1伏尼、簡(jiǎn)述DNS服務(wù)器原理侵贵,并搭建主-輔服務(wù)器朴皆。
1.1娩怎、DNS服務(wù)器原理
1.1.1搔课、NDS是什么
DNS(Domain Name Service的縮寫)的作用就是根據(jù)域名查出IP地址。IP地址是由32位二進(jìn)制數(shù)字組成截亦,人們很難記住這些IP爬泥,相反,大家愿意使用比較容易記憶的主機(jī)名字崩瓤。而電腦在處理IP數(shù)據(jù)報(bào)文時(shí)袍啡,是使用IP地址的,因?yàn)樗枪潭ㄩL(zhǎng)度却桶。
DNS查詢的類型對(duì)于客戶端來(lái)說(shuō)是遞歸查詢境输,對(duì)于DNS服務(wù)器來(lái)說(shuō),絕大多數(shù)是迭代查詢的颖系。DNS名稱解析中嗅剖,從名稱到IP的查詢叫做正向解析,而從IP到名稱的查詢叫做反向解析嘁扼。如果DNS服務(wù)器至少解析了一個(gè)或一個(gè)以上的域叫做DNS主服務(wù)器或者DNS輔助服務(wù)器信粮,如果不負(fù)責(zé)任何解析叫做DNS緩存服務(wù)器。
現(xiàn)在互聯(lián)網(wǎng)規(guī)模很大趁啸,DNS被設(shè)計(jì)成一個(gè)分布式的數(shù)據(jù)庫(kù)系統(tǒng)强缘,他分布的功能就是把一個(gè)大的數(shù)據(jù)庫(kù)切割成很多小的數(shù)據(jù)庫(kù)督惰,來(lái)分別提供一部分?jǐn)?shù)據(jù)的處理。全球一共分布了13臺(tái)DNS根服務(wù)器欺旧,名字為A至M姑丑。
1.1.2、DNS域名解析過(guò)程
- 用戶使用瀏覽器輸入網(wǎng)址時(shí)域名解析過(guò)程:
- 客戶訪問(wèn)時(shí)辞友,先查自己的hosts文件,有則返回
- 客戶hosts中沒(méi)有就去查自己的緩存震肮,有則返回
- 客戶緩存沒(méi)有就去找dns服務(wù)器
- dns服務(wù)器先找根服務(wù)器獲得頂級(jí)域服務(wù)器地址
- dns服務(wù)器在找頂級(jí)域服務(wù)器去獲得二級(jí)域服務(wù)器地址
- dns服務(wù)器從二級(jí)域服務(wù)器獲得最終的IP地址
- 客戶端從dns服務(wù)器中得到IP地址
DNS區(qū)域數(shù)據(jù)庫(kù)文件
資源記錄(Resource Record)的類型有以下幾個(gè):
*SOA:起始授權(quán)記錄称龙,只能有一個(gè),必須放在第一條
- NS:域名服務(wù)記錄戳晌,其中一個(gè)為主鲫尊,可以有多個(gè)
- A:IPv4地址記錄
- AAAA:IPv6地址記錄
- CNAME:別名記錄
- PTR:反向解析記錄
- MX:郵件交換器
相關(guān)測(cè)試工具及命令
-
dig命令
用于測(cè)試DNS系統(tǒng),其不會(huì)查詢hosts文件沦偎,使用格式:dig [-t RR_TYPE] name [@SERVER] [query options] 常用的查詢選項(xiàng)包括: +[no]trace:跟蹤解析過(guò)程疫向; +[no]recurse:進(jìn)行遞歸解析; 其常用用法包括: 反向解析測(cè)試:dig -x IP 測(cè)試區(qū)域傳送:dig -t [axfr|ixfr] DOMAIN [@server] -
host命令
其用法類似于dig命令豪嚎,使用格式為:host [-t RR_TYPE] name SERVER_IP -
nslookup命令
nslookup命令有兩種使用模式搔驼,一種是命令模式,另一個(gè)交互模式侈询。
其命令模式的使用格式為:nslookup [-options] [name] [server]而交互模式的使用格式為:
nslookup>
server IP:以指定的IP為DNS服務(wù)器進(jìn)行查詢舌涨;
set q=RR_TYPE: 要查詢的資源記錄類型;
NAME: 要查詢的名稱扔字; -
rndc命令
rndc命令為named服務(wù)的控制命令囊嘉,其常用的用法有以下: rndc status:顯示服務(wù)器狀態(tài) rndc reload:在不停止DNS服務(wù)器工作的情況下,重新加載配置文件和區(qū)域文件 rndc flush:清理DNS緩存 bind中的安全相關(guān)的配置
-
bind有四個(gè)內(nèi)置的acl
none:沒(méi)有一個(gè)主機(jī)革为; any:任意主機(jī)扭粱; local:本機(jī); localnet:本機(jī)所在的IP所屬的網(wǎng)絡(luò)震檩; -
訪問(wèn)控制指令:
allow-query {}; 允許查詢的主機(jī)琢蛤;白名單; allow-transfer {}; 允許向哪些主機(jī)做區(qū)域傳送恳蹲;默認(rèn)為向所有主機(jī)虐块; allow-recursion {}; 允許哪些主機(jī)向當(dāng)前DNS服務(wù)器發(fā)起遞歸查詢請(qǐng)求; allow-update {}; DDNS嘉蕾,允許動(dòng)態(tài)更新區(qū)域數(shù)據(jù)庫(kù)文件中內(nèi)容贺奠;
1.2、DNS主從服務(wù)器搭建
#需要四臺(tái)主機(jī)
#DNS主服務(wù)器:192.168.2.157
#DNS從服務(wù)器:192.168.2.92
#web服務(wù)器:192.168.2.158
#DNS客戶端:192.168.2.173
#關(guān)閉SElinux错忱、關(guān)閉防火墻儡率、時(shí)間同步
#1挂据、 主DNS服務(wù)端配置
[root@localhost ~]# yum -y install bind
#修改bind配置文件
[root@localhost ~]# vim /etc/named.conf
#注釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#加上下面這行
#只允許從服務(wù)器進(jìn)行區(qū)域傳輸
allow-transfer { 192.168.2.92;};
[root@localhost ~]# vim /etc/named.rfc1912.zones
#加上下面內(nèi)容
zone "yezeng.org" IN {
type master;
file "yezeng.org.zone";
};
#DNS區(qū)域數(shù)據(jù)庫(kù)文件
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/yezeng.org.zone
#如果沒(méi)有加-p選項(xiàng),需要修改所有者或權(quán)限儿普。chgrp named yezeng.org.zone
[root@localhost ~]# vim /var/named/yezeng.org.zone
$TTL 1D
@ IN SOA master admin.yezeng.org. (
20210325 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.157
slave A 192.168.2.92
www A 192.168.2.158
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone jhd.org /var/named/yezeng.org.zone
[root@localhost ~]# systemctl start named
[root@localhost ~]# rndc reload #不是第一次啟動(dòng)服務(wù)
#2崎逃、 從DNS服務(wù)器配置
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#不允許其它主機(jī)進(jìn)行區(qū)域傳輸
allow-transfer { none;};
[root@localhost ~]# vim /etc/named.rfc1912.zones
#后面加上
zone "yezeng.org" {
type slave;
masters { 主服務(wù)器IP;};
file "slaves/yezeng.org.slave";
};
[root@localhost ~]# systemctl start named #第一次啟動(dòng)服務(wù)
[root@localhost ~]# rndc reload #不是第一次啟動(dòng)服務(wù)
[root@localhost ~]# ls /var/named/slaves/yezeng.org.slave #查看區(qū)域數(shù)據(jù)庫(kù)文件是否生成
#3、 客戶端測(cè)試主從DNS服務(wù)架構(gòu)
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=主服務(wù)器
DNS2=從服務(wù)器
#驗(yàn)證從DNS服務(wù)器是否可以查詢
[root@localhost ~]# dig www.yezeng.org
[root@localhost ~]# curl www.yezeng.org
#在主服務(wù)器停止DNS服務(wù)
[root@localhost ~]# systemctl stop named
[root@localhost ~]# dig www.yezeng.org
[root@localhost ~]# curl www.yezeng.org
2眉孩、搭建并實(shí)現(xiàn)智能DNS个绍。
2.1、設(shè)置服務(wù)器雙IP
#三臺(tái)服務(wù)器
#192.168.2.173 #服務(wù)器
#192.168.2.157 #模擬北京
#129.16.0.7 #模擬上海
[root@localhost ~]# ip a a 129.16.0.8/16 dev ens192 label ens192:1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:ac:26:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.2.173/24 brd 192.168.2.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet 129.16.0.8/16 scope global ens192:1
valid_lft forever preferred_lft forever
inet6 fe80::3b03:7295:36b3:5dad/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.2浪汪、設(shè)置模擬上海IP
[root@shanghaiclient ~]# ip a a 129.16.0.7/16 dev ens192 label ens192:1
[root@shanghaiclient ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:ac:6c:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.158/24 brd 192.168.2.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet 129.16.0.7/16 scope global ens192:1
valid_lft forever preferred_lft forever
inet6 fe80::deaf:42f5:93ec:36d0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.3巴柿、服務(wù)器安裝NDS服務(wù)以及相關(guān)配置
[root@localhost ~]# yum -y install bind ; systemctl enable --now named
[root@localhost ~]# vim /etc/named.conf
#添加下面內(nèi)容
acl beijingnet {
192.168.2.0/24;
};
acl shanghainet {
129.16.0.0/16;
};
acl othernet {
any;
};
#注釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#其它略
# 創(chuàng)建view
view beijingview {
match-clients { beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients { shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
2.4、實(shí)現(xiàn)區(qū)域配置文件
[root@localhost ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj
[root@localhost ~]# vim /etc/named.rfc1912.zones.bj
#添加下面內(nèi)容
zone "yezeng.org" IN {
type master;
file "yezeng.org.zone.bj";
};
zone "." IN {
type hint;
file "named.ca";
};
[root@localhost ~]# cp /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh
[root@localhost ~]# cp /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.other
[root@localhost ~]# vim /etc/named.rfc1912.zones.sh
#添加下面內(nèi)容
zone "yezeng.org" IN {
type master;
file "yezeng.org.zone.sh";
};
zone "." IN {
type hint;
file "named.ca";
};
[root@localhost ~]# vim /etc/named.rfc1912.zones.other
#添加下面內(nèi)容
zone "yezeng.org" IN {
type master;
file "yezeng.org.zone.other";
};
zone "." IN {
type hint;
file "named.ca";
};
#修改文件權(quán)限
[root@localhost named]# chgrp named /etc/named.rfc1912.zones.bj
[root@localhost named]# chgrp named /etc/named.rfc1912.zones.sh
[root@localhost named]# chgrp named /etc/named.rfc1912.zones.other
2.5死遭、生成區(qū)域數(shù)據(jù)庫(kù)文件
[root@localhost ~]# cd /var/named/
[root@localhost named]# vim yezeng.org.zone.bj
$TTL 1D
@ IN SOA ns1 admin ( 1 1D 1H 1W 2H)
NS ns1
ns1 A 192.168.2.173
www A 192.168.2.200
[root@localhost named]# vim yezeng.org.zone.sh
$TTL 1D
@ IN SOA ns1 admin ( 1 1D 1H 1W 2H)
NS ns1
ns1 A 192.168.2.173
www A 129.16.0.200
[root@localhost named]# vim yezeng.org.zone.other
$TTL 1D
@ IN SOA ns1 admin ( 1 1D 1H 1W 2H)
NS ns1
ns1 A 192.168.2.173
www A 127.0.0.1
2.6广恢、客戶端進(jìn)行訪問(wèn)測(cè)試
#模擬北京
[root@beijingclient ~]# host www.yezeng.org 192.168.2.173
Using domain server:
Name: 192.168.2.173
Address: 192.168.2.173#53
Aliases:
www.yezeng.org has address 192.168.2.200
#模擬上海
[root@shanghaiclient ~]# host www.yezeng.org 129.16.0.8
Using domain server:
Name: 129.16.0.8
Address: 129.16.0.8#53
Aliases:
www.yezeng.org has address 129.16.0.200
#本地訪問(wèn)
[root@localhost named]# host www.yezeng.org 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.yezeng.org has address 127.0.0.1
3、通過(guò)編譯呀潭、二進(jìn)制安裝MySQL5.7
#1钉迷、安裝相關(guān)包
[root@localhost ~]# yum -y install libaio numactl-libs
#2、創(chuàng)建用戶和組
[root@localhost ~]# groupadd mysql
[root@localhost ~]# useradd -r -g mysql -s /bin/false mysql
#3钠署、準(zhǔn)備程序文件
[root@localhost ~]# wget https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.29-linux-glibc2.12-x86_64.tar.gz
[root@localhost ~]# wget https://cdn.mysql.com/archives/mysql-8.0/mysql-8.0.19-linux-glibc2.12-x86_64.tar.xz
[root@localhost ~]# tar xf mysql-5.7.29-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@localhost ~]# ll /usr/local/
[root@localhost ~]# cd /usr/local/
[root@localhost local]# ln -s mysql-5.7.29-linux-glibc2.12-x86_64/ mysql
[root@localhost local]# chown -R root.root /usr/local/mysql/
#4糠聪、準(zhǔn)備環(huán)境變量
[root@localhost local]# echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost local]# . /etc/profile.d/mysql.sh
#5、準(zhǔn)備配置文件
[root@localhost ~]# cp /etc/my.cnf{,.bak}
[root@localhost ~]# vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
#6踏幻、生成數(shù)據(jù)庫(kù)文件枷颊,并提取root密碼
[root@localhost ~]# mysqld --initialize --user=mysql --datadir=/data/mysql
[root@localhost ~]# grep password /data/mysql/mysql.log
2021-03-23T01:31:47.545591Z 1 [Note] A temporary password is generated for root@localhost: g++hZj+BI8lH
[root@localhost ~]# awk '/temporary password/{print $NF}' /data/mysql/mysql.log
g++hZj+BI8lH
#7、準(zhǔn)備服務(wù)腳本和啟動(dòng)
[root@localhost ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@localhost ~]# chkconfig --add mysqld
Starting MySQL. SUCCESS!
[root@localhost ~]# service mysqld status
SUCCESS! MySQL running (8590)
#8该面、修改口令
mysqladmin -uroot -p'g++hZj+BI8lH' password 123456
#9夭苗、測(cè)試登錄
mysql -uroot -p123456
