使用bind轉發consul DNS服務

使用bind轉發consul DNS服務

1、安裝bind

yum install bind bind-utils -y

2、配置name服務做解析

vim /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; };

        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

include "/etc/named/consul.conf";

新增一行配置“include “/etc/named/consul.conf”;”

3、創建consul.conf配置

touch /etc/named/consul.conf

vim /etc/named/consul.conf

zone "consul" IN {
  type forward;
  forward only;
  forwarders { 172.16.10.205 port 8600;172.16.10.206 port 8600;172.16.10.206 port 8600; };
};

將所有對"consul"結尾的域名查詢都轉發給172.16.10.205、172.16.10.206、172.16.10.207的三臺DNS服務器

4、啓動bind

systemctl start named

5、測試DNS解析

• 測試consul DNS服務解析

  [root@grafana etc]# dig @172.16.10.205 -p 8600 minio.service.consul A
  
  ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @172.16.10.205 -p 8600 minio.service.consul A
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33542
  ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5
  ;; WARNING: recursion requested but not available
  
  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 4096
  ;; QUESTION SECTION:
  ;minio.service.consul.          IN      A
  
  ;; ANSWER SECTION:
  minio.service.consul.   0       IN      A       172.16.10.228
  minio.service.consul.   0       IN      A       172.16.10.229
  minio.service.consul.   0       IN      A       172.16.10.227
  minio.service.consul.   0       IN      A       172.16.10.226
  

• 測試一下bind域名轉發

[root@grafana etc]# dig @127.0.0.1 minio.service.consul

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @127.0.0.1 minio.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22979
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;minio.service.consul.          IN      A

;; ANSWER SECTION:
minio.service.consul.   0       IN      A       172.16.10.226
minio.service.consul.   0       IN      A       172.16.10.227
minio.service.consul.   0       IN      A       172.16.10.229
minio.service.consul.   0       IN      A       172.16.10.228