一、简述DNS服务器原理,并搭建主-辅服务器
1、DNS服务器原理
第一步:客户机提出域名解析请求,并将该请求发送给本地的域名服务器;
第二步:当本地的域名服务器收到请求后,就先查询本地的缓存,如果有该纪录项,则本地的域名服务器就直接把查询的结果返回;
第三步:如果本地的缓存中没有该纪录,则本地域名服务器就直接把请求发给根域名服务器,然后根域名服务器再返回给本地域名服务器一个所查询域(根的子域) 的主域名服务器的地址;
第四步:本地服务器再向上一步返回的域名服务器发送请求,然后接受请求的服务器查询自己的缓存,如果没有该纪录,则返回相关的下级的域名服务器的地址;
第五步:重复第四步,直到找到正确的纪录;
第六步:本地域名服务器把返回的结果保存到缓存,以备下一次使用,同时还将结果返回给客户 。
2、DNS服务器的主从搭建
二台主机,一台当主服务器(192.168.27.7/24),一台当从服务器(192.168.27.17/24),配置 abc.com 域的主从架构
(1) 在两台主机上分别安装BIND服务
[root@master ~]# yum install -y bind #主服务器 [root@slave ~]# yum install -y bind #从服务器
(2) 修改主服务配置文件 /etc/named.conf
options { // listen-on port 53 { 127.0.0.1; }; #注释此项 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此项 allow-transfer {192.168.214.17;}; #添加此项 ...以下省略
(3) 新建域解析文件 /var/named/abc.com
[root@master ~]# cd /var/named/ [root@master named]# vim abc.com $TTL 1D @ IN SOA NS1 admin (1 1D 10M 1W 1D) NS NS1 NS1 A 192.168.27.7 www A 192.168.27.7 [root@master named]# chown root:named abc.com [root@master named]# chmod 640 abc.com
(4) 在主服务器上域文件 /etc/named.rfc1912.zones 中添加"abc.com"域
[root@master named]# vim /etc/named.rfc1912.zones #添加以下内容 zone "abc.com" IN { type master; file "abc.com"; };
(5) 配置从服务器主配置文件 /etc/named.conf,并在从服务器的域文件 /etc/named.rfc1912.zones 中添加域信息
[root@slave ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; #注释此项 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此项 allow-transfer {none;}; #添加此项 ...省略以下 #添加域信息如下 [root@slave ~]# vim /etc/named.rfc1912.zones zone "abc.com" IN { type slave; masters {192.168.27.7;}; file "slaves/abc.com.slave"; };
(6) 启动主从服务器的DNS服务,并测试
[root@master ~]# systemctl start named [root@slave ~]# systemctl start named [root@master ~]# dig www.abc.com @192.168.27.7 #主服务器可以解析 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.abc.com @192.168.27.7 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18897 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.abc.com. IN A ;; ANSWER SECTION: www.abc.com. 86400 IN A 192.168.27.7 ;; AUTHORITY SECTION: abc.com. 86400 IN NS NS1.abc.com. ;; ADDITIONAL SECTION: NS1.abc.com. 86400 IN A 192.168.27.7 ;; Query time: 2 msec ;; SERVER: 192.168.27.7#53(192.168.27.7) ;; WHEN: Tue Feb 04 07:04:59 CST 2020 ;; MSG SIZE rcvd: 90 [root@master named]# dig www.abc.com @192.168.27.17 #从服务器也可以解析 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.abc.com @192.168.27.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55308 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.abc.com. IN A ;; ANSWER SECTION: www.abc.com. 86400 IN A 192.168.27.7 ;; AUTHORITY SECTION: abc.com. 86400 IN NS NS1.abc.com. ;; ADDITIONAL SECTION: NS1.abc.com. 86400 IN A 192.168.27.7 ;; Query time: 2 msec ;; SERVER: 192.168.27.17#53(192.168.27.17) ;; WHEN: Tue Feb 04 07:05:23 CST 2020 ;; MSG SIZE rcvd: 90 [root@slave ~]# ll /var/named/slaves/ #从服务器也自动生成了域解析文件 total 4 -rw-r--r-- 1 named named 225 Feb 4 07:03 abc.com.slave
二、搭建并实现智能DNS
二台主机,一台作为智能DNS服务器,有两个网段,NAT(192.168.27.7/24),桥接(192.168.0.104/24),一台客户端,NAT(192.168.27.17/24),桥接(192.168.0.105/24),域为 def.com ,假设通过192.168.27.0/24网段访问DNS服务器,则智能解析到 1.1.1.1,通过192.168.0.0/24网段访问DNS服务器,则智能解析到 2.2.2.2,其它网段的解析到 3.3.3.3
(1)在作为DNS服务器上安装BIND服务
[root@centos7 ~]# yum install -y bind
(2)在DNS服务器上主配置文件/etc/named.conf中配置 acl 和 view
[root@centos7 ~]# vim /etc/named.conf acl net27 { 192.168.27.0/24; }; acl net0 { 192.168.0.0/24; }; acl othernet { any; }; options { // listen-on port 53 { 127.0.0.1; }; #注释此项 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此项 ...中间省略 logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; #此处添加view,并将 zone "." IN 这段移入/etc/named.rfc1912.zones 文件中 view view_net27{ match-clients { net27;}; include "/etc/named.rfc1912.zones.net27"; }; view view_net0{ match-clients { net0;}; include "/etc/named.rfc1912.zones.net0"; }; view view_other{ match-clients { othernet;}; include "/etc/named.rfc1912.zones"; }; include "/etc/named.root.key";
(3) 创建以上view中的include的配置域文件
[root@centos7 ~]# vim /etc/named.rfc1912.zones.net27 zone "def.com" IN { type master; file "def.com.zone.net27"; }; [root@centos7 ~]# vim /etc/named.rfc1912.zones.net0 zone "def.com" IN { type master; file "def.com.zone.net0"; }; [root@centos7 ~]# vim /etc/named.rfc1912.zones zone "def.com" IN { type master; file "def.com.zone.othernet"; }; #以下为/etc/named.conf 移入的段 zone "." IN { type hint; file "named.ca"; }; ...以下省略
(4) 创建上一步中的解析文件
[root@centos7 ~]# vim /var/named/def.com.zone.net27 $TTL 1D @ IN SOA ns1 admin (1 1H 1H 1D 3H) NS ns1 ns1 A 192.168.27.7 www A 1.1.1.1 [root@centos7 ~]# vim /var/named/def.com.zone.net0 $TTL 1D @ IN SOA ns1 admin (1 1H 1H 3D 3H) NS ns1 ns1 A 192.168.27.7 www A 2.2.2.2 [root@centos7 ~]# vim /var/named/def.com.zone.othernet $TTL 1D @ IN SOA ns1 admin (1 1H 1H 1D 3H) NS ns1 ns1 A 192.168.27.7 www A 3.3.3.3
(5) 配置解析文件的相关权限,并启动DNS服务
[root@centos7 ~]# cd /var/named/ [root@centos7 named]# chown :named def.com.zone.* [root@centos7 named]# chmod 640 def.com.zone.* [root@centos7 named]# ll def.com.zone.* -rw-r----- 1 root named 84 Feb 4 18:07 def.com.zone.net0 -rw-r----- 1 root named 84 Feb 4 18:06 def.com.zone.net27 -rw-r----- 1 root named 84 Feb 4 18:09 def.com.zone.othernet [root@centos7 named]# systemctl start named
(6) 在客户端上测试
[root@centos7-17 ~]# dig www.def.com @192.168.27.7 #测试通过192.168.27.0/24网段访问,可以看到解析到1.1.1.1了 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.def.com @192.168.27.7 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40379 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.def.com. IN A ;; ANSWER SECTION: www.def.com. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: def.com. 86400 IN NS ns1.def.com. ;; ADDITIONAL SECTION: ns1.def.com. 86400 IN A 192.168.27.7 ;; Query time: 2 msec ;; SERVER: 192.168.27.7#53(192.168.27.7) ;; WHEN: Tue Feb 04 18:15:32 CST 2020 ;; MSG SIZE rcvd: 90 [root@centos7-17 ~]# dig www.def.com @192.168.0.104 #测试通过192.168.0.0/24访问,解析到2.2.2.2了 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.def.com @192.168.0.104 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1252 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.def.com. IN A ;; ANSWER SECTION: www.def.com. 86400 IN A 2.2.2.2 ;; AUTHORITY SECTION: def.com. 86400 IN NS ns1.def.com. ;; ADDITIONAL SECTION: ns1.def.com. 86400 IN A 192.168.27.7 ;; Query time: 1 msec ;; SERVER: 192.168.0.104#53(192.168.0.104) ;; WHEN: Tue Feb 04 18:16:04 CST 2020 ;; MSG SIZE rcvd: 90 [root@centos7 named]# dig www.def.com @127.0.0.1 #在DNS服务器上测试不通以下两个网段访问,解析到了3.3.3.3 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.def.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1314 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.def.com. IN A ;; ANSWER SECTION: www.def.com. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: def.com. 86400 IN NS ns1.def.com. ;; ADDITIONAL SECTION: ns1.def.com. 86400 IN A 192.168.27.7 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Feb 04 18:17:28 CST 2020 ;; MSG SIZE rcvd: 90
三、编译安装Mariadb,并启动后可以正常登录
(1) 准备源码文件到服务器
[root@centos7 ~]# ll mariadb-10.2.25.tar.gz -rw-r--r-- 1 root root 71997847 Nov 29 10:52 mariadb-10.2.25.tar.gz
(2) 解压安装包,并创建mysql用户和数据目录
[root@centos7 ~]# tar -zxvf mariadb-10.2.25.tar.gz ^C [root@centos7 ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql [root@centos7 ~]# mkdir /data/mysql [root@centos7 ~]# chown mysql:mysql /data/mysql
(3) 安装相应依赖包
[root@centos7 ~]# yum install -y bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
(4) cmake编译安装
[root@centos7 mariadb-10.2.25]# cmake . \ > -DCMAKE_INSTALL_PREFIX=/app/mysql \ > -DMYSQL_DATADIR=/data/mysql/ \ > -DSYSCONFDIR=/etc/ \ > -DMYSQL_USER=mysql \ > -DWITH_INNOBASE_STORAGE_ENGINE=1 \ > -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ > -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ > -DWITH_PARTITION_STORAGE_ENGINE=1 \ > -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \ > -DWITH_DEBUG=0 \ > -DWITH_READLINE=1 \ > -DWITH_SSL=system \ > -DWITH_ZLIB=system \ > -DWITH_LIBWRAP=0 \ > -DENABLED_LOCAL_INFILE=1 \ > -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \ > -DDEFAULT_CHARSET=utf8 \ > -DDEFAULT_COLLATION=utf8_general_ci [root@centos7 mariadb-10.2.25]# make && make install
(5) 安装完成后,配置环境变量
[root@centos7 mariadb-10.2.25]# echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh [root@centos7 mariadb-10.2.25]# . /etc/profile.d/mysql.sh [root@centos7 mariadb-10.2.25]# echo $PATH /app/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
(6) 初始化数据库,生成数据库文件
[root@centos7 mariadb-10.2.25]# cd /app/mysql [root@centos7 mysql]# scripts/mysql_install_db --datadir=/data/mysql --user=mysql
(7) 准备配置文件与启动脚本
[root@centos7 mysql]# mv /etc/my.cnf /etc/my.cnf.bak [root@centos7 mysql]# cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf [root@centos7 mysql]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
(8) 启动数据库服务并登录测试
[root@centos7 mysql]# chkconfig --add mysqld #加入开机启动 [root@centos7 mysql]# service mysqld start Starting mysqld (via systemctl): [ OK ] [root@centos7 mysql]# ss -ntlp|grep 3306 LISTEN 0 80 :::3306 :::* users:(("mysqld",pid=33330,fd=21)) #登录测试,目前是无密码的,要设置密码可以运行/app/mysql/bin/mysql_secure_installation 此脚本初始化安全选项 [root@centos7 mysql]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.2.25-MariaDB-log Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | test | +--------------------+ 4 rows in set (0.00 sec)