文章目录
Euereka配置DNS集群
基于center os7和bind9搭建DNS服务器
安装bind,bind-utils
yum install -y bind bind-utils
在安装完BIND后,系统会多一个用户named。
启动DNS服务
systemctl start named.service
查看named进程是否正常启动
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 三 2019-01-02 14:32:07 CST; 3h 36min ago
Process: 72523 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 72705 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 72592 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 72707 (named)
Memory: 201.4M
CGroup: /system.slice/named.service
└─72707 /usr/sbin/named -u named -c /etc/named.conf
1月 02 18:01:17 jn52 named[72707]: network unreachable resolving 'api-public.addthis.com/A/IN': 2001:500:90:1::27#53
1月 02 18:01:17 jn52 named[72707]: FORMERR resolving 'facebook.com/DS/IN': 192.52.178.30#53
1月 02 18:01:18 jn52 named[72707]: network unreachable resolving 'ds-api-public.addthis.com.edgekey.net/A/IN': 2600:1406:1b::41#53
1月 02 18:03:43 jn52 named[72707]: network unreachable resolving 'count.typora.io/A/IN': 2400:cb00:2049:1::c629:dead#53
1月 02 18:03:43 jn52 named[72707]: network unreachable resolving 'count.typora.io/A/IN': 2400:cb00:2049:1::adf5:3a33#53
1月 02 18:03:43 jn52 named[72707]: network unreachable resolving 'count.typora.io/A/IN': 2400:cb00:2049:1::adf5:3b29#53
1月 02 18:05:33 jn52 named[72707]: network unreachable resolving 'clients1.google.com/A/IN': 2001:4860:4802:38::a#53
1月 02 18:05:33 jn52 named[72707]: network unreachable resolving 'clients1.google.com/A/IN': 2001:4860:4802:36::a#53
1月 02 18:05:33 jn52 named[72707]: network unreachable resolving 'clients1.google.com/A/IN': 2001:4860:4802:34::a#53
1月 02 18:05:33 jn52 named[72707]: network unreachable resolving 'clients1.google.com/A/IN': 2001:4860:4802:32::a#53
如果状态中出现了Active: active (running),就证明启动成功,否则,上面会打印异常信息,如果需要查看启动过程的具体情况,可以用如下命令:
named -g
防火墙开放TCP和UDP的53号端口
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
测试(我本机ip为192.168.1.200)
dig www.baidu.com @192.168.1.200
出现以下信息表示正常:
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.baidu.com @192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2955
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 525 IN CNAME www.a.shifen.com.
www.a.shifen.com. 300 IN A 14.215.177.39
www.a.shifen.com. 300 IN A 14.215.177.38
;; AUTHORITY SECTION:
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
;; ADDITIONAL SECTION:
ns3.a.shifen.com. 1200 IN A 112.80.255.253
ns4.a.shifen.com. 1200 IN A 14.215.177.229
ns2.a.shifen.com. 1200 IN A 220.181.57.142
ns5.a.shifen.com. 1200 IN A 180.76.76.95
ns1.a.shifen.com. 1200 IN A 61.135.165.224
;; Query time: 56 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: 三 1月 02 18:11:47 CST 2019
;; MSG SIZE rcvd: 271
配置eureka需要的DNS(本机ip为192.168.1.200)
1、 vim /etc/named.conf
options {
listen-on port 53 { any; }; // 改成 any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; // 改成any
2、vim /etc/named.rfc1912.zones
添加一个正向解析
zone "eureka.com" IN {
type master;
file "eureka.com.zone";
};
3、新建并编辑 vim /var/named/eureka.com.zone
内容如下:
$TTL 1D
@ IN SOA ns.eureka.com. root(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.eureka.com.
@ IN MX 5 mail.eureka.com.
ns IN A 192.168.22.128
mail IN A 192.168.22.128
www IN A 192.168.22.128
txt.eureka-server-region.www IN TXT "www.eureka.com"
txt.www.eureka.com. IN TXT "192.168.1.200" "192.168.1.111"
@ 代表本机
IN SOA 固定
ns.eureka.com是本机域名 .结尾
root 是管理员邮箱
NS 域名服务器记录
MX 邮箱服务器记录
A A记录
TXT TXT记录
设置可读eureka.com.zone 可读,并启动服务
chmod a+r eureka.com.zone
重启dns服务
systemctl restart named.service
配置域名解析服务
永久生效
vim /etc/sysconfig/network-scripts/ifcfg-ens33
添加一行
DNS1=192.168.1.200
DNS2=114.114.114.114
重启网络
systemctl restart network
重启网络会失效
vim /etc/resolv.conf
nameserver 192.168.1.200
nameserver 114.114.114.114
测试dns
[root@localhost ~]# nslookup www.eureka.com
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: www.eureka.com
Address: 192.168.1.200
[root@localhost ~]# nslookup -q=txt txt.www.eureka.com
Server: 192.168.1.200
Address: 192.168.1.200#53
txt.www.eureka.com text = "192.168.1.200" "192.168.1.111"
[root@localhost ~]# nslookup -q=txt txt.eureka-server-region.www.eureka.com
Server: 192.168.1.200
Address: 192.168.1.200#53
txt.eureka-server-region.www.eureka.com text = "www.eureka.com"
其他服务器配置后,解析不了,配置防火墙
查看firewalld服务当前所使用的区域:
[root@online ~]# firewall-cmd --get-default-zone
public
[root@online ~]# firewall-cmd --zone=public --query-service=dns
no
● 设置 firewalld 服务中 dns 服务为永久允许,并立即生效:
[root@online ~]# firewall-cmd --permanent --zone=public --add-service=dns
success
[root@online ~]# firewall-cmd --reload
success
再次查询验证:
[root@online ~]# firewall-cmd --zone=public --query-service=dns
yes
配置eureka 集群
application.yml配置
spring:
application:
name: eureka-server
server:
port: 8080
eureka:
instance:
hostname: ${spring.cloud.client.ipAddress} # 本机ip
prefer-ip-address: true
metadata-map:
# dns txt记录
# txt.eureka-server-region.www IN TXT "www.eureka.com"
#txt.www.eureka.com. IN TXT "192.168.22.128" "192.168.22.129" "192.168.22.130"
zone: www # 地域内的小区域,这个zone是在txt文本配置的
client:
register-with-eureka: true
fetch-registry: true
eureka-server-d-n-s-name: www.eureka.com # DNS域名
region: eureka-server-region # 地域
use-dns-for-fetching-service-urls: true
eureka-server-port: ${server.port}
eureka-server-u-r-l-context: eureka
server:
eviction-interval-timer-in-ms: 10000 #扫描失效服务的间隔时间(缺省为60*1000ms)
dns服务器(192.168.1.200)永久开放eureka占用的8080 tcp端口
firewall-cmd --add-port=8080/tcp --permanent
提示 success 表示成功
注意
任何eureka服务部署的服务器和客户端服务部署的服务器需要配置192.168.1.200(自己搭建的DNS服务器)为第一优先级dns
其他服务需要注册到eureka集群的配置
任何客户端服务部署的服务器需要配置192.168.1.200(自己搭建的DNS服务器)为第一优先级dns
eureka:
client:
#DNS域名,获取其他信息将以该域名为根域名
eureka-server-d-n-s-name: www.huidian.eureka.com
eureka-server-port: 8080
#eureka服务根目录
eureka-server-u-r-l-context: eureka
fetch-registry: true
prefer-same-zone-eureka: true
#当前应用所在区域
region: huidian-eureka-server-region
register-with-eureka: true
#获取serviceUrl时候是否优先获取相同zone的列表(如果获取为空则获取所在region第一个zone),如果为false则优先获取不在相同zone的列表
use-dns-for-fetching-service-urls: true