skydns 测试记录
田成化
目的
1 搭建 skydns + etcd 集群
2 把原有的 powerdns 数据迁移至 skydns 中(不可行)
缺陷
无法支持多个域名, 一个 skydns 只有一个唯一域名, 由启动时候 domain 定义
没有主从 DNS 服务器的概念, 即, 无法实现与其他标准 DNS 信息同步功能
DNS SOA 记录不会 INCREMENT
skydns 支持一个提供类似 DNS 功能的小程序, 意义上并不是一个真正的 DNS 服务器
环境
| 角色 | 主机名 | ipaddr | os | 备注 |
| skydns | terry.rhel7.vclound.com | 10.199.201.142 | centos7 | |
| skydns | qemu-test3.vclound.com | 10.199.205.226 | ||
| etcd | qemu-test6.vclound.com | 10.199.205.229 | ||
| etcd | qemu-test3.vclound.com | 10.199.205.226 | ||
| etcd | qemu-test8.vclound.com | 10.199.205.231 |
说明
etcd 集群用于存储 dns 数据与信息
skydns 从 etcd 中读取 dns 信息
skydns 没有主从角色之分, 因为数据源来自同一个 etcd 集群
软件包
etcd 使用 centos7 官方自带软件
skydns 配置
/etc/skydns/skydns.conf
ETCD_MACHINES="http://10.199.205.229:2380,http://10.199.205.226:2380,http://10.199.205.231:2380"
SKYDNS_ADDR="0.0.0.0:53"
SKYDNS_NAMESERVERS="10.199.129.21:53,10.199.129.22:53"
说明
ETCD_MACHINES
指定当前 etcd 集群地址
SKYDNS_ADDR
本地 dns 监听地址
SKYDNS_NAMESERVERS
上层 DNS 服务器
与 docker 比较
可选地, 根据业务场景, 使用 docker 启动 skydns
docker 下启动 skydns 需要在 etcd 中具备配置 /skydns/config key (value 即上面的 ADDR 配置, NAMESERVER 配置)
rpm 版本使用配置文件进行启动, 无需在 skydns 启动前预先配置 etcd
由于当前所有宿主机都要依赖 skydns 因此无法使用 docker 环境管理服务, ( 鸡与蛋的问题 )
optional
etcd 配置方法
另一种配置方法, 只需要在 skydns.conf 中配置对应的 etcd 连接地址即可.
其他配置选项在 etcd 中进行配置
[root@qemu-test8 ~]# etcdctl set /skydns/config '{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}'
{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}
参考作用
dns_addr: IP:port on which SkyDNS should listen, defaults to 127.0.0.1:53.
domain: domain for which SkyDNS is authoritative, defaults to skydns.local..
dnssec: enable DNSSEC
hostmaster: hostmaster email address to use.
local: optional unique value for this skydns instance, default is none. This is returned when queried for local.dns.skydns.local.
round_robin: enable round-robin sorting for A and AAAA responses, defaults to true. Note that packets containing more than one CNAME are exempt from this (see issue #128 on Github).
nameservers: forward DNS requests to these (recursive) nameservers (array of IP:port combination), when not authoritative for a domain. This defaults to the servers listed in /etc/resolv.conf. Also see no_rec.
no_rec: never (ever) provide a recursive service (i.e. forward to the servers provided in -nameservers).
read_timeout: network read timeout, for DNS and talking with etcd.
ttl: default TTL in seconds to use on replies when none is set in etcd, defaults to 3600.
min_ttl: minimum TTL in seconds to use on NXDOMAIN, defaults to 30.
scache: the capacity of the DNSSEC signature cache, defaults to 10000 signatures if not set.
rcache: the capacity of the response cache, defaults to 0 messages if not set.
rcache_ttl: the TTL of the response cache, defaults to 60 if not set.
ndots: how many labels a name should have before we allow forwarding. Default to 2.
systemd: bind to socket(s) activated by systemd (ignores -addr).
path-prefix: backend(etcd) path prefix, defaults to skydns (i.e. if it is set to mydns, the SkyDNS's configuration object should be stored under the key /mydns/config).
etcd3: flag that toggles the etcd version 3 support by skydns during runtime. Defaults to false.
service 文件
[Unit]
Description=SkyDNS service
#After=etcd.service <- 假如 etcd 不在本地, 那么这里需要屏蔽
[Service]
Type=simple
EnvironmentFile=-/etc/skydns/skydns.conf
User=skydns <- 默认使用 skydns 用户启动, 但该用户无法启用 < 1024 端口的服务
ExecStart=/usr/bin/skydns
[Install]
WantedBy=multi-user.target
授权服务启动
setcap cap_net_bind_service+ep /usr/bin/skydns (允许该命令可以监听 53 端口)
systemctl daemon-reload
服务管理
systemctl start skydns
systemctl stop skydns
验证
[root@terry ~]# lsof -i:53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
skydns 26956 skydns 5u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 6u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 7u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 8u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 9u IPv6 898000 0t0 UDP *:domain
skydns 26956 skydns 10u IPv6 898567 0t0 TCP *:domain (LISTEN)
[root@terry ~]# nslookup www.baidu.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.39
Name: www.a.shifen.com
Address: 14.215.177.38
域名定义
ex: 当前要在 skydns 中定义 vclound.com 域
主机名解析同样以 key-value 方式存储到 etcd
域名需要以目录机构方式进行定义
举例: /skydns/com/vclound/key 即代表 key.vclound.com 的主机名, 而 value 则对应其属性, 例如 ipaddress
NS record
每个域中都必须具有至少一个 NS 记录
以上文域名为例
假如只有一个 dns 服务器, 那么可以存储信息到 /skydns/com/vclound/ns 位置
假如只有两个或以上的 dns 服务器, 那么必须存储信息到 /skydns/com/vclound/ns/ns1 /skydns/com/vclound/ns/ns2 中
设定 NS
[root@qemu-test8 tmp]# etcdctl set /skydns/com/vclound/dns/ns/ns1 '{"host":"10.199.201.142"}'
{"host":"10.199.201.142"}
[root@qemu-test8 tmp]# etcdctl set /skydns/com/vclound/dns/ns/ns2 '{"host":"10.199.205.226"}'
{"host":"10.199.205.226"}
验证 NS
[root@terry ~]# dig -t NS vclound.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t NS vclound.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16610
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;vclound.com. IN NS
;; ANSWER SECTION:
vclound.com. 30 IN NS ns1.ns.dns.vclound.com.
vclound.com. 30 IN NS ns2.ns.dns.vclound.com.
;; ADDITIONAL SECTION:
ns1.ns.dns.vclound.com. 30 IN A 10.199.201.142
ns2.ns.dns.vclound.com. 30 IN A 10.199.205.226
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 17:46:20 CST 2017
;; MSG SIZE rcvd: 104
验证 SOA
从验证可以知道, 域名对应默认的标准 DNS 是 ns.dns.vclound.com
[root@terry ~]# dig -t SOA vclound.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t SOA vclound.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42524
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;vclound.com. IN SOA
;; ANSWER SECTION:
vclound.com. 30 IN SOA ns.dns.vclound.com. hostmaster.skydns.local. 1513069200 28800 7200 604800 60
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 17:48:27 CST 2017
;; MSG SIZE rcvd: 95
验证 dns alias
[root@terry ~]# dig -t A ns.dns.vclound.com.
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t A ns.dns.vclound.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24770
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.dns.vclound.com. IN A
;; ANSWER SECTION:
ns.dns.vclound.com. 30 IN A 10.199.201.142
ns.dns.vclound.com. 30 IN A 10.199.205.226
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 17:50:12 CST 2017
;; MSG SIZE rcvd: 68
添加 A 记录
说明
添加 vhost.vclound.com
etcd 对应 key 位置 /skydns/com/vclound/vhost value 为对应 IP 地址
例子
etcdctl set /skydns/com/vclound/qemu-test3 '{"host": "10.199.205.226"}'
{"host": "10.199.205.226"}
验证
[root@terry ~]# nslookup qemu-test3.vclound.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: qemu-test3.vclound.com
Address: 10.199.205.226
多域名验证
测试
单域测试, skydns 可以正常启动
[root@qemu-test8 tmp]# etcdctl get /skydns/config
{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}
多域名测试, skydns 无法启动
[root@qemu-test8 tmp]# etcdctl set /skydns/config '{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":["vclound.com.","ceph.com."]}'
{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":["vclound.com.","ceph.com."]}
参考日志错误
Dec 12 18:22:41 terry systemd: Started SkyDNS service.
Dec 12 18:22:41 terry systemd: Starting SkyDNS service...
Dec 12 18:22:41 terry skydns: 2017/12/12 18:22:41 skydns: failed to unmarshal config: json: cannot unmarshal array into Go value of type string <--- 这里出现类型错误
Dec 12 18:22:41 terry systemd: skydns.service: main process exited, code=exited, status=1/FAILURE
Dec 12 18:22:41 terry systemd: Unit skydns.service entered failed state.
Dec 12 18:22:41 terry systemd: skydns.service failed.
源码分析
https://github.com/skynetservices/skydns/blob/master/server/config.go
config.Domain = dns.Fqdn(strings.ToLower(config.Domain)) <- 域名只支持字符, 不支持 array
总结
skydns 只是一个类似 dns 功能的软件
不可以吧 skydns 作为一个标准 DNS 方法使用
参考
类似资料: