1、简述DNS服务器原理,并搭建主-辅服务器。
DNS(domain name server),域名解析服务器。dns域结构:是一颗倒树状结构,分为根域、一级域、二级域...127级域。每一级的域名服务器管理自己的子域。
- dns工作原理,以访问www.baidu.com为例:
1) 首先浏览器会查看本地dns,也就是系统的host文件,可以解析的话就返回对应的ip,否则就会查询本地缓存
2) 如果本地缓存不起作用,就把请求发送给网络提供商的dns服务器(例如电信dns服务器),可以解析的话就返回对应的ip或者查询缓存
3) 如果电信dns服务器无法解析,它会把www.baidu.com解析请求发送给根dns服务器。根dns服务器只管理顶级域名,它会返回.com域dns服务器的ip给电信dns服务器
4) 电信dns服务器就会向.com域dns服务器发送www.baidu.com解析请求,它解析不了,但是会返回.baidu.com域的dns服务器ip给电信dns服务器
5) 电信dns服务器就会向.baidu.com域dns服务器发送www.baidu.com解析请求,此dns查询自己的数据库发现有www.baidu.com这个主机的记录,然后把对应的ip返回给电信dns服务器
6)然后电信dns服务器会缓存查询结果,接着把查询结果返回给客户端,客户端就使用ip访问www.baidu.com,最后缓存查询结果。
- 实现主从dns:
1) 安装并配置主dns
[[email protected] ~]# yum install bind -y
[[email protected] etc]# cat named.conf
options {
listen-on port 53 { 10.1.1.109; }; ##把127.0.0.1改为服务器ip地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #把localhost改为any或者具体的ip网段或者ip
allow-transfer {10.1.1.107};
2) 定义解析域
[[email protected] etc]# vim /etc/named.rfc1912.zones
zone "rickzhu.com" IN { ##需要增加的配置
type master;
file "named.rickzhu";
allow-update { none; };
};
3) 创建数据库文件
[[email protected] named]# cat /var/named/named.rickzhu
$TTL 1D
@ IN SOA @ rname.invalid. (
11111 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.1.1.109
A master
A slave
master A 10.1.1.109
slave A 10.1.1.107
www A 1.1.1.1
test A 2.2.2.2
[[email protected] named]# systemctl start named
4) 测试主dns
[[email protected] named]# host www.rickzhu.com 10.1.1.109
Using domain server:
Name: 10.1.1.109
Address: 10.1.1.109#53
Aliases:
www.rickzhu.com has address 1.1.1.1
5) 安装配置从dns服务器
[[email protected] ~]# yum install bind -y
[[email protected] etc]# cat named.conf
options {
listen-on port 53 { 10.1.1.107; }; ##把127.0.0.1改为服务器ip地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #把localhost改为any或者具体的ip网段或者ip
allow-transfer {none};
6) 定义解析域
[[email protected] etc]# vim /etc/named.rfc1912.zones
zone "rickzhu.com" IN { ##需要增加的配置
type slave;
masters {10.1.1.109};
file "slaves/named.rickzhu.slave";
};
[[email protected] named]# systemctl start named
7) 主从dns测试
从dns启动服务后检查是否生成数据库文件
[[email protected] slaves]# ll /var/named/slaves/named.rickzhu.slave
-rw-r--r-- 1 named named 281 3月 24 22:18 /var/named/slaves/named.rickzhu.slave
用第三台机器测试解析域名
[[email protected] ~]# hostname -I
10.1.1.110
[[email protected] ~]# host www.rickzhu.com 10.1.1.107
Using domain server:
Name: 10.1.1.107
Address: 10.1.1.107#53
Aliases:
www.rickzhu.com has address 1.1.1.1
更新主dns记录,验证是否同步,看从dns数据库文件的修改时间
[[email protected] slaves]# ll /var/named/slaves/named.rickzhu.slave
-rw-r--r-- 1 named named 281 3月 24 22:28 /var/named/slaves/named.rickzhu.slave
2、搭建并实现智能DNS。
1) 安装dns,修改配置文件
[[email protected] ~]# yum install bind -y
[[email protected] ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator‘s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
//增加acl配置,定义访问来源
acl guangzhou {
10.0.1.0/24;
};
acl shenzhen {
172.16.1.0/24;
};
acl other {
any;
};
options {
listen-on port 53 { localhost; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//关联域配置文件和acl
view guangzhouview {
match-clients { guangzhou; };
include "/etc/named.rfc1912.zones.guangz";
};
view shenzhenview {
match-clients { shenzhen; };
include "/etc/named.rfc1912.zones.sz";
};
view otherview {
match-clients { other; };
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
2) 增加ip地址(测试用)
为dns服务器增加ip地址:
[[email protected] ~]#ip a a 172.16.1.1/24 dev ens160
为客户端增加ip地址:
[[email protected] ~]#ip a a 172.16.1.2/24 dev eth0
3) 准备域配置文件
[[email protected] ~]# cat /etc/named.rfc1912.zones.guangz
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "rickzhu.com" IN {
type master;
file "named.rickzhu.guangz";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
[[email protected] ~]# cat /etc/named.rfc1912.zones.sz
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "rickzhu.com" IN {
type master;
file "named.rickzhu.sz";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
[[email protected] ~]# cat /etc/named.rfc1912.zones.other
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "rickzhu.com" IN {
type master;
file "named.rickzhu.other";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
注意文件的权限:
[[email protected] ~]# ll -ld /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1165 Mar 28 21:09 /etc/named.rfc1912.zones.other
4) 准备数据库文件
[[email protected] ~]# cat /var/named/named.rickzhu.guangz
$TTL 1D
@ IN SOA master admin.rickzhu.com. (
20200327 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.1.1.109
www A 1.1.1.1
[[email protected] ~]# cat /var/named/named.rickzhu.sz
$TTL 1D
@ IN SOA master admin.rickzhu.com. (
20200327 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.1.1.109
www A 2.2.2.2
[[email protected] ~]# cat /var/named/named.rickzhu.other
$TTL 1D
@ IN SOA master admin.rickzhu.com. (
20200327 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.1.1.109
www A 3.3.3.3
注意文件的权限:
[[email protected] ~]# ll -ld /var/named/named.rickzhu.other
-rw-r----- 1 root named 186 Mar 28 21:04 /var/named/named.rickzhu.other
5) 测试
[[email protected] ~]# host www.rickzhu.com 10.1.1.109
Using domain server:
Name: 10.1.1.109
Address: 10.1.1.109#53
Aliases:
www.rickzhu.com has address 1.1.1.1
[[email protected] ~]# host www.rickzhu.com 172.16.1.1
Using domain server:
Name: 172.16.1.1
Address: 172.16.1.1#53
Aliases:
www.rickzhu.com has address 2.2.2.2
[[email protected] ~]# host www.rickzhu.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.rickzhu.com has address 3.3.3.3
3、编译安装Mariadb,并启动后可以正常登录
1) 下载mariadb-10.2.25.tar.gz
[[email protected] ~]# wget http://ftp.hosteurope.de/mirror/archive.mariadb.org//mariadb-10.2.25/source/mariadb-10.2.25
2) 解压
[[email protected] ~]#tar -xvf mariadb-10.2.25.tar.gz
3) 安装依赖包
[[email protected] ~]#yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel -y
4) 准备用户和数据目录
[[email protected] ~]#useradd -r -s /sbin/nologin -d /data/mysql/ mysql
[[email protected] ~]#mkdir /data/mysql
[[email protected] ~]#chown mysql.mysql /data/mysql
5) 编译
[[email protected] ~]#cd mariadb-10.2.18/
[[email protected] ~]#cmake . -DCMAKE_INSTALL_PREFIX=/app/mysql -DMYSQL_DATADIR=/data/mysql/ -DSYSCONFDIR=/etc/ -DMYSQL_USER=mysql -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITHOUT_MROONGA_STORAGE_ENGINE=1 -DWITH_DEBUG=0 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DENABLED_LOCAL_INFILE=1 -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci
4) 安装
[[email protected] ~]#make && make install
5) 准备环境变量
[[email protected] ~]#echo ‘PATH=/app/mysql/bin:$PATH‘ > /etc/profile.d/mysql.sh
[[email protected] ~]#. /etc/profile.d/mysql.sh
6) 生成数据库文件
[[email protected] ~]#cd /app/mysql/
[[email protected] ~]#scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
7) 准备配置文件
[[email protected] ~]#cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
8) 准备启动脚本
[[email protected] ~]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
Starting mysqld (via systemctl): [ OK ]
9) 启动服务
[[email protected] ~]#chkconfig --add mysqld ;service mysqld start
10) 登录mysql
[[email protected] mysql]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.25-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]>
原文地址:https://blog.51cto.com/rickzhu/2482829