1 简述DNS服务器原理,及主从服务器搭建
1.1 DNS服务器原理
(1)客户机提出域名解析请求,并将该请求发送给本地的域名服务器;
(2)当本地的域名服务器收到请求后,就先查询本地的缓存,如果有该纪录项,则本地的域名服务器就直接把查询的结果返回;
(3)如果本地的缓存中没有该纪录,则本地域名服务器就直接把请道求发给根域名服务器,然后根域名服务器再返回内给本地域名服务器一个所查询域(根的子域) 的主域名服务器的地址;
(4)本地服务器再向上一步返回的域名服务器发送请求,然后接受请求的服务器查询自己的缓存,如果没有该纪录,则返回相关的下级的域名服务器的地址;
(5)重复第四步,直到找到正确的纪录;
(6)本地域名服务器把返回的结果保存到缓存,以备下一次使用,同时还将结果返回给客户容机。
1.2 主服务器搭建
1、安装搭建需要的bind包
[root@localhost ~]# yum install bind*
[root@localhost ~]# systemctl start named #启动服务
2、初步修改主配置文件
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; }; #注释掉,表示监听本机所有IP
// allow-query { localhost; }; #注释掉,表示允许所有
3、创建需定义的域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "jylaowei.com" IN {
type master; #主类型
file "jylaowei.com.zone"; #存放数据的域文件
};
4、创建域文件并配置
[root@localhost ~]# cd /var/named/
[root@localhost named]# touch jylaowei.com.zone
[root@localhost named]# chgrp named jylaowei.com.zone #修改文件属组为named
[root@localhost named]# chmod o= jylaowei.com.zone #去除other所有权限
[root@localhost named]# ll jylaowei.com.zone
-rw-r----- 1 root named 0 Mar 27 19:58 jylaowei.com.zone
[root@localhost named]# vim jylaowei.com.zone
$TTL 1D #整体定义TTL,可继承
@ IN SOA master admin.jylaowei.com. ( #注意须加.,否则会再增加
20200101 #序列号
1D #刷新时间
1H #重连时间
1W #连接不上,断开时间
3H ) #
NS master #当前区域DNS服务器记录
master A 192.168.44.79 #主A记录
webserver A 192.168.44.72 #web服务器A记录
www CNAME webserver #web服务器别名
[root@localhost ~]# named-checkzone jylaowei.com /var/named/jylaowei.com.zone #检查配置语法
zone jylaowei.com/IN: loaded serial 20200101
OK
[root@localhost ~]# rndc reload #重新加载
server reload successful
5、客户端测试
[root@centos7 ~]# dig www.jylaowei.com #dig测试
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.jylaowei.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jylaowei.com. IN A
;; ANSWER SECTION:
www.jylaowei.com. 86400 IN CNAME webserver.jylaowei.com.
webserver.jylaowei.com. 86400 IN A 192.168.44.72
;; AUTHORITY SECTION:
jylaowei.com. 86400 IN NS master.jylaowei.com.
;; ADDITIONAL SECTION:
master.jylaowei.com. 86400 IN A 192.168.44.79
;; Query time: 0 msec
;; SERVER: 192.168.44.79#53(192.168.44.79)
;; WHEN: Fri Mar 27 13:42:09 CST 2020
;; MSG SIZE rcvd: 122
[root@centos7 ~]# curl www.jylaowei.com #上网测试
welcome to chengdu #正常显示配置文本
6、网页测试
在VMNET8虚拟网卡IPv4选项中添加DNS服务器IP地址192.168.44.79,效果如下
DNS01.png
1.3从服务器搭建
1、安装搭建需要的bind包
[root@localhost ~]# yum install bind*
[root@localhost ~]# systemctl start named #启动服务
2、初步修改主配置文件
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; }; #注释掉,表示监听本机所有IP
// allow-query { localhost; }; #注释掉,表示允许所有
3、创建需定义的域
zone "jylaowei.com" IN {
type slave;
masters { 192.168.44.79; };
file "slaves/jylaowei.com.zone.slave";
};
[root@centos7 ~]# systemctl start named
[root@centos7 ~]# ll /var/named/slaves/ #查看是否同步
total 4
-rw-r--r-- 1 named named 339 Mar 27 15:52 jylaowei.com.zone.slave
4、测试验证
[root@centos7 ~]# dig www.jylaowei.com @192.168.44.73
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.jylaowei.com @192.168.44.73
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64467
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jylaowei.com. IN A
;; ANSWER SECTION:
www.jylaowei.com. 86400 IN CNAME webserver.jylaowei.com.
webserver.jylaowei.com. 86400 IN A 192.168.44.72
;; AUTHORITY SECTION:
jylaowei.com. 86400 IN NS master.jylaowei.com.
;; ADDITIONAL SECTION:
master.jylaowei.com. 86400 IN A 192.168.44.79
;; Query time: 1 msec
;; SERVER: 192.168.44.73#53(192.168.44.73)
;; WHEN: Fri Mar 27 15:59:41 CST 2020
;; MSG SIZE rcvd: 122
[root@localhost named]# systemctl stop named #模拟主服务器挂掉
[root@centos7 ~]# cat /etc/resolv.conf #客户端再加入从服务器DNS
# Generated by NetworkManager
search localdomain
nameserver 192.168.44.79
nameserver 192.168.44.73
修改后需重启网络生效
[root@centos7 ~]# dig www.jylaowei.com #不指定DNS主服务器再测试
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.jylaowei.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62253
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jylaowei.com. IN A
;; ANSWER SECTION:
www.jylaowei.com. 86400 IN CNAME webserver.jylaowei.com.
webserver.jylaowei.com. 86400 IN A 192.168.44.72 #解析成功
5、主从同步设置
[root@localhost named]# vim jylaowei.com.zone #主服务器(序列号须增加)
NS slave #添加从NS
NS master
master A 192.168.44.79
slave A 192.168.44.73 #添加从服务器标记和IP
blog A 88.88.88.88 #添加测试IP
[root@localhost named]# systemctl restart named #重启服务
[root@centos7 ~]# ll /var/named/slaves/ #从服务器查看是否同步
total 4
-rw-r--r-- 1 named named 407 Mar 27 16:15 jylaowei.com.zone.slave #时间显示已更新
[root@centos7 ~]# dig blog.jylaowei.com #客户端测试
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> blog.jylaowei.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blog.jylaowei.com. IN A
;; ANSWER SECTION:
blog.jylaowei.com. 86400 IN A 88.88.88.88 #解析成功
6、安全策略设置
[root@localhost named]# vim /etc/named.conf #修改主配置文件
allow-transfer { 192.168.44.73; }; #添加安全策略
[root@localhost named]# systemctl restart named
[root@centos7 ~]# dig -t axfr jylaowei.com @192.168.44.79 #客户端测试能否抓取数据
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t axfr www.jylaowei.com @192.168.44.79
;; global options: +cmd
; Transfer failed. #抓取失败
[root@centos7 ~]# vim /etc/named.conf #从服务器也要设置
allow-transfer { none; }; #拒绝所有
[root@centos7 ~]# systemctl restart named #重启从服务器
[root@centos7 ~]# dig -t axfr jylaowei.com @192.168.44.73
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t axfr jylaowei.com @192.168.44.73
;; global options: +cmd
; Transfer failed. #同样失败
2 搭建智能DNS服务器
搭建DNS服务器过程略去,下面主要是针对智能DNS的配置
2.1 配置主配置文件
[root@laowei05 ~]#vim /etc/named.conf
acl chengdunet {
192.168.0.0/21;
};
acl chongqingnet {
10.0.0.0/24;
};
acl other {
any;
};
.....
#在最下面配置视图添加
view view_chengdu {
match-clients { chengdunet;};
include "/etc/named.rfc1912.zones.cd";
};
view view_chongqing {
match-clients { chongqingnet;};
include "/etc/named.rfc1912.zones.cq";
};
view view_other {
match-clients { other;};
include "/etc/named.rfc1912.zones.oth";
};
2.2 配置域文件
[root@laowei05 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.cd
[root@laowei05 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.cq
[root@laowei05 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.oth
#cd区域配置
[root@laowei05 ~]#vim /etc/named.rfc1912.zones.cd
zone "jyxiaowei.com" IN {
type master;
file "jyxiaowei.com.zone.cd";
};
#cq区域配置
[root@laowei05 ~]#vim /etc/named.rfc1912.zones.cq
zone "jyxiaowei.com" IN {
type master;
file "jyxiaowei.com.zone.cq";
};
#other区域配置
[root@laowei05 ~]#vim /etc/named.rfc1912.zones.oth
zone "jyxiaowei.com" IN {
type master;
file "jyxiaowei.com.zone.oth";
};
[root@laowei05 ~]#chgrp named /etc/named.rfc1912.zones.* #修改用户组
2.3 配置解析库文件
[root@laowei05 ~]#cd /var/named/
[root@laowei05 named]#cp jyxiaowei.com.zone jyxiaowei.com.zone.cd
[root@laowei05 named]#cp jyxiaowei.com.zone jyxiaowei.com.zone.cq
[root@laowei05 named]#cp jyxiaowei.com.zone jyxiaowei.com.zone.oth
#cd区域配置
[root@laowei05 ~]#vim /var/named/jyxiaowei.com.zone.cd
$TTL 1D
@ IN SOA master admin.jyxiaowei.com. (
20200101
1D
1H
1W
3H )
NS master
master A 192.168.7.15
webserver A 1.1.1.1
www CNAME webserver
#cq区域配置
[root@laowei05 ~]#vim /var/named/jyxiaowei.com.zone.cq
$TTL 1D
@ IN SOA master admin.jyxiaowei.com. (
20200101
1D
1H
1W
3H )
NS master
master A 192.168.7.15
webserver A 2.2.2.2
www CNAME webserver
#other区域配置
[root@laowei05 ~]#vim /var/named/jyxiaowei.com.zone.oth
$TTL 1D
@ IN SOA master admin.jyxiaowei.com. (
20200101
1D
1H
1W
3H )
NS master
master A 192.168.7.15
webserver A 3.3.3.3
www CNAME webserver
[root@laowei05 ~]#chgrp /var/named/named magedu.com.zone.* #修改用户组
2.4 客户端验证
为体现效果,先在服务端的网卡添加一个新IP地址,模拟一个地区
[root@laowei05 ~]#ip addr add 10.0.0.225/24 dev ens33 #10网段代表cq区域
#验证192网段
[root@laowei04 ~]#dig www.jyxiaowei.com @192.168.7.15
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.jyxiaowei.com @192.168.7.15
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57474
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jyxiaowei.com. IN A
;; ANSWER SECTION:
www.jyxiaowei.com. 86400 IN CNAME webserver.jyxiaowei.com.
webserver.jyxiaowei.com. 86400 IN A 1.1.1.1 #解析符合配置
;; AUTHORITY SECTION:
jyxiaowei.com. 86400 IN NS master.jyxiaowei.com.
;; ADDITIONAL SECTION:
master.jyxiaowei.com. 86400 IN A 192.168.7.15
;; Query time: 1 msec
;; SERVER: 192.168.7.15#53(192.168.7.15)
;; WHEN: Wed Apr 29 15:55:26 CST 2020
;; MSG SIZE rcvd: 123
#验证10网段
[root@laowei04 ~]#dig www.jyxiaowei.com @10.0.0.225
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.jyxiaowei.com @10.0.0.225
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2906
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jyxiaowei.com. IN A
;; ANSWER SECTION:
www.jyxiaowei.com. 86400 IN CNAME webserver.jyxiaowei.com.
webserver.jyxiaowei.com. 86400 IN A 2.2.2.2 #解析符合配置
;; AUTHORITY SECTION:
jyxiaowei.com. 86400 IN NS master.jyxiaowei.com.
;; ADDITIONAL SECTION:
master.jyxiaowei.com. 86400 IN A 192.168.7.15
;; Query time: 0 msec
;; SERVER: 10.0.0.225#53(10.0.0.225)
;; WHEN: Wed Apr 29 16:06:08 CST 2020
;; MSG SIZE rcvd: 123
#服务端模拟其他网段
[root@laowei05 ~]#dig www.jyxiaowei.com @127.0.0.1
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.jyxiaowei.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jyxiaowei.com. IN A
;; ANSWER SECTION:
www.jyxiaowei.com. 86400 IN CNAME webserver.jyxiaowei.com.
webserver.jyxiaowei.com. 86400 IN A 3.3.3.3 #解析符合配置
;; AUTHORITY SECTION:
jyxiaowei.com. 86400 IN NS master.jyxiaowei.com.
;; ADDITIONAL SECTION:
master.jyxiaowei.com. 86400 IN A 192.168.7.15
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 29 16:28:11 CST 2020
;; MSG SIZE rcvd: 123
3 编译安装mariadb,并启动后可正常登陆
3.1 编译环境安装
[root@laowei06 ~]#yum install vim iotop bc gcc gcc-c++ glibc glibc-devel pcre \
> pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools \
> lrzsz tree ntpdate telnet lsof tcpdump wget libevent libevent-devel \
> bc systemd-devel bash-completion traceroute -y
3.2 解压包
[root@laowei06 ~]#tar xvf mariadb-10.2.31.tar.gz
3.3 创建用户和配置数据目录
[root@laowei06 ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@laowei06 ~]#mkdir /data/mysql
[root@laowei06 ~]#chown mysql.mysql /data/mysql/
3.4 编译安装
[root@laowei06 ~]#cd mariadb-10.2.31/
[root@laowei06 mariadb-10.2.31]#cmake . \
> -DCMAKE_INSTALL_PREFIX=/app/mysql \
> -DMYSQL_DATADIR=/data/mysql/ \
> -DSYSCONFDIR=/etc/ \
> -DMYSQL_USER=mysql \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PARTITION_STORAGE_ENGINE=1 \
> -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
> -DWITH_DEBUG=0 \
> -DWITH_READLINE=1 \
> -DWITH_SSL=system \
> -DWITH_ZLIB=system \
> -DWITH_LIBWRAP=0 \
> -DENABLED_LOCAL_INFILE=1 \
> -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
> -DDEFAULT_CHARSET=utf8 \
> -DDEFAULT_COLLATION=utf8_general_ci
[root@laowei06 mariadb-10.2.31]#make -j 4
[root@laowei06 mariadb-10.2.31]#make install
3.5 准备环境变量
[root@laowei06 ~]#echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@laowei06 ~]#. /etc/profile.d/mysql.sh
3.6 生成数据库文件
[root@laowei06 ~]#cd /app/mysql/
[root@laowei06 mysql]#scripts/mysql_install_db --datadir=/data/mysql --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql' ...
OK
3.7 准备配置文件
[root@laowei06 mysql]#cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
cp: overwrite ‘/etc/my.cnf’? y
3.8 准备启动脚本
[root@laowei06 mysql]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@laowei06 mysql]#cd
3.9 加入自启服务
[root@laowei06 ~]#chkconfig --add mysqld
3.10 启动服务
[root@laowei06 ~]#service mysqld start
Starting mysqld (via systemctl): [ OK ]
3.11 端口查看
[root@laowei06 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 80 :::3306 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
3.12 登陆验证
[root@laowei06 ~]#mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.31-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>