CoreDNS级联本地DNS

K8s环境中Pod实现以下解析

1. k8s集群内部service解析(默认coredns已经实现)
2. 内网dns解析自定义intra域中服务器
3. 外网域名解析

1. Dns服务器配置

1.1 named.conf

/etc/named.conf

options {
    listen-on port 53 { any; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };
    recursion yes;
    dnssec-enable no;
    dnssec-validation no;
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    forward first;
    forwarders {
        114.114.114.114;
    };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

1.2 rfc1912.zones

修改/etc/named.rfc1912.zones追加以下配置

zone "intra.com" IN {
        type master;
        file "intra.zone";
        allow-update { none; };
};

1.3 intra域配置

/var/named/intra.zone

$TTL 1d
@       IN      SOA     intra.com. admin.intra.com. (
                        0;
                        1H;
                        5M;
                        1W;
                        1D);
@ NS ns.intra.com.
ns A 192.168.31.17
harbor A 192.168.31.104
gitlab A 192.168.31.199
kibana A 192.168.31.212
rabbitmq A 192.168.31.211
web1 A 192.168.31.211
nacos-server A 192.168.31.211
zipkin-server A 192.168.31.211
sentinel A 192.168.31.211
skywalking-ui A 192.168.31.211
rocketmq-dashboard A 192.168.31.211

2. K8s配置

2.1 coredns配置

修改coredns配置

kubectl edit cm coredns -n kube-system

修改dns转发

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health {
           lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        hosts {
          fallthrough
        }
        prometheus :9153
        # 修改下面这行,改为dns地址
        forward . 192.168.31.17 {
           max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2023-03-22T06:37:55Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "2805413"
  uid: af46c82e-9f4e-47c2-b316-3a098d3639ed

此时可以通过coredns解析harbor地址

root@ks-node2:~# kubectl get svc coredns -n kube-system
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   15d
root@ks-node2:~# dig @10.233.0.3 harbor.intra.com

; <<>> DiG 9.16.1-Ubuntu <<>> @10.233.0.3 harbor.intra.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ffe5eb4b93cd3fd8 (echoed)
;; QUESTION SECTION:
;harbor.intra.com.              IN      A

;; ANSWER SECTION:
harbor.intra.com.       30      IN      A       192.168.31.104

;; AUTHORITY SECTION:
intra.com.              30      IN      NS      ns.intra.com.

;; ADDITIONAL SECTION:
ns.intra.com.           30      IN      A       192.168.31.17

;; Query time: 4 msec
;; SERVER: 10.233.0.3#53(10.233.0.3)
;; WHEN: Fri Apr 07 11:01:07 CST 2023
;; MSG SIZE  rcvd: 152

2.2 测试解析

创建busybox容器,从容器中访问域名

root@ks-master:~# kubectl exec -it busybox2 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@busybox2 /]# cat /etc/resolv.conf
nameserver 169.254.25.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
## 解析Dns内域名
[root@busybox2 /]# ping -c 1 harbor.intra.com
PING harbor.intra.com (192.168.31.104) 56(84) bytes of data.
64 bytes from harbor.intra.com (192.168.31.104): icmp_seq=1 ttl=63 time=0.561 ms

--- harbor.intra.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.561/0.561/0.561/0.000 ms
## 解析K8s内域名
[root@busybox2 /]# ping -c 1 prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local
PING prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local (10.233.12.237) 56(84) bytes of data.
64 bytes from prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local (10.233.12.237): icmp_seq=1 ttl=64 time=0.108 ms

--- prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.108/0.108/0.108/0.000 ms
## 解析外部域名
[root@busybox2 /]# ping www.baidu.com -c 1
PING www.a.shifen.com (180.101.50.188) 56(84) bytes of data.
64 bytes from 180.101.50.188 (180.101.50.188): icmp_seq=1 ttl=127 time=8.92 ms

--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.926/8.926/8.926/0.000 ms