DNS 服务

优质

小牛编辑

134浏览

2023-12-01

概述

OCP 运行依赖 DNS 服务主要体现在两个方面：

解析 OCP 各节点的域名，及应用服务域名（必须）

通常需要添加 A 类型记录

master.example.com    A   10.66.208.101
infra.example.com     A   10.66.208.102
node1.example.com     A   10.66.208.103
node2.example.com     A   10.66.208.104
nfs.example.com       A   10.66.208.105
registry.example.com     A   10.66.208.106

*.apps.example.com. 300 IN  A 10.66.208.102

Note	应用服务 A 记录 IP 地址位 router IP。

DNS 服务可以通过两种方式提供：dnsmasq，unbound，两者选其一即可，生产环境推荐使用 unbound。

dnsmasq 配置

1. dnsmasq 安装

# rpm -qa | grep dnsmasq
dnsmasq-2.76-5.el7.x86_64

2. A Records 添加

# cat /etc/dnsmasq.d/openshift-cluster.conf
local=/example.com/
address=/.apps.example.com/10.66.208.102
address=/master.example.com/10.66.208.101
address=/infra.example.com/10.66.208.102
address=/node1.example.com/10.66.208.103
address=/node2.example.com/10.66.208.104
address=/nfs.example.com/10.66.208.105
address=/registry.example.com/10.66.208.106

3. 配置 forward/upstream，是 OCP 环境能够解析外部域名

# cat /etc/dnsmasq.d/origin-upstream-dns.conf
server=10.72.17.5
server=8.8.8.8

4. 启动服务

# systemctl start dnsmasq.service && systemctl enable dnsmasq.service && systemctl status dnsmasq.service

5. 测试

# for i in master infra node1 node2 nfs registry ; do dig $i.example.com @10.66.208.106 +short ; done
10.66.208.101
10.66.208.102
10.66.208.103
10.66.208.104
10.66.208.105
10.66.208.106

# for i in bar foo test xyz ; do dig $i.apps.example.com @10.66.208.106 +short ; done
10.66.208.102
10.66.208.102
10.66.208.102
10.66.208.102

# dig github.com @10.66.208.106 +short
192.30.253.113
192.30.253.112

Note	10.66.208.106 为 DNS 服务器 IP 地址。