1. Briefly describe the principle of the DNS server, and build the primary-secondary server.
The communication between devices in the current TCP/IP network is achieved by using and relying on IP addresses. However, IP addresses in digital form are difficult to remember. When there are many network devices, it is an "impossible task" to remember the IP address of each device. So how to solve this problem? We can give each network device a friendly name, such as: www.abc.com, this kind of name composed of words is obviously easier to remember. But computers will not understand this kind of name. We can use a name resolution service to convert (parse) the name into an IP address. So we can use the name to directly access the devices in the network. In addition to this, there is an important function, the use of name resolution services can achieve the decoupling of the host and IP, that is: when the host IP changes, only need to modify the name service, users can still access through the original name Not affected.
How DNS works:
Step 1: The client makes a domain name resolution request and sends the request to the local domain name server.
Step 2: When the local domain name server receives the request, it will first query the local cache. If there is the record item, the local domain name server will directly return the query result.
Step 3: If there is no such record in the local cache, the local domain name server will directly send the request to the root domain name server, and then the root domain name server will return to the local domain name server a master of the queried domain (subdomain of the root) The address of the domain name server.
Step 4: The local server sends a request to the domain name server returned from the previous step, and then the server that accepts the request queries its own cache. If there is no such record, it returns the address of the relevant lower-level domain name server.
Step 5: Repeat Step 4 until you find the correct record.
Step 6: The local domain name server saves the returned result to the cache for the next use, and also returns the result to the client.
To build a master-slave DNS server, we assume that there is a domain of wjwj.le.
1. Two servers are required to implement, install DNS service related software on the two servers, and start the service.
[root@centos8 ~]#dnf -y install bind bind-utils
[root@centos8 ~]#systemctl enable --now named Start configuring the main server
2. Modify the configuration file so that the DNS service monitors all IP addresses on the server and provides services to all customers.
[root@centos8 ~]#vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#在options下添加从服务器地址,只允许从服务器同步,以保证安全。
allow-transfer {10.0.0.88;};3. Define the regional analysis library file and set permissions.
[root@centos8 /var/named]#vim /var/named/wjwj.le.zone
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 10.0.0.7
www2 CNAME websrv
websrv A 10.0.0.6
websrv A 10.0.0.7
[root@centos8 ~]#chmod 640 /var/named/wjwj.le.zone;chgrp named /var/named/wjwj.le.zone4. Edit the /etc/named.rfc1912.zones file and write the file name of the zone analysis library.
[root@centos8 ~]#vim /etc/named.rfc1912.zones
zone "wjwj.le" IN {
type master;
file "wjwj.le.zone";5. Use the command to check whether there are errors in the configuration file and the area analysis library file.
[root@centos8 ~]#named-checkconf
[root@centos8 ~]#named-checkzone "wjwj.le" /var/named/wjwj.le.zone
zone wjwj.le/IN: loaded serial 20201201
OK6. Make the configuration file effective.
[root@centos8 ~]rndc reload Now let's configure the slave server.
7. Modify the configuration file so that the DNS service listens to all IP addresses on the server and provides services to customers with all IP addresses.
[root@centos8 ~]#vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#在options下添加以从服务器地址,防止其他主机同步:
allow-transfer {10.0.0.88;};8. Edit the /etc/named.rfc1912.zones file of the slave server and add the configuration of the slave server. The slave server does not need to write a separate parsing library file, it is directly synchronized with the master server, and it is stored in an encrypted format, which cannot be viewed directly.
[root@centos88 ~]#vim /etc/named.rfc1912.zones
zone "wjwj.le" IN {
type slave;
masters {10.0.0.78};
file "slave/wjwj.le.zone.slave";
};9. Modify the DNS service configuration file of the slave server so that the DNS service monitors all IP addresses on the server and provides services to all customers.
[root@centos8 ~]#vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#在options下添加以从服务器地址,防止其他主机同步,增加安全性
allow-transfer {none;};10. Make the configuration file effective.
[root@centos88 ~]rndc reload11. Test whether the service is normal.
#测试主服务器
[root@centos76 ~]#host www2.wjwj.le 10.0.0.78
Using domain server:
Name: 10.0.0.78
Address: 10.0.0.78#53
Aliases:
www2.wjwj.le is an alias for websrv.wjwj.le.
websrv.wjwj.le has address 10.0.0.6
websrv.wjwj.le has address 10.0.0.7
#测试从服务器是否正常
[root@centos76 ~]#host www2.wjwj.le 10.0.0.88
Using domain server:
Name: 10.0.0.88
Address: 10.0.0.88#53
Aliases:
www2.wjwj.le is an alias for websrv.wjwj.le.
websrv.wjwj.le has address 10.0.0.6
websrv.wjwj.le has address 10.0.0.712. Add a record in the regional analysis library file of the master server to test whether the slave server can change the automatic synchronization.
[root@centos8 ~]#vim /var/named/wjwj.le.zone
#添加一条记录
ftp A 10.0.0.111
#务必修改版本号,把数值改大一些即可,否则从服务器不会同步
#使配置生效
[root@centos8 ~]#rndc reload
server reload successful
#使用另外一台主机进行测试,测试从服务器数据是否正确
[root@centos76 ~]#dig ftp.wjwj.le @10.0.0.88
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> ftp.wjwj.le @10.0.0.88
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46485
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.wjwj.le. IN A
;; ANSWER SECTION:
ftp.wjwj.le. 86400 IN A 10.0.0.111
;; AUTHORITY SECTION:
wjwj.le. 86400 IN NS ns2.wjwj.le.
wjwj.le. 86400 IN NS ns1.wjwj.le.
;; ADDITIONAL SECTION:
ns1.wjwj.le. 86400 IN A 10.0.0.78
ns2.wjwj.le. 86400 IN A 10.0.0.88
;; Query time: 1 msec
;; SERVER: 10.0.0.88#53(10.0.0.88)
;; WHEN: Fri Dec 25 17:28:48 CST 2020
;; MSG SIZE rcvd: 12413. The master-slave DNS service was successfully built.
2. Build and implement smart DNS.
Smart DNS can determine the user's area and line based on the user's IP address, and return the most suitable IP address to the user to speed up user access. We assume that the network segment in Beijing is 192.168.0.0/24 and the network segment in Shanghai is 10.0.0.0/24 to simulate smart DNS services.
1. Install the DNS software and start it.
[root@centos8 ~]#yum install bind bind-utils -y;systemctl enable --now named2. Add an IP of 192.168.0.100/24 to the server.
[root@centos8 ~]#ip a a 192.168.0.100/24 dev bond0 label bond0:13. Modify the configuration file.
[root@centos8 ~]#vim /etc/named.conf
#在文件最前面加下面行
acl beijing {
192.168.0.0/24;
};
acl shanghai {
10.0.0.0/24;
};
acl other {
any;
};
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
# 创建view
view beijingview {
match-clients { beijing;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients { shanghai;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { other;};
include "/etc/named.rfc1912.zones.other";
};
#删除以下内容
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";4. Create regional configuration files and set permissions respectively.
[root@centos8 ~]#vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "wjwj.le" {
type master;
file "wjwj.le.zone.bj";
};
[root@centos8 ~]#vim /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "wjwj.le" {
type master;
file "wjwj.le.zone.sh";
};
[root@centos8 ~]#vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "wjwj.le" {
type master;
file "wjwj.le.zone.other";
};
[root@centos8 ~]#chmod 640 /etc/named.rfc1912.zones*;chgrp named /etc/named.rfc1912.zones*
[root@centos8 ~]#ll /etc/named.rfc1912.zones*
-rw-r----- 1 root named 1219 Dec 25 18:39 /etc/named.rfc1912.zones
-rw-r----- 1 root named 118 Dec 25 21:13 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named 121 Dec 25 21:14 /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 118 Dec 25 21:13 /etc/named.rfc1912.zones.sh5. Create regional database files in different regions respectively, and copy existing files for modification.
[root@centos8 ~]#vim /var/named/wjwj.le.zone.bj
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 192.168.0.100
[root@centos8 ~]#vim /var/named/wjwj.le.zone.sh
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 10.0.0.100
[root@centos8 ~]#vim /var/named/wjwj.le.zone.other
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 127.0.0.16. Make the configuration effective
[root@centos8 ~]#rndc reload
server reload successful7. Test the effect of different IP accesses and realize the intelligent DNS function.
[root@centos76 ~]#host www.wjwj.le 192.168.0.100
Using domain server:
Name: 192.168.0.100
Address: 192.168.0.100#53
Aliases:
www.wjwj.le has address 192.168.0.100
[root@centos76 ~]#host www.wjwj.le 10.0.0.88
Using domain server:
Name: 10.0.0.88
Address: 10.0.0.88#53
Aliases:
www.wjwj.le has address 10.0.0.100
[root@centos8 ~]#host www.wjwj.le 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.wjwj.le has address 127.0.0.13. Compile and install Mariadb, and log in normally after starting.
1. Install related dependency packages.
[root@centos8 ~]#yum -y install bison zlib-devel libcurl-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel2. Create user and data directories.
[root@centos8 ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql3. Prepare the database directory.
[root@centos8 ~]#mkdir /data/mysql
[root@centos8 ~]#chown mysql.mysql /data/mysql4. Prepare the source code package and unzip it.
[root@centos8 /data]#tar xf mariadb-10.2.31.tar.gz5. Start compiling and installing.
[root@centos8 /data]#cd mariadb-10.2.31/
[root@centos8 /data/mariadb-10.2.31]#cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
[root@centos8 /data/mariadb-10.2.31]#make -j 4 && make install6. Generate database files.
[root@centos8 /data/mariadb-10.2.31]#cd /app/mysql/
[root@centos8 /app/mysql]#scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql/' ...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:
'./bin/mysqladmin' -u root password 'new-password'
'./bin/mysqladmin' -u root -h centos88.wj3721.top password 'new-password'
Alternatively you can run:
'./bin/mysql_secure_installation'
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.
You can start the MariaDB daemon with:
cd '.' ; ./bin/mysqld_safe --datadir='/data/mysql/'
You can test the MariaDB daemon with mysql-test-run.pl
cd './mysql-test' ; perl mysql-test-run.pl
Please report any problems at http://mariadb.org/jira
The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
7. Prepare configuration files, start scripts, and start services.
[root@centos8 /app/mysql]#cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
[root@centos8 /app/mysql]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@centos8 /app/mysql]#chkconfig --add mysqld
[root@centos8 /app/mysql]#service mysqld start
Starting mysqld (via systemctl): [ OK ]8. Security initialization, set root password, select y for all others, otherwise you can log in without entering a password, and there are other security risks.
[root@centos8 ~]#mysql_secure_installation
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!9. To log in to the database, you need to enter the account password to log in.
[root@centos88 ~]#mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@centos88 ~]#mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 10.2.31-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]>