CoreDNS

CoreDNS

coredns 是使用go语言实现的DNS,他不同于其他dns服务（例如bind）,他是灵活的（flexible）大部分功能通过插件完成。

开源协议Apache2.0

安装

wget https://github.com/coredns/coredns/releases/download/v1.10.0/coredns_1.10.0_linux_amd64.tgz
tar xf coredns_1.10.0_linux_amd64.tgz -C /usr/bin/

coredns -dns.port=1053

https://coredns.io/manual/toc/
https://github.com/coredns/coredns
https://www.cnblogs.com/mashuai-191/p/11834241.html
https://www.cnblogs.com/lina-2159/p/16666696.html

查看支持哪些插件

[root@02 ~]# ./coredns --plugins
Server types:
  dns

Caddyfile loaders:
  flag
  default

Other plugins:
  dns.acl
  dns.any
  dns.auto
  dns.autopath
  dns.azure
  dns.bind
  dns.bufsize
  dns.cache
  dns.cancel
  dns.chaos
  dns.clouddns
  dns.debug
  dns.dns64
  dns.dnssec
  dns.dnstap
  dns.erratic
  dns.errors
  dns.etcd
  dns.file
  dns.forward
  dns.geoip
  dns.grpc
  dns.header
  dns.health
  dns.hosts
  dns.k8s_external
  dns.kubernetes
  dns.loadbalance
  dns.local
  dns.log
  dns.loop
  dns.metadata
  dns.minimal
  dns.nsid
  dns.pprof
  dns.prometheus
  dns.ready
  dns.reload
  dns.rewrite
  dns.root
  dns.route53
  dns.secondary
  dns.sign
  dns.template
  dns.tls
  dns.trace
  dns.transfer
  dns.whoami
  on

plugin.cfg
# Directives are registered in the order they should be executed.
#
# Ordering is VERY important. Every plugin will feel the effects of all other
# plugin below (after) them during a request, but they must not care what plugin
# above them are doing.

# How to rebuild with updated plugin configurations: Modify the list below and
# run `go generate && go build`

# The parser takes the input format of:
#
#     <plugin-name>:<package-name>
# Or
#     <plugin-name>:<fully-qualified-package-name>
#
# External plugin example:
#
# log:github.com/coredns/coredns/plugin/log
# Local plugin example:
# log:log

metadata:metadata
geoip:geoip
cancel:cancel
tls:tls
timeouts:timeouts
reload:reload
nsid:nsid
bufsize:bufsize
root:root
bind:bind
debug:debug
trace:trace
ready:ready
health:health
pprof:pprof
prometheus:metrics
errors:errors
log:log
dnstap:dnstap
local:local
dns64:dns64
acl:acl
any:any
chaos:chaos
loadbalance:loadbalance
tsig:tsig
cache:cache
rewrite:rewrite
header:header
dnssec:dnssec
autopath:autopath
minimal:minimal
template:template
transfer:transfer
hosts:hosts
route53:route53
azure:azure
clouddns:clouddns
k8s_external:k8s_external
kubernetes:kubernetes
file:file
auto:auto
secondary:secondary
etcd:etcd
loop:loop
forward:forward
grpc:grpc
erratic:erratic
whoami:whoami
on:github.com/coredns/caddy/onevent
sign:sign
view:view

• bind - as said, control to what interfaces to bind.
• root - set the root directory where CoreDNS plugins should look for files.
• health - enable HTTP health check endpoint.
• ready - support readiness reporting for a plugin.

coredns 二进制文件包含了所有插件，你可以通过重新编译来添加或删除插件

Corefile 为coredns配置文件 ,通过coredns -config Corefile 使用指定的corefile 配置文件，插件在corefile中的位置不影响插件的执行顺序（plugin.cfg 文件定义顺序决定）

插件

prometheus ：暴露一组prometheus格式的指标。

.:53 {
	prometheus :9153
}

主要指标

• 基本信息：

  coredns_build_info{version, revision, goversion}

  coredns_plugin_enabled{server, zone, view, name}

• 99%查询响应时长

  histogram_quantile(0.99,coredns_dns_request_duration_seconds_bucket)
  

• reload失败次数

  coredns_reload_failed_total 0
  

  最后重启时间

  coredns_hosts_reload_timestamp_seconds 
  

• 健康检查失败次数

  coredns_health_request_failures_total 
  

• 缓存命中率

  coredns_cache_hits_total/coredns_dns_requests_total
  

forward ：转发dns查询到上游dns服务器

.:53 {
	forward . 8.8.8.8 114.114.114.114
}

.:53 {
	forward . /etc/resolv.conf {
		expire 10s
	}
}

hosts: 提供了自定义dns解析的能力，默认5s扫描一次文件的变动

.:53 {
        prometheus :9153
        # 使用本机的/etc/hosts文件
        hosts {
        	fallthrough
        }
}

.:53 {
        prometheus :9153
        # 使用/etc/test.host 文件中定义的地址解析
        hosts /etc/test.host {
        	fallthrough
        }

}

.:53 {
        prometheus :9153
        hosts {
                1.2.3.4 test.abcd
                1.2.3.5 test.abcd
                fallthrough
        }
}

trace

简单测试未使用

docker run -d -p 9411:9411 openzipkin/zipkin

.:53 {
        trace zipkin 
}

cache: 缓存查询到本地默认 3600s

. {
	# 缓存10s
    cache 10
}

reload：自动加载Corefile配置

.:53 {
		# 默认间隔30s 左右抖动15s检查一次
        reload
}

.:53 {
        ready localhost:8080
        # 修改为2s 左右抖动1s 检查一次，这也是最小值
        reload 2s 1s
}

health ：提供一个http://0.0.0.0:8080/health 的接口检查coredns是否就绪。主要关注coredns进程本身,通常使用在livenessProbe

.:53 {
	health
}

.:53 {
	health localhost:8080
}

ready： 提供一个http://0.0.0.0:8181/ready 的接口,当所有plugins都就绪是返回200,如果某个plugin不可用时返回503。可以用于readinessProbe

.:53 {
	ready
}

.:53 {
	ready localhost:8181
}

loadbalance： 定义dns轮询策略，默认rr

log 记录日志，支持对日志格式的定制

loop

kubernetes

k8s_external

配置文件示例

.:53 {
    errors
    health {
       lameduck 5s
    }
    ready
    hosts {
       10.4.7.1  salt-master
       10.4.7.1  salt-master2
       ttl 60
       fallthrough
    }
    kubernetes cluster.local in-addr.arpa ip6.arpa {
       pods insecure
       fallthrough in-addr.arpa ip6.arpa
       ttl 30
    }



    prometheus :9153
    forward . /etc/resolv.conf {
       max_concurrent 1000
    }
    cache 30
    loop
    reload
    loadbalance
}

coredns -conf corefile