1孵构、簡述DNS服務(wù)器原理,并搭建主-輔服務(wù)器烟很,搭建智能DNS
一颈墅、DNS是什么
DNS(Domain Name Service的縮寫)的作用就是根據(jù)域名查出IP地址蜡镶。IP地址是由32位二進制數(shù)字組成,人們很難記住這些IP恤筛,相反官还,大家愿意使用比較容易記憶的主機名字。而電腦在處理IP數(shù)據(jù)報文時毒坛,是使用IP地址的望伦,因為它是固定長度。
DNS查詢的類型對于客戶端來說是遞歸查詢煎殷,對于DNS服務(wù)器來說屯伞,絕大多數(shù)是迭代查詢的。DNS名稱解析中豪直,從名稱到IP的查詢叫做正向解析劣摇,而從IP到名稱的查詢叫做反向解析。如果DNS服務(wù)器至少解析了一個或一個以上的域叫做DNS主服務(wù)器或者DNS輔助服務(wù)器弓乙,如果不負責(zé)任何解析叫做DNS緩存服務(wù)器末融。
現(xiàn)在互聯(lián)網(wǎng)規(guī)模很大,DNS被設(shè)計成一個分布式的數(shù)據(jù)庫系統(tǒng)暇韧,他分布的功能就是把一個大的數(shù)據(jù)庫切割成很多小的數(shù)據(jù)庫勾习,來分別提供一部分數(shù)據(jù)的處理。全球一共分布了13臺DNS根服務(wù)器懈玻,名字為A至M巧婶。
二、DNS的域名解析過程
用戶使用瀏覽器輸入網(wǎng)址時域名解析過程:
1.客戶訪問時涂乌,先查自己的hosts文件艺栈,有則返回
2.客戶hosts中沒有就去查自己的緩存,有則返回
3.客戶緩存沒有就去找dns服務(wù)器
4.dns服務(wù)器先找根服務(wù)器獲得頂級域服務(wù)器地址
5.dns服務(wù)器在找頂級域服務(wù)器去獲得二級域服務(wù)器地址
6.dns服務(wù)器從二級域服務(wù)器獲得最終的IP地址
7.客戶端從dns服務(wù)器中得到IP地址
DNS區(qū)域數(shù)據(jù)庫文件
資源記錄(Resource Record)的類型有以下幾個:
(1)SOA:起始授權(quán)記錄骂倘,只能有一個眼滤,必須放在第一條
(2)NS:域名服務(wù)記錄,其中一個為主历涝,可以有多個
(3)A:IPv4地址記錄
(4)AAAA:IPv6地址記錄
(5)CNAME:別名記錄
(6)PTR:反向解析記錄
(7)MX:郵件交換器
相關(guān)測試工具及命令
(1)dig命令
用于測試DNS系統(tǒng)推盛,其不會查詢hosts文件烛缔,使用格式:
dig [-t RR_TYPE] name [@SERVER] [query options]
常用的查詢選項包括:
+[no]trace:跟蹤解析過程伞广;
+[no]recurse:進行遞歸解析驾中;
其常用用法包括:
反向解析測試:dig -x IP
測試區(qū)域傳送:dig -t [axfr|ixfr] DOMAIN [@server]
(2)host命令
其用法類似于dig命令,使用格式為:
host [-t RR_TYPE] name SERVER_IP
(3)nslookup命令
nslookup命令有兩種使用模式分衫,一種是命令模式场刑,另一個交互模式。
其命令模式的使用格式為:nslookup [-options] [name] [server]
而交互模式的使用格式為:
nslookup>
server IP:以指定的IP為DNS服務(wù)器進行查詢蚪战;
set q=RR_TYPE:要查詢的資源記錄類型牵现;
name:要查詢的名稱铐懊;
(4)rndc命令
rndc命令為named服務(wù)的控制命令,其常用的用法有以下:
rndc status:顯示服務(wù)器狀態(tài)
rndc reload:在不停止DNS服務(wù)器工作的情況下瞎疼,重新加載配置文件和區(qū)域文件
rndc flush:清理DNS緩存
bind中的安全相關(guān)的配置
(1)bind有四個內(nèi)置的acl
none:沒有一個主機科乎;
any:任意主機;
local:本機贼急;
localnet:本機所在的IP所屬的網(wǎng)絡(luò)茅茂;
訪問控制指令:
allow-query {}; 允許查詢的主機;白名單太抓;
allow-transfer {}; 允許向哪些主機做區(qū)域傳送空闲;默認為向所有主機;
allow-recursion {}; 允許哪些主機向當(dāng)前DNS服務(wù)器發(fā)起遞歸查詢請求走敌;
allow-update {}; DDNS碴倾,允許動態(tài)更新區(qū)域數(shù)據(jù)庫文件中內(nèi)容;
三悔常、搭建主輔DNS服務(wù)器
環(huán)境說明:
DNS主服務(wù)器:192.168.10.10
DNS輔服務(wù)器:192.168.10.11
DNS子域主服務(wù)器:192.168.10.12
1.設(shè)置主DNS服務(wù)器(ip:192.168.10.10)
安裝軟件
[root@localhost ~]# yum -y install bind #安裝bind
[root@localhost ~]# yum -y install bind-utils #安裝bind工具包
[root@localhost ~]# systemctl start named #啟動服務(wù)
[root@localhost ~]# netstat -tunlp #查看狀態(tài)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1323/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 891/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1323/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 994/master
tcp6 0 0 ::1:53 :::* LISTEN 1323/named
tcp6 0 0 :::22 :::* LISTEN 891/sshd
tcp6 0 0 ::1:953 :::* LISTEN 1323/named
tcp6 0 0 ::1:25 :::* LISTEN 994/master
udp 0 0 127.0.0.1:53 0.0.0.0:* 1323/named
udp 0 0 127.0.0.1:323 0.0.0.0:* 639/chronyd
udp6 0 0 ::1:53 :::* 1323/named
udp6 0 0 ::1:323 :::* 639/chronyd
#其中53端口被監(jiān)聽影斑,953端口被rndc監(jiān)聽
配置環(huán)境
[root@localhost ~]# vim /etc/resolv.conf #修改DNS配置文件
nameserver 192.168.10.10
[root@localhost ~]# vim /etc/named.conf
listen-on port 53 { 192.168.10.10; }; #修改監(jiān)聽通信地址IP
allow-query { any; }; #允許任何人連接给赞,設(shè)置成any
dnssec-enable no;
dnssec-validation no;
#關(guān)閉dnssec,設(shè)置為no
配置解析一個正向區(qū)域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "test.com" IN {
type master; #定義主類型
file "test.com.zone"; #這是相對路徑机打,在/var/named下
};
建立區(qū)域數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com. #補一個后綴
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053101
1H
10M
3D
1D )
IN NS ns1 #前面有補后綴可以簡寫,否則寫全稱最后要有點號
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.10.10
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
修改權(quán)限片迅,檢測語法
[root@localhost ~]# chgrp named /var/named/test.com.zone
[root@localhost ~]# chmod o= /var/named/test.com.zone
#修改新鍵的區(qū)域數(shù)據(jù)文件權(quán)限
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053101
OK
#檢測語法
服務(wù)器重載配置文件和區(qū)域數(shù)據(jù)文件
[root@localhost named]# rndc status
number of zones: 101
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]# rndc status
number of zones: 102
#查看狀態(tài)可以看到重載后數(shù)字加1
DNS主服務(wù)器正向解析測試
[root@localhost ~]# dig -t -A www.test.com
;; Warning, ignoring invalid type -A
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t -A www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18274
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3600 IN A 192.168.10.10
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 21:55:26 EDT 2018
;; MSG SIZE rcvd: 91
[root@localhost named]# dig -t A web.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A web.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.test.com. IN A
;; ANSWER SECTION:
web.test.com. 3600 IN CNAME www.test.com.
www.test.com. 3600 IN A 192.168.10.10
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 21:11:25 EDT 2018
;; MSG SIZE rcvd: 109
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.23
bbs.test.com has address 192.168.10.24
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.23
bbs.test.com has address 192.168.10.24
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.24
bbs.test.com has address 192.168.10.23
配置解析一個反向區(qū)域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "10.168.192.in-addr.arpa" IN {
type master;
file "192.168.10.zone";
};
建立反向區(qū)域數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/192.168.10.zone
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
2018060101
1H
10M
3D
12H )
IN NS ns1.test.com. #反向解析此處不能簡寫
10 IN PTR ns1.test.com.
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.
修改反向區(qū)域文件權(quán)限残邀,檢測語法
[root@localhost named]# chgrp named /var/named/192.168.10.zone
[root@localhost named]# chmod o= /var/named/192.168.10.zone
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone 10.168.192.in-addr.arpa /var/named/192.168.10.zone
zone 10.168.192.in-addr.arpa/IN: loaded serial 2018060101
OK
重載配置文件和區(qū)域數(shù)據(jù)文件
[root@localhost named]# rndc status
number of zones: 102
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]# rndc status
number of zones: 103
主服務(wù)器反向解析測試
[root@localhost named]# dig -x 192.168.10.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.10.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.
;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 22:26:03 EDT 2018
;; MSG SIZE rcvd: 129
2.設(shè)置輔DNS服務(wù)器(ip:192.168.10.11)
[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# systemctl start named.service
[root@localhost ~]# vim /etc/resolv.conf
nameserver 192.168.10.11
[root@localhost ~]# vim /etc/named.conf
listen-on port 53 { 192.168.10.11; };
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
配置11輔服務(wù)器的正向區(qū)域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "test.com" IN { #正向區(qū)域
type slave;
file "slaves/test.com.zone"; #區(qū)域數(shù)據(jù)文件位置
masters { 192.168.10.10; }; #定義正向區(qū)域主服務(wù)器IP
};
[root@localhost ~]# named-checkconf
來到10主服務(wù)器上去配置文件
[root@localhost ~]# vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053102 #每次修改文件時手動加1,從服務(wù)器才會更新
1H
10M
3D
1D )
IN NS ns1
IN NS ns2 #增加A記錄指向11輔服務(wù)器
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11 #輔服務(wù)器IP
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
[root@localhost ~]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053102
OK
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc status
server is up and running
#檢測語法柑蛇,檢測狀態(tài)都正常
來到11輔服務(wù)器
[root@localhost slaves]# dig -t A www.test.com @192.168.10.11
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45851
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3600 IN A 192.168.10.10
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns2.test.com.
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
ns2.test.com. 3600 IN A 192.168.10.11
;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Thu May 31 23:20:16 EDT 2018
;; MSG SIZE rcvd: 125
進一步對主輔服務(wù)器進行測試,來到10主服務(wù)器
[root@localhost ~]# vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053103 #序列號加1
1H
10M
3D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
pop3 IN A 192.168.10.25 #增加一條A記錄
[root@localhost ~]# rndc reload
server reload successful
#重載配置
來到11輔服務(wù)器
[root@localhost ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2018-05-31 22:38:36 EDT; 54min ago
Process: 1090 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1087 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 1093 (named)
CGroup: /system.slice/named.service
└─1093 /usr/sbin/named -u named -c /etc/named.conf
May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053102
May 31 23:17:11 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: Transfer completed.../sec)
May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053102)
May 31 23:30:31 localhost.localdomain named[1093]: client 192.168.10.10#2372: received notify for zone 'test.com'
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: refresh: unexpected rcode (REFUSED) from master 1....0#0)
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: Transfer started.
May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: connected using 19...46792
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053103
May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: Transfer completed.../sec)
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053103)
Hint: Some lines were ellipsized, use -l to show in full.
#輔服務(wù)器不需要reload芥挣,此時看到自動更新到新序列號,文件也傳輸過來了
[root@localhost ~]# dig -t A pop3.test.com @192.168.10.11
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.test.com @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24355
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.test.com. IN A
;; ANSWER SECTION:
pop3.test.com. 3600 IN A 192.168.10.25
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
test.com. 3600 IN NS ns2.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
ns2.test.com. 3600 IN A 192.168.10.11
;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Thu May 31 23:54:58 EDT 2018
;; MSG SIZE rcvd: 126
配置11輔服務(wù)器反向區(qū)域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "10.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.10.zone";
masters { 192.168.10.10; };
};
[root@localhost ~]# named-checkconf
配置10主服務(wù)器反向區(qū)域的數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/192.168.10.zone
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
2018060102
1H
10M
3D
12H )
IN NS ns1.test.com.
IN NS ns2.test.com. #增加PTR記錄指向11輔服務(wù)器
10 IN PTR ns1.test.com.
11 IN PTR ns2.test.com. #11輔服務(wù)器名稱
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.
[root@localhost ~]# named-checkzone 10.168.192.in-addr.arpa /var/named/192.168.10.zone
zone 10.168.192.in-addr.arpa/IN: loaded serial 2018060102
OK
[root@localhost ~]# rndc reload
server reload successful
#檢測語法耻台,重載配置
來到11輔服務(wù)器
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# ll /var/named/slaves/
total 8
-rw-r--r-- 1 named named 600 Jun 1 02:23 192.168.10.zone
-rw-r--r-- 1 named named 574 Jun 1 02:10 test.com.zone
#反向區(qū)域的數(shù)據(jù)文件也已經(jīng)同步過來
測試在11輔服務(wù)器反向解析IP
[root@localhost ~]# dig -x 192.168.10.10 @192.168.10.11
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.10 @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.10.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.
;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600 IN NS ns2.test.com.
10.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
ns2.test.com. 3600 IN A 192.168.10.11
;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:25:17 EDT 2018
;; MSG SIZE rcvd: 163
進一步主輔同步測試空免,在10主中添加一條PTR
[root@localhost ~]# vim /var/named/192.168.10.zone
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
2018060103 #序列號加1
1H
10M
3D
12H )
IN NS ns1.test.com.
IN NS ns2.test.com.
10 IN PTR ns1.test.com.
11 IN PTR ns2.test.com.
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.
25 IN PTR pop3.test.com. #增加一條RTR數(shù)據(jù)
[root@localhost ~]# rndc reload
server reload successful
在11輔服務(wù)器測試
[root@localhost ~]# dig -x 192.168.10.25 @192.168.10.11
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.25 @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35322
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;25.10.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
25.10.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.
;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.
10.168.192.in-addr.arpa. 3600 IN NS ns2.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
ns2.test.com. 3600 IN A 192.168.10.11
;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:36:48 EDT 2018
;; MSG SIZE rcvd: 150
手動測試區(qū)域傳送功能
[root@localhost ~]# dig -t axfr test.com @192.168.10.11
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.10.11
;; global options: +cmd
test.com. 3600 IN SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400
test.com. 3600 IN MX 10 mx1.test.com.
test.com. 3600 IN MX 20 mx2.test.com.
test.com. 3600 IN NS ns1.test.com.
test.com. 3600 IN NS ns2.test.com.
bbs.test.com. 3600 IN A 192.168.10.23
bbs.test.com. 3600 IN A 192.168.10.24
MX1.test.com. 3600 IN A 192.168.10.21
MX2.test.com. 3600 IN A 192.168.10.22
ns1.test.com. 3600 IN A 192.168.10.10
ns2.test.com. 3600 IN A 192.168.10.11
pop3.test.com. 3600 IN A 192.168.10.25
web.test.com. 3600 IN CNAME www.test.com.
www.test.com. 3600 IN A 192.168.10.10
test.com. 3600 IN SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400
;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:40:11 EDT 2018
;; XFR size: 15 records (messages 1, bytes 350)
[root@localhost ~]# dig -t axfr 10.168.192.in-addr.arpa @192.168.10.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr 10.168.192.in-addr.arpa @192.168.10.10
;; global options: +cmd
10.168.192.in-addr.arpa. 3600 IN SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200
10.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.
10.168.192.in-addr.arpa. 3600 IN NS ns2.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.
11.10.168.192.in-addr.arpa. 3600 IN PTR ns2.test.com.
21.10.168.192.in-addr.arpa. 3600 IN PTR mx1.test.com.
22.10.168.192.in-addr.arpa. 3600 IN PTR mx2.test.com.
23.10.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.
24.10.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.
25.10.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.
10.168.192.in-addr.arpa. 3600 IN SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200
;; Query time: 2 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Fri Jun 01 02:42:53 EDT 2018
;; XFR size: 12 records (messages 1, bytes 319)
這種開放式的區(qū)域傳送對服務(wù)器有巨大的風(fēng)險,我們需要配置訪問控制盆耽,讓主服務(wù)器只開放給輔服務(wù)器做傳送
四蹋砚、訪問控制,子域授權(quán)
配置192.168.10.12子域主服務(wù)器流程:
首先到192.168.10.10主服務(wù)器中添加子域服務(wù)器的數(shù)據(jù)
[root@localhost ~]# vim /var/named/test.com.zone
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053104 #序列號加1
1H
10M
3D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ops IN NS ns1.ops #增加子域服務(wù)器
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
ns1.ops IN A 192.168.10.12 #增加子域服務(wù)器A標(biāo)記
配置12子域服務(wù)器
[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# systemctl start named.service
[root@localhost ~]# vim /etc/resolv.conf
nameserver 192.168.10.12
[root@localhost ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; 192.168.10.12; };
//allow-query { localhost; }; #注釋掉這一行
dnssec-enable no;
dnssec-validation no;
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "ops.test.com" IN {
type master;
file "ops.test.com.zone";
};
#增加三級域摄杂,增加正向區(qū)域的子域
[root@localhost ~]# vim /etc/named/ops.test.com.zone
$TTL 3600
$ORIGIN ops.test.com.
@ IN SOA ns1.ops.test.com. nsadmin.ops.test.com. (
2018060101
1H
10M
1D
2H )
IN NS ns1
ns1 IN A 192.168.10.12
www IN A 192.168.10.12
[root@localhost ~]# chgrp named /var/named/ops.test.com.zone
[root@localhost ~]# chmod o= /var/named/ops.test.com.zone
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone ops.test.com /var/named/ops.test.com.zone
zone ops.test.com/IN: loaded serial 2018060101
OK
[root@localhost ~]# rndc reload
server reload successful
測試
[root@localhost ~]# dig -t A www.ops.test.com @192.168.10.12
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.ops.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.test.com. IN A
;; ANSWER SECTION:
www.ops.test.com. 3600 IN A 192.168.10.12
;; AUTHORITY SECTION:
ops.test.com. 3600 IN NS ns1.ops.test.com.
;; ADDITIONAL SECTION:
ns1.ops.test.com. 3600 IN A 192.168.10.12
;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 03:45:00 EDT 2018
;; MSG SIZE rcvd: 95
子域服務(wù)器解析www.test.com時坝咐,因自己不能解析默認會去互聯(lián)網(wǎng)根域上去迭代查詢
[root@localhost ~]# dig -t A www.test.com @192.168.10.12
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32424
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3579 IN A 69.172.200.235
;; AUTHORITY SECTION:
test.com. 172779 IN NS ns66.worldnic.com.
test.com. 172779 IN NS ns65.worldnic.com.
;; ADDITIONAL SECTION:
ns65.worldnic.com. 172779 IN A 207.204.40.133
ns66.worldnic.com. 172779 IN A 207.204.21.133
;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:06:53 EDT 2018
;; MSG SIZE rcvd: 136
子域定義轉(zhuǎn)發(fā)域到主輔服務(wù)器,test.com會轉(zhuǎn)發(fā)到主輔服務(wù)器中解析
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "test.com" IN {
type forward;
forward only;
forwarders { 192.168.10.10; 192.168.10.11; };
};
#在配置文件末尾添加這段轉(zhuǎn)發(fā)規(guī)則
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc flush
#清空緩存
此時可以解析出正確的IP
[root@localhost ~]# dig -t A www.test.com @192.168.10.12
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63618
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3600 IN A 192.168.10.10
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns2.test.com.
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns2.test.com. 3600 IN A 192.168.10.11
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 6 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:23:08 EDT 2018
;; MSG SIZE rcvd: 125
上面是對特定區(qū)域的區(qū)域轉(zhuǎn)發(fā)解析請求析恢,也可以配置本地不能解析的全部轉(zhuǎn)給其他服務(wù)器來解析的全局轉(zhuǎn)發(fā)
[root@localhost ~]# vim /etc/named.conf
forward only;
forwarders { 192.168.10.10; }; #在options代碼段中添加這兩行指令
#并刪除掉上面的區(qū)域轉(zhuǎn)發(fā)規(guī)則
[root@localhost ~]# rndc reload
[root@localhost ~]# rndc flush
[root@localhost ~]# dig -t A www.test.com @192.168.10.12
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9713
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3560 IN A 192.168.10.10
;; AUTHORITY SECTION:
test.com. 3560 IN NS ns2.test.com.
test.com. 3560 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns2.test.com. 3560 IN A 192.168.10.11
ns1.test.com. 3560 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:47:02 EDT 2018
;; MSG SIZE rcvd: 125
配置訪問控制命令
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "test.com" IN {
type master;
file "test.com.zone";
allow-transfer { slaves; };
};
[root@localhost ~]# vim /etc/named.conf
acl slaves {
192.168.10.11;
};
#在options前面加上這一段
上面的訪問控制列表中沒有12服務(wù)器墨坚,所以用12傳輸失敗
[root@localhost ~]# dig -t axfr test.com @192.168.10.12
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.10.12
;; global options: +cmd
; Transfer failed.
服務(wù)器只允許列表中網(wǎng)段主機可以執(zhí)行遞歸查詢
[root@localhost ~]# vim /etc/named.conf
acl mynet {
192.168.10.0/24;
127.0.0.0/8;
};
#在options前面加上這一段
allow-recuresion { mynet; };
#recursion yes;修改這上面這句
五、使用bind搭建智能DNS
要實現(xiàn)DNS服務(wù)器的智能解析映挂,需要先理解一個概念:view
假如有臺web主機泽篮,www.test.com是域名盗尸,它有兩個IP,一個接內(nèi)網(wǎng)IP為192.168.10.10帽撑,一個接外網(wǎng)IP為1.1.1.1振劳。來自互聯(lián)網(wǎng)的用戶會解析成1.1.1.1,而來自內(nèi)網(wǎng)的用戶不需要解析成外網(wǎng)IP在連進來油狂,只需要直接解析成內(nèi)網(wǎng)IP192.168.10.10就可以了历恐。這種根據(jù)客戶端的不同來源將同一個主機解析成不同的結(jié)果,就叫做view专筷。
修改主DNS的named.conf配置文件
[root@localhost ~]# vim /etc/named.conf
options {
......
};
logging {
......
};
view internal {
match-clients { 192.168.10.11; };#設(shè)置此IP解析成外網(wǎng)
zone "." IN {
type hint;
file "named.ca";
};
zone "test.com" IN {
type master;
file "test.com/internal";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view external {
match-clients { any; };#除了上面的IP范圍弱贼,其他所有IP解析成內(nèi)網(wǎng)
zone "." IN {
type hint;
file "named.ca";
};
zone "test.com" IN {
type master;
file "test.com/external";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
建立兩個正向區(qū)域數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/test.com/internal
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053101
1H
10M
3D
1D )
IN NS ns1
ns1 IN A 192.168.10.10
www IN A 1.1.1.1
web IN CNAME www
bbs IN A 1.1.1.2
bbs IN A 1.1.1.3
[root@localhost ~]# vim /var/named/test.com/external
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2018053101
1H
10M
3D
1D )
IN NS ns1
ns1 IN A 192.168.10.10
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
檢測語法并設(shè)置權(quán)限
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone test.com /var/named/test.com/internal
zone test.com/IN: loaded serial 2018053101
OK
[root@localhost ~]# named-checkzone test.com /var/named/test.com/external
zone test.com/IN: loaded serial 2018053101
OK
[root@localhost ~]# chgrp named /var/named/test.com/{internal,external}
[root@localhost ~]# chmod o= /var/named/test.com/{internal,external}
[root@localhost ~]# rndc reload
server reload successful
用192.168.10.12進行解析,解析成內(nèi)網(wǎng)IP
[root@localhost ~]# dig -t A www.test.com @192.168.10.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47742
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3600 IN A 192.168.10.10
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 2 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:45:02 EDT 2018
;; MSG SIZE rcvd: 91
[root@localhost ~]# dig -t A bbs.test.com @192.168.10.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.test.com. IN A
;; ANSWER SECTION:
bbs.test.com. 3600 IN A 192.168.10.24
bbs.test.com. 3600 IN A 192.168.10.23
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:45:20 EDT 2018
;; MSG SIZE rcvd: 107
用192.168.10.11進行解析磷蛹,解析成外網(wǎng)IP
[root@localhost ~]# dig -t A www.test.com @192.168.10.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39708
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 3600 IN A 1.1.1.1
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:47:01 EDT 2018
;; MSG SIZE rcvd: 91
[root@localhost ~]# dig -t A bbs.test.com @192.168.10.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44362
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.test.com. IN A
;; ANSWER SECTION:
bbs.test.com. 3600 IN A 1.1.1.2
bbs.test.com. 3600 IN A 1.1.1.3
;; AUTHORITY SECTION:
test.com. 3600 IN NS ns1.test.com.
;; ADDITIONAL SECTION:
ns1.test.com. 3600 IN A 192.168.10.10
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:47:24 EDT 2018
;; MSG SIZE rcvd: 107
此時一個智能DNS服務(wù)器就搭建完成了吮旅,比如在我國應(yīng)用比較多的場景是按照客戶端的線路是電信線路還是網(wǎng)通線路,服務(wù)器自動解析成自己服務(wù)器上相對應(yīng)的電信IP或者網(wǎng)通IP味咳,從而使客戶端和服務(wù)端連接在同一個運營商的線路上庇勃,獲得最好的網(wǎng)速。
六槽驶、編譯安裝Mariadb责嚷,并啟動后可以正常登錄
去mariadb官網(wǎng)下載mariadb源的包:
[https://mariadb.org/download/](https://mariadb.org/download/)
解壓:
[root@localhost ~]#tar -xvzf mariadb-10.3.11.tar.gz
現(xiàn)在提前預(yù)定安裝目錄為/usr/local/mysql并且數(shù)據(jù)目錄為/data1/mysql,這里要建立用戶和目錄掂铐,并且賦予mysql用戶權(quán)限罕拂,操作如下:(可自己定義)
[root@localhost ~]#groupadd -r mysql
[root@localhost ~]#useradd -g mysql -s /sbin/nologin mysql
[root@localhost ~]#mkdir /usr/local/mysql
[root@localhost ~]#mkdir -p /data1/mysql
[root@localhost ~]#chown -R mysql:mysql /data1/mysql/
進入安裝包路徑下
cd mariadb--10.3.11
cmake .
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql #指定安裝位置(可自定義)
-DMYSQL_DATADIR=/data1/mysql #指定數(shù)據(jù)目錄(可自定義)
-DSYSCONFDIR=/etc #配置文件所在的目錄(一般放在etc目錄下)
-DWITHOUT_TOKUDB=1 #這個參數(shù)一般都要設(shè)置上,表示不安裝tokudb引擎
-DWITH_INNOBASE_STORAGE_ENGINE=1
-DWITH_ARCHIVE_STPRAGE_ENGINE=1
-DWITH_BLACKHOLE_STORAGE_ENGINE=1
-DWIYH_READLINE=1 -DWIYH_SSL=system
-DVITH_ZLIB=system -DWITH_LOBWRAP=0
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock
-DDEFAULT_CHARSET=utf8
-DDEFAULT_COLLATION=utf8_general_ci
#-DWITHOUT_TOKUDB=1這個參數(shù)一般都要設(shè)置上全陨,表示不安裝tokudb引擎爆班,tokudb是MySQL中一款開源的存儲引擎,可以管理大量數(shù)據(jù)并且有一些新的特性辱姨,這些是Innodb所不具備的柿菩,這里之所以不安裝,是因為一般計算機默認是沒有Percona Server的雨涛,并且加載tokudb還要依賴jemalloc內(nèi)存優(yōu)化枢舶,一般開發(fā)中也是不用tokudb的,所以暫時屏蔽掉镜悉,否則在系統(tǒng)中找不到依賴會出現(xiàn):CMake Error at storage/tokudb/PerconaFT/cmake_modules/TokuSetupCompiler.cmake:179 (message)這樣的錯誤
實際情況下我們也可以執(zhí)行這段代碼:
cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data1/mysql -DSYSCONFDIR=/etc -DWITHOUT_TOKUDB=1 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci
注意:如果萬一執(zhí)行中有了錯誤祟辟,可以執(zhí)行: rm -f CMakeCache.txt 刪除編譯緩存,讓指令重新執(zhí)行侣肄,否則每次讀取這個文件旧困,命令修改正確也是報錯
執(zhí)行編譯安裝
make && make install
解壓完之后就可以進入mariadb的安裝路徑下執(zhí)行以下命令進行授權(quán)和服務(wù)設(shè)置:
chown -R mysql:mysql .
scripts/mysql_install_db --datadir=/data1/mysql --user=mysql
chown -R root .
cp support-files/mysql.server /etc/init.d/mysqld
啟動服務(wù):
systemctl start mysqld.service
設(shè)置my.cnf文件
vi /etc/my.cnf
[mysqld]
datadir=/data1/mysql
socket=/tmp/mysql.sock #設(shè)為編譯執(zhí)行的本地socket
user=mysql
lower_case_table_names=1 #設(shè)置數(shù)據(jù)表大小寫不敏感(值為0時大小寫敏感)
MariaDB設(shè)置初始化密碼及修改密碼
方法1:
[root@localhost ~]# mysql
MariaDB[(none)]> UPDATE mysql.user SET password = PASSWORD(‘newpassword’) WHERE USER = ‘root’;
MariaDB[(none)]> FLUSH PRIVILEGES;
方法2:
[root@localhost ~]# mysql
MariaDB[(none)]> SET password=PASSWORD('newpassward');
方法3:
[root@localhost ~]# mysqladmin -u root password 'newpassword'
如果root已經(jīng)設(shè)置過密碼,采用如下方法
[root@localhost ~]#mysqladmin -u root -p 'oldpassword' password 'newpassword'
授權(quán)遠程登陸
grant all privileges on *.* to '用戶名'@'%' identified by '登錄密碼' with grant option;
flush privileges;