DNS管理

一、简述DNS服务器原理，并搭建主-辅服务器。

DNS服务器原理：

1.客户机提出域名解析请求，并将该请求发送给本地的域名服务器；

2.当本地的域名服务器收到请求后，就先查询本地的缓存，如果有该纪录项，则本地的域名服务器就直接把查询的结果返回;

3.如果本地的缓存中没有该纪录，则本地域名服务器就直接把请道求发给根域名服务器，然后根域名服务器再返回内给本地域名服务器一个所查询域(根的子域) 的主域名服务器的地址;

4.本地服务器再向上一步返回的域名服务器发送请求，然后接受请求的服务器查询自己的缓存，如果没有该纪录，则返回相关的下级的域名服务器的地址;

5.重复第四步，直到找到正确的纪录;

6.本地域名服务器把返回的结果保存到缓存，以备下一次使用，同时还将结果返回给客户容机。

搭建主DNS服务器：

1.安装DNS服务包bind包

[root@centos7 ~]#yum install bind -y[root@centos7 ~]#systemctl start named #启动服务

2.修改主配置文件/etc/named.conf

[root@centos7 ~]#vim /etc/named.conf...// listen-on port 53 { 127.0.0.1; }; #注释掉，监听本机所有IP...//  allow-query { localhost; }; #注释掉，允许所有IP的请求allow-transfer {192.168.45.17; }; #允许本区域传输至特定的从DNS服务器...

3.创建需要定义的域,配置文件/etc/named.rfc1912.zones

[root@centos7 ~]#vim /etc/named.rfc1912.zones...zone "" {type master#DNS服务器类型为主DNSfile ".zone";#定义域数据库文件名};...[root@centos7 ~]#named-checkconf#检查主配置文件

4.创建编辑域数据库配置文件

[root@centos7 ~]#vim /var/named/.zone$TTL 1D#定义该域名各种记录的默认TTL值@ IN SOA master admin ( 0 #用来标记ZONE文件更新，如果发生更新则Serial要单增，否则MASTER不会通知SLAVE进行更新。1H #标记SLAVE服务器多长时间主动(忽略MASTER的更新通知)向MASTER复核Serial是否有变，如有变则更新之。3M #如Refresh过程不能完成，重试的时间间隔。1W #如SLAVE无法与MASTER取得联系，SLAVE继续提供DNS服务的时间，这里为1W(一周时间)。时间到期后SLAVE仍然无法联系MASTER则停止工作，拒绝继续提供服务。1D ) #定义了DNS对否定回答(访问的记录在权威DNS上不存在)的缓存时间NS mastermaster A 192.168.45.10websrv A 192.168.45.7www CNAME websrvftp A 192.168.45.11[root@centos7 ~]#chgrp named /var/named/.zone[root@centos7 ~]#chmod o= /var/named/.zone[root@centos7 ~]#named-checkzone #检查域数据库配置文件/var/named/.zonezone /IN: loaded serial 0OK[root@centos7 ~]#rndc reload #重新加载配置文件server reload successful

测试主DNS：

[root@centos6 ~]#dig @192.168.45.7; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @192.168.45.7;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36999;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;.INA;; ANSWER SECTION:...86400INA192.168.45.7;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.10;; Query time: 2 msec;; SERVER: 192.168.45.7#53(192.168.45.7);; WHEN: Wed Jul 15 14:55:35 ;; MSG SIZE rcvd: 105[root@centos6 ~]#dig @192.168.45.7; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @192.168.45.7;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7185;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;.INA;; ANSWER SECTION:.86400INA192.168.45.11;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.7;; Query time: 0 msec;; SERVER: 192.168.45.7#53(192.168.45.7);; WHEN: Wed Jul 15 15:04:59 ;; MSG SIZE rcvd: 84

从DNS服务器搭建：

1.安装DNS服务包bind包

[root@centos7 ~]#yum install bind -y

2.修改主配置文件/etc/named.conf

[root@centos7 ~]#vim /etc/named.conf// listen-on port 53 { 127.0.0.1; }; #注释掉，监听本机所有IP...// allow-query { localhost; }; #注释掉，允许所有IP的请求...allow-transfer {none; };#拒绝传送

3.修改配置文件/etc/named.rfc1912.zones

[root@centos7 ~]#vim /etc/named.rfc1912.zones...zone "" {type slave; #DNS服务器类型为从DNSmasters {192.168.45.7;}; #定义主DNS服务器地址file "slaves/.zone.slave"; #定义从DNS库文件 };...[root@centos7 ~]#named-checkconf #检查主配置文件[root@centos7 ~]#systemctl start named[root@centos7 ~]#ll /var/named/slaves/.zone.slave #该文件自动生成-rw-r--r-- 1 named named 347 7月 15 15:51 /var/named/slaves/.zone.slave

测试从DNS：

[root@centos6 ~]#dig @192.168.45.17; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @192.168.45.17;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53386;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;.INA;; ANSWER SECTION:...86400INA192.168.45.10;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.7;; Query time: 0 msec;; SERVER: 192.168.45.17#53(192.168.45.17);; WHEN: Wed Jul 15 15:54:25 ;; MSG SIZE rcvd: 105[root@centos6 ~]#dig @192.168.45.17; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @192.168.45.17;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46159;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;.INA;; ANSWER SECTION:.86400INA192.168.45.11;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.7;; Query time: 0 msec;; SERVER: 192.168.45.17#53(192.168.45.17);; WHEN: Wed Jul 15 15:54:32 ;; MSG SIZE rcvd: 84

主从同步测试：

1.在主DNS服务器上编辑/var/named/.zone

[root@centos7 ~]#vim /var/named/.zone... @INSOAmasteradmin( 1 1H 3M 1W 1D )#增加版本号 NSns1 #添加从服务器NS记录ns1 A 192.168.45.17test A 192.168.45.12 ...[root@centos7 ~]#rndc reload #同步配置server reload successful

2.在从服务器查看数据库文件

[root@centos7 ~]#ll /var/named/slaves/.zone.slave-rw-r--r-- 1 named named 447 7月 15 16:09 /var/named/slaves/.zone.slave

从时间看出该文件已更新

3.测试从服务器是否可以正常解析

[root@centos6 ~]#dig @192.168.45.17; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @192.168.45.17;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29713;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;.INA;; ANSWER SECTION:.86400INA192.168.45.12;; AUTHORITY SECTION:....;; ADDITIONAL SECTION:.86400INA192.168.45..86400INA192.168.45.17;; Query time: 0 msec;; SERVER: 192.168.45.17#53(192.168.45.17);; WHEN: Wed Jul 15 16:11:21 ;; MSG SIZE rcvd: 119

二、搭建并实现智能DNS。

1.安装DNS服务包bind包

[root@centos7 ~]#yum install bind -y

2.修改主配置文件/etc/named.conf

[root@centos7 ~]#vim /etc/named.conf...acl beijingnet {192.168.45.0/24;};acl tianjinnet {10.107.0.0/16;};acl othernet {any;};...// listen-on port 53 { 127.0.0.1; };...// allow-query { localhost; };...logging {channel default_debug {file "data/named.run";severity dynamic;};};view view_beijing {match-clients {beijingnet;};include "/etc/named.rfc1912.zones.bj";};view view_tianjin {match-clients {tianjinnet;};include "/etc/named.rfc1912.zones.tj";};view view_other {match-clients {othernet;};include "/etc/named.rfc1912.zones.other";};include "/etc/named.root.key";

3.增加修改zone文件

[root@centos7 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj[root@centos7 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.tj[root@centos7 ~]#mv /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other[root@centos7 ~]#vim /etc/named.rfc1912.zones.bj...zone "." IN {type hint;file "named.ca";};zone "" {type master;file ".zone.bj";};...[root@centos7 ~]#vim /etc/named.rfc1912.zones.tj...zone "." IN {type hint;file "named.ca";};zone "" {type master;file ".zone.tj";};...[root@centos7 ~]#vim /etc/named.rfc1912.zones.other...zone "." IN {type hint;file "named.ca";};zone "" {type master;file ".zone.other";};...[root@centos7 ~]#chgrp named /etc/named.rfc1912.zones.* #修改zone文件所属组

4.增加修改各个zone数据库文件

[root@centos7 ~]#vim /var/named/.zone.bj$TTL 1D@ IN SOA ns1 admin ( 1 1H 3M 1W 1D )NS ns1ns1 A 192.168.45.7www A 192.168.45.10[root@centos7 ~]#vim /var/named/.zone.tj$TTL 1D@ IN SOA ns1 admin ( 1 1H 3M 1W 1D )NS ns1ns1 A 192.168.45.7www A 10.107.12.10[root@centos7 ~]#vim /var/named/.zone.other$TTL 1D@ IN SOA ns1 admin ( 1 1H 3M 1W 1D )NS ns1ns1 A 192.168.45.7www A 114.114.114[root@centos7 ~]#systemctl start named

5.在不同网段分别测试

[root@centos6 ~]#dig @192.168.45.7; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @192.168.45.7;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44704;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;.INA;; ANSWER SECTION:.86400INA192.168.45.10;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.7;; Query time: 1 msec;; SERVER: 192.168.45.7#53(192.168.45.7);; WHEN: Thu Jul 16 10:13:49 ;; MSG SIZE rcvd: 81

[root@centos7 ~]#dig @10.107.12.20; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> @10.107.12.20;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27513;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;.INA;; ANSWER SECTION:.86400INA10.107.12.10;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.7;; Query time: 1 msec;; SERVER: 10.107.12.20#53(10.107.12.20);; WHEN: 四 7月 16 10:15:16 CST ;; MSG SIZE rcvd: 92

[root@centos7 ~]#dig @127.0.0.1; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> @127.0.0.1;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6325;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;.INA;; ANSWER SECTION:.86400INA114.114.114.114;; AUTHORITY SECTION:..;; ADDITIONAL SECTION:.86400INA192.168.45.7;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: 四 7月 16 10:15:57 CST ;; MSG SIZE rcvd: 92

三、编译安装Mariadb，并启动后可以正常登录。

1.安装编译环境包

[root@centos7 ~]#yum install bison bison-devel zlib-devel \> libcurl-devel libarchive-devel boost-devel gcc gcc-c++ \> cmake ncurses-devel gnutls-devel libxml2-devel \> openssl-devel libevent-devel libaio-devel -y

2.做准备用户和数据目录

创建逻辑卷，创建数据库文件目录：

[root@centos7 ~]#fdisk /dev/sda欢迎使用 fdisk (util-linux 2.23.2)。更改将停留在内存中，直到您决定将更改写入磁盘。使用写入命令前请三思。命令(输入 m 获取帮助)：nAll primary partitions are in use添加逻辑分区 6起始 扇区 (27104-419430399，默认为 27104)：将使用默认值 27104Last 扇区, +扇区 or +size{K,M,G} (27104-419430399，默认为 419430399)：将使用默认值 419430399分区 6 已设置为 Linux 类型，大小设为 95 GiB命令(输入 m 获取帮助)：t分区号 (1-6，默认 6)：6 Hex 代码(输入 L 列出所有代码)：8e已将分区“Linux”的类型更改为“Linux LVM”命令(输入 m 获取帮助)：wThe partition table has been altered!Calling ioctl() to re-read partition table.WARNING: Re-reading the partition table failed with error 16: 设备或资源忙.The kernel still uses the old table. The new table will be used atthe next reboot or after you run partprobe(8) or kpartx(8)正在同步磁盘。[root@centos7 ~]#partprobe Warning: 无法以读写方式打开 /dev/sr0 (只读文件系统)。/dev/sr0 已按照只读方式打开。Warning: 无法以读写方式打开 /dev/sr1 (只读文件系统)。/dev/sr1 已按照只读方式打开。[root@centos7 ~]#pvcreate /dev/sda6Physical volume "/dev/sda6" successfully created.[root@centos7 ~]#vgcreate vg0 /dev/sda6 -s 16MVolume group "vg0" successfully created[root@centos7 ~]#lvcreate -n mysql -l 50%free vg0Logical volume "mysql" created.[root@centos7 ~]#mkfs.xfs /dev/vg0/mysql[root@centos7 ~]#mkdir /data/mysql#创建MySQL数据库目录[root@centos7 ~]#vim /etc/fstab ...UUID=927947dc-e6d0-4f5d-99e1-6fe5cdd00b83 /data/mysql xfs defaults 0 0[root@centos7 ~]#mount -a[root@centos7 ~]#chown mysql.mysql /data/mysql #设置文件夹权限

创建用户：

[root@centos7 ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql

解压mariadb包：

[root@centos7 data]#tar xf mariadb-10.2.25.tar.gz

3.cmake编译安装

[root@centos7 data]#cd mariadb-10.2.32/[root@centos7 data]#cmake . \> -DCMAKE_INSTALL_PREFIX=/app/mysql \> -DMYSQL_DATADIR=/data/mysql/ \> -DSYSCONFDIR=/etc/ \> -DMYSQL_USER=mysql \> -DWITH_INNOBASE_STORAGE_ENGINE=1 \> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \> -DWITH_PARTITION_STORAGE_ENGINE=1 \> -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \> -DWITH_DEBUG=0 \> -DWITH_READLINE=1 \> -DWITH_SSL=system \> -DWITH_ZLIB=system \> -DWITH_LIBWRAP=0 \> -DENABLED_LOCAL_INFILE=1 \> -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \> -DDEFAULT_CHARSET=utf8 \> -DDEFAULT_COLLATION=utf8_general_ci[root@centos7 mariadb-10.2.32]#make -j 2 && make install

4.准备环境变量

[root@centos7 mariadb-10.2.32]#echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh[root@centos7 mariadb-10.2.32]#. /etc/profile.d/mysql.sh

5.生成数据库文件

[root@centos7 mariadb-10.2.32]#cd /app/mysql/[root@centos7 mysql]#scripts/mysql_install_db --datadir=/data/mysql --user=mysqlInstalling MariaDB/MySQL system tables in '/data/mysql' …OK

6.准备配置文件

[root@centos7 mysql]#cp /app/mysql/support-files/my-f /etc/fcp：是否覆盖"/etc/f"？ y

7.准备启动脚本

[root@centos7 mysql]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld

8.启动服务

[root@centos7 mysql]#chkconfig --add mysqld[root@centos7 mysql]#service mysqld startStarting mysqld (via systemctl): [ OK ]

9.登陆验证

[root@centos7 mysql]#ss -ntlState Recv-Q Send-Q Local Address:Port Peer Address:PortLISTEN 0 128 127.0.0.1:631 :LISTEN 0 100 *:25 *:*LISTEN 0 128 *:36635 *:*LISTEN 0 5 127.0.0.1:25151 :LISTEN 0 128 *:111 *:*LISTEN 0 128 *:22 *:*LISTEN 0 128 [::1]:631 [::]:*LISTEN 0 100 [::]:25 [::]:*LISTEN 0 128 [::]:36391 [::]:*LISTEN 0 80 [::]:3306 [::]:*LISTEN 0 128 [::]:111 [::]:*LISTEN 0 128 [::]:80 [::]:*LISTEN 0 128 [::]:22 [::]:*[root@centos7 mysql]#mysqlWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 10Server version: 10.2.32-MariaDB-log Source distributionCopyright (c) 2000, , Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> \smysql Ver 15.1 Distrib 10.2.32-MariaDB, for Linux (x86_64) using readline 5.1Connection id: 10Current database:Current user: root@localhostSSL: Not in useCurrent pager: stdoutUsing outfile: ''Using delimiter: ;Server: MariaDBServer version: 10.2.32-MariaDB-log Source distributionProtocol version: 10Connection: Localhost via UNIX socketServer characterset: utf8Db characterset: utf8Client characterset: utf8Conn. characterset: utf8UNIX socket: /data/mysql/mysql.sockUptime: 1 min 33 secThreads: 8 Questions: 5 Slow queries: 0 Opens: 17 Flush tables: 1 Open tables: 11 Queries per second avg: 0.053

如果觉得《DNS管理》对你有帮助，请点赞、收藏，并留下你的观点哦！