全程和就業(yè)
1、簡(jiǎn)述DNS服務(wù)器原理啥刻,并搭建主-輔服務(wù)器刺下。
1.1 DNS服務(wù)器原理--當(dāng)用戶在瀏覽器輸入某個(gè)域名訪問(wèn)時(shí):
- 瀏覽器會(huì)先查看DNS緩存共郭,如果緩存有該域名的A記錄树埠,就會(huì)直接訪問(wèn)目標(biāo)主機(jī)
- 如果緩存中沒(méi)有該域名記錄糠馆,瀏覽器會(huì)查看hosts文件中靜態(tài)記錄的域名記錄,如果有該域名記錄怎憋,就會(huì)直接訪問(wèn)該目標(biāo)主機(jī)
- 如果hosts文件也沒(méi)有該記錄又碌,瀏覽器就會(huì)向DNS服務(wù)器發(fā)起查詢請(qǐng)求九昧,DNS服務(wù)器收到該請(qǐng)求,會(huì)查看緩存中是否有該記錄毕匀,有就直接返回給瀏覽器
- 如果DNS服務(wù)器也沒(méi)有該記錄耽装,DNS服務(wù)器就會(huì)代替瀏覽器向根域發(fā)起請(qǐng)求
- 根域會(huì)返回請(qǐng)求域名的一級(jí)域名,例如.com期揪、.cn等主機(jī)的記錄
- DNS服務(wù)器就會(huì)向一級(jí)域名去請(qǐng)求,一級(jí)域名通常會(huì)返回二級(jí)域名的記錄
- DNS服務(wù)器再向二級(jí)域名去請(qǐng)求规个,直到最后返回完全匹配域名的A記錄凤薛,瀏覽器就可以訪問(wèn)目標(biāo)主機(jī)了
1.2 DNS主從服務(wù)器實(shí)現(xiàn)
環(huán)境準(zhǔn)備:
主DNS服務(wù)器:10.0.0.47
從DNS服務(wù)器:10.0.0.57
web服務(wù)器:10.0.0.67
client服務(wù)器:10.0.0.17
- 主DNS服務(wù)器配置:
#安裝bind服務(wù)
[root@localhost ~]# yum -y install bind
#修改監(jiān)聽(tīng)地址和允許slave進(jìn)行區(qū)域傳輸
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; 注釋這行
// listen-on-v6 port 53 { ::1; }; 注釋這行
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; 注釋這行
allow-transfer { 10.0.0.57; };
···
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# 編輯zones文件,添加下面行
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "magedu.net" {
type master;
file "magedu.net.zone";
};
[root@localhost ~]#
#復(fù)制zone文件诞仓,修改域名記錄
[root@localhost ~]# cp -a /var/named/named.localhost /var/named/magedu.net.zone #復(fù)制zone文件
[root@localhost ~]# vim /var/named/magedu.net.zone
[root@localhost ~]# cat /var/named/magedu.net.zone
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
www A 10.0.0.67
#檢查配置文件并啟動(dòng)服務(wù)
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone magedu.net /var/named/magedu.net.zone
zone magedu.net/IN: loaded serial 0
OK
[root@localhost ~]#
[root@localhost ~]# systemctl enable --now named
- 從DNS服務(wù)器配置:
#安裝bind服務(wù)
[root@localhost ~]# yum -y install bind
#修改監(jiān)聽(tīng)地址和不允許其他主機(jī)進(jìn)行區(qū)域傳輸
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer { none; };
···
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#修改zones文件缤苫,添加zone
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "magedu.net" {
type slave;
masters {10.0.0.47;};
file "slaves/magedu.net.slave";
};
···
#檢查配置文件并啟動(dòng)
[root@localhost ~]# named-checkconf
[root@localhost ~]#
[root@localhost ~]# systemctl enable --now named
#檢查是否生成區(qū)域數(shù)據(jù)庫(kù)文件
[root@localhost ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 277 Jan 11 12:02 magedu.net.slave
- web服務(wù)器配置:
[root@localhost ~]# yum -y install httpd^C
[root@localhost ~]# echo "www.magedu.net" > /var/www/html/index.html
[root@localhost ~]# systemctl start httpd
[root@localhost ~]#
- clinet配置:
#編輯網(wǎng)卡配置文件,修改DNS指向10.0.0.47
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
UUID=5ad59cea-b2e7-4db4-bbc5-5bb3cca39d14
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.2
#DNS1=180.76.76.76
DNS1=10.0.0.47
DNS2=10.0.0.57
#重啟網(wǎng)卡
[root@localhost ~]# nmcli con reload
[root@localhost ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.47
nameserver 10.0.0.57
#通過(guò)域名訪問(wèn)web服務(wù)器墅拭,測(cè)試解析是否成功
[root@localhost ~]# curl www.magedu.net
www.magedu.net
[root@localhost ~]#
#測(cè)試停止主DNS服務(wù)器
[root@localhost ~]# hostname -I
10.0.0.47
[root@localhost ~]# systemctl stop named
#再訪問(wèn)web活玲,dig看到SERVER已經(jīng)變成了10.0.0.57
[root@localhost ~]# curl www.magedu.net
www.magedu.net
[root@localhost ~]# dig www.magedu.net
···
;; Query time: 0 msec
;; SERVER: 10.0.0.57#53(10.0.0.57)
;; WHEN: Mon Jan 11 12:30:06 CST 2021
;; MSG SIZE rcvd: 132
[root@localhost ~]#
2、搭建并實(shí)現(xiàn)智能DNS谍婉。
2.1環(huán)境準(zhǔn)備:
假設(shè)10.0.0.0/24網(wǎng)段是bj舒憾,172.16.0.0/24是sh,192.168.0.0/24是other
DNS服務(wù)器:eth0:10.0.0.47 eth1:172.16.0.47 eth2:192.168.0.47
web服務(wù)器1:10.0.0.77
web服務(wù)器2:172.16.0.77
web服務(wù)器3:192.168.0.77
client服務(wù)器:10.0.0.17
client服務(wù)器:172.16.0.17
client服務(wù)器:192.168.0.17
2.2 DNS服務(wù)器配置:
- 安裝bind服務(wù)
[root@localhost ~]# yum -y install bind
- 修改DNS主配置文件/etc/named.conf 添加acl規(guī)則
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
acl bjnet {
10.0.0.0/24;
};
acl shnet {
172.16.0.0/24;
};
acl othernet {
any;
};
- 注釋DNS主配置文件/etc/named.conf 某些行
options {
// listen-on port 53 { 127.0.0.1; }; 注釋這行
// listen-on-v6 port 53 { ::1; }; 注釋這行
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; 注釋這行
- 修改DNS主配置文件/etc/named.conf 添加匹配規(guī)則的視圖
view bjview {
match-clients { bjnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shview {
match-clients { shnet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
- 分別編輯區(qū)域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones.bj
[root@localhost ~]# cat /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.net" {
type master;
file "magedu.net.zone.bj";
};
[root@localhost ~]# cp /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh
[root@localhost ~]# vim /etc/named.rfc1912.zones.sh
[root@localhost ~]# cat /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.net" {
type master;
file "magedu.net.zone.sh";
};
[root@localhost ~]# cp /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.other
[root@localhost ~]# vim /etc/named.rfc1912.zones.other
[root@localhost ~]# cat /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.net" {
type master;
file "magedu.net.zone.other";
};
[root@localhost ~]#
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.bj
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.sh
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.other
[root@localhost ~]#
- 創(chuàng)建區(qū)域數(shù)據(jù)庫(kù)文件
[root@localhost ~]# vim /var/named/magedu.net.zone.bj
[root@localhost ~]# cat /var/named/magedu.net.zone.bj
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
websrv A 10.0.0.77
www CNAME websrv
[root@localhost ~]# vim /var/named/magedu.net.zone.sh
[root@localhost ~]# cat /var/named/magedu.net.zone.sh
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
websrv A 172.16.0.77
www CNAME websrv
[root@localhost ~]# vim /var/named/magedu.net.zone.other
[root@localhost ~]# cat /var/named/magedu.net.zone.other
$TTL 1D
@ IN SOA master admin.magedu.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.47
slave A 10.0.0.57
websrv A 192.168.0.77
www CNAME websrv
[root@localhost ~]#
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.bj
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.sh
[root@localhost ~]# chgrp named /etc/named.rfc1912.zones.other
- 檢查配置文件并啟動(dòng)服務(wù)
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone magedu.net /var/named/magedu.net.zone
zone magedu.net/IN: loaded serial 0
OK
[root@localhost ~]#
[root@localhost ~]# systemctl enable --now named
- 準(zhǔn)備三個(gè)不同地區(qū)的web
#web服務(wù)器1:10.0.0.77
[root@localhost ~]# cat /var/www/html/index.html
bj www.magedu.net
[root@localhost ~]#
#web服務(wù)器2:172.16.0.77
[root@localhost ~]# cat /var/www/html/index.html
sh www.magedu.net
[root@localhost ~]#
#web服務(wù)器3:192.168.0.77
[root@localhost ~]# cat /var/www/html/index.html
other www.magedu.net
[root@localhost ~]#
- client服務(wù)器:10.0.0.17訪問(wèn)測(cè)試
[root@localhost ~]# curl www.magedu.net
bj www.magedu.net
[root@localhost ~]#
- client服務(wù)器:172.16.0.17訪問(wèn)測(cè)試
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.16.0.47
nameserver 172.16.0.57
[root@localhost ~]# curl www.magedu.net
sh www.magedu.net
[root@localhost ~]#
- client服務(wù)器:192.168.0.17訪問(wèn)測(cè)試
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.47
nameserver 192.168.0.57
[root@localhost ~]# curl www.magedu.net
other www.magedu.net
[root@localhost ~]#
3穗熬、編譯安裝Mariadb镀迂,并啟動(dòng)后可以正常登錄
- 安裝依賴包
[root@localhost ~]# yum -y install bison bison-devel zlib-devel libcurl-devel \
libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
- 創(chuàng)建用戶和數(shù)據(jù)存放目錄
[root@localhost ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@localhost ~]# mkdir /data/mysql
[root@localhost ~]# chown mysql.mysql /data/mysql
[root@localhost ~]#
- 解壓源碼包并編譯安裝
[root@localhost ~]# tar xf mariadb-10.5.8.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/mariadb-10.5.8
[root@localhost mariadb-10.5.8]# cmake . \
-DCMAKE_INSTALL_PREFIX=/apps/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
- 準(zhǔn)備環(huán)境變量
[root@localhost mariadb-10.5.8]# echo "PATH=/apps/mysql/bin:$PATH" > /etc/profile.d/mysql.sh
[root@localhost mariadb-10.5.8]# . /etc/profile.d/mysql.sh
[root@localhost mariadb-10.5.8]#
- 生成數(shù)據(jù)庫(kù)文件
[root@localhost mariadb-10.5.8]# cd /apps/mysql/
[root@localhost mysql]#
[root@localhost mysql]# scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
- 準(zhǔn)備配置文件
[root@localhost mysql]# vim /etc/my.cnf
[root@localhost mysql]# cat /etc/my.cnf
[mysqld]
datadir=/data/mysql
socket=/data/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
[root@localhost mysql]#
- 準(zhǔn)備啟動(dòng)腳本
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@localhost mysql]# chkconfig --add mysqld
- 啟動(dòng)MySQL
[root@localhost mysql]# service mysqld start
Starting mysqld (via systemctl): [ OK ]
[root@localhost mysql]#
[root@localhost mysql]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 80 [::]:3306 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@localhost mysql]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.5.8-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
架構(gòu)
