第十三周作业
1、简述DNS服务器原理,并搭建主-辅服务器。
1.1 原理:
互联网中,家里的电脑第一次去访问www.mageedu.com 的DNS解析过程:
1、在浏览器里面输入www.mageedu.com ,这个请求就发给了本地DNS服务器(自己的电脑自动获取IP地址,DNS地址。DNS地址可以是由运营商自己搭建的DNS服务器,分配距离本机比较近的dns服务器地址。也可以自己指定,这个就称为本地DNS服务器)。
2、本地DNS服务器收到请求,发现不是自己管理的,就去问根DNS服务器。注意:每个服务器都是知道根服务器是谁。
3、根DNS服务器收到请求后,查看到本次请求的顶级域是自己管理com,然后告知其com服务器的IP地址,让其去询问com服务器。
4、本地DNS服务器收到请求后就去问com服务器。
5、com服务器收到请求后,查看到本次请求的二级域是自己管理的mageedu.com,然后告知其mageedu.com的IP地址,让其去询问。
6、本地DNS服务器收到请求后就去问mageedu.com服务器。
7、mageedu.com服务器收到请求后,查看自己的数据库里有www.mageedu.com 对应的IP地址,然后就就查询结果告知本地DNS服务器。故而mageedu.com就是权威DNS服务器。
8、本地DNS服务器就将得到的结果缓存下来并告知用户,最后用户得到www.mageedu.com 对应的IP地址缓存在本机,并在浏览器里面发起请求目标地址的资源。
后续再次访问www.mageedu.com 时,本机会先查缓存,再去询问本地DNS,本地DNS也会先查它的缓存。
1.2 部署:
1.2.1 实验目的
搭建DNS主从服务器架构,实现DNS服务冗余
1.2.2 环境要求
需要四台主机
DNS主服务器:192.168.0.101
DNS从服务器:192.168.0.102
web客户端:192.168.0.199
DNS客户端:192.168.0.119
1.2.3 前提准备
关闭SElinux
关闭防火墙
时间同步
1.2.4 实现步骤
1.2.4.1 主DNS服务器端配置
1 [root@master ~]# yum install bind -y 2 3 1.允许其它主机请求解析 4 [root@master ~]# vim /etc/named.conf 5 #注释掉下面两行,或者修改关键字 6 // listen-on port 53 { 127.0.0.1; }; 7 // allow-query { localhost; }; 8 #只允许从服务器进行区域传输 9 allow-transfer {192.168.0.105;}; 10 #如果不加上上面那条限制,其它服务器可以直接获取区域信息,有很大的安全隐患,使用以下命令 11 配置如下: 12 options { 13 listen-on port 53 { localhost; }; 14 listen-on-v6 port 53 { ::1; }; 15 directory "/var/named"; 16 dump-file "/var/named/data/cache_dump.db"; 17 statistics-file "/var/named/data/named_stats.txt"; 18 memstatistics-file "/var/named/data/named_mem_stats.txt"; 19 recursing-file "/var/named/data/named.recursing"; 20 secroots-file "/var/named/data/named.secroots"; 21 allow-query { any; }; 22 allow-transfer { 192.168.0.105; }; 23 24 25 [root@localhost ~]# dig -t axfr magedu.org @192.168.0.101 26 27 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t axfr magedu.org @192.168.0.101 28 ;; global options: +cmd 29 magedu.org. 86400 IN SOA master.magedu.org. admin.magedu.org. 20200223 86400 3600 604800 10800 30 magedu.org. 86400 IN A 192.168.0.199 31 magedu.org. 86400 IN NS master.magedu.org. 32 *.magedu.org. 86400 IN CNAME websrv.magedu.org. 33 master.magedu.org. 86400 IN A 192.168.0.101 34 websrv.magedu.org. 86400 IN A 192.168.0.199 35 www.magedu.org. 86400 IN CNAME websrv.magedu.org. 36 magedu.org. 86400 IN SOA master.magedu.org. admin.magedu.org. 20200223 86400 3600 604800 10800 37 ;; Query time: 1 msec 38 ;; SERVER: 192.168.0.101#53(192.168.0.101) 39 ;; WHEN: Mon Feb 24 21:08:01 CST 2020 40 ;; XFR size: 8 records (messages 1, bytes 227) 41 42 2.添加域名 43 [root@master ~]# vim /etc/named.rfc1912.zones 44 // named.rfc1912.zones: 45 // 46 // Provided by Red Hat caching-nameserver package 47 // 48 // ISC BIND named zone configuration for zones recommended by 49 // RFC 1912 section 4.1 : localhost TLDs and address zones 50 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt 51 // (c)2007 R W Franks 52 // 53 // See /usr/share/doc/bind*/sample/ for example named configuration files. 54 // 55 #此处添加 56 zone "magedu.org" IN { 57 type master; 58 file "magedu.org.zone"; 59 }; 60 61 3.拷贝模板配置文件,如果没有加-p选项,需要修改所有者或权限,名称与上文的file指定的文件名保持一致。 62 # chgrp named /var/named/magedu.org.zone #为了安全,来宾不可有读取此文件的权限。 63 [root@localhost ~]# cp -p /var/named/named.localhost /var/named/magedu.org.zone 64 [root@localhost ~]# ll /var/named/magedu.org.zone 65 -rw-r----- 1 root named 152 Jun 21 2007 /var/named/magedu.org.zone 66 67 4.配置区域数据库 68 注意:要想让主服务器将数据推送给辅助服务器,需要在以下配置中添加从DNS服务器NS记录,当主动要加DNS服务器解析后,还要让序号变大并重载配置才能使得从服务器更新数据记录。 69 [root@localhost ~]# vim /var/named/magedu.org.zone 70 $TTL 1D 71 @ IN SOA master admin.magedu.org. ( 72 20200223 ; serial 73 1D ; refresh 74 1H ; retry 75 1W ; expire 76 3H ) ; minimum 77 NS master 78 NS slave 79 master A 192.168.0.101 80 slave A 192.168.0.105 81 websrv A 192.168.0.199 82 www CNAME websrv 83 * CNAME websrv 84 @ A 192.168.0.199 85 86 [root@master ~]# rndc reload 87 server reload successful
1.2.4.2 从DNS服务器配置
[root@localhost ~]# yum install bind -y [root@localhost ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #不允许其它主机进行区域传输 allow-transfer { none; }; [root@localhost ~]# vim /etc/named.rfc1912.zones zone "magedu.org" IN { type slave; masters { 192.168.0.101;}; file "slaves/magedu.org.slave"; }; #第一次启动服务,不是第一次启动使用# rndc reload 重载配置即可 [root@localhost ~]# systemctl start named #查看区域数据库文件是否生成 [root@localhost ~]# ls /var/named/slaves/magedu.org.slave /var/named/slaves/magedu.org.slave
1.2.4.3 测试
[root@openvpn ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 DNS1=192.168.0.101 DNS2=192.168.0.105 [root@openvpn ~]# nmcli conn reload [root@openvpn ~]# nmcli conn up ens160 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13) [root@openvpn ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.0.101 nameserver 192.168.0.105
#验证从DNS服务器是否可以查询
#安装客户端工具
[root@openvpn ~]# yum install bind-utils -y [root@openvpn ~]# dig wwwwwww.magedu.org @192.168.0.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> wwwwwww.magedu.org @192.168.0.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1562 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;wwwwwww.magedu.org. IN A ;; ANSWER SECTION: wwwwwww.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 192.168.0.199 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. magedu.org. 86400 IN NS slave.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 slave.magedu.org. 86400 IN A 192.168.0.105 ;; Query time: 1 msec ;; SERVER: 192.168.0.105#53(192.168.0.105) ;; WHEN: Mon Feb 24 21:54:11 CST 2020 ;; MSG SIZE rcvd: 157 [root@openvpn ~]# curl www.magedu.org www.magedu.org #在主服务器上停止DNS服务 [root@master ~]# systemctl stop named #验证从DNS服务器仍然可以查询
2、搭建并实现智能DNS。
2.1 环境要求
需要五台主机
DNS主服务器:192.168.0.101/24,172.16.0.101/24
sh_web服务器:192.168.0.199/24
bj_web服务器2:172.16.0.108/24
DNS客户端1:192.168.0.107/24
DNS客户端2:172.16.0.107/24
2.2 前提准备
关闭SElinux
关闭防火墙
时间同步
2.3 实现步骤
2.3.1 DNS主服务器的网卡配置
[root@master ~]# ip a a 172.16.0.101/24 dev eth0 [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:50:56:ae:60:51 brd ff:ff:ff:ff:ff:ff inet 192.168.0.101/24 brd 192.168.0.255 scope global dynamic eth0 valid_lft 12813sec preferred_lft 12813sec inet 172.16.0.101/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:feae:6051/64 scope link valid_lft forever preferred_lft forever
2.3.2 主DNS服务器端配置文件实现view
[root@master ~]# yum install bind -y 1.定义区域地址段,需要在option前面定义;通过view关联acl和定义的DNS数据库; 因为,一旦启用了view,所有的zone都只能定义在view中,故要将配置文件中的根区域重新定义在 各acl指定对应include包含的配置文件中;可在一个acl中定义多个网段。 [root@master ~]# vim /etc/named.conf acl beijingnet { 172.16.0.0/24; 10.0.0.0/24; }; acl shanghainet { 192.168.0.0/24; }; acl other { any; }; options { listen-on port 53 { localhost; }; ... //zone "." IN { // type hint; // file "named.ca"; //}; view beijingview { match-clients { beijingnet; }; include "/etc/named.rfc1912.zones.bj"; }; view shanghaiview { match-clients { shanghainet; }; include "/etc/named.rfc1912.zones.sh"; }; view otherview { match-clients { other; }; include "/etc/named.rfc1912.zones.other"; }; include "/etc/named.root.key";
2.3.3 实现区域配置文件
#将/etc/named.conf中注释的根区域信息复制到此配置文件中 [root@master ~]# vim /etc/named.rfc1912.zones // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" IN { type master; file "magedu.org.zone"; }; #复制定义的域名配置文件,分别定义三个不同区域的数据库配置文件 [root@master ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj [root@master ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh [root@master ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other [root@master ~]# vim /etc/named.rfc1912.zones.bj // zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" IN { type master; file "magedu.org.zone.bj"; }; [root@master ~]# vim /etc/named.rfc1912.zones.sh // zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" IN { type master; file "magedu.org.zone.sh"; }; [root@master ~]# vim /etc/named.rfc1912.zones.other // zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" IN { type master; file "magedu.org.zone.other"; };
2.3.4 创建区域数据库文件
#定义三个区域数据库配置 [root@master ~]# vim /var/named/magedu.org.zone.bj $TTL 1D @ IN SOA master admin.magedu.org. ( 20200227 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 192.168.0.101 websrv A 192.168.0.108 www CNAME websrv [root@master ~]# vim /var/named/magedu.org.zone.sh $TTL 1D @ IN SOA master admin.magedu.org. ( 20200227 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 192.168.0.101 websrv A 192.168.0.199 www CNAME websrv [root@master ~]# vim /var/named/magedu.org.zone.other $TTL 1D @ IN SOA master admin.magedu.org. ( 20200227 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 192.168.0.101 websrv A 3.3.3.3 www CNAME websrv #重启服务 [root@master ~]# systemctl restart named
2.3.5 实现位于不同区域的两个WEB服务器
# 分别在192.168.0.199和172.16.0.108上配置httpd服务 # yum install httpd # echo "www.magedu.org(shanghai)" > /var/www/html/index.html # echo "www.mageedu.org(beijing)" > /var/www/html/index.html # systemctl start httpd
2.3.6 客户端测试
#客户端测试,使用172.16.0.0的网络访问,解析得到的信息是属于北京的172.16.0.108 [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:50:56:ae:20:d3 brd ff:ff:ff:ff:ff:ff inet 172.16.0.107/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::7b48:7fd5:cc93:9a61/64 scope link valid_lft forever preferred_lft forever #客户端测试,使用192.168.0.0的网络访问,解析得到的信息是属于上海的192.168.0.199
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:ae:20:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.107/24 brd 192.168.0.255 scope global dynamic eth0
valid_lft 18786sec preferred_lft 18786sec
inet6 fe80::7b48:7fd5:cc93:9a61/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# dig www.magedu.org @192.168.0.101 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.magedu.org @192.168.0.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27876 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 192.168.0.199 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 ;; Query time: 0 msec ;; SERVER: 192.168.0.101#53(192.168.0.101) ;; WHEN: Wed Feb 26 12:08:10 CST 2020 ;; MSG SIZE rcvd: 117 [root@localhost ~]# curl www.magedu.org www.magedu.org(shanghai) #主DNS服务器本地解析得到的是other信息,解析得到的地址是3.3.3.3 [root@localhost ~]# dig www.magedu.org @172.16.0.101 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.magedu.org @172.16.0.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8249 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 172.16.0.108 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 ;; Query time: 2 msec ;; SERVER: 172.16.0.101#53(172.16.0.101) ;; WHEN: Wed Feb 26 12:08:41 CST 2020 ;; MSG SIZE rcvd: 117 [root@localhost ~]# curl www.magedu.org www.magedu.org(beijing) [root@master ~]# dig www.magedu.org @127.0.0.1 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.magedu.org @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24537 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 3.3.3.3 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 192.168.0.101 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Feb 26 12:09:11 CST 2020 ;; MSG SIZE rcvd: 117
3、编译安装Mariadb,并启动后可以正常登录
(1)安装所需依赖包 [root@localhost ~]# yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel -y (2)做准备用户和数据目录 [root@localhost ~]# useradd -r -s /sbin/nologin -d /data/mysql/ mysql [root@localhost ~]# mkdir -p /data/mysql [root@localhost ~]# chown mysql.mysql /data/mysql [root@localhost ~]# tar xvf mariadb-10.2.25.tar.gz (3)cmake 编译安装 cmake的重要特性之一是其独立于源码(out-of-source)的编译功能,即编译工作可以在另一个指定的目录中 而非源码目录中进行,这可以保证源码目录不受任何一次编译的影响,因此在同一个源码树上可以进行多次不 同的编译,如针对于不同平台编译 编译选项:https://dev.mysql.com/doc/refman/5.7/en/source-configuration-options.html [root@localhost ~]# cd mariadb-10.2.25/ [root@localhost mariadb-10.2.25]# cmake . \ -DCMAKE_INSTALL_PREFIX=/app/mysql \ -DMYSQL_DATADIR=/data/mysql/ \ -DSYSCONFDIR=/etc/ \ -DMYSQL_USER=mysql \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_PARTITION_STORAGE_ENGINE=1 \ -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \ -DWITH_DEBUG=0 \ -DWITH_READLINE=1 \ -DWITH_SSL=system \ -DWITH_ZLIB=system \ -DWITH_LIBWRAP=0 \ -DENABLED_LOCAL_INFILE=1 \ -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci [root@localhost mariadb-10.2.25]# make -j 4 && make install #指定cpu核心,使得编译速度更快 #提示:如果出错,执行rm -f CMakeCache.txt (4)准备环境变量 [root@localhost mariadb-10.2.25]# echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh [root@localhost mariadb-10.2.25]# . /etc/profile.d/mysql.sh (5)生成数据库文件 [root@localhost mariadb-10.2.25]# cd /app/mysql/ [root@localhost mysql]# ./scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql (6)准备配置文件 [root@localhost mysql]# cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf cp: overwrite ‘/etc/my.cnf’? y (7)准备启动脚本 [root@localhost mysql]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld (8)添加服务,并启动服务 [root@localhost mysql]# chkconfig --add mysqld ;service mysqld start Starting mysqld (via systemctl): [ OK ] (9)登入测试 [root@localhost mysql]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.2.25-MariaDB-log Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
