1、简述DNS服务器原理,并搭建主-辅服务器
主服务器端配置:
[root@localhost ~]# yum install -y bind*
[root@localhost ~]# cat /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #在所有本机网络监听
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; #允许所有查询的主机
allow-transfer {192.168.117.129; }; #允许区域传送的主机
[root@localhost named]# cat /etc/named.rfc1912.zones
zone "liuhua.com" IN {
type master;
file "liuhua.com.zone";
};
[root@localhost named]# vim /var/named/liuhua.com.zone #建立zone库
$TTL 86400
@ IN SOA ns1 admin (2 3H 10M 12H 1H )
NS ns1
liuhua.com. A 192.168.117.130
ns1 A 192.168.117.130
@ MX 10 mailsrv
mailsrv A 192.168.117.130
ftp A 1.1.1.1
db A 2.2.2.2
www CNAME websrv
websrv A 192.168.117.130
辅服务器端配置:
[root@localhost ~]# cat /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #在所有本机网络监听
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; #允许所有查询的主机
[root@localhost named]# vim /etc/named.rfc1912.zones #修改配置文件,指定主master服务器
zone "liuhua.com" {
type slave;
masters {192.168.117.130;};
file "slaves/liuhua.com.zone.slave";
};
[root@localhost named]# named-checkconf #检查语法是否有问题
[root@localhost named]# systemctl restart named.service #重启服务
[root@localhost slaves]# ll /var/named/slaves/ #查看文件是否生成
-rw-r--r-- 1 named named 529 Mar 23 04:35 liuhua.com.zone.slave
验证DNS服务器是否成功
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.117.129
[root@localhost ~]# dig www.liuhua.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.liuhua.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28531
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.liuhua.com. IN A
;; ANSWER SECTION:
www.liuhua.com. 86400 IN CNAME websrv.liuhua.com.
websrv.liuhua.com. 86400 IN A 192.168.117.130
;; AUTHORITY SECTION:
liuhua.com. 86400 IN NS ns1.liuhua.com.
;; ADDITIONAL SECTION:
ns1.liuhua.com. 86400 IN A 192.168.117.130
;; Query time: 0 msec
;; SERVER: 192.168.117.129#53(192.168.117.129)
;; WHEN: Mon Mar 23 06:11:44 GMT 2020
;; MSG SIZE rcvd: 114
2、搭建并实现智能DNS
CDN简单逻辑图
在服务器配置文件下创建N个acl、创建view视图,将符合的ACL与对应的数据库匹配(删除根DNS)
[root@localhost ~]# cat /etc/named.conf
acl beijingnet { #三个ACL
192.168.1.0/24;
192.168.10.0/24;
};
acl shanghainet{
192.168.2.0/24;
192.168.12.0/24;
};
acl othernet {
any;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#三个view
view view_beijing {
match-clients { beijingnet;}; #对应ACL
include "/etc/named.rfc1912.zones.bj"; #对应相应的域配置文件,对应下述配置文件
};
view view_shanghai {
match-clients { shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view view_other {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
新加对应named.conf中的配置文件,
[root@localhost named]# cat /etc/named.rfc1912.zones.bj
zone "liuhua.com" {
type master;
file "liuhua.com.zone.bj";
};
[root@localhost named]# cat /etc/named.rfc1912.zones.sh
zone "liuhua.com" {
type master;
file "liuhua.com.zone.sh";
};
[root@localhost named]# cat /etc/named.rfc1912.zones.other
zone "liuhua.com" {
type master;
file "liuhua.com.zone.other";
};
#修改所属组权限
[root@localhost named]# chgrp named /etc/named.rfc1912.zones*
创建三个数据库zone,对应上述配置文件,
[root@localhost named]# cat /var/named/liuhua.com.zone.bj #名字要跟上面对应
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.117.130
www A 192.168.1.100
[root@localhost named]# cat /var/named/liuhua.com.zone.sh
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.117.130
www A 192.168.2.100
[root@localhost named]# cat /var/named/liuhua.com.zone.other
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.37.7
www A 192.168.3.100
[root@localhost named]# chown root:named /var/namedliuhua.com.zone.* #赋权限
核对配置是否有问题
[root@localhost named]# named-checkconf #无提示则正确
3、编译安装Mariadb,并启动后可以正常登录
安装所缺包
[root@localhost ~]# yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boostdevel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssldevel libevent-devel libaio-devel -y
准备好用户和数据目录
[root@localhost ~]# useradd -r -s /sbin/nologin -d /data/mysql/ mysql
[root@localhost ~]# mkdir -p /data/mysql
[root@localhost ~]# chown mysql.mysql /data/mysql
[root@localhost ~]# tar -xvf mariadb-10.2.31.tar.gz
cmake编译安装
注:cmake的重要特性之一是其独立于源码(out-of-source)的编译功能,即编译工作可以在另一个指定的目录中而非源码目录中进行,这可以保证源码目录不受任何一次编译的影响,因此在同一个源码树上可以进行多次不同的编译,如针对于不同平台编译
编译选项:https://dev.mysql.com/doc/refman/5.7/en/source-configuration-options.html
[root@localhost ~]# cd mariadb-10.2.18/
[root@localhost ~]# cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
#设置环境变量
[root@localhost ~]# echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost ~]# ./etc/profile.d/mysql.sh
#生成数据库文件
[root@localhost ~]# cd /app/mysql/
[root@localhost ~]# scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
#准备配置文件
[root@localhost ~]# cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
#准备启动脚本
[root@localhost ~]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
#启动服务
[root@localhost ~]# chkconfig --add mysqld ;service mysqld start