一、DNS服务器原理
DNS(domain name system)域名系统或者(domain named system)区域名称服务,分为正向与反向域名解析,适用C/S,端口路53/udp,53/tcp,属于应用层协议;
通常人们上网都是通过输入网址进行访问的,比如www.baid.com,这个也叫作域名。但实际上网络访问的底层还是通过ip进行的,比如输入36.152.44.96这个ip地址依然可以访问百度。人的记忆是有限的,不可能去记住众多网站的ip地址,dns就可以解决这个问题,将域名解析成ip地址。
1、当应用过程需要将一个主机域名映射为IP地址时,就会将将待转换的域名放在DNS请求中,以UDP报文方式发给本地域名服务器
2、本地的域名服务器查到域名后,将对应的IP地址放在应答报文中返回;
3、同时域名服务器还必须具有连向其他服务器的信息以支持不能解析时的转发;
4、若域名服务器不能回答该请求,则此域名服务器就暂成为DNS中的另一个客户,向根域名服务器发出请求解析,根域名服务器一定能找到下面的所有二级域名的域名服务器,这样以此类推,一直向下解析,直到查询到所请求的域名
2、搭建主-辅服务器
DNS主服务器:172.16.10.1
DNS辅服务器:172.16.10.2
DNS子域主服务器:172.16.10.3
2.1配置主DNS服务器正向解析
yum -y install bind bind-utils
systemctl start named
systemctl enable named.service
2.1.1) 配置vim /etc/resolv.conf
2.1.2)配置vim /etc/named.conf
2.1.3)配置解析一个正向区域
vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053101
1H
10M
3D
1D )
IN NS ns1
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 172.16.10.1
MX1 IN A 172.16.10.11
MX2 IN A 172.16.10.12
www IN A 172.16.10.1
web IN CNAME www
bbs IN A 172.16.10.13
bbs IN A 172.16.10.14
2.1.4)修改权限,检测语法
chgrp named /var/named/test.com.zone
chmod o= /var/named/test.com.zone
#修改新键的区域数据文件权限
named-checkconf
named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053101
OK
2.1.5)服务器重载配置文件和区域数据文件
2.1.6)测试正向解析
2.2配置主服务器反向解析
2.2.1)修改vim /etc/named.rfc1912.zones
vim /etc/named.rfc1912.zones
zone "10.16.172.in-addr.arpa" IN {
type master;
file "172.16.10.zone";
};
2.2.2建立反向区域数据文件
cat /var/named/172.16.10.zone
$TTL 3600
$ORIGIN 10.16.172.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
2018060101
1H
10M
3D
12H )
IN NS ns1.test.com.
1 IN PTR ns1.test.com.
11 IN PTR mx1.test.com.
12 IN PTR mx2.test.com.
13 IN PTR bbs.test.com.
14 IN PTR bbs.test.com.
1 IN PTR www.test.com.
2.2.3修改反向区域文件权限,检测语法
chgrp named /var/named/172.16.10.zone
chmod o= /var/named/172.16.10.zone
named-checkconf
named-checkzone 10.16.172.in-addr.arpa /var/named/172.16.10.zone
zone 10.16.172.in-addr.arpa/IN: loaded serial 2018060101
OK
2.2.4主服务器反向解析测试
2.3设置辅DNS服务器
yum -y install bind bind-utils
systemctl start named
systemctl enable named.service
2.3.1设置辅DNS服务器
vim /etc/resolv.conf
nameserver 172.16.10.2
vim /etc/named.conf
listen-on port 53 { 172.16.10.2; };
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
2.3.2辅服务器的正向区域
vim /etc/named.rfc1912.zones
zone "test.com" IN {
type slave;
file "slaves/test.com.zone";
masters { 172.16.10.1; };
};
2.3.3修改主DNS服务器配置
[root@localhost ~]# vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053102
1H
10M
3D
1D )
IN NS ns1
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 172.16.10.1
ns2 IN A 172.16.10.2
MX1 IN A 172.16.10.11
MX2 IN A 172.16.10.12
www IN A 172.16.10.1
web IN CNAME www
bbs IN A 172.16.10.13
bbs IN A 172.16.10.14
[root@localhost ~]named-checkzone test.com /var/named/test.com.zone
[root@localhost ~]rndc reload
2.3.4辅服务器同步
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 533 Jan 15 04:18 test.com.zone
2.3.5测试辅服务器解析网址
2.3.6辅服务器反向区域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "10.16.172.in-addr.arpa" IN {
type slave;
file "slaves/172.16.10.zone";
masters { 172.16.10.1; };
2.3.7主服务器增加
vim /var/named/172.16.10.zone
$TTL 3600
$ORIGIN 10.16.172.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
2018060101
1H
10M
3D
12H )
IN NS ns1.test.com.
IN NS ns2.test.com
1 IN PTR ns1.test.com.
2 IN PTR ns2.test.com
11 IN PTR mx1.test.com.
12 IN PTR mx2.test.com.
13 IN PTR bbs.test.com.
14 IN PTR bbs.test.com.
1 IN PTR www.test.com.
2.3.8辅服务器查看文件
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# ll /var/named/slaves/
total 8
-rw-r--r-- 1 named named 512 Jan 15 04:33 172.16.10.zone
-rw-r--r-- 1 named named 533 Jan 15 04:39 test.com.zone
2.3.9从客户机上测试:
在主服务器172.16.10.1上添加一条解析记录
2.4客户机测试
通过辅服务器上测试
通过主服务器测试
完成
3、实现智能DNS。
服务器准备两个网卡,一个网卡接入 172.16.10.1/24 北京,一个网卡接入 192.168.226.128/24 上海
一、安装
yum install -y bind bind-utils
1、设置配置文件,注释下面这俩行,让DNS服务监听在所有IP
vim /etc/named.conf
listen-on port 53 { 127.0.0.1; };
allow-query { any; };
2 添加 ACL 信息,在 options 行前面添加以下内容
acl beijingnet {
172.16.0.0/16;
};
acl shangahi {
192.168.0.0/16;
};
acl othernet {
any;
};
3 删除 zone 信息,即以下内容
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
4添加 view 信息,即在配置文件最后添加以下内容
view view_beijing {
match-clients { beijingnet; };
include "/etc/named.rfc1912.zones.bj";
};
view view_shanghai {
match-clients { shanghainet; };
include "/etc/named.rfc1912.zones.sh";
};
view view_other {
match-clients { othernet; };
include "/etc/named.rfc1912.zones.other";
};
5 在 /etc/named.rfc1912.zones 中添加以下几行
zone "." IN {
type hint;
file "named.ca";
};
zone "testcom" IN {
type master;
file "testcom.zones.other";
};
6 生成在 /etc/named.rfc1912.zones.bj 文件
cp /etc/named.rfc1912.zones{,.bj}
sed -ri 's/file "test.com.zones.other";/file "test.com.zones.bj";/' /etc/named.rfc1912.zones.bj
7 生成在 /etc/named.rfc1912.zones.sh 文件
cp /etc/named.rfc1912.zones{,.sh}
sed -ri 's/file "test.com.zones.other";/file "test.com.zones.sh";/' /etc/named.rfc1912.zones.sh
7 生成在 /etc/named.rfc1912.zones.other 文件
cp /etc/named.rfc1912.zones{,.other}
8 设置区域文件权限
chgrp named /etc/named.rfc1912.zones*
9创建区域解析库文件
1 0北京区域
vim /var/named/solin.com.zones.bj
$TTL 1D
@ IN SOA master admin.test.com. ( 0 1D 10M 3D 2H )
NS master
master A 172.16.10.1
www A 172.16.10.100
11上海区域
vim /var/named/test.com.zones.sh
$TTL 1D
@ IN SOA master admin.test.com. ( 0 1D 10M 3D 2H )
NS master
master A 192.168.226.128
www A 192.168.226.100
12 其他区域
vim /var/named/solin.com.zones.other
$TTL 1D
@ IN SOA master admin.test.com. ( 0 1D 10M 3D 2H )
NS master
master A 10.10.10.1
www A 10.10.10.1
13测试配置文件
named-checkconf
14启动服务
systemctl start named
二、测试
北京:172.16.0.0/16网段测试:
上海区域测试:
其他区域测试:
4、编译安装Mariadb,并启动后可以正常登录
yum -y install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
useradd -r -s /sbin/nologin -d /data/mysql mysql
mkdir /data/mysql
chown mysql.mysql /data/mysql
tar -xf mariadb-10.2.18.tar.gz
cd mariadb-10.2.18/
cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
make && make install
echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile
cd /app/mysql/
scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
y
cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
service mysqld start
mysql