";
};
 
zone"myshebao.com"{
typemaster;
file"/etc/master/test.com.zone";
allow-transfer{10.61.100.52;};
};

3.3、创建named.root配置文件（主从都要配置且配置一样，故从配置不在给出）

[root@ip-10-61-100-51etc]#catnamed.root
;Thisfileholdstheinformationonrootnameserversneededto
;initializecacheofInternetdomainnameservers
;
;ThisfileismadeavailablebyInterNIC
;underanonymousFTPas
;file/domain/named.root
;onserverFTP.INTERNIC.NET
;-OR-RS.INTERNIC.NET
;
;lastupdate:Jan29,2004
;relatedversionofrootzone:2004012900
;
;
;formerlyNS.INTERNIC.NET
;
.3600000INNSA.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.3600000A198.41.0.4
;
;formerlyNS1.ISI.EDU
;
.3600000NSB.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.3600000A192.228.79.201
;
;formerlyC.PSI.NET
;
.3600000NSC.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.3600000A192.33.4.12
;
;formerlyTERP.UMD.EDU
;
.3600000NSD.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.3600000A128.8.10.90
;
;formerlyNS.NASA.GOV
;
.3600000NSE.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.3600000A192.203.230.10
;
;formerlyNS.ISC.ORG
;
.3600000NSF.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.3600000A192.5.5.241
;
;formerlyNS.NIC.DDN.MIL
;
.3600000NSG.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.3600000A192.112.36.4
.3600000NSE.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.3600000A192.203.230.10
;
;formerlyNS.ISC.ORG
;
.3600000NSF.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.3600000A192.5.5.241
;
;formerlyNS.NIC.DDN.MIL
;
.3600000NSG.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.3600000A192.112.36.4
;
;formerlyAOS.ARL.ARMY.MIL
;
.3600000NSH.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.3600000A128.63.2.53
;
;formerlyNIC.NORDU.NET
;
.3600000NSI.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.3600000A192.36.148.17
;
;operatedbyVeriSign,Inc.
;
.3600000NSJ.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.3600000A192.58.128.30
;
;operatedbyRIPENCC
;
.3600000NSK.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.3600000A193.0.14.129
;
;operatedbyICANN
;
.3600000NSL.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.3600000A198.32.64.12
;
;operatedbyWIDE
;
.3600000NSM.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.3600000A202.12.27.33
;EndofFile

3.4、根据配置文件创建相关目录（主配置）

[root@ip-10-61-100-51etc]#cd/var/named/chroot/etc/
[root@ip-10-61-100-51etc]#mkdirlogmaster
[root@ip-10-61-100-51etc]#chownnamed:namedlog/-R

3.5、创建zone区域文件（主配置）

[root@ip-10-61-100-51etc]#vimmaster/test.com.zone
 
$TTL1D
@INSOAns1.test.com.yull.test.com.(
2017071104;serial
1D;refresh
1H;retry
1W;expire
3H);minimum
 
INNSns1.test.com.
INNSns2.test.com.
 
ns1INA10.61.100.51
ns2INA10.61.100.52
 
redisINA10.61.100.51
dbINA10.61.100.53

3.6、启动named服务（主配置）

#servicenamedstart

3.7、从服务器named.conf配置。注意从服务器也需要named.root文件

[root@ip-10-61-100-52~]#cat/etc/named.conf
options{
directory"/var/named";
listen-on{any;};
version"[wowoohr-1.0]";
forwarders{202.96.209.5;
114.114.114.114;
};
recursionyes;
allow-query{0.0.0.0/0;};
};
 
logging{
channeldefault_log{
file"/etc/log/dns-default.log"versions10size1m;
severityinfo;
};
channellamer_log{
file"/etc/log/dns-lamer.log"versions3size1m;
severityinfo;
print-severityyes;
print-timeyes;
print-categoryyes;
};
channelquery_log{
file"/etc/log/dns-query.log"versions10size10m;
severityinfo;
};
channelsecurity_log{
file"/etc/log/dns-security.log"versions3size1m;
severityinfo;
print-severityyes;
print-timeyes;
print-categoryyes;
};
categorylame-servers{lamer_log;};
categorysecurity{security_log;};
categoryqueries{query_log;};
categorydefault{default_log;};
};
 
 
zone"."{
typehint;
file"/etc/named.root";
};
 
zone"myshebao.com"{
typeslave;
file"/etc/slave/test.com.zone";
masters{
10.61.100.51;
};
allow-transfer{none;};
};

3.8、创建相关目录文件（从）

[root@ip-10-61-100-52etc]#cd/var/named/chroot/etc/
[root@ip-10-61-100-52etc]#mkdirlogslave
[root@ip-10-61-100-52etc]#chownnamed:namedlog/-R

3.9、启动named服务（从）

#servicenamedstart

如成功配置，则会在从的/var/named/chroot/etc/slave下同步test.com.zone配置文件。

四、Keepalived高可用配置

4.1、安装Keepalived（主从）

#yum-yinstallkeepalived

4.2、修改配置文件

设计思路：
当 Master 与 Slave 均运作正常时,Master负责服务，Slave负责Standby；
当 Master 挂掉，Slave 正常时,Slave接管服务；
当 Master 恢复正常，恢复Master身份
然后依次循环。需要注意的是修改数据只能在Master修改。

[root@ip-10-61-100-51etc]#cat/etc/keepalived/keepalived.conf
!ConfigurationFileforkeepalived
 
global_defs{
notification_email{
yu.liang.liang@wowoohr.com
}
notification_email_fromAlexandre.Cassen@firewall.loc
smtp_server192.168.200.1
smtp_connect_timeout30
router_idLVS_DEVEL
}
 
vrrp_scriptchk_dns{
script"/etc/keepalived/scripts/dns_check.sh"
interval2
}
 
 
vrrp_instanceV_DNS{
stateMASTER
interfaceeth0
virtual_router_id153
priority100#从服务器修改为80
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
track_script{
chk_dns
}
 
virtual_ipaddress{
10.61.100.50
}
notify_master/etc/keepalived/scripts/dns_master.sh
notify_backup/etc/keepalived/scripts/dns_backup.sh
notify_fault/etc/keepalived/scripts/dns_fault.sh
notify_stop/etc/keepalived/scripts/dns_stop.sh
}

上述中的脚本因为Keepalived在转换状态时会依照状态来呼叫：

通过dns_check.sh来检测服务可用性

当进入Master状态时会呼叫notify_master

当进入Backup状态时会呼叫notify_backup

当发现异常情况时进入Fault状态呼叫notify_fault

当Keepalived程序终止时则呼叫notify_stop

4.3、编辑相关脚本（主从）

#vim/etc/keepalived/scripts/dns_check.sh
 
#!/bin/bash
ALIVE=`netstat-ntpl|grep"53"`
if[$?==0];then
exit0
else
exit1
fi

#vim/etc/keepalived/scripts/dns_master.sh
 
LOGFILE="/var/log/keepalived-dns-state.log"
echo"[master]">>$LOGFILE
date>>$LOGFILE
echo"Beingmaster....">>$LOGFILE2>&1
echo"Runreloadcmd...">>$LOGFILE
servicenamedreload>>$LOGFILE2>&1

#vim/etc/keepalived/scripts/dns_backup.sh
 
LOGFILE="/var/log/keepalived-dns-state.log"
echo"[backup]">>$LOGFILE
date>>$LOGFILE
servicenamedreload>>$LOGFILE2>&1
echo"Beingslave....">>$LOGFILE2>&1

#vim/etc/keepalived/scripts/dns_fault.sh
 
#!/bin/bash
LOGFILE=/var/log/keepalived-dns-state.log
echo"[fault]">>$LOGFILE
date>>$LOGFILE

#vim/etc/keepalived/scripts/dns_stop.sh
 
#!/bin/bash
LOGFILE=/var/log/keepalived-dns-state.log
echo"[stop]">>$LOGFILE
date>>$LOGFILE

4.4、给脚本都加上可执行权限：

#sudochmod+x/etc/keepalived/scripts/*.sh

4.5、启动Keepalived服务

#servicekeepalivedstart

五、验证

[root@ip-10-61-100-51etc]#netstat-ntpl|grep53
tcp0010.61.100.50:530.0.0.0:*LISTEN12314/named
tcp0010.61.100.51:530.0.0.0:*LISTEN12314/named
tcp00127.0.0.1:530.0.0.0:*LISTEN12314/named
tcp00127.0.0.1:9530.0.0.0:*LISTEN12314/named
tcp00::1:953:::*LISTEN12314/named

[root@ip-10-61-100-52~]#vim/etc/keepalived/scripts/dns_stop.sh
[root@ip-10-61-100-52~]#netstat-ntpl|grep53
tcp0010.61.100.52:530.0.0.0:*LISTEN8220/named
tcp00127.0.0.1:530.0.0.0:*LISTEN8220/named
tcp00127.0.0.1:9530.0.0.0:*LISTEN8220/named
tcp00::1:953:::*LISTEN8220/named

可以看到VIP已经绑定在Master上，同时可以模拟Master挂掉。VIP会自动漂移到Slave上，带Master恢复后，会再次回到Master上，保证服务可用性。