1、简述DNS服务器原理,并搭建主-辅服务器。
DNS(domain name server),域名解析服务器。dns域结构:是一颗倒树状结构,分为根域、一级域、二级域...127级域。每一级的域名服务器管理自己的子域。
- dns工作原理,以访问www.baidu.com为例:
1) 首先浏览器会查看本地dns,也就是系统的host文件,可以解析的话就返回对应的ip,否则就会查询本地缓存
2) 如果本地缓存不起作用,就把请求发送给网络提供商的dns服务器(例如电信dns服务器),可以解析的话就返回对应的ip或者查询缓存
3) 如果电信dns服务器无法解析,它会把www.baidu.com解析请求发送给根dns服务器。根dns服务器只管理顶级域名,它会返回.com域dns服务器的ip给电信dns服务器
4) 电信dns服务器就会向.com域dns服务器发送www.baidu.com解析请求,它解析不了,但是会返回.baidu.com域的dns服务器ip给电信dns服务器
5) 电信dns服务器就会向.baidu.com域dns服务器发送www.baidu.com解析请求,此dns查询自己的数据库发现有www.baidu.com这个主机的记录,然后把对应的ip返回给电信dns服务器
6)然后电信dns服务器会缓存查询结果,接着把查询结果返回给客户端,客户端就使用ip访问www.baidu.com,最后缓存查询结果。
- 实现主从dns:
1) 安装并配置主dns
[root@centos7 ~]# yum install bind -y
[root@centos7 etc]# cat named.conf
options {
listen-on port 53 { 10.1.1.109; }; ##把127.0.0.1改为服务器ip地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #把localhost改为any或者具体的ip网段或者ip
allow-transfer {10.1.1.107};
2) 定义解析域
[root@centos7 etc]# vim /etc/named.rfc1912.zones
zone "rickzhu.com" IN { ##需要增加的配置
type master;
file "named.rickzhu";
allow-update { none; };
};
3) 创建数据库文件
[root@centos7 named]# cat /var/named/named.rickzhu
$TTL 1D
@ IN SOA @ rname.invalid. (
11111 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.1.1.109
A master
A slave
master A 10.1.1.109
slave A 10.1.1.107
www A 1.1.1.1
test A 2.2.2.2
[root@centos7 named]# systemctl start named
4) 测试主dns
[root@centos7 named]# host www.rickzhu.com 10.1.1.109
Using domain server:
Name: 10.1.1.109
Address: 10.1.1.109#53
Aliases:
www.rickzhu.com has address 1.1.1.1
5) 安装配置从dns服务器
[root@centos7 ~]# yum install bind -y
[root@centos7 etc]# cat named.conf
options {
listen-on port 53 { 10.1.1.107; }; ##把127.0.0.1改为服务器ip地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #把localhost改为any或者具体的ip网段或者ip
allow-transfer {none};
6) 定义解析域
[root@centos7 etc]# vim /etc/named.rfc1912.zones
zone "rickzhu.com" IN { ##需要增加的配置
type slave;
masters {10.1.1.109};
file "slaves/named.rickzhu.slave";
};
[root@centos7 named]# systemctl start named
7) 主从dns测试
从dns启动服务后检查是否生成数据库文件
[root@nassoftgz slaves]# ll /var/named/slaves/named.rickzhu.slave
-rw-r--r-- 1 named named 281 3月 24 22:18 /var/named/slaves/named.rickzhu.slave
用第三台机器测试解析域名
[root@centos6 ~]# hostname -I
10.1.1.110
[root@centos6 ~]# host www.rickzhu.com 10.1.1.107
Using domain server:
Name: 10.1.1.107
Address: 10.1.1.107#53
Aliases:
www.rickzhu.com has address 1.1.1.1
更新主dns记录,验证是否同步,看从dns数据库文件的修改时间
[root@nassoftgz slaves]# ll /var/named/slaves/named.rickzhu.slave
-rw-r--r-- 1 named named 281 3月 24 22:28 /var/named/slaves/named.rickzhu.slave
2、搭建并实现智能DNS。
1) 安装dns,修改配置文件
[root@centos7 ~]# yum install bind -y
[root@centos7 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
//增加acl配置,定义访问来源
acl guangzhou {
10.0.1.0/24;
};
acl shenzhen {
172.16.1.0/24;
};
acl other {
any;
};
options {
listen-on port 53 { localhost; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//关联域配置文件和acl
view guangzhouview {
match-clients { guangzhou; };
include "/etc/named.rfc1912.zones.guangz";
};
view shenzhenview {
match-clients { shenzhen; };
include "/etc/named.rfc1912.zones.sz";
};
view otherview {
match-clients { other; };
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
2) 增加ip地址(测试用)
为dns服务器增加ip地址:
[root@centos7 ~]#ip a a 172.16.1.1/24 dev ens160
为客户端增加ip地址:
[root@centos6 ~]#ip a a 172.16.1.2/24 dev eth0
3) 准备域配置文件
[root@centos7 ~]# cat /etc/named.rfc1912.zones.guangz
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "rickzhu.com" IN {
type master;
file "named.rickzhu.guangz";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
[root@centos7 ~]# cat /etc/named.rfc1912.zones.sz
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "rickzhu.com" IN {
type master;
file "named.rickzhu.sz";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
[root@centos7 ~]# cat /etc/named.rfc1912.zones.other
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "rickzhu.com" IN {
type master;
file "named.rickzhu.other";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
注意文件的权限:
[root@centos7 ~]# ll -ld /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1165 Mar 28 21:09 /etc/named.rfc1912.zones.other
4) 准备数据库文件
[root@centos7 ~]# cat /var/named/named.rickzhu.guangz
$TTL 1D
@ IN SOA master admin.rickzhu.com. (
20200327 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.1.1.109
www A 1.1.1.1
[root@centos7 ~]# cat /var/named/named.rickzhu.sz
$TTL 1D
@ IN SOA master admin.rickzhu.com. (
20200327 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.1.1.109
www A 2.2.2.2
[root@centos7 ~]# cat /var/named/named.rickzhu.other
$TTL 1D
@ IN SOA master admin.rickzhu.com. (
20200327 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.1.1.109
www A 3.3.3.3
注意文件的权限:
[root@centos7 ~]# ll -ld /var/named/named.rickzhu.other
-rw-r----- 1 root named 186 Mar 28 21:04 /var/named/named.rickzhu.other
5) 测试
[root@centos6 ~]# host www.rickzhu.com 10.1.1.109
Using domain server:
Name: 10.1.1.109
Address: 10.1.1.109#53
Aliases:
www.rickzhu.com has address 1.1.1.1
[root@centos6 ~]# host www.rickzhu.com 172.16.1.1
Using domain server:
Name: 172.16.1.1
Address: 172.16.1.1#53
Aliases:
www.rickzhu.com has address 2.2.2.2
[root@centos7 ~]# host www.rickzhu.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.rickzhu.com has address 3.3.3.3
3、编译安装Mariadb,并启动后可以正常登录
1) 下载mariadb-10.2.25.tar.gz
[root@centos7 ~]# wget http://ftp.hosteurope.de/mirror/archive.mariadb.org//mariadb-10.2.25/source/mariadb-10.2.25
2) 解压
[root@centos7 ~]#tar -xvf mariadb-10.2.25.tar.gz
3) 安装依赖包
[root@centos7 ~]#yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel -y
4) 准备用户和数据目录
[root@centos7 ~]#useradd -r -s /sbin/nologin -d /data/mysql/ mysql
[root@centos7 ~]#mkdir /data/mysql
[root@centos7 ~]#chown mysql.mysql /data/mysql
5) 编译
[root@centos7 ~]#cd mariadb-10.2.18/
[root@centos7 ~]#cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
4) 安装
[root@centos7 ~]#make && make install
5) 准备环境变量
[root@centos7 ~]#echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos7 ~]#. /etc/profile.d/mysql.sh
6) 生成数据库文件
[root@centos7 ~]#cd /app/mysql/
[root@centos7 ~]#scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
7) 准备配置文件
[root@centos7 ~]#cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
8) 准备启动脚本
[root@centos7 ~]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
Starting mysqld (via systemctl): [ OK ]
9) 启动服务
[root@centos7 ~]#chkconfig --add mysqld ;service mysqld start
10) 登录mysql
[root@centos7 mysql]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.25-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>