skydns 测试记录

目的

1 搭建 skydns + etcd 集群2 把原有的 powerdns 数据迁移至 skydns 中(不可行)

缺陷

无法支持多个域名, 一个 skydns 只有一个唯一域名, 由启动时候 domain 定义没有主从 DNS 服务器的概念,  即, 无法实现与其他标准 DNS 信息同步功能DNS SOA 记录不会 INCREMENTskydns 支持一个提供类似 DNS 功能的小程序, 意义上并不是一个真正的 DNS 服务器

环境

角色主机名ipaddros备注skydnsterry.rhel7.vclound.com10.199.201.142centos7skydnsqemu-test3.vclound.com10.199.205.226etcdqemu-test6.vclound.com10.199.205.229etcdqemu-test3.vclound.com10.199.205.226etcdqemu-test8.vclound.com10.199.205.231

说明

etcd 集群用于存储 dns 数据与信息skydns 从 etcd 中读取 dns 信息skydns 没有主从角色之分, 因为数据源来自同一个 etcd 集群

软件包

skydns rpm 下载 for centos 7

etcd 使用 centos7 官方自带软件

skydns 配置

/etc/skydns/skydns.conf

ETCD_MACHINES="http://10.199.205.229:2380,http://10.199.205.226:2380,http://10.199.205.231:2380"SKYDNS_ADDR="0.0.0.0:53"SKYDNS_NAMESERVERS="10.199.129.21:53,10.199.129.22:53"

说明

ETCD_MACHINES指定当前 etcd 集群地址SKYDNS_ADDR本地 dns 监听地址SKYDNS_NAMESERVERS上层 DNS 服务器

与 docker 比较

可选地, 根据业务场景, 使用 docker 启动 skydnsdocker 下启动 skydns 需要在 etcd 中具备配置  /skydns/config  key (value 即上面的 ADDR 配置, NAMESERVER 配置) rpm 版本使用配置文件进行启动, 无需在 skydns 启动前预先配置 etcd由于当前所有宿主机都要依赖 skydns 因此无法使用 docker 环境管理服务, ( 鸡与蛋的问题 ) 

optional

etcd 配置方法

另一种配置方法, 只需要在 skydns.conf 中配置对应的 etcd 连接地址即可.

其他配置选项在 etcd 中进行配置

[root@qemu-test8 ~]# etcdctl set /skydns/config '{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}'{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}

参考作用

dns_addr: IP:port on which SkyDNS should listen, defaults to 127.0.0.1:53.domain: domain for which SkyDNS is authoritative, defaults to skydns.local..dnssec: enable DNSSEChostmaster: hostmaster email address to use.local: optional unique value for this skydns instance, default is none. This is returned when queried for local.dns.skydns.local.round_robin: enable round-robin sorting for A and AAAA responses, defaults to true. Note that packets containing more than one CNAME are exempt from this (see issue #128 on Github).nameservers: forward DNS requests to these (recursive) nameservers (array of IP:port combination), when not authoritative for a domain. This defaults to the servers listed in /etc/resolv.conf. Also see no_rec.no_rec: never (ever) provide a recursive service (i.e. forward to the servers provided in -nameservers).read_timeout: network read timeout, for DNS and talking with etcd.ttl: default TTL in seconds to use on replies when none is set in etcd, defaults to 3600.min_ttl: minimum TTL in seconds to use on NXDOMAIN, defaults to 30.scache: the capacity of the DNSSEC signature cache, defaults to 10000 signatures if not set.rcache: the capacity of the response cache, defaults to 0 messages if not set.rcache_ttl: the TTL of the response cache, defaults to 60 if not set.ndots: how many labels a name should have before we allow forwarding. Default to 2.systemd: bind to socket(s) activated by systemd (ignores -addr).path-prefix: backend(etcd) path prefix, defaults to skydns (i.e. if it is set to mydns, the SkyDNS's configuration object should be stored under the key /mydns/config).etcd3: flag that toggles the etcd version 3 support by skydns during runtime. Defaults to false.

service 文件

[Unit]Description=SkyDNS service#After=etcd.service             <- 假如 etcd 不在本地, 那么这里需要屏蔽[Service]Type=simpleEnvironmentFile=-/etc/skydns/skydns.confUser=skydns                      <- 默认使用 skydns 用户启动, 但该用户无法启用 < 1024 端口的服务ExecStart=/usr/bin/skydns[Install]WantedBy=multi-user.target

授权服务启动

setcap cap_net_bind_service+ep /usr/bin/skydns   (允许该命令可以监听 53 端口)systemctl daemon-reload

服务管理

systemctl start skydnssystemctl stop skydns

验证

[root@terry ~]# lsof -i:53COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAMEskydns  26956 skydns    5u  IPv6 898000      0t0  UDP *:domainskydns  26956 skydns    6u  IPv6 898000      0t0  UDP *:domainskydns  26956 skydns    7u  IPv6 898000      0t0  UDP *:domainskydns  26956 skydns    8u  IPv6 898000      0t0  UDP *:domainskydns  26956 skydns    9u  IPv6 898000      0t0  UDP *:domainskydns  26956 skydns   10u  IPv6 898567      0t0  TCP *:domain (LISTEN)[root@terry ~]# nslookup www.baidu.comServer:         127.0.0.1Address:        127.0.0.1#53Non-authoritative answer:www.baidu.com   canonical name = www.a.shifen.com.Name:   www.a.shifen.comAddress: 14.215.177.39Name:   www.a.shifen.comAddress: 14.215.177.38

域名定义

ex: 当前要在 skydns 中定义 vclound.com 域主机名解析同样以 key-value 方式存储到 etcd域名需要以目录机构方式进行定义举例: /skydns/com/vclound/key  即代表 key.vclound.com 的主机名, 而 value 则对应其属性, 例如 ipaddress 

NS record

每个域中都必须具有至少一个 NS  记录以上文域名为例假如只有一个 dns 服务器, 那么可以存储信息到  /skydns/com/vclound/ns 位置假如只有两个或以上的 dns 服务器, 那么必须存储信息到  /skydns/com/vclound/ns/ns1 /skydns/com/vclound/ns/ns2 中

设定 NS

[root@qemu-test8 tmp]# etcdctl set /skydns/com/vclound/dns/ns/ns1 '{"host":"10.199.201.142"}'{"host":"10.199.201.142"}[root@qemu-test8 tmp]# etcdctl set /skydns/com/vclound/dns/ns/ns2 '{"host":"10.199.205.226"}'{"host":"10.199.205.226"}

验证 NS

[root@terry ~]# dig -t NS vclound.com; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t NS vclound.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16610;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2;; QUESTION SECTION:;vclound.com.                   IN      NS;; ANSWER SECTION:vclound.com.            30      IN      NS      ns1.ns.dns.vclound.com.vclound.com.            30      IN      NS      ns2.ns.dns.vclound.com.;; ADDITIONAL SECTION:ns1.ns.dns.vclound.com. 30      IN      A       10.199.201.142ns2.ns.dns.vclound.com. 30      IN      A       10.199.205.226;; Query time: 1 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Tue Dec 12 17:46:20 CST 2017;; MSG SIZE  rcvd: 104

验证 SOA

从验证可以知道, 域名对应默认的标准 DNS 是 ns.dns.vclound.com

[root@terry ~]# dig -t SOA vclound.com; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t SOA vclound.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42524;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;vclound.com.                   IN      SOA;; ANSWER SECTION:vclound.com.            30      IN      SOA     ns.dns.vclound.com. hostmaster.skydns.local. 1513069200 28800 7200 604800 60;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Tue Dec 12 17:48:27 CST 2017;; MSG SIZE  rcvd: 95

验证 dns alias

[root@terry ~]# dig -t A ns.dns.vclound.com.; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> -t A ns.dns.vclound.com.;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24770;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;ns.dns.vclound.com.            IN      A;; ANSWER SECTION:ns.dns.vclound.com.     30      IN      A       10.199.201.142ns.dns.vclound.com.     30      IN      A       10.199.205.226;; Query time: 1 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Tue Dec 12 17:50:12 CST 2017;; MSG SIZE  rcvd: 68

添加 A 记录

说明

添加  vhost.vclound.cometcd  对应 key 位置  /skydns/com/vclound/vhost  value 为对应 IP 地址 

例子

etcdctl set /skydns/com/vclound/qemu-test3 '{"host": "10.199.205.226"}'{"host": "10.199.205.226"}

验证

[root@terry ~]# nslookup qemu-test3.vclound.comServer:         127.0.0.1Address:        127.0.0.1#53Name:   qemu-test3.vclound.comAddress: 10.199.205.226

多域名验证

测试

单域测试, skydns 可以正常启动

[root@qemu-test8 tmp]# etcdctl get /skydns/config{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":"vclound.com."}

多域名测试, skydns 无法启动

[root@qemu-test8 tmp]# etcdctl set /skydns/config '{"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":["vclound.com.","ceph.com."]}'   {"dns_addr":"0.0.0.0:53","ttl":30, "nameservers": ["10.199.129.21:53","10.199.129.22:53"], "domain":["vclound.com.","ceph.com."]}

参考日志错误

Dec 12 18:22:41 terry systemd: Started SkyDNS service.Dec 12 18:22:41 terry systemd: Starting SkyDNS service...Dec 12 18:22:41 terry skydns: 2017/12/12 18:22:41 skydns: failed to unmarshal config: json: cannot unmarshal array into Go value of type string              <--- 这里出现类型错误Dec 12 18:22:41 terry systemd: skydns.service: main process exited, code=exited, status=1/FAILUREDec 12 18:22:41 terry systemd: Unit skydns.service entered failed state.Dec 12 18:22:41 terry systemd: skydns.service failed.

源码分析

https://github.com/skynetservices/skydns/blob/master/server/config.go

config.Domain = dns.Fqdn(strings.ToLower(config.Domain))                  <- 域名只支持字符,  不支持 array

总结

skydns 只是一个类似 dns 功能的软件不可以吧 skydns 作为一个标准 DNS  方法使用

参考

skydns v2

skydns howto

etcd cluster