亲测可用 centos keepalive版-DNS服务器（dnsmasq+nginx）负载均衡服务器

# win10清除dns本地缓存 常用测试dns命令

 ipconfig/flushdns

# 系统环境 centos7       dns和nginx版本如下

[root@mydns conf.d]# rpm -qa | grep dnsmasq
dnsmasq-2.76-16.el7_9.1.x86_64
[root@mydns conf.d]# rpm -qa | grep nginx
nginx-1.18.0-2.el7.ngx.x86_64
 

# 一 dns-nginx 配置 k8s 两个node节点负载均衡解析

# 安装方式  yum安装

yum -y install dnsmasq

#  原理简介： dnsmasq做基本配置  所有的 域名均配置在address.conf 里面做代理  然后交给nginx的server 匹配host头部  解析

# DNSMASQ配置文件：

# 删除域名 测试转发 
rm -i ins.conf nslookup wiki.yuming.com.cn # 强制删除
nslookup wiki.yuming.com.cn 
nslookup www.baidu.com
nslookup gitlab.yuming.com.cn

#cat /etc/dnsmasq.conf  | grep -v ^$ | grep -v ^#
no-hosts
local-ttl=3600
listen-address=127.0.0.1,10.69.15.40
resolv-file=/etc/resolv.dnsmasq.conf
all-servers
log-queries
log-async=100 #异步log,缓解阻塞，提高性能。默认为5，最大为100
conf-dir=/etc/dnsmasq.d
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig

#cat /etc/resolv.dnsmasq.conf
nameserver 122.200.121.230
nameserver 202.106.0.20
nameserver 114.114.114.114
nameserver 8.8.8.8

# cat /etc/dnsmasq.d/address.conf
address=/wiki.yuming.com.cn/10.69.15.40
address=/gitlab.yuming.com.cn/10.69.15.40
address=/yapi.yuming.com.cn/10.69.15.40
address=/jenkins.yuming.com.cn/10.69.15.40
address=/nexus.yuming.com.cn/10.69.15.40
address=/zabbix.yuming.com.cn/10.69.15.38
address=/harbor.yuming.com.cn/10.69.15.40
address=/ldap.yuming.com.cn/10.69.15.40
address=/ssp.yuming.com.cn/10.69.15.40

# nginx 配置文件 

cat /etc/nginx/nginx.conf  | grep -v ^$ | grep -v ^#
user  nginx;
worker_processes 8 ;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}

# 好几个server  太多 没粘 都差不多

# cat /etc/nginx/conf.d/ins.conf | grep -v ^$ | grep -v ^#
server{
    listen 80;
    server_name zabbix.yuming.com.cn;
    #proxy_set_header    Host $host;
    location /{
         proxy_pass http://10.69.15.38/zabbix;
	# proxy_set_header Host $host;
        # proxy_set_header X-Real-IP $remote_addr;
        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
server{
    listen 80;
    server_name nexus.yuming.com.cn;
    proxy_set_header    Host $host;
    location /{
         proxy_pass http://10.69.15.39:8081;
	     proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

# 1533新dns配置    dnsmasq的配置文件和 nginx的 与上面基础配置文件相同 

# dns配置文件如下

#cat  /etc/dnsmasq.d/address.conf
address=/hi-ins.com.cn/10.69.15.33 # 泛解析
address=/k8s64.hi-ins.com.cn/10.69.15.64
address=/k8s.hi-ins.com.cn/10.69.15.33  # 只有此行用的nginx代理 其他ip直接解析
address=/k8s88.hi-ins.com.cn/10.69.15.88
address=/k8s211.hi-ins.com.cn/10.69.15.211

# ins.conf配置文件如下：

cat /etc/nginx/conf.d//ins.conf
upstream ingress {
        server 10.69.15.65:80;
        server 10.69.15.76:80;
        #server k8s.hi-ins.com.cn:80;
    }

    server {
        listen 80;

        location / {
            proxy_pass http://ingress;
        }
    }

# qq cmdb 
#server{
#    listen 80;
#    server_name *.hi-ins.com.cn; # 泛解析
#    proxy_set_header    Host $host;
#    location /{
#         proxy_pass http://10.69.15.86:8080;
#	     proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#    }
#}

# 二  配置 keepalive（内置lvs-DR模式）  负载均衡双机热备DNS服务器：参考：LVS+Keepalive双机热备_VLadimir_的博客-CSDN博客_keepalive lvs

#  环境说明 ： dns1  ：15.41   dbs2:15.4      vip:1533      系统版本centos7.6

# DNS和nginx配置无需修改   dnsmasq.d/address.conf  里面配置没变  还是主要指向  15.33（VIP)   nginx更是如此 ，生产环境中1533可以直接配置为公网IP  ！棒！

# 简单来说  dns-15.41  dns-15.49服务器 dns和nginx配置做镜像配置即可

 # 步骤1 安装 keepalive 和 lvs

yum -y install keepalived* ipvsadm    #安装keepalived和lvs管理工具
modprobe ip_vs    #加载内核模块
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak    #备份配置文件

# 编辑keepalive配置文件

global_defs {
    router_id LVS_TEST    #服务器名字
}

vrrp_instance VI_1 {
    state BACKUP    #-------配置主备，备用机此配置项为BACKUP 主为MASTER ---唯一主备不同项---
    interface eth0    #指定接口
    virtual_router_id 51    #指定路由ID，主备必须一样
    priority 99    #-------设置优先级，主略高于备份  主为101 ---唯一主备不同项---
    advert_int 1    #设置检查时间
    authentication {
        auth_type PASS    #设置验证加密方式
        auth_type 1234    #设置验证密码
    }
    virtual_ipaddress {
        10.69.15.33
    }
}

virtual_server 10.69.15.33 80 {
    delay_loop 15    #健康检查时间
    lb_algo rr    #LVS调度算法
    lb_kind DR   #LVS工作模式
    !persistence 60    #是否保持连接，！不保持
    protocol TCP    #服务采用TCP协议
    real_server 10.69.15.41 80 {
        weight 1    #权重
        TCP_CHECK {    #TCP检查
            connect_port 80   #检查端口80
            connect_timeout 3    #超时时间3秒
            nb_get_retry 3    #重试次数3次
            delay_before_retry 4    #重试间隔4秒
        }
    }
    real_server 10.69.15.49 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 4
        }
    }
}

# 重启 检查即可   注意关闭防火墙     NATmanager    selinux 

systemctl restart keepalived
systemctl enable keepalived

# 延伸 keepalive和lvs啥关系？前者HA 后者负载均衡 只不过lvs配置嵌入进keepalive.conf里面喽 

参考阅读： LVS---10. lvs和keepalived的区别--软件功能区分_WenCoo的博客-CSDN博客_lvs和keepalived区别

# dnsmasq配置详解：

DNSMASQ配置详解_紫暝1127_51CTO博客DNSMASQ配置详解，Firstofall,wesetsomeoptionsregardingthebasicserveroperationliketheinterfaceandportonwhichitshouldbind,theunprivilegeduserthatshouldruntheserviceandaPIDfile:listen-addrhttps://blog.51cto.com/shanks/1306428?source=drt