全程和就业
1、简述DNS服务器原理,并搭建主-辅服务器。
1.1 DNS服务器原理--当用户在浏览器输入某个域名访问时:
- 浏览器会先查看DNS缓存,如果缓存有该域名的A记录,就会直接访问目标主机
- 如果缓存中没有该域名记录,浏览器会查看hosts文件中静态记录的域名记录,如果有该域名记录,就会直接访问该目标主机
- 如果hosts文件也没有该记录,浏览器就会向DNS服务器发起查询请求,DNS服务器收到该请求,会查看缓存中是否有该记录,有就直接返回给浏览器
- 如果DNS服务器也没有该记录,DNS服务器就会代替浏览器向根域发起请求
- 根域会返回请求域名的一级域名,例如.com、.cn等主机的记录
- DNS服务器就会向一级域名去请求,一级域名通常会返回二级域名的记录
- DNS服务器再向二级域名去请求,直到最后返回完全匹配域名的A记录,浏览器就可以访问目标主机了
1.2 DNS主从服务器实现
环境准备:
主DNS服务器:10.0.0.47
从DNS服务器:10.0.0.57
web服务器:10.0.0.67
client服务器:10.0.0.17
- 主DNS服务器配置:
#安装bind服务
[root@localhost ~]# yum -y install bind
#修改监听地址和允许slave进行区域传输
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; 注释这行
// listen-on-v6 port 53 { ::1; }; 注释这行
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; 注释这行
allow-transfer { 10.0.0.57; };
···
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# 编辑zones文件,添加下面行
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "magedu.net" {
type master;
file "magedu.net.zone";
};
[root@localhost ~]#
#复制zone文件,修改域名记录
[root@localhost ~]# cp -a /var/named/named.localhost /var/named/magedu.net.zone #复制zone文件
[root@localhost ~]# vim /var/named/magedu.net.zone
[root@localhost ~]# cat /var/named/magedu.net.zone
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
www A 10.0.0.67
#检查配置文件并启动服务
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone magedu.net /var/named/magedu.net.zone
zone magedu.net/IN: loaded serial 0
OK
[root@localhost ~]#
[root@localhost ~]# systemctl enable --now named
- 从DNS服务器配置:
#安装bind服务
[root@localhost ~]# yum -y install bind
#修改监听地址和不允许其他主机进行区域传输
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer { none; };
···
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#修改zones文件,添加zone
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "magedu.net" {
type slave;
masters {10.0.0.47;};
file "slaves/magedu.net.slave";
};
···
#检查配置文件并启动
[root@localhost ~]# named-checkconf
[root@localhost ~]#
[root@localhost ~]# systemctl enable --now named
#检查是否生成区域数据库文件
[root@localhost ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 277 Jan 11 12:02 magedu.net.slave
- web服务器配置:
[root@localhost ~]# yum -y install httpd^C
[root@localhost ~]# echo "www.magedu.net" > /var/www/html/index.html
[root@localhost ~]# systemctl start httpd
[root@localhost ~]#
- clinet配置:
#编辑网卡配置文件,修改DNS指向10.0.0.47
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
UUID=5ad59cea-b2e7-4db4-bbc5-5bb3cca39d14
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.2
#DNS1=180.76.76.76
DNS1=10.0.0.47
DNS2=10.0.0.57
#重启网卡
[root@localhost ~]# nmcli con reload
[root@localhost ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.47
nameserver 10.0.0.57
#通过域名访问web服务器,测试解析是否成功
[root@localhost ~]# curl www.magedu.net
www.magedu.net
[root@localhost ~]#
#测试停止主DNS服务器
[root@localhost ~]# hostname -I
10.0.0.47
[root@localhost ~]# systemctl stop named
#再访问web,dig看到SERVER已经变成了10.0.0.57
[root@localhost ~]# curl www.magedu.net
www.magedu.net
[root@localhost ~]# dig www.magedu.net
···
;; Query time: 0 msec
;; SERVER: 10.0.0.57#53(10.0.0.57)
;; WHEN: Mon Jan 11 12:30:06 CST 2021
;; MSG SIZE rcvd: 132
[root@localhost ~]#
2、搭建并实现智能DNS。
2.1环境准备:
假设10.0.0.0/24网段是bj,172.16.0.0/24是sh,192.168.0.0/24是other
DNS服务器:eth0:10.0.0.47 eth1:172.16.0.47 eth2:192.168.0.47
web服务器1:10.0.0.77
web服务器2:172.16.0.77
web服务器3:192.168.0.77
client服务器:10.0.0.17
client服务器:172.16.0.17
client服务器:192.168.0.17
2.2 DNS服务器配置:
- 安装bind服务
[root@localhost ~]# yum -y install bind
- 修改DNS主配置文件/etc/named.conf 添加acl规则
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
acl bjnet {
10.0.0.0/24;
};
acl shnet {
172.16.0.0/24;
};
acl othernet {
any;
};
- 注释DNS主配置文件/etc/named.conf 某些行
options {
// listen-on port 53 { 127.0.0.1; }; 注释这行
// listen-on-v6 port 53 { ::1; }; 注释这行
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; 注释这行
- 修改DNS主配置文件/etc/named.conf 添加匹配规则的视图
view bjview {
match-clients { bjnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shview {
match-clients { shnet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
- 分别编辑区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones.bj
[root@localhost ~]# cat /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.net" {
type master;
file "magedu.net.zone.bj";
};
[root@localhost ~]# cp /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh
[root@localhost ~]# vim /etc/named.rfc1912.zones.sh
[root@localhost ~]# cat /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.net" {
type master;
file "magedu.net.zone.sh";
};
[root@localhost ~]# cp /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.other
[root@localhost ~]# vim /etc/named.rfc1912.zones.other
[root@localhost ~]# cat /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.net" {
type master;
file "magedu.net.zone.other";
};
[root@localhost ~]#
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.bj
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.sh
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.other
[root@localhost ~]#
- 创建区域数据库文件
[root@localhost ~]# vim /var/named/magedu.net.zone.bj
[root@localhost ~]# cat /var/named/magedu.net.zone.bj
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
websrv A 10.0.0.77
www CNAME websrv
[root@localhost ~]# vim /var/named/magedu.net.zone.sh
[root@localhost ~]# cat /var/named/magedu.net.zone.sh
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
websrv A 172.16.0.77
www CNAME websrv
[root@localhost ~]# vim /var/named/magedu.net.zone.other
[root@localhost ~]# cat /var/named/magedu.net.zone.other
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
websrv A 192.168.0.77
www CNAME websrv
[root@localhost ~]#
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.bj
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.sh
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.other
- 检查配置文件并启动服务
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone magedu.net /var/named/magedu.net.zone
zone magedu.net/IN: loaded serial 0
OK
[root@localhost ~]#
[root@localhost ~]# systemctl enable --now named
- 准备三个不同地区的web
#web服务器1:10.0.0.77
[root@localhost ~]# cat /var/www/html/index.html
bj www.magedu.net
[root@localhost ~]#
#web服务器2:172.16.0.77
[root@localhost ~]# cat /var/www/html/index.html
sh www.magedu.net
[root@localhost ~]#
#web服务器3:192.168.0.77
[root@localhost ~]# cat /var/www/html/index.html
other www.magedu.net
[root@localhost ~]#
- client服务器:10.0.0.17访问测试
[root@localhost ~]# curl www.magedu.net
bj www.magedu.net
[root@localhost ~]#
- client服务器:172.16.0.17访问测试
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.16.0.47
nameserver 172.16.0.57
[root@localhost ~]# curl www.magedu.net
sh www.magedu.net
[root@localhost ~]#
- client服务器:192.168.0.17访问测试
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.47
nameserver 192.168.0.57
[root@localhost ~]# curl www.magedu.net
other www.magedu.net
[root@localhost ~]#
3、编译安装Mariadb,并启动后可以正常登录
- 安装依赖包
[root@localhost ~]# yum -y install bison bison-devel zlib-devel libcurl-devel \
libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
- 创建用户和数据存放目录
[root@localhost ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@localhost ~]# mkdir /data/mysql
[root@localhost ~]# chown mysql.mysql /data/mysql
[root@localhost ~]#
- 解压源码包并编译安装
[root@localhost ~]# tar xf mariadb-10.5.8.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/mariadb-10.5.8
[root@localhost mariadb-10.5.8]# cmake . \
-DCMAKE_INSTALL_PREFIX=/apps/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
- 准备环境变量
[root@localhost mariadb-10.5.8]# echo "PATH=/apps/mysql/bin:$PATH" > /etc/profile.d/mysql.sh
[root@localhost mariadb-10.5.8]# . /etc/profile.d/mysql.sh
[root@localhost mariadb-10.5.8]#
- 生成数据库文件
[root@localhost mariadb-10.5.8]# cd /apps/mysql/
[root@localhost mysql]#
[root@localhost mysql]# scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
- 准备配置文件
[root@localhost mysql]# vim /etc/my.cnf
[root@localhost mysql]# cat /etc/my.cnf
[mysqld]
datadir=/data/mysql
socket=/data/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
[root@localhost mysql]#
- 准备启动脚本
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@localhost mysql]# chkconfig --add mysqld
- 启动MySQL
[root@localhost mysql]# service mysqld start
Starting mysqld (via systemctl): [ OK ]
[root@localhost mysql]#
[root@localhost mysql]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 80 [::]:3306 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@localhost mysql]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.5.8-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
架构