Linux系統中DNS服務器的主從搭建以及mariadb編譯安裝實現

時間  2020-01-14
標籤 linux 系統 dns 服務器 主從 搭建 以及 mariadb 編譯 安裝 實現 欄目 Linux 简体版
原文   原文鏈接

一、簡述DNS服務器原理,並搭建主-輔服務器。html

   DNS服務器的工做原理node

  DNS(Domain Name Service)它是應用層協議,C/S架構,默認工做在TCP和UDP的53號端口,服務器軟件bind是由美國伯克利大學研發,它的主要做用是把互聯網域名解析成對應的ip地址,從而實現訪問遠端主機的需求。以訪問www.baidu.com爲例來講說DNS的工做流程;首先瀏覽器訪問www.baidu.com,它會先去本機的/etc/hosts文件中查看有沒有www.baidu.com記錄,若是有,它就會拿着對應的ip去訪問,如沒有那麼它就會去問咱們主機上配置的DNS服務器(好比小區DNS服務器,各個網絡運營上的DNS服務器),若是在主機指定的DNS服務器上可以查到對應的ip,DNS服務器會把對應的ip告訴瀏覽器,從而瀏覽器拿着給定這個ip去訪問;若是指定的DNS服務器上沒有對應的ip記錄,那麼指定的DNS會去根服務器問,說根服務器,我要訪問www.baidu.com這臺主機,請問你那裏有它的ip記錄嗎?根查看了數據庫文件後告訴來查的DNS服務說 我這裏沒有,可是com是個人子域我有com域的ip地址,你去問下com這個域吧,接着咱們指定的那個DNS服務器又會拿着根給的com域的ip去問com,說com呀,我要訪問www.baidu.com這臺主機,請問你那裏有它的ip記錄嗎?com查了下本身的數據庫文件說,我這裏沒有,可是baidu這個域是個人子域,我把baidu這個域的地址給你,你去問下它吧;咱們指定的DNS服務器又拿着com給的baidu.com的ip地址,去問baidu.com這個域,說我要訪問www.baidu.com,請問你那裏有它的ip記錄嗎?baidu.com一聽,www.baidu.com不就是我本域的主機嗎,它立馬就告訴咱們指定的DNS服務器說,我這裏有www.baidu.com主機的地址,而後baidu.com就把對應的ip地址給了咱們指定的DNS服務器,這時DNS服務器就把本身最後獲得的ip地址在本機上緩存一份,而後把地址告訴咱們瀏覽器,瀏覽器拿着這個地址直接去訪問,這時瀏覽器拿到IP地址後就能夠正常的訪問到www.baidu.com這臺主機後臺的web服務。這就是DNS工做的大概流程,簡單講就是咱們要去訪問某臺主機(非ip地址訪問),首先會去/etc/hosts文件中查詢是否有對應的ip記錄,若是有,就拿着這個地址去訪問,若是沒有就會去找咱們指定的DNS服務器問,若是指定的DNS服務器沒有,它會幫着咱們去根上問,去對應子域上問,問上一圈,若是仍是沒有,那麼咱們指定的DNS服務器就會告訴咱們說沒有你要訪問的地址,若是有就告訴咱們。mysql

  權威DNS主服務器的搭建react

  1)安裝BIND包c++

[root@test ~]#yum install -y bind
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                 | 3.6 kB  00:00:00     
dockerrepo                                                                                                           | 2.9 kB  00:00:00     
epel                                                                                                                 | 5.4 kB  00:00:00     
extras                                                                                                               | 2.9 kB  00:00:00     
updates                                                                                                              | 2.9 kB  00:00:00     
正在解決依賴關係
--> 正在檢查事務
---> 軟件包 bind.x86_64.32.9.11.4-9.P2.el7 將被 安裝
--> 正在處理依賴關係 bind-libs-lite(x86-64) = 32:9.11.4-9.P2.el7,它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 bind-libs(x86-64) = 32:9.11.4-9.P2.el7,它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 liblwres.so.160()(64bit),它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 libisccfg.so.160()(64bit),它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 libisccc.so.160()(64bit),它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 libisc.so.169()(64bit),它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 libdns.so.1102()(64bit),它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在處理依賴關係 libbind9.so.160()(64bit),它被軟件包 32:bind-9.11.4-9.P2.el7.x86_64 須要
--> 正在檢查事務
---> 軟件包 bind-libs.x86_64.32.9.11.4-9.P2.el7 將被 安裝
--> 正在處理依賴關係 bind-license = 32:9.11.4-9.P2.el7,它被軟件包 32:bind-libs-9.11.4-9.P2.el7.x86_64 須要
---> 軟件包 bind-libs-lite.x86_64.32.9.9.4-74.el7_6.2 將被 升級
--> 正在處理依賴關係 libdns-export.so.100()(64bit),它被軟件包 12:dhclient-4.2.5-68.el7.centos.1.x86_64 須要
--> 正在處理依賴關係 libisc-export.so.95()(64bit),它被軟件包 12:dhclient-4.2.5-68.el7.centos.1.x86_64 須要
---> 軟件包 bind-libs-lite.x86_64.32.9.11.4-9.P2.el7 將被 更新
--> 正在檢查事務
---> 軟件包 bind-license.noarch.32.9.9.4-74.el7_6.2 將被 升級
---> 軟件包 bind-license.noarch.32.9.11.4-9.P2.el7 將被 更新
---> 軟件包 dhclient.x86_64.12.4.2.5-68.el7.centos.1 將被 升級
---> 軟件包 dhclient.x86_64.12.4.2.5-77.el7.centos 將被 更新
--> 正在處理依賴關係 dhcp-libs(x86-64) = 12:4.2.5-77.el7.centos,它被軟件包 12:dhclient-4.2.5-77.el7.centos.x86_64 須要
--> 正在處理依賴關係 dhcp-common = 12:4.2.5-77.el7.centos,它被軟件包 12:dhclient-4.2.5-77.el7.centos.x86_64 須要
--> 正在處理依賴關係 libisc-export.so.169()(64bit),它被軟件包 12:dhclient-4.2.5-77.el7.centos.x86_64 須要
--> 正在處理依賴關係 libdns-export.so.1102()(64bit),它被軟件包 12:dhclient-4.2.5-77.el7.centos.x86_64 須要
--> 正在檢查事務
---> 軟件包 bind-export-libs.x86_64.32.9.11.4-9.P2.el7 將被 安裝
---> 軟件包 dhcp-common.x86_64.12.4.2.5-68.el7.centos.1 將被 升級
---> 軟件包 dhcp-common.x86_64.12.4.2.5-77.el7.centos 將被 更新
---> 軟件包 dhcp-libs.x86_64.12.4.2.5-68.el7.centos.1 將被 升級
---> 軟件包 dhcp-libs.x86_64.12.4.2.5-77.el7.centos 將被 更新
--> 解決依賴關係完成

依賴關係解決

============================================================================================================================================
 Package                              架構                       版本                                        源                        大小
============================================================================================================================================
正在安裝:
 bind                                 x86_64                     32:9.11.4-9.P2.el7                          base                     2.3 M
爲依賴而安裝:
 bind-export-libs                     x86_64                     32:9.11.4-9.P2.el7                          base                     1.1 M
 bind-libs                            x86_64                     32:9.11.4-9.P2.el7                          base                     154 k
爲依賴而更新:
 bind-libs-lite                       x86_64                     32:9.11.4-9.P2.el7                          base                     1.1 M
 bind-license                         noarch                     32:9.11.4-9.P2.el7                          base                      88 k
 dhclient                             x86_64                     12:4.2.5-77.el7.centos                      base                     285 k
 dhcp-common                          x86_64                     12:4.2.5-77.el7.centos                      base                     176 k
 dhcp-libs                            x86_64                     12:4.2.5-77.el7.centos                      base                     133 k

事務概要
============================================================================================================================================
安裝  1 軟件包 (+2 依賴軟件包)
升級           ( 5 依賴軟件包)

總下載量:5.3 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/8): bind-export-libs-9.11.4-9.P2.el7.x86_64.rpm                                                                   | 1.1 MB  00:00:00     
(2/8): bind-libs-9.11.4-9.P2.el7.x86_64.rpm                                                                          | 154 kB  00:00:00     
(3/8): bind-9.11.4-9.P2.el7.x86_64.rpm                                                                               | 2.3 MB  00:00:00     
(4/8): bind-libs-lite-9.11.4-9.P2.el7.x86_64.rpm                                                                     | 1.1 MB  00:00:00     
(5/8): dhclient-4.2.5-77.el7.centos.x86_64.rpm                                                                       | 285 kB  00:00:00     
(6/8): bind-license-9.11.4-9.P2.el7.noarch.rpm                                                                       |  88 kB  00:00:00     
(7/8): dhcp-common-4.2.5-77.el7.centos.x86_64.rpm                                                                    | 176 kB  00:00:00     
(8/8): dhcp-libs-4.2.5-77.el7.centos.x86_64.rpm                                                                      | 133 kB  00:00:00     
--------------------------------------------------------------------------------------------------------------------------------------------
總計                                                                                                        3.9 MB/s | 5.3 MB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : 12:dhcp-libs-4.2.5-77.el7.centos.x86_64                                                                                1/13 
  正在更新    : 32:bind-license-9.11.4-9.P2.el7.noarch                                                                                 2/13 
  正在更新    : 32:bind-libs-lite-9.11.4-9.P2.el7.x86_64                                                                               3/13 
  正在安裝    : 32:bind-libs-9.11.4-9.P2.el7.x86_64                                                                                    4/13 
  正在更新    : 12:dhcp-common-4.2.5-77.el7.centos.x86_64                                                                              5/13 
  正在安裝    : 32:bind-export-libs-9.11.4-9.P2.el7.x86_64                                                                             6/13 
  正在更新    : 12:dhclient-4.2.5-77.el7.centos.x86_64                                                                                 7/13 
  正在安裝    : 32:bind-9.11.4-9.P2.el7.x86_64                                                                                         8/13 
  清理        : 12:dhclient-4.2.5-68.el7.centos.1.x86_64                                                                               9/13 
  清理        : 12:dhcp-common-4.2.5-68.el7.centos.1.x86_64                                                                           10/13 
  清理        : 32:bind-libs-lite-9.9.4-74.el7_6.2.x86_64                                                                             11/13 
  清理        : 32:bind-license-9.9.4-74.el7_6.2.noarch                                                                               12/13 
  清理        : 12:dhcp-libs-4.2.5-68.el7.centos.1.x86_64                                                                             13/13 
  驗證中      : 12:dhcp-common-4.2.5-77.el7.centos.x86_64                                                                              1/13 
  驗證中      : 32:bind-license-9.11.4-9.P2.el7.noarch                                                                                 2/13 
  驗證中      : 32:bind-export-libs-9.11.4-9.P2.el7.x86_64                                                                             3/13 
  驗證中      : 32:bind-libs-9.11.4-9.P2.el7.x86_64                                                                                    4/13 
  驗證中      : 32:bind-libs-lite-9.11.4-9.P2.el7.x86_64                                                                               5/13 
  驗證中      : 32:bind-9.11.4-9.P2.el7.x86_64                                                                                         6/13 
  驗證中      : 12:dhclient-4.2.5-77.el7.centos.x86_64                                                                                 7/13 
  驗證中      : 12:dhcp-libs-4.2.5-77.el7.centos.x86_64                                                                                8/13 
  驗證中      : 12:dhcp-common-4.2.5-68.el7.centos.1.x86_64                                                                            9/13 
  驗證中      : 12:dhclient-4.2.5-68.el7.centos.1.x86_64                                                                              10/13 
  驗證中      : 32:bind-license-9.9.4-74.el7_6.2.noarch                                                                               11/13 
  驗證中      : 32:bind-libs-lite-9.9.4-74.el7_6.2.x86_64                                                                             12/13 
  驗證中      : 12:dhcp-libs-4.2.5-68.el7.centos.1.x86_64                                                                             13/13 

已安裝:
  bind.x86_64 32:9.11.4-9.P2.el7                                                                                                            

做爲依賴被安裝:
  bind-export-libs.x86_64 32:9.11.4-9.P2.el7                               bind-libs.x86_64 32:9.11.4-9.P2.el7                              

做爲依賴被升級:
  bind-libs-lite.x86_64 32:9.11.4-9.P2.el7        bind-license.noarch 32:9.11.4-9.P2.el7        dhclient.x86_64 12:4.2.5-77.el7.centos      
  dhcp-common.x86_64 12:4.2.5-77.el7.centos       dhcp-libs.x86_64 12:4.2.5-77.el7.centos      

完畢!
[root@test ~]#

  2)查看bind包全部文件的位置git

[root@test ~]#rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
……省略部份內容
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
[root@test ~]#

  說明:從上面查出來的信息看,大概能夠了解bind的配置文件是/etc/named.confweb

   3)修改配置文件,修改 listen-on port 53 { 127.0.0.1; };爲listen-on port 53 { localhost; }; 和修改allow-query     { localhost; }; 爲allow-query     { any; };sql

[root@test ~]#grep -v "^\//" /etc/named.conf

options {
        listen-on port 53 { localhost; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@test ~]#

  說明:也能夠選擇註釋listen-on port 53 { 127.0.0.1; };和allow-query     { localhost; }; 這兩行,這個配置文件的註釋同C語言註釋同樣,用"//"來註釋 docker

  4)增長區域數據庫文件的配置,從上面的配置文件中咱們主要到最後兩個include 的指令,其中include "/etc/named.rfc1912.zones"; 就是定義區域數據庫文件的內容數據庫

[root@test ~]#cat >> /etc/named.rfc1912.zones << EOF
> zone "test.com" IN {
>         type master;
>         file "test.com.zone";                                                                                                               
>     
> };
> EOF
[root@test ~]#tail -5 /etc/named.rfc1912.zones 
zone "test.com" IN {
        type master;
        file "test.com.zone";                                                                                                               
    
};
[root@test ~]#

  說明:以上配置是定義一個test.com的區域,其類型爲master(主) ,區域數據庫文件名爲 「test.com.zone」 ,這裏須要注意這個文件名是相對域/var/named這個目錄的,也就說區域數據庫文件必須存放在/var/named這個目錄下。這個工做目錄的定義可從主配置文件中的directory 這個選項來指定或更改

  5)建立區域數據庫文件

[root@test ~]#cat /var/named/test.com.zone
$TTL 1D
@ IN SOA dns1 admin ( 0 1D 1H 1W 3H );
     NS  dns1
dns1 A   192.168.0.99
www  A   1.1.1.1
blog A   2.2.2.2
[root@test ~]#

  說明:區域數據庫文件的格式是name [TTL] IN rr_type value其中TTL可從全局繼承,@可用於引用當前區域的名字,同一個名字能夠經過多條記錄定義多個不一樣的值;此時DNS服務器會以輪詢方式響應。同一個值也可能有多個不一樣的定義名字;經過多個不一樣的名字指向同一個值進行定義;此僅表示經過多個不一樣的名字能夠找到同一個主機;name: 當前區域的名字,例如「test.com」; value: 有多部分組成,一、 當前區域的主DNS服務器的FQDN,也可使用當前區域的名字;二、當前區域管理員的郵箱地址;但地址中不能使用@符號,通常用.替換,例如admin.test.com.  三、主從服務區域傳輸相關定義以及否認的答案的統一的TTL;第一個數字表示序列號,第二個表示刷新時間,第三個表示主從服務器同步失敗重試的時間間隔,第四個表示,從服務器同步失敗後,多久數據文件內容過時,第五個表示緩存否認答案的TTL值。以上還須要注意的是名字沒有以.結尾,默認會補上本域的名稱

  6)檢查主配置文件和區域數據庫文件是否正確,而後在啓動服務

[root@test ~]#named-checkconf 
[root@test ~]#named-checkzone test.com /var/named/test.com.zone 
zone test.com/IN: loaded serial 0
OK
[root@test ~]#systemctl start named
[root@test ~]#

  7)測試

[root@test ~]#dig www.test.com @192.168.0.99

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.test.com @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14227
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           86400   IN      A       1.1.1.1

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: 日 12月 29 23:29:46 CST 2019
;; MSG SIZE  rcvd: 92

[root@test ~]#dig blog.test.com @192.168.0.99    

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> blog.test.com @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62941
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blog.test.com.                 IN      A

;; ANSWER SECTION:
blog.test.com.          86400   IN      A       2.2.2.2

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: 日 12月 29 23:29:57 CST 2019
;; MSG SIZE  rcvd: 93

[root@test ~]#

  說明:dig工具來自bind-utils這個包,這個包主要是測試工具,包括host工具,dig工具,nslookup工具等測試工具。從上面的測試數據看,正向主DNS服務是搭建成功的。

  8)在/etc/named.rfc1912.zones文件中添加反向區域文件的配置

[root@test ~]#tail -4 /etc/named.rfc1912.zones
zone "0.168.192.in-addr.arpa" {
        type master;
        file "192.168.0.zone";
};
[root@test ~]#

  說明:反向DNS的區域必須將IP地址倒着寫,且後面必須是.in-addr.arpa結尾  裏面的文件名稱可任意填寫,這裏的文件名稱也是必須放在/var/named這個目錄下,同正向區域數據文件放在一個目錄

  9)建立反向區域數據文件

[root@test ~]#cat /var/named/192.168.0.zone
$TTL 1D
@ IN SOA dns1 admin (0 3H 10M 1D 1H );
     NS  dns1
dns1 A   192.168.0.99
99   PTR dns1.test.com.
100  PTR www.test.com.
101  PTR blog.test.com.
[root@test ~]#

  說明:反向區域數據庫文件同正向區域數據庫文件格式相同,反向記錄必須是PTR 類型其餘同正向區域數據庫文件相似,這裏還須要注意一點的是,PTR後面的域名必須以.結尾,不然它會默認給你補本域的信息上去。

  10)檢查區域文件,從新讀取配置文件,時期反向區域數據庫文件生效

[root@test ~]#named-checkzone 192.168.0.zone /var/named/192.168.0.zone 
zone 192.168.0.zone/IN: loaded serial 0
OK
[root@test ~]#rndc reload
server reload successful
[root@test ~]#

  11)測試反向解析

[root@test ~]#dig -x 192.168.0.99 @192.168.0.99

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x 192.168.0.99 @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;99.0.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
99.0.168.192.in-addr.arpa. 86400 IN     PTR     dns1.test.com.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      dns1.0.168.192.in-addr.arpa.

;; ADDITIONAL SECTION:
dns1.0.168.192.in-addr.arpa. 86400 IN   A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: 日 12月 29 23:58:39 CST 2019
;; MSG SIZE  rcvd: 116

[root@test ~]#dig -x 192.168.0.100 @192.168.0.99

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x 192.168.0.100 @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23462
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;100.0.168.192.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
100.0.168.192.in-addr.arpa. 86400 IN    PTR     www.test.com.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      dns1.0.168.192.in-addr.arpa.

;; ADDITIONAL SECTION:
dns1.0.168.192.in-addr.arpa. 86400 IN   A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: 日 12月 29 23:58:50 CST 2019
;; MSG SIZE  rcvd: 116

[root@test ~]#dig -x 192.168.0.101 @192.168.0.99

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x 192.168.0.101 @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;101.0.168.192.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
101.0.168.192.in-addr.arpa. 86400 IN    PTR     blog.test.com.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      dns1.0.168.192.in-addr.arpa.

;; ADDITIONAL SECTION:
dns1.0.168.192.in-addr.arpa. 86400 IN   A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: 日 12月 29 23:58:58 CST 2019
;; MSG SIZE  rcvd: 117

[root@test ~]#

  說明:可看到咱們分別把192.168.0.9九、100、101這三個主機對應的主機名給解析出來了,這裏不要同前面的正向區域數據庫中的數據混淆,這個反向解析可把不一樣的ip解析成相同的名字,這個和正向解析本質上沒有聯繫。它至關因而兩個不一樣的域,互不干擾。

  到此dns主服務器就搭建完畢,接下來實現DNS從服務器

  1)在上面的實驗上把主服務器上的配置文件中添加 allow_transfer { 192.168.0.151;};,而且在其數據庫文件中添加從服務器的NS記錄 以及A記錄

[root@test ~]#grep "transfer" /etc/named.conf
        allow-transfer  { 192.168.0.151; };
[root@test ~]#cat /var/named/test.com.zone 
$TTL 1D
@ IN SOA dns1 admin ( 0 1D 1H 1W 3H );
     NS  dns1
     NS  dns2
dns1 A   192.168.0.99
dns2 A   192.168.0.151
www  A   1.1.1.1
blog A   2.2.2.2
[root@test ~]#cat /var/named/192.168.0.zone
$TTL 1D
@ IN SOA dns1 admin (0 3H 10M 1D 1H );
     NS  dns1
     NS  dns2
dns1 A   192.168.0.99
dns2 A   192.168.0.151
99   PTR dns1.test.com.
100  PTR www.test.com.
101  PTR blog.test.com.
[root@test ~]#

  2)在從服務器上安裝bind包,並在其配置文件中配置 allow-transfer {none;}; 並註釋listen-on port 53 { 127.0.0.1; };和allow-query     { localhost; };

[root@test-node1 ~]#yum install -y bind
[root@test-node1 ~]#cat /etc/named.conf
……省略部份內容
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        allow-transfer { none; };
        recursion yes;
……省略部份內容

  3)在/etc/named.rfc1912.zonesz中配置區域數據文件信息

[root@test-node1 ~]#cat >> /etc/named.rfc1912.zones << EOF
> zone "test.com" {
>     type slave;
>     masters {192.168.0.99;};
>     file "slaves/test.com.zone";
> };
> EOF
[root@test-node1 ~]#cat >> /etc/named.rfc1912.zones << EOF
> zone "0.168.192.in-addr.arpa" {
>     type slave;
>     masters { 192.168.0.99; }; 
>     file "slaves/192.168.0.zone";
> };
> EOF
[root@test-node1 ~]#
[root@test-node1 ~]#tail /etc/named.rfc1912.zones
zone "test.com" {
    type slave;
    masters {192.168.0.99;};
    file "slaves/test.com.zone";
};
zone "0.168.192.in-addr.arpa" {
    type slave;
    masters { 192.168.0.99; };
    file "slaves/192.168.0.zone";
};
[root@test-node1 ~]#

  說明:在從服務器上須要寫明區域的名稱,類型配成slave,並指明masters ,後面的files 是同步文件的存放地,這個存放地須要named這個帳號有寫的權限,不然將沒法完成同步

  4)在從服務器上檢查配置文件,並啓動服務

[root@test-node1 ~]#ll /var/named/slaves/
total 0
[root@test-node1 ~]#named-checkconf 
[root@test-node1 ~]#/etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@test-node1 ~]#ll /var/named/slaves/
total 8
-rw-r--r-- 1 named named 449 Dec 30 00:35 192.168.0.zone
-rw-r--r-- 1 named named 336 Dec 30 00:35 test.com.zone
[root@test-node1 ~]#

  說明:啓動服務後可看到/var/named/slaves/目錄下把咱們須要的區域數據庫文件給同步過來了,接下來測試,在另外一臺主機上把DNS1設置成主DNS服務器地址,DNS2設置成從DNS服務器地址,而後在主掛掉的狀況下,看下從DNS是否可工做

  5)測試

[root@ansible_centos6 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.0.99
nameserver 192.168.0.151
[root@ansible_centos6 ~]# dig www.test.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22293
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           86400   IN      A       1.1.1.1

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 4 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Mon Dec 30 00:46:46 2019
;; MSG SIZE  rcvd: 81

[root@ansible_centos6 ~]# dig -x 192.168.0.99

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -x 192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48024
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;99.0.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
99.0.168.192.in-addr.arpa. 86400 IN     PTR     dns1.test.com.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      dns1.0.168.192.in-addr.arpa.

;; ADDITIONAL SECTION:
dns1.0.168.192.in-addr.arpa. 86400 IN   A       192.168.0.99

;; Query time: 3 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Mon Dec 30 00:47:00 2019
;; MSG SIZE  rcvd: 105

[root@ansible_centos6 ~]#

  說明:這是主DNS存活狀況下的測試是能夠正常解析

  主DNS掛掉的狀況

[root@ansible_centos6 ~]# dig www.test.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21730
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           86400   IN      A       1.1.1.1

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 1 msec
;; SERVER: 192.168.0.151#53(192.168.0.151)
;; WHEN: Mon Dec 30 00:50:43 2019
;; MSG SIZE  rcvd: 81

[root@ansible_centos6 ~]# dig -x 192.168.0.99

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -x 192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63933
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;99.0.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
99.0.168.192.in-addr.arpa. 86400 IN     PTR     dns1.test.com.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      dns1.0.168.192.in-addr.arpa.

;; ADDITIONAL SECTION:
dns1.0.168.192.in-addr.arpa. 86400 IN   A       192.168.0.99

;; Query time: 1 msec
;; SERVER: 192.168.0.151#53(192.168.0.151)
;; WHEN: Mon Dec 30 00:50:55 2019
;; MSG SIZE  rcvd: 105

[root@ansible_centos6 ~]#

  說明:可看到主DNS服務器掛掉,從服務器是能夠提供服務的,何況查詢的內容同主的如出一轍

二、搭建並實現智能DNS。

    1)在上面的實驗環境中,更改配置文件

[root@test ~]#cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
acl cdnet {
        192.168.0.0/24;
};
acl bjnet {
        172.16.1.0/24;
};
acl shnet {
        any;
};
options {
        listen-on port 53 { localhost; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        allow-transfer  { 192.168.0.151; };
        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


include "/etc/named.root.key";
view  view_cd {
        match-clients {cdnet;};
        include "/etc/named.zone.cd";
        include "/etc/named.rfc1912.zones";
};
view view_bj {
        match-clients { bjnet; };
        include "/etc/named.zone.bj";
        include "/etc/named.rfc1912.zones";
};
view view_sh {
        match-clients { shnet; };
        include "/etc/named.zone.sh";
        include "/etc/named.rfc1912.zones";
};
[root@test ~]#

  說明:這個是主配置文件,主要添加了 3段acl和3段view 這裏須要注意一點的是,一旦配置了view,全部的區域配置必須寫在view中,全部咱們還須要把根區域的配置文件到/etc/named.rfc1912.zones裏 ,而後在view 裏用include 把區域配置文件導入便可,借鑑上面的思想,咱們也能夠把不一樣地區的區域配置文件也用不一樣的文件給存起來,實現方便管理,而後也用include 指定導入到各自的view,這樣就實現了 不一樣的網絡客戶端,訪問不一樣的區域文件。最後咱們還須要創建各自的區域數據庫文件。

  2)把根區域配置文件放入到/etc/named.rfc1912.zones

[root@test ~]#cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
        type hint;
        file "named.ca";
};
zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};



zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};


zone "0.168.192.in-addr.arpa" {
        type master;
        file "192.168.0.zone";
};
[root@test ~]#

  3)建立各自的區域配置文件

[root@test ~]#cat >> /etc/named.zone.cd << EOF
> zone "test.com" IN {
>     type master;
>     file "test.com.zone.cd";
> };
> EOF
[root@test ~]#cat >> /etc/named.zone.bj << EOF
> zone "test.com" IN {
>     type master;
>     file "test.com.zone.bj";
> };
> EOF
[root@test ~]#cat >> /etc/named.zone.sh << EOF
> zone "test.com" IN {
>     type master;
>     file "test.com.zone.sh";
> };
> EOF
[root@test ~]#cat /etc/named.zone.cd 
zone "test.com" IN {
    type master;
    file "test.com.zone.cd";
};
[root@test ~]#cat /etc/named.zone.bj
zone "test.com" IN {
    type master;
    file "test.com.zone.bj";
};
[root@test ~]#cat /etc/named.zone.sh
zone "test.com" IN {
    type master;
    file "test.com.zone.sh";
};
[root@test ~]#

  4)準備各自區域的數據庫文件

[root@test ~]#cat /var/named/test.com.zone.cd 
$TTL 1D
@ IN SOA dns1 admin ( 0 2D 1H 3D 1D )
     NS  dns1
dns1  A  192.168.0.99
www   A  3.3.3.3
blog  A  4.4.4.4
[root@test ~]#cat /var/named/test.com.zone.bj
$TTL 1D
@ IN SOA dns1 admin ( 0 2D 1H 3D 1D )
     NS  dns1
dns1 A   192.168.0.99
www  A   5.5.5.5
blog A   6.6.6.6
[root@test ~]#cat /var/named/test.com.zone.sh
$TTL 1D
@  IN SOA dns1 admin ( 0 2D 1H 3D 1D )
      NS  dns1
dns1  A   192.168.0.99
www   A   7.7.7.7
blog  A   8.8.8.8
[root@test ~]#
[root@test ~]#ll /var/named/
總用量 36
-rw-r--r-- 1 root  root   188 12月 30 00:28 192.168.0.zone
drwxrwx--- 2 named named   23 12月 29 23:23 data
drwxrwx--- 2 named named   60 12月 30 01:01 dynamic
-rw-r----- 1 root  named 2253 4月   5 2018 named.ca
-rw-r----- 1 root  named  152 12月 15 2009 named.empty
-rw-r----- 1 root  named  152 6月  21 2007 named.localhost
-rw-r----- 1 root  named  168 12月 15 2009 named.loopback
drwxrwx--- 2 named named    6 8月   8 20:16 slaves
-rw-r--r-- 1 root  root   154 12月 30 00:10 test.com.zone
-rw-r--r-- 1 root  root   112 12月 30 21:33 test.com.zone.bj
-rw-r--r-- 1 root  root   112 12月 30 21:31 test.com.zone.cd
-rw-r--r-- 1 root  root   117 12月 30 21:35 test.com.zone.sh
[root@test ~]#find /var/named/ -name "test.com.zone*"
/var/named/test.com.zone
/var/named/test.com.zone.cd
/var/named/test.com.zone.bj
/var/named/test.com.zone.sh
[root@test ~]#find /var/named/ -name "test.com.zone*"|xargs chown root.named 
[root@test ~]#ll /var/named/
總用量 36
-rw-r--r-- 1 root  root   188 12月 30 00:28 192.168.0.zone
drwxrwx--- 2 named named   23 12月 29 23:23 data
drwxrwx--- 2 named named   60 12月 30 01:01 dynamic
-rw-r----- 1 root  named 2253 4月   5 2018 named.ca
-rw-r----- 1 root  named  152 12月 15 2009 named.empty
-rw-r----- 1 root  named  152 6月  21 2007 named.localhost
-rw-r----- 1 root  named  168 12月 15 2009 named.loopback
drwxrwx--- 2 named named    6 8月   8 20:16 slaves
-rw-r--r-- 1 root  named  154 12月 30 00:10 test.com.zone
-rw-r--r-- 1 root  named  112 12月 30 21:33 test.com.zone.bj
-rw-r--r-- 1 root  named  112 12月 30 21:31 test.com.zone.cd
-rw-r--r-- 1 root  named  117 12月 30 21:35 test.com.zone.sh
[root@test ~]#
[root@test ~]#find /var/named/ -name "test.com.zone*"|xargs chmod o-r
[root@test ~]#ll /var/named/
總用量 36
-rw-r--r-- 1 root  root   188 12月 30 00:28 192.168.0.zone
drwxrwx--- 2 named named   23 12月 29 23:23 data
drwxrwx--- 2 named named   60 12月 30 01:01 dynamic
-rw-r----- 1 root  named 2253 4月   5 2018 named.ca
-rw-r----- 1 root  named  152 12月 15 2009 named.empty
-rw-r----- 1 root  named  152 6月  21 2007 named.localhost
-rw-r----- 1 root  named  168 12月 15 2009 named.loopback
drwxrwx--- 2 named named    6 8月   8 20:16 slaves
-rw-r----- 1 root  named  154 12月 30 00:10 test.com.zone
-rw-r----- 1 root  named  112 12月 30 21:33 test.com.zone.bj
-rw-r----- 1 root  named  112 12月 30 21:31 test.com.zone.cd
-rw-r----- 1 root  named  117 12月 30 21:35 test.com.zone.sh
[root@test ~]#

  說明:經過上面的配置後,咱們最終但願各自的地區的用戶訪問各自區域的數據文件,從而實現了不一樣區域的用戶,獲取不一樣ip地址信息。這裏仍是建議把新建的權限屬組給改爲named,雖然不改是能夠的,可是權限比較大,應該只容許named有讀權限就行了。

  5)檢查配置文件,重啓服務

[root@test ~]#named-checkconf 
[root@test ~]#named-checkzone test.com /var/named/test.com.zone.cd
zone test.com/IN: loaded serial 0
OK
[root@test ~]#named-checkzone test.com /var/named/test.com.zone.bj
zone test.com/IN: loaded serial 0
OK
[root@test ~]#named-checkzone test.com /var/named/test.com.zone.sh
zone test.com/IN: loaded serial 0
OK
[root@test ~]#rndc reload
server reload successful
[root@test ~]#

  6)測試

模擬成都的用戶訪問DNS

[qiuhom@test-node1 ~]$ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:81:68:ce:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.151/24 brd 192.168.0.255 scope global eth0
    inet6 fe80::224:81ff:fe68:ce45/64 scope link 
       valid_lft forever preferred_lft forever
[qiuhom@test-node1 ~]$
[qiuhom@test-node1 ~]$dig www.test.com @192.168.0.99

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> www.test.com @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51022
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           86400   IN      A       3.3.3.3

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 2 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Mon Dec 30 22:20:02 2019
;; MSG SIZE  rcvd: 81

[qiuhom@test-node1 ~]$dig blog.test.com @192.168.0.99   

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> blog.test.com @192.168.0.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4979
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;blog.test.com.                 IN      A

;; ANSWER SECTION:
blog.test.com.          86400   IN      A       4.4.4.4

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 1 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Mon Dec 30 22:20:12 2019
;; MSG SIZE  rcvd: 82

[qiuhom@test-node1 ~]$

  說明:經過192.168.0.0/24主機訪問的結果是指定view裏指定的數據庫文件的內容.

  模擬北京的用戶訪問DNS

[root@test ~]#ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:30:18:51:af:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.99/24 brd 192.168.0.255 scope global noprefixroute enp2s0
       valid_lft forever preferred_lft forever
    inet 172.16.1.2/16 brd 172.16.255.255 scope global noprefixroute enp2s0:0
       valid_lft forever preferred_lft forever
    inet6 fe80::230:18ff:fe51:af3c/64 scope link 
       valid_lft forever preferred_lft forever
3: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 00:30:18:51:af:3d brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:d6:07:f1:b0 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
[root@test ~]#dig www.test.com @172.16.1.2

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.test.com @172.16.1.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33773
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           86400   IN      A       5.5.5.5

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 172.16.1.2#53(172.16.1.2)
;; WHEN: 一 12月 30 22:24:07 CST 2019
;; MSG SIZE  rcvd: 92

[root@test ~]#dig blog.test.com @172.16.1.2   

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> blog.test.com @172.16.1.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8001
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blog.test.com.                 IN      A

;; ANSWER SECTION:
blog.test.com.          86400   IN      A       6.6.6.6

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 172.16.1.2#53(172.16.1.2)
;; WHEN: 一 12月 30 22:24:18 CST 2019
;; MSG SIZE  rcvd: 93

[root@test ~]#

  模擬上海的用戶訪問DNS

[root@test ~]#dig www.test.com @127.0.0.1

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.test.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           86400   IN      A       7.7.7.7

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 一 12月 30 22:25:52 CST 2019
;; MSG SIZE  rcvd: 92

[root@test ~]#dig blog.test.com @127.0.0.1   

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> blog.test.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10062
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blog.test.com.                 IN      A

;; ANSWER SECTION:
blog.test.com.          86400   IN      A       8.8.8.8

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      dns1.test.com.

;; ADDITIONAL SECTION:
dns1.test.com.          86400   IN      A       192.168.0.99

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 一 12月 30 22:25:58 CST 2019
;; MSG SIZE  rcvd: 93

[root@test ~]#

  說明:在本機使用127.0.0.1 去查,named會走回環地址去訪問DNS,這個時候acl就會匹配到shnet ,從而訪問view_sh說指定的區域數據庫文件內容。這裏要注意一點就是acl它默認是從上往下匹配,若匹配到就不往下匹配,因此127.0.0.1 既不屬於192.168.0.0/24 這個網絡,也不屬於172.16.1.0/24這個網絡,因此它會被any匹配到。

  到此智能DNS的搭建就完成了,事實上智能DNS的主要做用就是智能的區分不一樣來源的用戶訪問不一樣的區域文件,從而實現用戶訪問到的DNS是離本身最近的服務器,在互聯網中的應用有CDN(內容分發網絡),它的背後實現就是智能DNS。把不一樣的區域的用戶經過智能DNS分別分向不一樣地區的DNS服務器上去,從而實現了用戶訪問網站的服務器是離本身最近的服務器,CDN實現了加快用戶的訪問同時還減輕了網站主服務器的壓力和帶寬。

三、編譯安裝Mariadb,並啓動後能夠正常登陸

  1)準備源碼包

[root@test ~]#rz
rz waiting to receive.
 zmodem trl+C ȡ

  100%   70172 KB 23390 KB/s 00:00:03       0 Errors..

[root@test ~]#ls mariadb-10.2.19.tar.gz 
mariadb-10.2.19.tar.gz
[root@test ~]#

  2)安裝依賴環境包

[root@test ~]# yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel -y

  3)建立系統帳號,並解壓源碼

[root@test ~]# useradd -r -s /sbin/nologin -d /app/mysql/ mysql
[root@test ~]# getent passwd mysql
mariadb:x:989:983::/app/mysql/:/sbin/nologin
[root@test ~]# tar xf mariadb-10.2.19.tar.gz 
[root@test ~]# cd mariadb-10.2.19/
[root@test mariadb-10.2.19]#

  4)cmake 編譯並指定編譯選項

cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/mysql \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci

  說明:若是出錯須要刪除 CMakeCache.txt 而後從新在用cmake指定編譯選項生成makefile文件,在編譯

  5)上面cmake沒有錯誤的狀況下,在執行make && make install 

……省略部份內容
-- Looking for krb5_free_unparsed_name
-- Looking for krb5_free_unparsed_name - found
-- Looking for event.h
-- Looking for event.h - found
-- Configuring done
-- Generating done
-- Build files have been written to: /root/mariadb-10.2.19
[root@test mariadb-10.2.19]#  make -j 4 && make install

  說明:make -j 表示指定多少線程來編譯,-j 4 表示用4個線程同時來編譯,這是一種多線程的編譯方式

  6)準備path環境

[root@test ~]# echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@test ~]# cat /etc/profile.d/mysql.sh
PATH=/app/mysql/bin:$PATH
[root@test ~]# . /etc/profile.d/mysql.sh
[root@test ~]#

  7)生成數據庫文件

[root@test ~]# cd /app/mysql/
[root@test mysql]# scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql/' ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system


PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:

'./bin/mysqladmin' -u root password 'new-password'
'./bin/mysqladmin' -u root -h test password 'new-password'

Alternatively you can run:
'./bin/mysql_secure_installation'

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '.' ; ./bin/mysqld_safe --datadir='/data/mysql/'

You can test the MariaDB daemon with mysql-test-run.pl
cd './mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/

[root@test mysql]#

  8)準備配置文件

[root@test mysql]# cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
[root@test mysql]#

  9)準備啓動腳本

[root@test mysql]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@test mysql]#

  10)啓動服務 ,登陸數據庫

[root@test mysql]# chkconfig --list

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overridden by native
      systemd configuration.

      If you want to list systemd services use 'systemctl list-unit-files'.
      To see services enabled on particular target use
      'systemctl list-dependencies [target]'.

netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@test mysql]# chkconfig --add mysqld
[root@test mysql]# chkconfig --list

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overridden by native
      systemd configuration.

      If you want to list systemd services use 'systemctl list-unit-files'.
      To see services enabled on particular target use
      'systemctl list-dependencies [target]'.

mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@test mysql]# service mysqld start
Starting mysqld (via systemctl):                           [  OK  ]
[root@test mysql]# ss -ntl
State       Recv-Q Send-Q                    Local Address:Port                                   Peer Address:Port              
LISTEN      0      128                                   *:22                                                *:*                  
LISTEN      0      100                           127.0.0.1:25                                                *:*                  
LISTEN      0      128                                  :::22                                               :::*                  
LISTEN      0      100                                 ::1:25                                               :::*                  
LISTEN      0      80                                   :::3306                                             :::*                  
[root@test mysql]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.19-MariaDB-log Source distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
+--------------------+
4 rows in set (0.00 sec)

MariaDB [(none)]>

  到此編譯安裝mariadb數據庫就完成了。

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程