High-availability dns Solution

I talked to you about dns yesterday. I thought about it today. In fact, there are three types of dns used in the production environment: 1. intranet DNS call is generally a group of data centers with a ms structure. The main function is to call resolution between applications in the data center to reduce the dependency on hosts and avoid hard encoding. Generally, the ms structure is enough, and other high-availability features are not enough. 2. Back-to-Source calls to dns are similar to that of Intranet calls to dns, but this is a cross-Data Center call, and intelligent dns resolution is generally performed through view. A common application scenario is the back-to-source dns of webcdn. The structure is similar to that of internal dns calls. 3. Internet dns provides various types of resolution, A record, CNAME, and MX for the Internet .. As a portal for user access, its importance is self-evident. Therefore, it has high availability, scalability, and performance requirements. The common practice is to create a high-availability cluster in the BGP data center for primary resolution, and create a group of cold standby high-availability DNS clusters in the dual-line or single-line data center. Here we will discuss how to use lvs for high-availability dns. It mainly draws on the mysql high-availability solution, which is generally a master database, followed by multiple slave database clusters, use lvs + keepalived for ha before the cluster database, write the program to the master database, and read the cluster database ). The specific process is as follows: 1. You can use the web Front-end to add, delete, modify, and perform dns operations. If the python program is used, you can use dnspython ). 2. slave determines whether to update the record by comparing the serial value of the zone file. 3. the user queries requests to the frontend Server Load balancer composed of lvs (dr mode) and keepalived. 4. lvs distributes requests to the slave server, and the slave server directly responds to the user.
Because dns generally uses the udp protocol for the dns protocol, you can refer to the previous blog), and we generally use lvs for tcp load balance. when using lvs to Implement udp load balance, pay attention to the following points: 1. select udp when adding realserver. Set the protocol UDP2. application listening IP address in the configuration file to vip. In this scenario, you can change the slave dns settings listen-on port 53 {vip; physical ip address;}. The vip address is used to receive lvs forwarding packets and return data to the user. The physical ip address is used to synchronize data from the master node to the slave node. health check. Both HTTP_GET and TCP_CHECK provided by lvs are TCP-based SYNC packets to check applications.) for udp checks, MISC_CHECK can be used. For example, the following settings:

virtual_server vip 53 {     delay_loop 2     lb_algo rr     lb_kind DR     protocol UDP     real_server real_server1 53 {     weight 100       MISC_CHECK {          misc_path "/etc/keepalived/check_named.sh real_server1"          misc_timeout 5        }     }        real_server real_server2 53 {        weight 100     MISC_CHECK {          misc_path "/etc/keepalived/check_named.sh real_server2"          misc_timeout 5        }        }}

The content of/etc/keepalived/check_named.sh is as follows:

#!/bin/bashSERVER=$1OK=`nslookup  www.test.com $SERVER|grep ipxxxx`if [ "$OK" == "" ] ; then    exit 1;else    exit 0;fi

If the return value is 0, the dns service is normal. If the return value is 1, the service is abnormal and will be kicked out by lvs. High-availability dns structure:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/140211/22591Ka6-0.jpg "title =" dns.png "alt =" wKioL1L45CryaLcAAAGU1cxArMI275.jpg "/>

A self-written spec file is attached to implement the chroot custom rpm package and inherit to the yum source for fast dns deployment.

Name:           Vipshop-Bind-ChrootSummary:        This is for Vipshop dns server.Group:          System Environment/DaemonsVersion:        1.0Release:        0License:        Copyright 2011 Vipshop Inc.Source:         Vipshop-Bind-Chroot-1.0.tar.gzURL:            http://www.vipshop.comPackager:       EricNiVendor:         Vipshop Inc.Provides:       Vipshop Inc.BuildRequires:  gcc-c++%descriptionThis is DNS Service pakeage , and it only distributed in Vipshop Servers .%preptest -d /usr/local/named && rm -rf /usr/local/named[ `cat /etc/passwd|grep named|wc -l` -eq 0 ] && useradd named -M -s /sbin/nologinmkdir -p  /usr/local/named /usr/local/named/var/slaves  /usr/local/named/var/named /usr/local/named/var/etc  /usr/local/named/var/logmkdir -p  /var/named/chroot/etc/namedb /var/named/chroot/etc/log /var/named/chroot/etc/run   /var/named/chroot/var/run /var/named/chroot/dev/  /var/named/chroot/etc/namedb/slaves  /var/named/chroot/etc/namedb/acl%setup -n %{name}-%{version}%buildexport BIND_HOME=/usr/local/namedexport BIND_CHROOT_HOME=/var/named/chroot./configure --prefix=${BIND_HOME} --enable-threads  --sysconfdir=/etc  --disable-openssl-version-checkmakemake installcat > ${BIND_CHROOT_HOME}/etc/named.conf << "EOF"options {directory "/etc/namedb";version "vipshop-cdn-dns";pid-file "/etc/run/named.pid";listen-on port 53 {any;};allow-query {any;};recursion yes;dump-file "/etc/namedb/cache_dump.db";zone-statistics yes;statistics-file "/etc/namedb/named_stats.txt";};logging {   channel warning   {file "/etc/log/named.log" versions 3 size 2048k;   severity warning;   print-severity yes;   print-category yes;   print-time yes;  };   channel query   {file "/etc/log/query.log" versions 3 size 2048k;   severity info;   print-category yes;   print-severity yes;   print-time yes;   };category queries   {    query;   };category default   {    warning;   };};zone "." IN {type hint;file "named.root";};zone "localhost" IN {type master;file "localhost.zone";};zone "0.0.127.in-addr.arpa" IN {type master;file "slaves/localhost.rev";};zone "vipshop.com" IN {type master;file "vipshop.zone";notify yes;also-notify {180.186.22.62;};allow-transfer {     180.186.22.62;                };};key "rndc-key" {        algorithm hmac-md5;        secret "f8Na2kl/4NuCNPEZ0f2C1Q==";};controls {        inet 127.0.0.1 port 953                allow { 127.0.0.1; } keys { "rndc-key"; };};EOFcat > ${BIND_CHROOT_HOME}/etc/rndc.conf << "EOF"key "rndc-key" {        algorithm hmac-md5;        secret "f8Na2kl/4NuCNPEZ0f2C1Q==";};options {        default-key "rndc-key";        default-server 127.0.0.1;        default-port 953;};EOFcat > ${BIND_CHROOT_HOME}/etc/rndc.key << "EOF"key "rndc-key" {        algorithm hmac-md5;        secret "f8Na2kl/4NuCNPEZ0f2C1Q==";};EOFcat > /etc/rndc.conf << "EOF"key "rndc-key" {        algorithm hmac-md5;        secret "f8Na2kl/4NuCNPEZ0f2C1Q==";};options {        default-key "rndc-key";        default-server 127.0.0.1;        default-port 953;};EOFcat >  ${BIND_CHROOT_HOME}/etc/namedb/named.root << "EOF";       This file holds the information on root name servers needed to;       initialize cache of Internet domain name servers;       (e.g. reference this file in the "cache  .  <file>";       configuration file of BIND domain name servers).;;       This file is made available by InterNIC;       under anonymous FTP as;           file                /domain/named.cache;           on server           FTP.INTERNIC.NET;       -OR-                    RS.INTERNIC.NET;;       last update:    Jan 3, 2013;       related version of root zone:   2013010300;; formerly NS.INTERNIC.NET;.                        3600000  IN  NS    A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30;; FORMERLY NS1.ISI.EDU;.                        3600000      NS    B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201;; FORMERLY C.PSI.NET;.                        3600000      NS    C.ROOT-SERVERS.NET.C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12;; FORMERLY TERP.UMD.EDU;.                        3600000      NS    D.ROOT-SERVERS.NET.D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2D::D;; FORMERLY NS.NASA.GOV;.                        3600000      NS    E.ROOT-SERVERS.NET.E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10;; FORMERLY NS.ISC.ORG;.                        3600000      NS    F.ROOT-SERVERS.NET.F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F;; FORMERLY NS.NIC.DDN.MIL;.                        3600000      NS    G.ROOT-SERVERS.NET.G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4;; FORMERLY AOS.ARL.ARMY.MIL;.                        3600000      NS    H.ROOT-SERVERS.NET.H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235;; FORMERLY NIC.NORDU.NET;.                        3600000      NS    I.ROOT-SERVERS.NET.I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53;; OPERATED BY VERISIGN, INC.;.                        3600000      NS    J.ROOT-SERVERS.NET.J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30;; OPERATED BY RIPE NCC;.                        3600000      NS    K.ROOT-SERVERS.NET.K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1;; OPERATED BY ICANN;.                        3600000      NS    L.ROOT-SERVERS.NET.L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42;; OPERATED BY WIDE;.                        3600000      NS    M.ROOT-SERVERS.NET.M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35; End of FileEOFcat > ${BIND_CHROOT_HOME}/etc/namedb/localhost.zone << "EOF"$TTL 86400$ORIGIN localhost.@ 1D IN SOA @ root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimum1D IN NS @1D IN A 127.0.0.1EOFcat > ${BIND_CHROOT_HOME}/etc/namedb/localhost.rev << "EOF"$TTL 86400@ IN SOA localhost. root.localhost. (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS localhost.1 IN PTR localhost.EOFcat > ${BIND_CHROOT_HOME}/etc/namedb/vipshop.zone << "EOF"$TTL  86400@     IN      SOA     ns1.vipshop.com.  root.vipshop.com.  (                                        2013051501 ; Serial                                        28800     ; Refresh                                        14400     ; Retry                                        3500000   ; Expire                                        86400 )   ; Minimum@        IN      NS      dns1@       IN      NS      dns2localhost       IN      A       127.0.0.1img1            IN      A       xxxximg3            IN      A       xxxximg2            IN      A       xxxximg2            IN      A       xxxxdns1            IN      A       xxxxdns2            IN      A       xxxxEOFcat > /etc/init.d/named << "EOF"#!/bin/bash## named           This shell script takes care of starting and stopping#                 named (BIND DNS server).## chkconfig: - 13 87# description: named (BIND) is a Domain Name Server (DNS) \# that is used to resolve host names to IP addresses.# probe: true                # Source function library.. /etc/rc.d/init.d/functions                # Source networking configuration.[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network                [ -r /etc/sysconfig/named ] && . /etc/sysconfig/named         [ -f /usr/local/named/sbin/named  ] || exit 0       #  [ -f /chroot/named/etc/named.conf ] || exit 0        case "$1" in           start)                  # Start daemons.                  echo -n "Starting named:"                  daemon /usr/local/named/sbin/named -c /etc/named.conf -u named -t /var/named/chroot                  echo                  touch /var/lock/subsys/named                  ;;           stop)                  # Stop daemons.                  echo -n "Shutting down named:"                  #killproc named          killall named                  rm -f /var/lock/subsys/named                  echo                  ;;           status)          #status named                  pid=`pidof -o %PPID -x named`                  if [ -z $pid ]                  then                        echo "named is stopped!!!"                  else                        echo "named is running: pid is $pid"                  fi                  exit $?                  ;;           restart)                  $0 stop                  $0 start                  exit $?                  ;;           reload)                  /usr/local/named/sbin/rndc reload                  exit $?                  ;;           probe)                  /usr/local/named/sbin/rndc reload >/dev/null 2>&1 || echo start                  exit 0                  ;;           *)                  echo "Usage: named {start|stop|status|restart|reload}"                  exit 1        esac        exit 0EOFchmod 755 /etc/init.d/namedmkdir -p  /usr/local/named /usr/local/named/var/slaves  /usr/local/named/var/named /usr/local/named/var/etc  /usr/local/named/var/logmkdir -p /var/named/chroot/usr  /var/named/chroot/etc/namedb  /var/named/chroot/var/run /var/named/chroot/dev/  /var/named/chroot/etc/namedb/slaves /var/named/chroot/etc/run /var/named/chroot/etc/log /var/named/chroot/etc/namedb/aclchown named:named  /var/named/chroot -Rchown 700 /var/named/chrootmknod /var/named/chroot/dev/null c  1 3mknod /var/named/chroot/dev/random c  1 8cp /etc/localtime  /var/named/chroot/etc/sed -i 's/SYSLOGD_OPTIONS=\(.*\)/SYSLOGD_OPTIONS=\"-m 0 -a \/var\/named\/chroot\/dev\/log\"/g' /etc/sysconfig/syslog/etc/init.d/syslog restart%preif [ ! `grep named /etc/passwd` ];thenuseradd  -M named  -s /sbin/nologinfi%postchkconfig --add namedchkconfig named onchown named:named  /var/named/chroot -Rchown named:named /usr/local/named -Rchown 700 /var/named/chroot%cleanrm -rf /usr/local/namedrm -rf /var/named%files/etc/init.d/named/usr/local/named//var/named/chroot/%doc%changelog* Thu May 16 2013 Ericni <ericni@vipshop.com>.- Create SPEC file.

This article is from the "Cai guangguang's blog". For more information, contact the author!