文章目录
1、简述DNS服务器原理,并搭建主-辅服务器
1.1 DNS服务器原理:
1.2 安装DNS服务:
设置192.168.0.10为主服务器,192.168.0.11为从服务器,192.168.0.103为web服务器
1.2.1 主服务器搭建:
[root@centos7 ~]# yum -y install bind bind-utils
[root@centos7 ~]# cat /usr/lib/systemd/system/named.service
修改配置文件:
[root@centos7 ~]# vim /etc/named.conf
#下面两行用//注释
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
#或者改成
listen-on port 53 { localhost; };
allow-query { any; };
#检查配置文件语法
[root@centos7 ~]# named-checkconf
创建数据库:
[root@centos7 ~]# vi /etc/named.rfc1912.zones
#添加正向解析
zone "zyx.org" IN {
type master;
file "zyx.org.zone";
};
#添加反向解析
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
[root@centos7 ~]# cd /var/named/
#正向解析
[root@centos7 named]# vim zyx.org.zone
#添加内容
$TTL 1D
@ IN SOA master admin.zyx.org. ( 20200219 1D 10M 3D 2H )
NS master
NS slave
master A 192.168.0.10
slave A 192.168.0.11
websrv A 192.168.0.103
www CNAME websrv
* CNAME websrv
@ A 192.168.0.103
#反向解析
[root@centos7 named]# cp -p named.loopback 192.168.0.zone
[root@centos7 named]# vim 192.168.0.zone
#添加内容
$TTL 1D
@ IN SOA master.zyx.org. admin.zyx.org. (
20200219 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master.zyx.org.
master.zyx.org. A 192.168.0.10
103 PTR www.zyx.org.
#修改权限
[root@centos7 named]# chgrp named zyx.org.zone
[root@centos7 named]# chmod o= zyx.org.zone
[root@centos7 named]# ll -d zyx.org.zone
-rw-r----- 1 root named 182 Feb 19 10:37 zyx.org.zone
#检查语法
[root@centos7 ~]# named-checkzone zyx.org /var/named/zyx.org.zone
zone zyx.org/IN: loaded serial 20200219
OK
[root@centos7 ~]# named-checkzone 0.168.192.in-addr.arpa /var/named/192.168.0.zone
/var/named/192.168.0.zone:9: ignoring out-of-zone data (master.zyx.org)
zone 0.168.192.in-addr.arpa/IN: loaded serial 0
OK
启动服务:
[root@centos7 ~]# systemctl start named
测试:
[root@centos7 ~]# host www.baidu.com 192.168.0.10
#在centos6上域名正向解析测试
[root@centos6 ~]# dig www.zyx.org @192.168.0.10
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> www.zyx.org @192.168.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23500
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.zyx.org. IN A
;; ANSWER SECTION:
www.zyx.org. 86400 IN CNAME websrv.zyx.org.
websrv.zyx.org. 86400 IN A 192.168.0.103
;; AUTHORITY SECTION:
zyx.org. 86400 IN NS master.zyx.org.
;; ADDITIONAL SECTION:
master.zyx.org. 86400 IN A 192.168.0.10
;; Query time: 1 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Wed Feb 19 11:39:25 2020
;; MSG SIZE rcvd: 103
#本机域名反向解析测试
[root@centos7 ~]# dig -x 192.168.0.103
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x 192.168.0.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5470
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
103.0.168.192.in-addr.arpa. 86400 IN PTR www.zyx.org.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS master.zyx.org.
;; ADDITIONAL SECTION:
master.zyx.org. 86400 IN A 192.168.0.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 19 13:52:51 CST 2020
;; MSG SIZE rcvd: 117
#交互式测试
[root@centos6 ~]# nslookup
> server 192.168.0.10
Default server: 192.168.0.10
Address: 192.168.0.10#53
> www.zyx.org
Server: 192.168.0.10
Address: 192.168.0.10#53
www.zyx.org canonical name = websrv.zyx.org.
Name: websrv.zyx.org
Address: 192.168.0.103
安全加固:
[root@centos7 named]# vim /etc/named.conf
#添加
allow-transfer { 192.168.0.11; };
1.2.2 从服务器搭建:
[root@centos7 ~]# yum -y install bind
配置/etc/named.conf文件和主服务器一样
安全加固:
[root@centos7 named]# vim /etc/named.conf
#添加
allow-transfer { none; };
配置named.rfc1912.zones文件:
[root@centos7 ~]# vi /etc/named.rfc1912.zones
#添加内容
zone "zyx.org" IN {
type slave;
masters {192.168.0.10;};
file "slaves/zyx.org.zone.slave";
};
启动服务:
[root@centos7 ~]# systemctl start named
注:修改主服务器配置文件时需要同时修改序列号,不然从服务器不会实时同步。
2、搭建并实现智能DNS
配置named.conf文件:
#添加acl
[root@centos7 ~]# vim /etc/named.conf
#在开头添加
acl beijingnet {
192.168.0.0/24;
};
acl shanghainet {
192.168.1.0/24;
};
acl othernet {
any;
};
#添加view
view beijingview {
match-clients { beijingnet; };
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients { shanghainet; };
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { othernet; };
include "/etc/named.rfc1912.zones.other";
};
准备三套域文件:
[root@centos7 ~]# cd /var/named/
[root@centos7 named]# cp -p zyx.org.zone zyx.org.zone.bj
[root@centos7 named]# cp -p zyx.org.zone zyx.org.zone.sh
[root@centos7 named]# cp -p zyx.org.zone zyx.org.zone.other
#配置北京域名
[root@centos7 named]# vim zyx.org.zone.bj
$TTL 1D
@ IN SOA master admin.zyx.org. ( 20200219 1D 10M 3D 2H )
NS master
master A 192.168.0.10
websrv A 1.1.1.1
www CNAME websrv
#配置上海域名
[root@centos7 named]# vim zyx.org.zone.sh
$TTL 1D
@ IN SOA master admin.zyx.org. ( 20200219 1D 10M 3D 2H )
NS master
master A 192.168.0.10
websrv A 2.2.2.2
www CNAME websrv
#配置其他域名
[root@centos7 named]# vim zyx.org.zone.other
$TTL 1D
@ IN SOA master admin.zyx.org. ( 20200219 1D 10M 3D 2H )
NS master
master A 192.168.0.10
websrv A 3.3.3.3
www CNAME websrv
准备三套域配置文件:
#复制根配置到域配置文件里
zone "." IN {
type hint;
file "named.ca";
};
[root@centos7 etc]# cp -p named.rfc1912.zones named.rfc1912.zones.bj
[root@centos7 etc]# cp -p named.rfc1912.zones named.rfc1912.zones.sh
[root@centos7 etc]# cp -p named.rfc1912.zones named.rfc1912.zones.other
#北京
[root@centos7 etc]# vim named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "zyx.org" IN {
type master;
file "zyx.org.zone.bj";
};
#上海
[root@centos7 etc]# vim named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "zyx.org" IN {
type master;
file "zyx.org.zone.sh";
};
#其他
[root@centos7 etc]# vim named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "zyx.org" IN {
type master;
file "zyx.org.zone.other";
};
语法检查:
[root@centos7 ~]# named-checkconf
[root@centos7 ~]# named-checkzone bingjingnet /var/named/zyx.org.zone.bj
zone bingjingnet/IN: loaded serial 20200219
OK
[root@centos7 ~]# named-checkzone shanghainet /var/named/zyx.org.zone.sh
zone shanghainet/IN: loaded serial 20200219
OK
[root@centos7 ~]# named-checkzone othernet /var/named/zyx.org.zone.other
zone othernet/IN: loaded serial 20200219
OK
启动服务:
[root@centos7 ~]# systemctl start named
3、编译安装Mariadb,并启动后可以正常登录
3.1 yum源安装
配置yum源:
[root@centos7 ~]# vim /etc/yum.repos.d/CentOS-Base.repo
#添加镜像
[mariadb]
name = MariaDB
baseurl = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/10.2/centos7-amd64/
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
[root@centos7 ~]# yum clean all
[root@centos7 ~]# yum makecache
安装MariaDB:
[root@centos7 ~]# yum -y install MariaDB-server
#登录密码默认为空:
[root@centos7 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.31-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
3.2 二进制安装
下载二进制文件:
[root@centos7 ~]# wget https://downloads.mariadb.org/interstitial/mariadb-10.2.31/bintar-linux-x86_64/mariadb-10.2.31-linux-x86_64.tar.gz
#清华大学镜像源
[root@centos7 ~]# wget https://mirrors.tuna.tsinghua.edu.cn/mariadb/mariadb-10.5.2/bintar-linux-x86_64/mariadb-10.5.2-linux-x86_64.tar.gz
创建账户:
[root@centos7 ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@centos7 ~]# mkdir /data/mysql
[root@centos7 ~]# chown mysql.mysql /data/mysql
安装:
[root@centos7 ~]# tar zxvf mariadb-10.2.31-linux-x86_64.tar.gz -C /usr/local/
[root@centos7 ~]# cd /usr/local/
[root@centos7 local]# ln -s mariadb-10.2.31-linux-x86_64 mysql
[root@centos7 local]# cd mysql
#安装
[root@centos7 mysql]# ./scripts/mysql_install_db --datadir=/data/mysql --user=mysql
[root@centos7 mysql]# mkdir /etc/mysql
#创建配置文件
[root@centos7 mysql]# cp support-files/my-huge.cnf /etc/mysql/my.cnf
#修改数据默认路径
[root@centos7 mysql]# sed -i '/\[mysqld\]/adatadir=\/data\/mysql' /etc/mysql/my.cnf
[root@centos7 mysql]# cp support-files/mysql.server /etc/init.d/mysqld
#设置开机启动
[root@centos7 mysql]# chkconfig --add mysqld
[root@centos7 mysql]# chkconfig --list
#配置环境变量
[root@centos7 mysql]# echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos7 mysql]# . /etc/profile.d/mysql.sh
[root@centos7 mysql]# service mysqld start
#配置安全项目
[root@centos7 mysql]# mysql_secure_installation
#登录
[root@centos7 mysql]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 10.2.31-MariaDB-log MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
[root@centos7 mysql]# service mysqld start
#配置安全项目
[root@centos7 mysql]# mysql_secure_installation
#登录
[root@centos7 mysql]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 10.2.31-MariaDB-log MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
3.3 源码编译安装
下载源码包:
[root@centos7 ~]# wget https://downloads.mariadb.org/interstitial/mariadb-10.2.31/source/mariadb-10.2.31.tar.gz
安装包:
[root@centos7 ~]# yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-
devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-
devel libevent-devel libaio-devel libdb-cxx-devel -y
创建用户和数据目录:
[root@centos7 ~]# useradd –r –s /sbin/nologin –d /data/mysql/ mysql
[root@centos7 ~]# mkdir /data/mysql
[root@centos7 ~]# chown mysql.mysql /data/mysql
[root@centos7 ~]# tar xvf mariadb-10.2.31.tar.gz
cmake编译安装:
[root@centos7 ~]# cd mariadb-10.2.31/
[root@centos7 mariadb-10.2.31]# cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
[root@centos7 mariadb-10.2.31]# make && make install
#提示:如果出错,执行rm -f CMakeCache.txt
后面与二进制安装一样