Dns负载均衡及zabbix监控

Posted 2021-04-15 运维讲堂

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了Dns负载均衡及zabbix监控相关的知识，希望对你有一定的参考价值。

为什么要对dns做负载呢?

答案不是因为请求压力过大,而是将CDN业务按一定比例分流.例如我有几家cdn合作的公司,我可以通过权重比达到我期望的流量分摊值。

架构图:

服务器ip列表:

ip	角色名	软件	OS
192.168.214.85	vip
192.168.214.76	Master-DR1	Keepalive+lvs	Centos7.3
192.168.214.77	Slave-DR2	Keepalive+lvs	Centos7.3
192.168.211.79	RS1	Bind	Centos7.3
192.168.211.83	RS2	Bind	Centos7.3
192.168.211.84	RS3	Bind	Centos7.3

1.1 Master-DR1安装与配置

yum install keepalived ipvsadm

[root@localhost ~]# more/etc/keepalived/keepalived.conf

Keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

test@opdevos.com

}

notification_email_from ReportLog@opdevos.com

#smtp_server 127.0.0.1

#smtp_connect_timeout 30

#router_id LVS_MH_1

lvs_id LVS_DNS_01

}

vrrp_sync_group VG1 {

group {

VI_1

VI_GATEWAY

}

vrrp_instance VI_1 {

state MASTER

interface eth0

virtual_router_id 60

priority 150

advert_int 1

lvs_sync_daemon_inteface eth0

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.214.85

}

vrrp_instance VI_GATEWAY {

state MASTER

interface eth1

lvs_sync_daemon_inteface eth1

virtual_router_id 61

priority 150

advert_int 1

authentication{

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.211.85

}

virtual_server 192.168.214.85 53 {

delay_loop 60

lb_algo wlc

lb_kind NAT

#nat_mask 255.255.255.0

persistence_timeout 10

protocol UDP

real_server 192.168.211.79 53 {

weight 5

MISC_CHECK {

connect_timeout 5

misc_path "/scripts/dnscheck 192.168.211.79"

}

real_server 192.168.211.83 53 {

weight 3

MISC_CHECK {

connect_timeout 5

misc_path "/scripts/dnscheck 192.168.211.83"

}

real_server 192.168.211.84 53 {

weight 2

MISC_CHECK {

connect_timeout 5

misc_path "/scripts/dnscheck 192.168.211.84"

}

1.2Slave-DR2安装与配置

yum install keepalived ipvsadm

[root@localhost ~]# more/etc/keepalived/keepalived.conf

Keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

test@devops.cn

}

notification_email_from ReportLog@devops.cn

#smtp_server 127.0.0.1

#smtp_connect_timeout 30

#router_id LVS_MH_1

lvs_id LVS_DNS_01

}

vrrp_sync_group VG1 {

group {

VI_1

VI_GATEWAY

}

vrrp_instance VI_1 {

state BACKUP

interface eth0

virtual_router_id 60

priority 100

advert_int 1

lvs_sync_daemon_inteface eth0

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.214.85

}

vrrp_instance VI_GATEWAY {

state BACKUP

interface eth1

lvs_sync_daemon_inteface eth1

virtual_router_id 61

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.211.85

}

virtual_server 192.168.214.85 53 {

delay_loop 60

lb_algo wlc

lb_kind NAT

#nat_mask 255.255.255.0

persistence_timeout 10

protocol UDP

real_server 192.168.211.79 53 {

weight 5

MISC_CHECK {

connect_timeout 5

misc_path "/scripts/dnscheck 192.168.211.79"

}

real_server 192.168.211.83 53 {

weight 3

MISC_CHECK {

connect_timeout 5

misc_path "/scripts/dnscheck 192.168.211.83"

}

real_server 192.168.211.84 53 {

weight 2

MISC_CHECK {

connect_timeout 5

misc_path "/scripts/dnscheck 192.168.211.84"

}

**通过以上配置,理论上来说dns请求会以50%请求进入DR1,30%请求进入DR2,20%的请求进入DR1.后面将会用脚本模拟用户请求来验证.**

1.3 后端dns健康检查脚本

[root@localhost ~]# more /scripts/dnscheck

#!/usr/bin/env python

#opdevos.com Dns Healthy Check!

#Auth:jacky

import sys, DNS

query = "opdevos.com"

dns_server=sys.argv[1]

match_key="monitor"

#match_key="ok"

#DNS.DiscoverNameServers()

DNS.defaults['server']=[dns_server]

reqobj = DNS.Request()

try:

answerobj = reqobj.req(name = query, qtype = DNS.Type.TXT)

except:

print "Connection refused"

sys.exit(1)

if not len(answerobj.answers):

print "Not found."

sys.exit(1)

for item in answerobj.answers:

#print "%-5s %s" % (item['typename'], item['data'])

if match_key in item['data']:

#print "sucess!"

sys.exit(0)

else:

#print "match_key Error!"

sys.exit(1)

RS1与RS2,RS3安装与配置

yum install bind bind-utils -y

$TTL 3600

@ IN SOA ns1.opdevos.com support(

2018072301 ; serial

3600 ; refresh

900 ; retry

3600000; expire

1800) ; minimum

IN NS ns1.opdevos.com.

IN TXT "monitor"

ns1 IN A 192.168.214.85

www IN A 192.168.211.111

手动测试:

[root@zabbix01 ~]# dig @192.168.214.85www.opdevos.com |grep www

; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> @192.168.214.85www.opdevos.com

;www.opdevos.com. IN A

www.opdevos.com. 3600 IN A 192.168.211.111

脚本测试:

dns_query.py

#!/usr/bin/env python

#coding=utf8

#Auth:Jacky

fromscapy.all import *

defDnsQuery(sip):

ip_header=IP(src=sip,dst="192.168.214.85")

udp_header=UDP(dport=53)

dns_header=DNS(id=1,qr=0,opcode=0,tc=0,rd=1,qdcount=1,ancount=0,nscount=0,arcount=0)#构造标准的DNS数据包

dns_header.qd=DNSQR(qname="www.opdevos.com,qtype=1,qclass=1) #构造DNS资源记录

packet=ip_header/udp_header/dns_header

ans,unans=sr(packet,timeout=1,verbose=0)

type_dict={1:'A',5:'CNAME'}

#print ans[0]

for s,r in ans:

print "Received_IP:%s"%(r[IP].dst)

print "Query Domain:%s"%(r[DNS].qd.qname)

print "%s\t%s"%("Type","IP(Domain)")

print "-"*30

for i in xrange(15):

try:

print "%s\t%s"%(type_dict[r[DNS].an[i].type],r[DNS].an[i].rdata)

except:

pass

print "*"*30

for xin xrange(1,255):

ip="192.168.214."+str(x)

#print ip

DnsQuery(ip)

脚本执行结果:

[root@zabbix-agent tmp]# python dns_query.py

WARNING: No route found for IPv6 destination :: (no default route?)

Received_IP:192.168.214.12

Query Domain:www.opdevos.com.

Type IP(Domain)

------------------------------

A 192.168.211.111

分析RS1日志(从ip结尾1到10，落到这台的请求有5个):

23-Jul-2018 17:34:19.605 queries: info:client 192.168.214.1#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.79)

23-Jul-2018 17:34:21.689 queries: info:client 192.168.214.3#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.79)

23-Jul-2018 17:34:23.759 queries: info:client 192.168.214.5#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.79)

23-Jul-2018 17:34:25.844 queries: info:client 192.168.214.7#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.79)

23-Jul-2018 17:34:26.883 queries: info:client 192.168.214.8#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.79)

分析RS2日志(从ip结尾1到10，落到这台的请求有3个):

23-Jul-2018 17:34:18.467 queries: info:client 192.168.214.2#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.83)

23-Jul-2018 17:34:22.609 queries: info:client 192.168.214.6#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.83)

23-Jul-2018 17:34:26.763 queries: info:client 192.168.214.10#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.83)

分析RS3日志(从ip结尾1到10，落到这台的请求有2个):

23-Jul-2018 17:34:19.349 queries: info:client 192.168.214.4#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.84)

23-Jul-2018 17:34:24.535 queries: info:client 192.168.214.9#53 (www.opdevos.com): query: www.opdevos.com IN A +(192.168.211.84)

总结如下:

lvs采用LVS的WLC算法，针对每台服务器指定不同的权重

如第1台:5,第2台：3，第3台:2,那么请求比率为：50%,30%,20%。

下一篇将提供zabbix对dns的监控.

以上是关于Dns负载均衡及zabbix监控的主要内容，如果未能解决你的问题，请参考以下文章

负载均衡之基于DNS负载

IIS负载均衡

负载均衡技术比较及一种负载均衡集群模式推荐

负载均衡方案选择

网站集群架构实战（LVS负载均衡Nginx代理缓存Nginx动静分离Rsync+Inotify全网备份Zabbix自动注册全网监控）--技术流ken

DNS协议原理安装及主从同步负载均衡和转发缓存的详细配置