Linux相关知识的第十六回合
简述DNS服务器原理,并搭建主-辅服务器
DNS
服务原理
1、在浏览器中输入
www.hooper.org
域名,操作系统会先检查自己本地的hosts
文件是否有这个网址映射关系,如果有,就先调用这个IP地址映射,完成域名解析2、如果
hosts
里没有这个域名的映射,则查找本地DNS
解析器缓存,是否有这个网址映射关系,如果有,直接返回,完成域名解析3、如果
hosts
与本地DNS
解析器缓存都没有相应的网址映射关系,首先会找TCP/IP
参数中设置的首选DNS
服务器,在此我们叫它本地DNS
服务器,此服务器收到查询时,如果要查询的域名,包含在本地配置区域资源中,则返回解析结果给客户机,完成域名解析,此解析具有权威性4、如果要查询的域名,不由本地
DNS
服务器区域解析,但该服务器已缓存了此网址映射关系,则调用这个IP地址映射,完成域名解析,此解析不具有权威性5、如果本地
DNS
服务器本地区域文件与缓存解析都失效,则根据本地DNS
服务器的设置(是否设置转发器)进行查询,如果未用转发模式,本地DNS
就把请求发至13台根DNS
,根DNS
服务器收到请求后会判断这个域名(.org
)是谁来授权管理,并会返回一个负责该顶级域名服务器的一个IP。本地DNS
服务器收到IP
信息后,将会联系负责.org
域的这台服务器。这台负责.org
域的服务器收到请求后,如果自己无法解析,它就会找一个管理.org
域的下一级DNS
服务器地址(hooper.org
)给本地DNS服务器。当本地DNS
服务器收到这个地址后,就会找hooper.org
域服务器,重复上面的动作,进行查询,直至找到www.hooper.org
主机6、如果用的是转发模式,此
DNS
服务器就会把请求转发至上一级DNS
服务器,由上一级服务器进行解析,上一级服务器如果不能解析,或找根DNS
或把转请求转至上上级,以此循环。不管是本地DNS
服务器用是是转发,还是根提示,最后都是把结果返回给本地DNS
服务器,由此DNS
服务器再返回给客户机⚠️从客户端到本地
DNS
服务器是属于递归查询
,而DNS
服务器之间就是的交互查询就是迭代查询
部署主辅DNS服务
# Master端安装配置bind为www.hooper.com解析
yum install -y bind
# 编辑bind主配置文件
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; # 注释掉
// listen-on-v6 port 53 { ::1; }; # 注释掉
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query {192.168.168.0/24; }; # 允许192.168.168网段查询
allow-transfer {192.168.168.69;}; # 允许slave进行区域传输
dnssec-enable no; # 关闭
dnssec-validation no; # 关闭
# 编辑include配置文件/etc/named.rfc1912.zones,增加hooper.com.zone
vim /etc/named.rfc1912.zones
zone "hooper.com" IN {
type master;
file "hooper.com.zone";
};
# 创建hooper.com.zone文件
cp -p /var/named/named.localhost /var/named/hooper.com.zone
vim /var/named/hooper.com.zone
$TTL 1D
@ IN SOA master admin.hooper.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slaver # 增加slaver记录
master A 192.168.168.68
slaver A 192.168.168.69 # 增加slaver记录
www A 192.168.168.211
chown named:named /var/named/hooper.com.zone
named-checkconf
[root@master var]# named-checkzone hooper.com /var/named/hooper.com.zone
zone hooper.com/IN: loaded serial 0
OK
systemctl enable --now named
# Slave端安装配置bind
yum install -y bind
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { 192.168.168.0/24; };
allow-transfer {none;}; # 不允许区域传送
dnssec-enable no;
dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "hooper.com" IN {
type slave;
file "slaves/hooper.com";
masters {192.168.168.68;};
};
named-checkconf
systemctl enable --now named
ls /var/named/slaves/
hooper.com
# 验证slave端是否正常解析
host www.hooper.com 192.168.168.69
Using domain server:
Name: 192.168.168.69
Address: 192.168.168.69#53
Aliases:
www.hooper.com has address 192.168.168.211
# 验证主辅之间的数据同步
# 在master端增加A记录
vim /var/named/dongbei.org.zone
$TTL 1D
@ IN SOA master admin.dongbei.org. (
5 ; serial #手动增加版本号
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slaver
master A 192.168.168.68
slaver A 192.168.168.69
www A 192.168.168.211
web1 CNAME www # 新增加
mail A 192.168.168.69 # 新增加
rndc reload
server reload successful
# 用master端查询
host mail.hooper.com 192.168.168.68
Using domain server:
Name: 192.168.168.68
Address: 192.168.168.68#53
Aliases:
mail.hooper.com has address 192.168.168.69
# 用slaver端查询
host mail.hooper.com 192.168.168.69
Using domain server:
Name: 192.168.168.69
Address: 192.168.168.69#53
Aliases:
mail.hooper.com has address 192.168.168.69
搭建并实现智能DNS
# 修改DNS服务器的配置
vim /etc/named.conf
vim /etc/named.conf
acl hoopernet {
192.168.168.0/24;
};
acl nilnet {
192.168.16.0/24;
};
acl othernet {
any;
};
view hooperview {
match-clients { hoopernet;};
include "/etc/named.rfc1912.zones.hooper";
};
view nilview {
match-clients { nilnet;};
include "/etc/named.rfc1912.zones.nil";
};
view otherview {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
options {
// listen-on port 53 { 127.0.0.1; }; # 注释掉
// listen-on-v6 port 53 { ::1; }; # 注释掉
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query {any; }; # 允许192.168.168网段查询
allow-transfer {192.168.168.69;}; # 允许slave进行区域传输
dnssec-enable no; # 关闭
dnssec-validation no; # 关闭
# 创建区域配置文件
vim /etc/named.rfc1912.zones.hooper
zone "." IN {
type hint;
file "named.ca";
};
zone "hooper.com" {
type master;
file "hooper.com.zone.hooper";
};
vim /etc/named.rfc1912.zones.nil
zone "." IN {
type hint;
file "named.ca";
};
zone "hooper.com" {
type master;
file "hooper.com.zone.nil";
};
vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "hooper.com" {
type master;
file "hooper.com.zone.other";
};
chgrp named /etc/named.rfc1912.zones.hooper
chgrp named /etc/named.rfc1912.zones.nil
chgrp named /etc/named.rfc1912.zones.other
# 创建区域数据文件
cp -rp /var/named/hooper.com.zone /var/named/hooper.com.zone.hooper
vim /var/named/hooper.com.zone.hooper
$TTL 1D
@ IN SOA master admin.hooper.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slaver # 增加slaver记录
master A 192.168.168.68
slaver A 192.168.168.69 # 增加slaver记录
websrv A 192.168.168.211
www CNAME websrv
cp -rp /var/named/hooper.com.zone.hooper /var/named/hooper.com.zone.nil
vim /var/named/hooper.com.zone.nil
$TTL 1D
@ IN SOA master admin.hooper.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slaver # 增加slaver记录
master A 192.168.168.68
slaver A 192.168.168.69 # 增加slaver记录
websrv A 192.168.168.11
www CNAME websrv
cp -rp /var/named/hooper.com.zone.hooper /var/named/hooper.com.zone.other
vim /var/named/hooper.com.zone.other
$TTL 1D
@ IN SOA master admin.hooper.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slaver # 增加slaver记录
master A 192.168.168.68
slaver A 192.168.168.69 # 增加slaver记录
websrv A 192.168.168.111
www CNAME websrv
# 检查配置及数据库文件
named-checkconf
named-checkzone hooper.com /var/named/hooper.com.zone.hooper
zone hooper.com/IN: loaded serial 5
OK
named-checkzone hooper.com /var/named/hooper.com.zone.nil
zone hooper.com/IN: loaded serial 5
OK
named-checkzone hooper.com /var/named/hooper.com.zone.other
zone hooper.com/IN: loaded serial 5
OK
rndc reload
server reload successful
# 客户端测试
# 解析测试
host www.hooper.com 192.168.168.68
Using domain server:
Name: 192.168.168.68
Address: 192.168.168.68#53
Aliases:
www.hooper.com is an alias for websrv.hooper.com.
websrv.hooper.com has address 192.168.168.211
host www.hooper.com 192.168.16.130
Using domain server:
Name: 192.168.16.130
Address: 192.168.16.130#53
Aliases:
www.hooper.com is an alias for websrv.hooper.com.
websrv.hooper.com has address 192.168.16.11
host www.hooper.com 172.16.0.130
Using domain server:
Name: 192.168.17.130
Address: 192.168.17.130#53
Aliases:
www.hooper.com is an alias for websrv.hooper.com.
websrv.hooper.com has address 192.168.17.111
通过编译、二进制安装MySQL5.7
# 卸载系统自带的mariadb
yum remove -y mariadb-libs
# 安装MySQL5.7
# 下载压缩包
cd /data/soft
wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-el7-x86_64.tar.gz
tar -zxvf mysql-5.7.26-el7-x86_64.tar.gz
# 将解压缩后的目录移动到指定目录下并更名为mysql
mv mysql-5.7.26-el7-x86_64 /usr/local/mysql
# 添加组及用户
groupadd mysql
useradd -r -g mysql -s /bin/false mysql
# 新建mysql数据存放目录及设置权限
mkdir -p /usr/local/mysql/data
chown -R mysql:mysql /usr/local/mysql/data
chmod 750 /usr/local/mysql/data
# 初始化数据库
/usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
# 输出的结果最后一行,会有一个初始化的root密码,要记录下来,后面第一次登录要用
2021-07-11T07:05:25.453402Z 1 [Note] A temporary password is generated for root@localhost: jDlit0srk9,r
# 创建my.cnf配置文件
vim /etc/my.cnf
[client]
# 本地客户端指定sock路径,必须跟下面服务端配置的socket一致,不然本地找不到sock文件,无法连接直接使用mysql命令登录
socket = /usr/local/mysql/data/mysql.sock
[mysqld]
# 指定用户
user = mysql
# mysql主目录
basedir = /usr/local/mysql
# 数据目录
datadir = /usr/local/mysql/data
# 端口
port = 3306
# pid文件路径
pid-file = /usr/local/mysql/data/mysql.pid
# sock文件路径
socket = /usr/local/mysql/data/mysql.sock
# 错误日志路径
log-error = /usr/local/mysql/data/error.log
# 禁止反向解析hostname和dns,只使用ip进行连接
skip-name-resolve = 1
# 默认的sql_mode配置
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
# 添加环境变量
vim /etc/profile
export PATH=$PATH:/usr/local/mysql/bin
# 复制启动脚本
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
# 启动mysql
systemctl enable mysqld --now