DNS管理

一、简述DNS服务器原理，并搭建主-辅服务器。

DNS服务器原理：

1.客户机提出域名解析请求，并将该请求发送给本地的域名服务器；
2.当本地的域名服务器收到请求后，就先查询本地的缓存，如果有该纪录项，则本地的域名服务器就直接把查询的结果返回;
3.如果本地的缓存中没有该纪录，则本地域名服务器就直接把请道求发给根域名服务器，然后根域名服务器再返回内给本地域名服务器一个所查询域(根的子域) 的主域名服务器的地址;
4.本地服务器再向上一步返回的域名服务器发送请求，然后接受请求的服务器查询自己的缓存，如果没有该纪录，则返回相关的下级的域名服务器的地址;
5.重复第四步，直到找到正确的纪录;
6.本地域名服务器把返回的结果保存到缓存，以备下一次使用，同时还将结果返回给客户容机。

搭建主DNS服务器：

1.安装DNS服务包bind包

[root@centos7 ~]#yum install bind -y
[root@centos7 ~]#systemctl start named   #启动服务

2.修改主配置文件/etc/named.conf

[root@centos7 ~]#vim /etc/named.conf
...
// listen-on port 53 { 127.0.0.1; };   		#注释掉，监听本机所有IP
...
//  allow-query  { localhost; };    	#注释掉，允许所有IP的请求
    allow-transfer { 192.168.45.17; }; 		#允许本区域传输至特定的从DNS服务器
...

3.创建需要定义的域lance.com,配置文件/etc/named.rfc1912.zones

[root@centos7 ~]#vim /etc/named.rfc1912.zones
...
zone "lance.com" {
	type master               #DNS服务器类型为主DNS
	file "lance.com.zone";     #定义lance.com域数据库文件名
};
...
[root@centos7 ~]#named-checkconf      #检查主配置文件

4.创建编辑域数据库配置文件

[root@centos7 ~]#vim /var/named/lance.com.zone
$TTL 1D                              #定义该域名各种记录的默认TTL值
@ IN SOA master admin ( 
                      0             #用来标记ZONE文件更新，如果发生更新则Serial要单增，否则MASTER不会通知SLAVE进行更新。
                      1H             #标记SLAVE服务器多长时间主动(忽略MASTER的更新通知)向MASTER复核Serial是否有变，如有变则更新之。
                      3M              #如Refresh过程不能完成，重试的时间间隔。
                      1W              #如SLAVE无法与MASTER取得联系，SLAVE继续提供DNS服务的时间，这里为1W(一周时间)。时间到期后SLAVE仍然无法联系MASTER则停止工作，拒绝继续提供服务。
                      1D )            #定义了DNS对否定回答(访问的记录在权威DNS上不存在)的缓存时间
NS master
master A 192.168.45.10
websrv A 192.168.45.7
www CNAME websrv
ftp A 192.168.45.11
[root@centos7 ~]#chgrp named /var/named/lance.com.zone
[root@centos7 ~]#chmod o= /var/named/lance.com.zone
[root@centos7 ~]#named-checkzone lance.com  #检查域数据库配置文件/var/named/lance.com.zone
zone lance.com/IN: loaded serial 0
OK
[root@centos7 ~]#rndc reload            #重新加载配置文件
server reload successful

测试主DNS：

[root@centos6 ~]#dig www.lance.com @192.168.45.7

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.lance.com @192.168.45.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36999
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.lance.com.			IN	A

;; ANSWER SECTION:
www.lance.com.		86400	IN	CNAME	websrv.lance.com.
websrv.lance.com.	86400	IN	A	192.168.45.7

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	master.lance.com.

;; ADDITIONAL SECTION:
master.lance.com.	86400	IN	A	192.168.45.10

;; Query time: 2 msec
;; SERVER: 192.168.45.7#53(192.168.45.7)
;; WHEN: Wed Jul 15 14:55:35 2020
;; MSG SIZE  rcvd: 105


[root@centos6 ~]#dig ftp.lance.com @192.168.45.7

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> ftp.lance.com @192.168.45.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7185
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;ftp.lance.com.			IN	A

;; ANSWER SECTION:
ftp.lance.com.		86400	IN	A	192.168.45.11

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	master.lance.com.

;; ADDITIONAL SECTION:
master.lance.com.	86400	IN	A	192.168.45.7

;; Query time: 0 msec
;; SERVER: 192.168.45.7#53(192.168.45.7)
;; WHEN: Wed Jul 15 15:04:59 2020
;; MSG SIZE  rcvd: 84

从DNS服务器搭建：
1.安装DNS服务包bind包

[root@centos7 ~]#yum install bind -y

2.修改主配置文件/etc/named.conf

[root@centos7 ~]#vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };		 	 #注释掉，监听本机所有IP
...
//  allow-query  { localhost; };				 #注释掉，允许所有IP的请求
...
    allow-transfer { none; };#拒绝传送

3.修改配置文件/etc/named.rfc1912.zones

[root@centos7 ~]#vim /etc/named.rfc1912.zones
...
zone "lance.com" {
		 type slave; 		 					#DNS服务器类型为从DNS
		masters {192.168.45.7;}; 				#定义主DNS服务器地址
		file "slaves/lance.com.zone.slave"; 	#定义从DNS库文件 
};
...
[root@centos7 ~]#named-checkconf 			 	#检查主配置文件
[root@centos7 ~]#systemctl start named
[root@centos7 ~]#ll /var/named/slaves/lance.com.zone.slave 		 #该文件自动生成
-rw-r--r-- 1 named named 347 7月  15 15:51 /var/named/slaves/lance.com.zone.slave

测试从DNS：

[root@centos6 ~]#dig www.lance.com @192.168.45.17

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.lance.com @192.168.45.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53386
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.lance.com.			IN	A

;; ANSWER SECTION:
www.lance.com.		86400	IN	CNAME	websrv.lance.com.
websrv.lance.com.	86400	IN	A	192.168.45.10

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	master.lance.com.

;; ADDITIONAL SECTION:
master.lance.com.	86400	IN	A	192.168.45.7

;; Query time: 0 msec
;; SERVER: 192.168.45.17#53(192.168.45.17)
;; WHEN: Wed Jul 15 15:54:25 2020
;; MSG SIZE  rcvd: 105

[root@centos6 ~]#dig ftp.lance.com @192.168.45.17

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> ftp.lance.com @192.168.45.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46159
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;ftp.lance.com.			IN	A

;; ANSWER SECTION:
ftp.lance.com.		86400	IN	A	192.168.45.11

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	master.lance.com.

;; ADDITIONAL SECTION:
master.lance.com.	86400	IN	A	192.168.45.7

;; Query time: 0 msec
;; SERVER: 192.168.45.17#53(192.168.45.17)
;; WHEN: Wed Jul 15 15:54:32 2020
;; MSG SIZE  rcvd: 84

主从同步测试：
1.在主DNS服务器上编辑/var/named/lance.com.zone

[root@centos7 ~]#vim /var/named/lance.com.zone
... 
@	IN	SOA	master	admin	( 1 1H 3M 1W 1D )	#增加版本号  
				NS	ns1 			   #添加从服务器NS记录
ns1			 A 	192.168.45.17
test		 A  192.168.45.12 
...
[root@centos7 ~]#rndc reload 	#同步配置
server reload successful

2.在从服务器查看数据库文件

[root@centos7 ~]#ll /var/named/slaves/lance.com.zone.slave
-rw-r--r-- 1 named named 447 7月 15 16:09 /var/named/slaves/lance.com.zone.slave

从时间看出该文件已更新

3.测试从服务器是否可以正常解析test.lance.com

[root@centos6 ~]#dig test.lance.com @192.168.45.17

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> test.lance.com @192.168.45.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29713
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;test.lance.com.			IN	A

;; ANSWER SECTION:
test.lance.com.		86400	IN	A	192.168.45.12

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	ns1.lance.com.
lance.com.		86400	IN	NS	master.lance.com.

;; ADDITIONAL SECTION:
master.lance.com.	86400	IN	A	192.168.45.7
ns1.lance.com.		86400	IN	A	192.168.45.17

;; Query time: 0 msec
;; SERVER: 192.168.45.17#53(192.168.45.17)
;; WHEN: Wed Jul 15 16:11:21 2020
;; MSG SIZE  rcvd: 119

二、搭建并实现智能DNS。
1.安装DNS服务包bind包

[root@centos7 ~]#yum install bind -y

2.修改主配置文件/etc/named.conf

[root@centos7 ~]#vim /etc/named.conf
...
acl beijingnet {
	192.168.45.0/24;
};
acl tianjinnet {
	10.107.0.0/16;
};
acl othernet {
	 any;
};
...
// listen-on port 53 { 127.0.0.1; };
...
// allow-query  { localhost; };
...
logging {
	channel default_debug {
		file "data/named.run";
		severity dynamic;
 		};
};
view view_beijing {
	match-clients { beijingnet;};
	include "/etc/named.rfc1912.zones.bj";
};
view view_tianjin {
	match-clients { tianjinnet;};
	include "/etc/named.rfc1912.zones.tj";
};
view view_other {
	match-clients { othernet;};
	include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key"; 

3.增加修改zone文件

[root@centos7 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj
[root@centos7 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.tj
[root@centos7 ~]#mv /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other
[root@centos7 ~]#vim /etc/named.rfc1912.zones.bj
...
zone "." IN {
	type hint;
	file "named.ca";
};
zone "lance.com" {
	 type master;
	file "lance.com.zone.bj";
};
...
[root@centos7 ~]#vim /etc/named.rfc1912.zones.tj
...
zone "." IN {
	type hint;
	file "named.ca";
};
zone "lance.com" {
	 type master;
	 file "lance.com.zone.tj";
};
...
[root@centos7 ~]#vim /etc/named.rfc1912.zones.other
...
zone "." IN {
	type hint;
	file "named.ca";
};
zone "lance.com" {
 	 type master;
	 file "lance.com.zone.other";
};
...
[root@centos7 ~]#chgrp named /etc/named.rfc1912.zones.*		  #修改zone文件所属组

4.增加修改各个zone数据库文件

[root@centos7 ~]#vim /var/named/lance.com.zone.bj
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 3M 1W 1D )
NS ns1
ns1 A 192.168.45.7
www A 192.168.45.10
[root@centos7 ~]#vim /var/named/lance.com.zone.tj
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 3M 1W 1D )
NS ns1
ns1 A 192.168.45.7
www A 10.107.12.10
[root@centos7 ~]#vim /var/named/lance.com.zone.other
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 3M 1W 1D )
NS ns1
ns1 A 192.168.45.7
www A 114.114.114
[root@centos7 ~]#systemctl start named

5.在不同网段分别测试

[root@centos6 ~]#dig www.lance.com @192.168.45.7

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.lance.com @192.168.45.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44704
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.lance.com.			IN	A

;; ANSWER SECTION:
www.lance.com.		86400	IN	A	192.168.45.10

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	ns1.lance.com.

;; ADDITIONAL SECTION:
ns1.lance.com.		86400	IN	A	192.168.45.7

;; Query time: 1 msec
;; SERVER: 192.168.45.7#53(192.168.45.7)
;; WHEN: Thu Jul 16 10:13:49 2020
;; MSG SIZE  rcvd: 81

[root@centos7 ~]#dig www.lance.com @10.107.12.20

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> www.lance.com @10.107.12.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27513
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.lance.com.			IN	A

;; ANSWER SECTION:
www.lance.com.		86400	IN	A	10.107.12.10

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	ns1.lance.com.

;; ADDITIONAL SECTION:
ns1.lance.com.		86400	IN	A	192.168.45.7

;; Query time: 1 msec
;; SERVER: 10.107.12.20#53(10.107.12.20)
;; WHEN: 四 7月 16 10:15:16 CST 2020
;; MSG SIZE  rcvd: 92

[root@centos7 ~]#dig www.lance.com @127.0.0.1

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> www.lance.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6325
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.lance.com.			IN	A

;; ANSWER SECTION:
www.lance.com.		86400	IN	A	114.114.114.114

;; AUTHORITY SECTION:
lance.com.		86400	IN	NS	ns1.lance.com.

;; ADDITIONAL SECTION:
ns1.lance.com.		86400	IN	A	192.168.45.7

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 四 7月 16 10:15:57 CST 2020
;; MSG SIZE  rcvd: 92

三、编译安装Mariadb，并启动后可以正常登录。
1.安装编译环境包

[root@centos7 ~]#yum install bison bison-devel zlib-devel \
> libcurl-devel libarchive-devel boost-devel gcc gcc-c++ \
> cmake ncurses-devel gnutls-devel libxml2-devel \
> openssl-devel libevent-devel libaio-devel -y

2.做准备用户和数据目录
创建逻辑卷，创建数据库文件目录：

[root@centos7 ~]#fdisk /dev/sda
欢迎使用 fdisk (util-linux 2.23.2)。
更改将停留在内存中，直到您决定将更改写入磁盘。
使用写入命令前请三思。
命令(输入 m 获取帮助)：n
All primary partitions are in use
添加逻辑分区 6
起始 扇区 (220207104-419430399，默认为 220207104)：
将使用默认值 220207104
Last 扇区, +扇区 or +size{K,M,G} (220207104-419430399，默认为 419430399)：
将使用默认值 419430399
分区 6 已设置为 Linux 类型，大小设为 95 GiB
命令(输入 m 获取帮助)：t
分区号 (1-6，默认 6)：6   
Hex 代码(输入 L 列出所有代码)：8e
已将分区“Linux”的类型更改为“Linux LVM”
命令(输入 m 获取帮助)：w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: 设备或资源忙.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
正在同步磁盘。
[root@centos7 ~]#partprobe 
Warning: 无法以读写方式打开 /dev/sr0 (只读文件系统)。/dev/sr0 已按照只读方式打开。
Warning: 无法以读写方式打开 /dev/sr1 (只读文件系统)。/dev/sr1 已按照只读方式打开。
[root@centos7 ~]#pvcreate /dev/sda6
  Physical volume "/dev/sda6" successfully created.
[root@centos7 ~]#vgcreate vg0 /dev/sda6 -s 16M
  Volume group "vg0" successfully created
[root@centos7 ~]#lvcreate -n mysql -l 50%free vg0
  Logical volume "mysql" created.
[root@centos7 ~]#mkfs.xfs /dev/vg0/mysql
[root@centos7 ~]#mkdir /data/mysql     #创建MySQL数据库目录
[root@centos7 ~]#vim /etc/fstab 
...
UUID=927947dc-e6d0-4f5d-99e1-6fe5cdd00b83 /data/mysql xfs defaults 0 0
[root@centos7 ~]#mount -a
[root@centos7 ~]#chown mysql.mysql /data/mysql #设置文件夹权限

创建用户：

[root@centos7 ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql

解压mariadb包：

[root@centos7 data]#tar xf mariadb-10.2.25.tar.gz

3.cmake编译安装

[root@centos7 data]#cd mariadb-10.2.32/
[root@centos7 data]#cmake . \
> -DCMAKE_INSTALL_PREFIX=/app/mysql \
> -DMYSQL_DATADIR=/data/mysql/ \
> -DSYSCONFDIR=/etc/ \
> -DMYSQL_USER=mysql \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PARTITION_STORAGE_ENGINE=1 \
> -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
> -DWITH_DEBUG=0 \
> -DWITH_READLINE=1 \
> -DWITH_SSL=system \
> -DWITH_ZLIB=system \
> -DWITH_LIBWRAP=0 \
> -DENABLED_LOCAL_INFILE=1 \
> -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
> -DDEFAULT_CHARSET=utf8 \
> -DDEFAULT_COLLATION=utf8_general_ci
[root@centos7 mariadb-10.2.32]#make -j 2 && make install

4.准备环境变量

[root@centos7 mariadb-10.2.32]#echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos7 mariadb-10.2.32]#. /etc/profile.d/mysql.sh

5.生成数据库文件

[root@centos7 mariadb-10.2.32]#cd /app/mysql/
[root@centos7 mysql]#scripts/mysql_install_db --datadir=/data/mysql --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql' …
OK

6.准备配置文件

[root@centos7 mysql]#cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
cp：是否覆盖"/etc/my.cnf"？ y

7.准备启动脚本

[root@centos7 mysql]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld

8.启动服务

[root@centos7 mysql]#chkconfig --add mysqld
[root@centos7 mysql]#service mysqld start
Starting mysqld (via systemctl): [ OK ]

9.登陆验证

[root@centos7 mysql]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:631 :
LISTEN 0 100 *:25 *:*
LISTEN 0 128 *:36635 *:*
LISTEN 0 5 127.0.0.1:25151 :
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::1]:631 [::]:*
LISTEN 0 100 [::]:25 [::]:*
LISTEN 0 128 [::]:36391 [::]:*
LISTEN 0 80 [::]:3306 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*

[root@centos7 mysql]#mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.32-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> \s
mysql Ver 15.1 Distrib 10.2.32-MariaDB, for Linux (x86_64) using readline 5.1
Connection id: 10
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.2.32-MariaDB-log Source distribution
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /data/mysql/mysql.sock
Uptime: 1 min 33 sec
Threads: 8 Questions: 5 Slow queries: 0 Opens: 17 Flush tables: 1 Open tables: 11 Queries per second avg: 0.053

本文地址：https://blog.csdn.net/weixin_42573182/article/details/107316877

如对本文有疑问， 点击进行留言回复！！