k8s环境之bind 9 (一)

主机名	角色	IP	部署服务
hdss7-11.host.com	k8s前端代理节点1	192.168.12.11	bind9 nginx（四层代理）keepalived supervisior
hdss7-21.host.com	k8s前端代理节点2	192.168.12.12	etcd nginx（四层代理）keepalived supervisor
hdss7-21.host.com	k8s运算节点1	192.168.12.21	etcd kube-api kube-conytroller-manager kube-scheduler kube-kubelet kube-proxy supervisior
hdss7-22.host.com	k8s运算节点2	192.168.12.22	etcd kube-api kube-conytroller-manager kube-scheduler kube-kubelet kube-proxy supervisior
hdss7-200.host.com	运维管理主机()	192.168.12.200	证书服务 docker仓库(harbor) nginx代理本机harbor pause ansible

 

 

1.开始安装11主机bind 9

安装必要软件
#yum -y install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils -y
[root@hdss7-11 ~]# yum install -y bind
配置bind
[root@hdss7-11 ~]# vi /etc/named.conf           # BIND进程的工作属性，区域的定义
13         listen-on port 53 { 192.168.154.11; };   # 监听本机IP
14         listen-on-v6 port 53 { ::1; };       # 删除，不监听IPV6
20         allow-query     { any; };            # 允许所有主机查看
21         forwarders      { 192.168.154.2; };      # 办公网上一级的DNS,（生产写运营商dns）
33         recursion yes;               # dns采用递归的查询
35         dnssec-enable no;                # 关闭，节省资源（生产可能不需要关闭）
36         dnssec-validation no;            # 关闭，节省资源，不做互联网认证

检查配置
[root@hdss7-11 ~]# named-checkconf 
[root@hdss7-11 ~]# echo $?



配置区域配置文件在文件末尾添加
[root@hdss7-11 ~]# vim /etc/named.rfc1912.zones 
zone "host.com" IN {
        type  master;
        file  "host.com.zone";
        allow-update { 192.168.12.11; };
};

zone "od.com" IN {
        type  master;
        file  "od.com.zone";
        allow-update { 192.168.12.11; };
};

配置区域数据文件   
[root@hdss7-11 ~]# vi /var/named/host.com.zone
[root@hdss7-11 ~]# cat /var/named/host.com.zone
$ORIGIN host.com.
$TTL 600    ; 10 minutes
@       IN SOA  dns.host.com. dnsadmin.host.com. (
                20200606 ; serial
                10800      ; refresh (3 hours)
                900        ; retry (15 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS   dns.host.com.
$TTL 60 ; 1 minute
dns                A    192.168.12.11
HDSS7-11           A    192.168.12.11
HDSS7-12           A    192.168.12.12
HDSS7-21           A    192.168.12.21
HDSS7-22           A    192.168.12.22
HDSS7-200          A    192.168.12.200


[root@hdss7-11 ~]# cat /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600    ; 10 minutes
@           IN SOA  dns.od.com. dnsadmin.od.com. (
                20200606 ; serial
                10800      ; refresh (3 hours)
                900        ; retry (15 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
                NS   dns.od.com.
$TTL 60 ; 1 minute
dns                A    192.168.12.11


检测区域数据文件
[root@hdss7-11 ~]#  named-checkconf
[root@hdss7-11 ~]# named-checkzone "host.com" /var/named/host.com.zone
zone host.com/IN: loaded serial 20200606
OK
[root@hdss7-11 ~]# named-checkzone "od.com" /var/named/od.com.zone
zone od.com/IN: loaded serial 20200606
OK



更改文件的属组权限
[root@hdss7-11 ~]# chown root:named /var/named/host.com.zone 
[root@hdss7-11 ~]# chown root:named /var/named/od.com.zone
[root@hdss7-11 ~]# chmod 640 /var/named/host.com.zone 
[root@hdss7-11 ~]# chmod 640 /var/named/od.com.zone 

[root@hdss7-11 ~]#  systemctl restart named
[root@hdss7-11 ~]#  systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@hdss7-11 ~]# netstat -lntup|grep 53
tcp        0      0 192.168.12.11:53        0.0.0.0:*               LISTEN      1752/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1752/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      1752/named          
udp        0      0 192.168.12.11:53        0.0.0.0:*                           1752/named          


验证解析
[root@hdss7-11 ~]#  dig -t A hdss7-21.host.com @192.168.12.11 +short
192.168.12.21
[root@hdss7-11 ~]#  dig -t A hdss7-200.host.com @192.168.12.11 +short
192.168.12.200

2 其他节点DNS指向11

11修改dns
[root@hdss7-11 ~]# cat  /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
BOOTPROTO=none
HWRADD=00:0c:29:c7:cd:40
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.12.11
GATEWAY=192.168.12.1
DNS1=192.168.12.11

[root@hdss7-11 ~]# /etc/init.d/network restart
Restarting network (via systemctl):                        [  OK  ]
[root@hdss7-11 ~]# ping baidu.com
PING baidu.com (39.156.69.79) 56(84) bytes of data.
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=128 time=202 ms
[root@hdss7-11 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search host.com
nameserver 192.168.12.11




12指定DNS
[root@hdss7-12 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
DNS=192.168.12.11
[root@hdss7-12 ~]# /etc/init.d/network restart
[root@hdss7-12 ~]# curl -I www.baidu.com
HTTP/1.1 200 OK
[root@hdss7-12 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search host.com
nameserver 192.168.12.11

21指定dns
[root@hdss7-21 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
DNS=192.168.12.11
[root@hdss7-21 ~]# /etc/init.d/network restart
Restarting network (via systemctl):                        [  OK  ]
[root@hdss7-21 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search host.com
nameserver 192.168.12.11
[root@hdss7-21 ~]# curl -i baidu.com
HTTP/1.1 200 OK

22指定dns
[root@hdss7-22 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
DNS=192.168.12.11
[root@hdss7-22 ~]# /etc/init.d/network restart
Restarting network (via systemctl):                        [  OK  ]
[root@hdss7-22 ~]# curl -i baidu.com
HTTP/1.1 200 OK
[root@hdss7-22 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search host.com
nameserver 192.168.12.11

200指定dns

[root@hdss7-200 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 
DNS=192.168.12.11
[root@hdss7-200 ~]# /etc/init.d/network restart
Restarting network (via systemctl):                        [  OK  ]
[root@hdss7-200 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search host.com
nameserver 192.168.12.11
[root@hdss7-200 ~]# curl -i www.baidu.com
HTTP/1.1 200 OK


windows 10 
将本机的网卡DNS也改成192.168.12.11   IPV4 -- 高级 -- 越点改成20
[c:~]$ ping hdss7-200.host.com
正在 Ping HDSS7-200.host.com [192.168.12.200] 具有 32 字节的数据:
来自 192.168.12.200 的回复: 字节=32 时间<1ms TTL=64

mac 
偏好设置---网络---高级---DNS--dns为192.168.12.11 搜索域为od.com


原文章已同步到语雀
https://www.yuque.com/songyifei/bkxwl0/guhrrr