1、简述DNS服务器原理,并搭建主-辅服务器。
1.1 原理:
互联网中,家里的电脑第一次去访问www.mageedu.com 的DNS解析过程:
1、在浏览器里面输入www.mageedu.com ,这个请求就发给了本地DNS服务器(自己的电脑自动获取IP地址,DNS地址。DNS地址可以是由运营商自己搭建的DNS服务器,分配距离本机比较近的dns服务器地址。也可以自己指定,这个就称为本地DNS服务器)。
2、本地DNS服务器收到请求,发现不是自己管理的,就去问根DNS服务器。注意:每个服务器都是知道根服务器是谁。
3、根DNS服务器收到请求后,查看到本次请求的顶级域是自己管理com,然后告知其com服务器的IP地址,让其去询问com服务器。
4、本地DNS服务器收到请求后就去问com服务器。
5、com服务器收到请求后,查看到本次请求的二级域是自己管理的mageedu.com,然后告知其mageedu.com的IP地址,让其去询问。
6、本地DNS服务器收到请求后就去问mageedu.com服务器。
7、mageedu.com服务器收到请求后,查看自己的数据库里有www.mageedu.com 对应的IP地址,然后就就查询结果告知本地DNS服务器。故而mageedu.com就是权威DNS服务器。
8、本地DNS服务器就将得到的结果缓存下来并告知用户,最后用户得到www.mageedu.com 对应的IP地址缓存在本机,并在浏览器里面发起请求目标地址的资源。
后续再次访问www.mageedu.com 时,本机会先查缓存,再去询问本地DNS,本地DNS也会先查它的缓存。
1.2 部署:
1.2.1 实验目的
搭建DNS主从服务器架构,实现DNS服务冗余
1.2.2 环境要求
需要四台主机
DNS主服务器:192.168.0.101
DNS从服务器:192.168.0.102
web客户端:192.168.0.199
DNS客户端:192.168.0.119
1.2.3 前提准备
关闭SElinux
关闭防火墙
时间同步
1.2.4 实现步骤
1.2.4.1 主DNS服务器端配置
1 [root@master ~]# yum install bind -y
2
3 1.允许其它主机请求解析
4 [root@master ~]# vim /etc/named.conf
5 #注释掉下面两行,或者修改关键字
6 // listen-on port 53 { 127.0.0.1; };
7 // allow-query { localhost; };
8 #只允许从服务器进行区域传输
9 allow-transfer {192.168.0.105;};
10 #如果不加上上面那条限制,其它服务器可以直接获取区域信息,有很大的安全隐患,使用以下命令
11 配置如下:
12 options {
13 listen-on port 53 { localhost; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 allow-query { any; };
22 allow-transfer { 192.168.0.105; };
23
24
25 [root@localhost ~]# dig -t axfr magedu.org @192.168.0.101
26
27 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t axfr magedu.org @192.168.0.101
28 ;; global options: +cmd
29 magedu.org. 86400 IN SOA master.magedu.org. admin.magedu.org. 20200223 86400 3600 604800 10800
30 magedu.org. 86400 IN A 192.168.0.199
31 magedu.org. 86400 IN NS master.magedu.org.
32 *.magedu.org. 86400 IN CNAME websrv.magedu.org.
33 master.magedu.org. 86400 IN A 192.168.0.101
34 websrv.magedu.org. 86400 IN A 192.168.0.199
35 www.magedu.org. 86400 IN CNAME websrv.magedu.org.
36 magedu.org. 86400 IN SOA master.magedu.org. admin.magedu.org. 20200223 86400 3600 604800 10800
37 ;; Query time: 1 msec
38 ;; SERVER: 192.168.0.101#53(192.168.0.101)
39 ;; WHEN: Mon Feb 24 21:08:01 CST 2020
40 ;; XFR size: 8 records (messages 1, bytes 227)
41
42 2.添加域名
43 [root@master ~]# vim /etc/named.rfc1912.zones
44 // named.rfc1912.zones:
45 //
46 // Provided by Red Hat caching-nameserver package
47 //
48 // ISC BIND named zone configuration for zones recommended by
49 // RFC 1912 section 4.1 : localhost TLDs and address zones
50 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
51 // (c)2007 R W Franks
52 //
53 // See /usr/share/doc/bind*/sample/ for example named configuration files.
54 //
55 #此处添加
56 zone "magedu.org" IN {
57 type master;
58 file "magedu.org.zone";
59 };
60
61 3.拷贝模板配置文件,如果没有加-p选项,需要修改所有者或权限,名称与上文的file指定的文件名保持一致。
62 # chgrp named /var/named/magedu.org.zone #为了安全,来宾不可有读取此文件的权限。
63 [root@localhost ~]# cp -p /var/named/named.localhost /var/named/magedu.org.zone
64 [root@localhost ~]# ll /var/named/magedu.org.zone
65 -rw-r----- 1 root named 152 Jun 21 2007 /var/named/magedu.org.zone
66
67 4.配置区域数据库
68 注意:要想让主服务器将数据推送给辅助服务器,需要在以下配置中添加从DNS服务器NS记录,当主动要加DNS服务器解析后,还要让序号变大并重载配置才能使得从服务器更新数据记录。
69 [root@localhost ~]# vim /var/named/magedu.org.zone
70 $TTL 1D
71 @ IN SOA master admin.magedu.org. (
72 20200223 ; serial
73 1D ; refresh
74 1H ; retry
75 1W ; expire
76 3H ) ; minimum
77 NS master
78 NS slave
79 master A 192.168.0.101
80 slave A 192.168.0.105
81 websrv A 192.168.0.199
82 www CNAME websrv
83 * CNAME websrv
84 @ A 192.168.0.199
85
86 [root@master ~]# rndc reload
87 server reload successful
1.2.4.2 从DNS服务器配置
[root@localhost ~]# yum install bind -y
[root@localhost ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
#不允许其它主机进行区域传输
allow-transfer { none; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "magedu.org" IN {
type slave;
masters { 192.168.0.101;};
file "slaves/magedu.org.slave";
};
#第一次启动服务,不是第一次启动使用# rndc reload 重载配置即可
[root@localhost ~]# systemctl start named
#查看区域数据库文件是否生成
[root@localhost ~]# ls /var/named/slaves/magedu.org.slave
/var/named/slaves/magedu.org.slave
1.2.4.3 测试
[root@openvpn ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 DNS1=192.168.0.101 DNS2=192.168.0.105 [root@openvpn ~]# nmcli conn reload [root@openvpn ~]# nmcli conn up ens160 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13) [root@openvpn ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.0.101 nameserver 192.168.0.105 #验证从DNS服务器是否可以查询#安装客户端工具[root@openvpn ~]# yum install bind-utils -y [root@openvpn ~]# dig wwwwwww.magedu.org @192.168.0.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> wwwwwww.magedu.org @192.168.0.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1562 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;wwwwwww.magedu.org. IN A ;; ANSWER SECTION: wwwwwww.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 192.168.0.199 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. magedu.org. 86400 IN NS slave.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 slave.magedu.org. 86400 IN A 192.168.0.105 ;; Query time: 1 msec ;; SERVER: 192.168.0.105#53(192.168.0.105) ;; WHEN: Mon Feb 24 21:54:11 CST 2020 ;; MSG SIZE rcvd: 157 [root@openvpn ~]# curl www.magedu.org www.magedu.org #在主服务器上停止DNS服务 [root@master ~]# systemctl stop named #验证从DNS服务器仍然可以查询
2、搭建并实现智能DNS。
2.1 环境要求
需要五台主机
DNS主服务器:192.168.0.101/24,172.16.0.101/24
sh_web服务器:192.168.0.199/24
bj_web服务器2:172.16.0.108/24
DNS客户端1:192.168.0.107/24
DNS客户端2:172.16.0.107/24
2.2 前提准备
关闭SElinux
关闭防火墙
时间同步
2.3 实现步骤
2.3.1 DNS主服务器的网卡配置
[root@master ~]# ip a a 172.16.0.101/24 dev eth0
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:ae:60:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.101/24 brd 192.168.0.255 scope global dynamic eth0
valid_lft 12813sec preferred_lft 12813sec
inet 172.16.0.101/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:feae:6051/64 scope link
valid_lft forever preferred_lft forever
2.3.2 主DNS服务器端配置文件实现view
[root@master ~]# yum install bind -y
1.定义区域地址段,需要在option前面定义;通过view关联acl和定义的DNS数据库;
因为,一旦启用了view,所有的zone都只能定义在view中,故要将配置文件中的根区域重新定义在
各acl指定对应include包含的配置文件中;可在一个acl中定义多个网段。
[root@master ~]# vim /etc/named.conf
acl beijingnet {
172.16.0.0/24;
10.0.0.0/24;
};
acl shanghainet {
192.168.0.0/24;
};
acl other {
any;
};
options {
listen-on port 53 { localhost; };
...
//zone "." IN {
// type hint;
// file "named.ca";
//};
view beijingview {
match-clients { beijingnet; };
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients { shanghainet; };
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { other; };
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
2.3.3 实现区域配置文件
#将/etc/named.conf中注释的根区域信息复制到此配置文件中
[root@master ~]# vim /etc/named.rfc1912.zones
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" IN {
type master;
file "magedu.org.zone";
};
#复制定义的域名配置文件,分别定义三个不同区域的数据库配置文件
[root@master ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj
[root@master ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh
[root@master ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other
[root@master ~]# vim /etc/named.rfc1912.zones.bj
//
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" IN {
type master;
file "magedu.org.zone.bj";
};
[root@master ~]# vim /etc/named.rfc1912.zones.sh
//
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" IN {
type master;
file "magedu.org.zone.sh";
};
[root@master ~]# vim /etc/named.rfc1912.zones.other
//
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" IN {
type master;
file "magedu.org.zone.other";
};
2.3.4 创建区域数据库文件
#定义三个区域数据库配置
[root@master ~]# vim /var/named/magedu.org.zone.bj
$TTL 1D
@ IN SOA master admin.magedu.org. (
20200227 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.0.101
websrv A 192.168.0.108
www CNAME websrv
[root@master ~]# vim /var/named/magedu.org.zone.sh
$TTL 1D
@ IN SOA master admin.magedu.org. (
20200227 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.0.101
websrv A 192.168.0.199
www CNAME websrv
[root@master ~]# vim /var/named/magedu.org.zone.other
$TTL 1D
@ IN SOA master admin.magedu.org. (
20200227 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.0.101
websrv A 3.3.3.3
www CNAME websrv
#重启服务
[root@master ~]# systemctl restart named
2.3.5 实现位于不同区域的两个WEB服务器
# 分别在192.168.0.199和172.16.0.108上配置httpd服务 # yum install httpd # echo "www.magedu.org(shanghai)" > /var/www/html/index.html # echo "www.mageedu.org(beijing)" > /var/www/html/index.html # systemctl start httpd
2.3.6 客户端测试
#客户端测试,使用172.16.0.0的网络访问,解析得到的信息是属于北京的172.16.0.108
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:ae:20:d3 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.107/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::7b48:7fd5:cc93:9a61/64 scope link
valid_lft forever preferred_lft forever
#客户端测试,使用192.168.0.0的网络访问,解析得到的信息是属于上海的192.168.0.199
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:ae:20:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.107/24 brd 192.168.0.255 scope global dynamic eth0
valid_lft 18786sec preferred_lft 18786sec
inet6 fe80::7b48:7fd5:cc93:9a61/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# dig www.magedu.org @192.168.0.101 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.magedu.org @192.168.0.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27876 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 192.168.0.199 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 ;; Query time: 0 msec ;; SERVER: 192.168.0.101#53(192.168.0.101) ;; WHEN: Wed Feb 26 12:08:10 CST 2020 ;; MSG SIZE rcvd: 117 [root@localhost ~]# curl www.magedu.org www.magedu.org(shanghai) #主DNS服务器本地解析得到的是other信息,解析得到的地址是3.3.3.3 [root@localhost ~]# dig www.magedu.org @172.16.0.101 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.magedu.org @172.16.0.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8249 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 172.16.0.108 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 ;; Query time: 2 msec ;; SERVER: 172.16.0.101#53(172.16.0.101) ;; WHEN: Wed Feb 26 12:08:41 CST 2020 ;; MSG SIZE rcvd: 117 [root@localhost ~]# curl www.magedu.org www.magedu.org(beijing) [root@master ~]# dig www.magedu.org @127.0.0.1 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.magedu.org @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24537 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Feb 26 12:09:11 CST 2020 ;; MSG SIZE rcvd: 117
3、编译安装Mariadb,并启动后可以正常登录
(1)安装所需依赖包 [root@localhost ~]# yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel -y (2)做准备用户和数据目录 [root@localhost ~]# useradd -r -s /sbin/nologin -d /data/mysql/ mysql [root@localhost ~]# mkdir -p /data/mysql [root@localhost ~]# chown mysql.mysql /data/mysql [root@localhost ~]# tar xvf mariadb-10.2.25.tar.gz (3)cmake 编译安装 cmake的重要特性之一是其独立于源码(out-of-source)的编译功能,即编译工作可以在另一个指定的目录中 而非源码目录中进行,这可以保证源码目录不受任何一次编译的影响,因此在同一个源码树上可以进行多次不 同的编译,如针对于不同平台编译 编译选项:https://dev.mysql.com/doc/refman/5.7/en/source-configuration-options.html [root@localhost ~]# cd mariadb-10.2.25/ [root@localhost mariadb-10.2.25]# cmake . \ -DCMAKE_INSTALL_PREFIX=/app/mysql \ -DMYSQL_DATADIR=/data/mysql/ \ -DSYSCONFDIR=/etc/ \ -DMYSQL_USER=mysql \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_PARTITION_STORAGE_ENGINE=1 \ -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \ -DWITH_DEBUG=0 \ -DWITH_READLINE=1 \ -DWITH_SSL=system \ -DWITH_ZLIB=system \ -DWITH_LIBWRAP=0 \ -DENABLED_LOCAL_INFILE=1 \ -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci [root@localhost mariadb-10.2.25]# make -j 4 && make install #指定cpu核心,使得编译速度更快 #提示:如果出错,执行rm -f CMakeCache.txt (4)准备环境变量 [root@localhost mariadb-10.2.25]# echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh [root@localhost mariadb-10.2.25]# . /etc/profile.d/mysql.sh (5)生成数据库文件 [root@localhost mariadb-10.2.25]# cd /app/mysql/ [root@localhost mysql]# ./scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql (6)准备配置文件 [root@localhost mysql]# cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf cp: overwrite ‘/etc/my.cnf’? y (7)准备启动脚本 [root@localhost mysql]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld (8)添加服务,并启动服务 [root@localhost mysql]# chkconfig --add mysqld ;service mysqld start Starting mysqld (via systemctl): [ OK ] (9)登入测试 [root@localhost mysql]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.2.25-MariaDB-log Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
来源:https://www.cnblogs.com/mark-dq/p/12344297.html