第十三周作業(yè)(DNS搭建坪仇,編譯安裝Mariadb)

1孵构、簡述DNS服務(wù)器原理,并搭建主-輔服務(wù)器烟很,搭建智能DNS

一颈墅、DNS是什么

DNS(Domain Name Service的縮寫)的作用就是根據(jù)域名查出IP地址蜡镶。IP地址是由32位二進制數(shù)字組成,人們很難記住這些IP恤筛,相反官还,大家愿意使用比較容易記憶的主機名字。而電腦在處理IP數(shù)據(jù)報文時毒坛,是使用IP地址的望伦,因為它是固定長度。

DNS查詢的類型對于客戶端來說是遞歸查詢煎殷,對于DNS服務(wù)器來說屯伞,絕大多數(shù)是迭代查詢的。DNS名稱解析中豪直,從名稱到IP的查詢叫做正向解析劣摇,而從IP到名稱的查詢叫做反向解析。如果DNS服務(wù)器至少解析了一個或一個以上的域叫做DNS主服務(wù)器或者DNS輔助服務(wù)器弓乙,如果不負責(zé)任何解析叫做DNS緩存服務(wù)器末融。

現(xiàn)在互聯(lián)網(wǎng)規(guī)模很大,DNS被設(shè)計成一個分布式的數(shù)據(jù)庫系統(tǒng)暇韧,他分布的功能就是把一個大的數(shù)據(jù)庫切割成很多小的數(shù)據(jù)庫勾习,來分別提供一部分數(shù)據(jù)的處理。全球一共分布了13臺DNS根服務(wù)器懈玻,名字為A至M巧婶。

image.png

二、DNS的域名解析過程

image.png

用戶使用瀏覽器輸入網(wǎng)址時域名解析過程:

1.客戶訪問時涂乌,先查自己的hosts文件艺栈,有則返回
2.客戶hosts中沒有就去查自己的緩存,有則返回
3.客戶緩存沒有就去找dns服務(wù)器
4.dns服務(wù)器先找根服務(wù)器獲得頂級域服務(wù)器地址
5.dns服務(wù)器在找頂級域服務(wù)器去獲得二級域服務(wù)器地址
6.dns服務(wù)器從二級域服務(wù)器獲得最終的IP地址
7.客戶端從dns服務(wù)器中得到IP地址

DNS區(qū)域數(shù)據(jù)庫文件

資源記錄(Resource Record)的類型有以下幾個:
(1)SOA:起始授權(quán)記錄骂倘,只能有一個眼滤,必須放在第一條
(2)NS:域名服務(wù)記錄,其中一個為主历涝,可以有多個
(3)A:IPv4地址記錄
(4)AAAA:IPv6地址記錄
(5)CNAME:別名記錄
(6)PTR:反向解析記錄
(7)MX:郵件交換器

相關(guān)測試工具及命令
(1)dig命令
用于測試DNS系統(tǒng)推盛,其不會查詢hosts文件烛缔,使用格式:
dig [-t RR_TYPE] name [@SERVER] [query options]
常用的查詢選項包括:
+[no]trace:跟蹤解析過程伞广;
+[no]recurse:進行遞歸解析驾中;
其常用用法包括:
反向解析測試:dig -x IP
測試區(qū)域傳送:dig -t [axfr|ixfr] DOMAIN [@server]

(2)host命令
其用法類似于dig命令,使用格式為:
host [-t RR_TYPE] name SERVER_IP

(3)nslookup命令
nslookup命令有兩種使用模式分衫,一種是命令模式场刑,另一個交互模式。
其命令模式的使用格式為:nslookup [-options] [name] [server]
而交互模式的使用格式為:
nslookup>
server IP:以指定的IP為DNS服務(wù)器進行查詢蚪战;
set q=RR_TYPE:要查詢的資源記錄類型牵现;
name:要查詢的名稱铐懊;

(4)rndc命令
rndc命令為named服務(wù)的控制命令,其常用的用法有以下:
rndc status:顯示服務(wù)器狀態(tài)
rndc reload:在不停止DNS服務(wù)器工作的情況下瞎疼,重新加載配置文件和區(qū)域文件
rndc flush:清理DNS緩存

bind中的安全相關(guān)的配置

(1)bind有四個內(nèi)置的acl

none:沒有一個主機科乎;
any:任意主機;
local:本機贼急;
localnet:本機所在的IP所屬的網(wǎng)絡(luò)茅茂;

訪問控制指令:

allow-query {}; 允許查詢的主機;白名單太抓;
allow-transfer {}; 允許向哪些主機做區(qū)域傳送空闲;默認為向所有主機;
allow-recursion {}; 允許哪些主機向當(dāng)前DNS服務(wù)器發(fā)起遞歸查詢請求走敌;
allow-update {}; DDNS碴倾,允許動態(tài)更新區(qū)域數(shù)據(jù)庫文件中內(nèi)容;

三悔常、搭建主輔DNS服務(wù)器

環(huán)境說明:
DNS主服務(wù)器:192.168.10.10
DNS輔服務(wù)器:192.168.10.11
DNS子域主服務(wù)器:192.168.10.12

1.設(shè)置主DNS服務(wù)器(ip:192.168.10.10)

安裝軟件

[root@localhost ~]# yum -y install bind  #安裝bind
[root@localhost ~]# yum -y install bind-utils  #安裝bind工具包
[root@localhost ~]# systemctl start named  #啟動服務(wù)
[root@localhost ~]# netstat -tunlp  #查看狀態(tài)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1323/named          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      891/sshd            
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1323/named          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      994/master          
tcp6       0      0 ::1:53                  :::*                    LISTEN      1323/named          
tcp6       0      0 :::22                   :::*                    LISTEN      891/sshd            
tcp6       0      0 ::1:953                 :::*                    LISTEN      1323/named          
tcp6       0      0 ::1:25                  :::*                    LISTEN      994/master          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1323/named          
udp        0      0 127.0.0.1:323           0.0.0.0:*                           639/chronyd         
udp6       0      0 ::1:53                  :::*                                1323/named          
udp6       0      0 ::1:323                 :::*                                639/chronyd   
#其中53端口被監(jiān)聽影斑,953端口被rndc監(jiān)聽

配置環(huán)境

[root@localhost ~]# vim /etc/resolv.conf  #修改DNS配置文件
nameserver 192.168.10.10

[root@localhost ~]# vim /etc/named.conf 

listen-on port 53 { 192.168.10.10; }; #修改監(jiān)聽通信地址IP
allow-query     { any; };  #允許任何人連接给赞,設(shè)置成any
dnssec-enable no;
dnssec-validation no;
#關(guān)閉dnssec,設(shè)置為no

配置解析一個正向區(qū)域

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {
        type master;  #定義主類型
        file "test.com.zone";  #這是相對路徑机打,在/var/named下
};

建立區(qū)域數(shù)據(jù)文件

[root@localhost ~]# vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com.  #補一個后綴
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053101
        1H
        10M
        3D
        1D )
        IN NS ns1  #前面有補后綴可以簡寫,否則寫全稱最后要有點號
        IN MX 10 mx1
        IN MX 20 mx2
ns1 IN A 192.168.10.10
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24

修改權(quán)限片迅,檢測語法

[root@localhost ~]# chgrp named /var/named/test.com.zone 
[root@localhost ~]# chmod o= /var/named/test.com.zone
#修改新鍵的區(qū)域數(shù)據(jù)文件權(quán)限
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053101
OK
#檢測語法

服務(wù)器重載配置文件和區(qū)域數(shù)據(jù)文件

[root@localhost named]# rndc status
number of zones: 101
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]# rndc status
number of zones: 102
#查看狀態(tài)可以看到重載后數(shù)字加1

DNS主服務(wù)器正向解析測試

[root@localhost ~]# dig -t -A www.test.com
;; Warning, ignoring invalid type -A

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t -A www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18274
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 21:55:26 EDT 2018
;; MSG SIZE  rcvd: 91
[root@localhost named]# dig -t A web.test.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A web.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.test.com.          IN  A

;; ANSWER SECTION:
web.test.com.       3600    IN  CNAME   www.test.com.
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 21:11:25 EDT 2018
;; MSG SIZE  rcvd: 109
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.23
bbs.test.com has address 192.168.10.24
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.23
bbs.test.com has address 192.168.10.24
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.24
bbs.test.com has address 192.168.10.23

配置解析一個反向區(qū)域

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "10.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.10.zone";
};

建立反向區(qū)域數(shù)據(jù)文件

[root@localhost ~]# vim /var/named/192.168.10.zone
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
        2018060101
        1H
        10M
        3D
        12H )
        IN NS ns1.test.com.   #反向解析此處不能簡寫
10 IN PTR ns1.test.com.
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.

修改反向區(qū)域文件權(quán)限残邀,檢測語法

[root@localhost named]# chgrp named /var/named/192.168.10.zone 
[root@localhost named]# chmod o= /var/named/192.168.10.zone 
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone 10.168.192.in-addr.arpa /var/named/192.168.10.zone 
zone 10.168.192.in-addr.arpa/IN: loaded serial 2018060101
OK

重載配置文件和區(qū)域數(shù)據(jù)文件

[root@localhost named]# rndc status
number of zones: 102
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]# rndc status
number of zones: 103

主服務(wù)器反向解析測試

[root@localhost named]# dig -x 192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.10.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 22:26:03 EDT 2018
;; MSG SIZE  rcvd: 129

2.設(shè)置輔DNS服務(wù)器(ip:192.168.10.11)

[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# systemctl start named.service

[root@localhost ~]# vim /etc/resolv.conf 
nameserver 192.168.10.11

[root@localhost ~]# vim /etc/named.conf 
listen-on port 53 { 192.168.10.11; };
allow-query     { any; };
dnssec-enable no;
dnssec-validation no;

配置11輔服務(wù)器的正向區(qū)域

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {    #正向區(qū)域
        type slave;
        file "slaves/test.com.zone";  #區(qū)域數(shù)據(jù)文件位置
        masters { 192.168.10.10; };  #定義正向區(qū)域主服務(wù)器IP
};
[root@localhost ~]# named-checkconf

來到10主服務(wù)器上去配置文件

[root@localhost ~]# vim /var/named/test.com.zone 
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053102  #每次修改文件時手動加1,從服務(wù)器才會更新
        1H
        10M
        3D
        1D )
        IN NS ns1
        IN NS ns2  #增加A記錄指向11輔服務(wù)器
        IN MX 10 mx1
        IN MX 20 mx2
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11  #輔服務(wù)器IP
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24

[root@localhost ~]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053102
OK
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc status
server is up and running
#檢測語法柑蛇,檢測狀態(tài)都正常

來到11輔服務(wù)器

[root@localhost slaves]# dig -t A www.test.com @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45851
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns2.test.com.
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Thu May 31 23:20:16 EDT 2018
;; MSG SIZE  rcvd: 125

進一步對主輔服務(wù)器進行測試,來到10主服務(wù)器

[root@localhost ~]# vim /var/named/test.com.zone 
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053103  #序列號加1
        1H
        10M
        3D
        1D )
        IN NS ns1
        IN NS ns2
        IN MX 10 mx1
        IN MX 20 mx2
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
pop3 IN A 192.168.10.25  #增加一條A記錄

[root@localhost ~]# rndc reload
server reload successful
#重載配置

來到11輔服務(wù)器

[root@localhost ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-05-31 22:38:36 EDT; 54min ago
  Process: 1090 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1087 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 1093 (named)
   CGroup: /system.slice/named.service
           └─1093 /usr/sbin/named -u named -c /etc/named.conf

May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053102
May 31 23:17:11 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: Transfer completed.../sec)
May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053102)
May 31 23:30:31 localhost.localdomain named[1093]: client 192.168.10.10#2372: received notify for zone 'test.com'
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: refresh: unexpected rcode (REFUSED) from master 1....0#0)
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: Transfer started.
May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: connected using 19...46792
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053103
May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: Transfer completed.../sec)
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053103)
Hint: Some lines were ellipsized, use -l to show in full.
#輔服務(wù)器不需要reload芥挣,此時看到自動更新到新序列號,文件也傳輸過來了
[root@localhost ~]# dig -t A pop3.test.com @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.test.com @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24355
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.test.com.         IN  A

;; ANSWER SECTION:
pop3.test.com.      3600    IN  A   192.168.10.25

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.
test.com.       3600    IN  NS  ns2.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Thu May 31 23:54:58 EDT 2018
;; MSG SIZE  rcvd: 126

配置11輔服務(wù)器反向區(qū)域

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "10.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.10.zone";
        masters { 192.168.10.10; };
};

[root@localhost ~]# named-checkconf

配置10主服務(wù)器反向區(qū)域的數(shù)據(jù)文件

[root@localhost ~]# vim /var/named/192.168.10.zone 
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
        2018060102
        1H
        10M
        3D
        12H )
        IN NS ns1.test.com.
        IN NS ns2.test.com.  #增加PTR記錄指向11輔服務(wù)器
10 IN PTR ns1.test.com.
11 IN PTR ns2.test.com.  #11輔服務(wù)器名稱
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.

[root@localhost ~]# named-checkzone 10.168.192.in-addr.arpa /var/named/192.168.10.zone
zone 10.168.192.in-addr.arpa/IN: loaded serial 2018060102
OK
[root@localhost ~]# rndc reload
server reload successful
#檢測語法耻台,重載配置

來到11輔服務(wù)器

[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# ll /var/named/slaves/
total 8
-rw-r--r-- 1 named named 600 Jun  1 02:23 192.168.10.zone
-rw-r--r-- 1 named named 574 Jun  1 02:10 test.com.zone
#反向區(qū)域的數(shù)據(jù)文件也已經(jīng)同步過來

測試在11輔服務(wù)器反向解析IP

[root@localhost ~]# dig -x 192.168.10.10 @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.10 @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.10.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600   IN  NS  ns2.test.com.
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:25:17 EDT 2018
;; MSG SIZE  rcvd: 163

進一步主輔同步測試空免,在10主中添加一條PTR

[root@localhost ~]# vim /var/named/192.168.10.zone 
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
        2018060103  #序列號加1
        1H
        10M
        3D
        12H )
        IN NS ns1.test.com.
        IN NS ns2.test.com.
10 IN PTR ns1.test.com.
11 IN PTR ns2.test.com.
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.
25 IN PTR pop3.test.com.  #增加一條RTR數(shù)據(jù)

[root@localhost ~]# rndc reload
server reload successful

在11輔服務(wù)器測試

[root@localhost ~]# dig -x 192.168.10.25 @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.25 @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35322
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;25.10.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
25.10.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.
10.168.192.in-addr.arpa. 3600   IN  NS  ns2.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:36:48 EDT 2018
;; MSG SIZE  rcvd: 150

手動測試區(qū)域傳送功能

[root@localhost ~]# dig -t axfr test.com @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.10.11
;; global options: +cmd
test.com.       3600    IN  SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400
test.com.       3600    IN  MX  10 mx1.test.com.
test.com.       3600    IN  MX  20 mx2.test.com.
test.com.       3600    IN  NS  ns1.test.com.
test.com.       3600    IN  NS  ns2.test.com.
bbs.test.com.       3600    IN  A   192.168.10.23
bbs.test.com.       3600    IN  A   192.168.10.24
MX1.test.com.       3600    IN  A   192.168.10.21
MX2.test.com.       3600    IN  A   192.168.10.22
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11
pop3.test.com.      3600    IN  A   192.168.10.25
web.test.com.       3600    IN  CNAME   www.test.com.
www.test.com.       3600    IN  A   192.168.10.10
test.com.       3600    IN  SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400
;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:40:11 EDT 2018
;; XFR size: 15 records (messages 1, bytes 350)
[root@localhost ~]# dig -t axfr 10.168.192.in-addr.arpa @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr 10.168.192.in-addr.arpa @192.168.10.10
;; global options: +cmd
10.168.192.in-addr.arpa. 3600   IN  SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.
10.168.192.in-addr.arpa. 3600   IN  NS  ns2.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.
11.10.168.192.in-addr.arpa. 3600 IN PTR ns2.test.com.
21.10.168.192.in-addr.arpa. 3600 IN PTR mx1.test.com.
22.10.168.192.in-addr.arpa. 3600 IN PTR mx2.test.com.
23.10.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.
24.10.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.
25.10.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.
10.168.192.in-addr.arpa. 3600   IN  SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200
;; Query time: 2 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Fri Jun 01 02:42:53 EDT 2018
;; XFR size: 12 records (messages 1, bytes 319)

這種開放式的區(qū)域傳送對服務(wù)器有巨大的風(fēng)險,我們需要配置訪問控制盆耽,讓主服務(wù)器只開放給輔服務(wù)器做傳送

四蹋砚、訪問控制,子域授權(quán)

配置192.168.10.12子域主服務(wù)器流程:

首先到192.168.10.10主服務(wù)器中添加子域服務(wù)器的數(shù)據(jù)

[root@localhost ~]# vim /var/named/test.com.zone 
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053104  #序列號加1
        1H
        10M
        3D
        1D )
        IN NS ns1
        IN NS ns2
        IN MX 10 mx1
        IN MX 20 mx2
ops     IN NS ns1.ops  #增加子域服務(wù)器
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
ns1.ops IN A 192.168.10.12  #增加子域服務(wù)器A標(biāo)記

配置12子域服務(wù)器

[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# systemctl start named.service

[root@localhost ~]# vim /etc/resolv.conf 
nameserver 192.168.10.12

[root@localhost ~]# vim /etc/named.conf 
listen-on port 53 { 127.0.0.1; 192.168.10.12; };
//allow-query     { localhost; };    #注釋掉這一行
dnssec-enable no;
dnssec-validation no;

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "ops.test.com" IN {
        type master;
        file "ops.test.com.zone";
};  
#增加三級域摄杂,增加正向區(qū)域的子域

[root@localhost ~]# vim /etc/named/ops.test.com.zone

$TTL 3600
$ORIGIN ops.test.com.
@ IN SOA ns1.ops.test.com. nsadmin.ops.test.com. (
        2018060101
        1H
        10M
        1D
        2H )
        IN NS ns1
ns1 IN A 192.168.10.12
www IN A 192.168.10.12

[root@localhost ~]# chgrp named /var/named/ops.test.com.zone 
[root@localhost ~]# chmod o= /var/named/ops.test.com.zone
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone ops.test.com /var/named/ops.test.com.zone 
zone ops.test.com/IN: loaded serial 2018060101
OK

[root@localhost ~]# rndc reload
server reload successful

測試

[root@localhost ~]# dig -t A www.ops.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.ops.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.test.com.      IN  A

;; ANSWER SECTION:
www.ops.test.com.   3600    IN  A   192.168.10.12

;; AUTHORITY SECTION:
ops.test.com.       3600    IN  NS  ns1.ops.test.com.

;; ADDITIONAL SECTION:
ns1.ops.test.com.   3600    IN  A   192.168.10.12

;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 03:45:00 EDT 2018
;; MSG SIZE  rcvd: 95

子域服務(wù)器解析www.test.com時坝咐,因自己不能解析默認會去互聯(lián)網(wǎng)根域上去迭代查詢

[root@localhost ~]# dig -t A www.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32424
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3579    IN  A   69.172.200.235

;; AUTHORITY SECTION:
test.com.       172779  IN  NS  ns66.worldnic.com.
test.com.       172779  IN  NS  ns65.worldnic.com.

;; ADDITIONAL SECTION:
ns65.worldnic.com.  172779  IN  A   207.204.40.133
ns66.worldnic.com.  172779  IN  A   207.204.21.133

;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:06:53 EDT 2018
;; MSG SIZE  rcvd: 136

子域定義轉(zhuǎn)發(fā)域到主輔服務(wù)器,test.com會轉(zhuǎn)發(fā)到主輔服務(wù)器中解析

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {
        type forward;
        forward only;
        forwarders { 192.168.10.10; 192.168.10.11; };
};
#在配置文件末尾添加這段轉(zhuǎn)發(fā)規(guī)則

[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc flush
#清空緩存

此時可以解析出正確的IP


[root@localhost ~]# dig -t A www.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63618
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns2.test.com.
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns2.test.com.       3600    IN  A   192.168.10.11
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 6 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:23:08 EDT 2018
;; MSG SIZE  rcvd: 125

上面是對特定區(qū)域的區(qū)域轉(zhuǎn)發(fā)解析請求析恢,也可以配置本地不能解析的全部轉(zhuǎn)給其他服務(wù)器來解析的全局轉(zhuǎn)發(fā)

[root@localhost ~]# vim /etc/named.conf 
forward only;
forwarders { 192.168.10.10; };  #在options代碼段中添加這兩行指令
#并刪除掉上面的區(qū)域轉(zhuǎn)發(fā)規(guī)則

[root@localhost ~]# rndc reload
[root@localhost ~]# rndc flush
[root@localhost ~]# dig -t A www.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9713
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3560    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3560    IN  NS  ns2.test.com.
test.com.       3560    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns2.test.com.       3560    IN  A   192.168.10.11
ns1.test.com.       3560    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:47:02 EDT 2018
;; MSG SIZE  rcvd: 125

配置訪問控制命令

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {
        type master;
        file "test.com.zone";
        allow-transfer { slaves; };
};

[root@localhost ~]# vim /etc/named.conf 
acl slaves {
        192.168.10.11;
};
#在options前面加上這一段

上面的訪問控制列表中沒有12服務(wù)器墨坚,所以用12傳輸失敗

[root@localhost ~]# dig -t axfr test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.10.12
;; global options: +cmd
; Transfer failed.

服務(wù)器只允許列表中網(wǎng)段主機可以執(zhí)行遞歸查詢

[root@localhost ~]# vim /etc/named.conf
acl mynet {
        192.168.10.0/24;
        127.0.0.0/8;
};
#在options前面加上這一段
allow-recuresion { mynet; };
#recursion yes;修改這上面這句

五、使用bind搭建智能DNS

要實現(xiàn)DNS服務(wù)器的智能解析映挂,需要先理解一個概念:view
假如有臺web主機泽篮,www.test.com是域名盗尸,它有兩個IP,一個接內(nèi)網(wǎng)IP為192.168.10.10帽撑,一個接外網(wǎng)IP為1.1.1.1振劳。來自互聯(lián)網(wǎng)的用戶會解析成1.1.1.1,而來自內(nèi)網(wǎng)的用戶不需要解析成外網(wǎng)IP在連進來油狂,只需要直接解析成內(nèi)網(wǎng)IP192.168.10.10就可以了历恐。這種根據(jù)客戶端的不同來源將同一個主機解析成不同的結(jié)果,就叫做view专筷。

修改主DNS的named.conf配置文件

[root@localhost ~]# vim /etc/named.conf
options {
......
};
logging {
......
};
view internal {
        match-clients { 192.168.10.11; };#設(shè)置此IP解析成外網(wǎng)
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "test.com" IN {
                type master;
                file "test.com/internal";
        };
        include "/etc/named.rfc1912.zones";
        include "/etc/named.root.key";
};
view external {
        match-clients { any; };#除了上面的IP范圍弱贼,其他所有IP解析成內(nèi)網(wǎng)
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "test.com" IN {
                type master;
                file "test.com/external";
        };
        include "/etc/named.rfc1912.zones";
        include "/etc/named.root.key";
};

建立兩個正向區(qū)域數(shù)據(jù)文件

[root@localhost ~]# vim /var/named/test.com/internal
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053101
        1H
        10M
        3D
        1D )
        IN NS ns1
ns1 IN A 192.168.10.10
www IN A 1.1.1.1
web IN CNAME www
bbs IN A 1.1.1.2
bbs IN A 1.1.1.3


[root@localhost ~]# vim /var/named/test.com/external
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053101
        1H
        10M
        3D
        1D )
        IN NS ns1
ns1 IN A 192.168.10.10
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24

檢測語法并設(shè)置權(quán)限

[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone test.com /var/named/test.com/internal 
zone test.com/IN: loaded serial 2018053101
OK
[root@localhost ~]# named-checkzone test.com /var/named/test.com/external 
zone test.com/IN: loaded serial 2018053101
OK
[root@localhost ~]# chgrp named /var/named/test.com/{internal,external}
[root@localhost ~]# chmod o= /var/named/test.com/{internal,external}

[root@localhost ~]# rndc reload
server reload successful

用192.168.10.12進行解析,解析成內(nèi)網(wǎng)IP

[root@localhost ~]# dig -t A www.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47742
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 2 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:45:02 EDT 2018
;; MSG SIZE  rcvd: 91

[root@localhost ~]# dig -t A bbs.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.test.com.          IN  A

;; ANSWER SECTION:
bbs.test.com.       3600    IN  A   192.168.10.24
bbs.test.com.       3600    IN  A   192.168.10.23

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:45:20 EDT 2018
;; MSG SIZE  rcvd: 107

用192.168.10.11進行解析磷蛹,解析成外網(wǎng)IP

[root@localhost ~]# dig -t A www.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39708
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   1.1.1.1

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:47:01 EDT 2018
;; MSG SIZE  rcvd: 91

[root@localhost ~]# dig -t A bbs.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44362
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.test.com.          IN  A

;; ANSWER SECTION:
bbs.test.com.       3600    IN  A   1.1.1.2
bbs.test.com.       3600    IN  A   1.1.1.3

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:47:24 EDT 2018
;; MSG SIZE  rcvd: 107

此時一個智能DNS服務(wù)器就搭建完成了吮旅,比如在我國應(yīng)用比較多的場景是按照客戶端的線路是電信線路還是網(wǎng)通線路,服務(wù)器自動解析成自己服務(wù)器上相對應(yīng)的電信IP或者網(wǎng)通IP味咳,從而使客戶端和服務(wù)端連接在同一個運營商的線路上庇勃,獲得最好的網(wǎng)速。

六槽驶、編譯安裝Mariadb责嚷,并啟動后可以正常登錄

去mariadb官網(wǎng)下載mariadb源的包:

[https://mariadb.org/download/](https://mariadb.org/download/)

解壓:

[root@localhost ~]#tar -xvzf mariadb-10.3.11.tar.gz

現(xiàn)在提前預(yù)定安裝目錄為/usr/local/mysql并且數(shù)據(jù)目錄為/data1/mysql,這里要建立用戶和目錄掂铐,并且賦予mysql用戶權(quán)限罕拂,操作如下:(可自己定義)

[root@localhost ~]#groupadd -r mysql
[root@localhost ~]#useradd -g mysql -s /sbin/nologin mysql
[root@localhost ~]#mkdir /usr/local/mysql
[root@localhost ~]#mkdir -p /data1/mysql
[root@localhost ~]#chown -R mysql:mysql /data1/mysql/

進入安裝包路徑下

cd mariadb--10.3.11
cmake . 
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql                #指定安裝位置(可自定義)
-DMYSQL_DATADIR=/data1/mysql                           #指定數(shù)據(jù)目錄(可自定義)
-DSYSCONFDIR=/etc                                      #配置文件所在的目錄(一般放在etc目錄下)
-DWITHOUT_TOKUDB=1                                     #這個參數(shù)一般都要設(shè)置上,表示不安裝tokudb引擎
-DWITH_INNOBASE_STORAGE_ENGINE=1                       
-DWITH_ARCHIVE_STPRAGE_ENGINE=1                        
-DWITH_BLACKHOLE_STORAGE_ENGINE=1                      
-DWIYH_READLINE=1 -DWIYH_SSL=system                    
-DVITH_ZLIB=system -DWITH_LOBWRAP=0                    
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock                      
-DDEFAULT_CHARSET=utf8                                 
-DDEFAULT_COLLATION=utf8_general_ci                    

#-DWITHOUT_TOKUDB=1這個參數(shù)一般都要設(shè)置上全陨,表示不安裝tokudb引擎爆班,tokudb是MySQL中一款開源的存儲引擎,可以管理大量數(shù)據(jù)并且有一些新的特性辱姨,這些是Innodb所不具備的柿菩,這里之所以不安裝,是因為一般計算機默認是沒有Percona Server的雨涛,并且加載tokudb還要依賴jemalloc內(nèi)存優(yōu)化枢舶,一般開發(fā)中也是不用tokudb的,所以暫時屏蔽掉镜悉,否則在系統(tǒng)中找不到依賴會出現(xiàn):CMake Error at storage/tokudb/PerconaFT/cmake_modules/TokuSetupCompiler.cmake:179 (message)這樣的錯誤

實際情況下我們也可以執(zhí)行這段代碼:

cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data1/mysql -DSYSCONFDIR=/etc -DWITHOUT_TOKUDB=1 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci

注意:如果萬一執(zhí)行中有了錯誤祟辟,可以執(zhí)行: rm -f CMakeCache.txt 刪除編譯緩存,讓指令重新執(zhí)行侣肄,否則每次讀取這個文件旧困,命令修改正確也是報錯

執(zhí)行編譯安裝

make && make install

解壓完之后就可以進入mariadb的安裝路徑下執(zhí)行以下命令進行授權(quán)和服務(wù)設(shè)置:

chown -R mysql:mysql .
scripts/mysql_install_db --datadir=/data1/mysql --user=mysql
chown -R root .
cp support-files/mysql.server /etc/init.d/mysqld

啟動服務(wù):

systemctl start mysqld.service 

設(shè)置my.cnf文件

vi /etc/my.cnf
[mysqld]
datadir=/data1/mysql
socket=/tmp/mysql.sock   #設(shè)為編譯執(zhí)行的本地socket
user=mysql
lower_case_table_names=1  #設(shè)置數(shù)據(jù)表大小寫不敏感(值為0時大小寫敏感)

MariaDB設(shè)置初始化密碼及修改密碼

方法1:
  [root@localhost ~]# mysql 
  MariaDB[(none)]> UPDATE mysql.user SET password = PASSWORD(‘newpassword’) WHERE USER = ‘root’;
  MariaDB[(none)]> FLUSH PRIVILEGES;

方法2: 
  [root@localhost ~]# mysql
  MariaDB[(none)]> SET password=PASSWORD('newpassward');

方法3:
        [root@localhost ~]# mysqladmin -u root password 'newpassword'
  如果root已經(jīng)設(shè)置過密碼,采用如下方法 
        [root@localhost ~]#mysqladmin -u root -p 'oldpassword' password 'newpassword'

授權(quán)遠程登陸

grant all privileges on *.* to '用戶名'@'%' identified by '登錄密碼' with grant option;
flush privileges;
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 序言:七十年代末吼具,一起剝皮案震驚了整個濱河市僚纷,隨后出現(xiàn)的幾起案子,更是在濱河造成了極大的恐慌拗盒,老刑警劉巖怖竭,帶你破解...
    沈念sama閱讀 211,639評論 6 492
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件,死亡現(xiàn)場離奇詭異陡蝇,居然都是意外死亡痊臭,警方通過查閱死者的電腦和手機,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,277評論 3 385
  • 文/潘曉璐 我一進店門登夫,熙熙樓的掌柜王于貴愁眉苦臉地迎上來广匙,“玉大人,你說我怎么就攤上這事恼策⊙恢拢” “怎么了?”我有些...
    開封第一講書人閱讀 157,221評論 0 348
  • 文/不壞的土叔 我叫張陵涣楷,是天一觀的道長分唾。 經(jīng)常有香客問我,道長狮斗,這世上最難降的妖魔是什么绽乔? 我笑而不...
    開封第一講書人閱讀 56,474評論 1 283
  • 正文 為了忘掉前任,我火速辦了婚禮情龄,結(jié)果婚禮上迄汛,老公的妹妹穿的比我還像新娘捍壤。我一直安慰自己骤视,他們只是感情好,可當(dāng)我...
    茶點故事閱讀 65,570評論 6 386
  • 文/花漫 我一把揭開白布鹃觉。 她就那樣靜靜地躺著专酗,像睡著了一般。 火紅的嫁衣襯著肌膚如雪盗扇。 梳的紋絲不亂的頭發(fā)上祷肯,一...
    開封第一講書人閱讀 49,816評論 1 290
  • 那天,我揣著相機與錄音疗隶,去河邊找鬼佑笋。 笑死,一個胖子當(dāng)著我的面吹牛斑鼻,可吹牛的內(nèi)容都是我干的蒋纬。 我是一名探鬼主播,決...
    沈念sama閱讀 38,957評論 3 408
  • 文/蒼蘭香墨 我猛地睜開眼,長吁一口氣:“原來是場噩夢啊……” “哼蜀备!你這毒婦竟也來了关摇?” 一聲冷哼從身側(cè)響起,我...
    開封第一講書人閱讀 37,718評論 0 266
  • 序言:老撾萬榮一對情侶失蹤碾阁,失蹤者是張志新(化名)和其女友劉穎输虱,沒想到半個月后,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體脂凶,經(jīng)...
    沈念sama閱讀 44,176評論 1 303
  • 正文 獨居荒郊野嶺守林人離奇死亡宪睹,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點故事閱讀 36,511評論 2 327
  • 正文 我和宋清朗相戀三年,在試婚紗的時候發(fā)現(xiàn)自己被綠了蚕钦。 大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片横堡。...
    茶點故事閱讀 38,646評論 1 340
  • 序言:一個原本活蹦亂跳的男人離奇死亡,死狀恐怖冠桃,靈堂內(nèi)的尸體忽然破棺而出命贴,到底是詐尸還是另有隱情,我是刑警寧澤食听,帶...
    沈念sama閱讀 34,322評論 4 330
  • 正文 年R本政府宣布胸蛛,位于F島的核電站,受9級特大地震影響樱报,放射性物質(zhì)發(fā)生泄漏葬项。R本人自食惡果不足惜,卻給世界環(huán)境...
    茶點故事閱讀 39,934評論 3 313
  • 文/蒙蒙 一迹蛤、第九天 我趴在偏房一處隱蔽的房頂上張望民珍。 院中可真熱鬧,春花似錦盗飒、人聲如沸嚷量。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,755評論 0 21
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽蝶溶。三九已至,卻和暖如春宣渗,著一層夾襖步出監(jiān)牢的瞬間抖所,已是汗流浹背。 一陣腳步聲響...
    開封第一講書人閱讀 31,987評論 1 266
  • 我被黑心中介騙來泰國打工痕囱, 沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留田轧,地道東北人。 一個月前我還...
    沈念sama閱讀 46,358評論 2 360
  • 正文 我出身青樓鞍恢,卻偏偏與公主長得像傻粘,于是被迫代替她去往敵國和親巷查。 傳聞我的和親對象是個殘疾皇子,可洞房花燭夜當(dāng)晚...
    茶點故事閱讀 43,514評論 2 348

推薦閱讀更多精彩內(nèi)容