十三、Linux DNS服务与Maridb数据库
1.简述DNS服务器原理,并搭建主-辅服务器。
DNS工作原理:
第一步:客户机提出域名解析请求,并将该请求发送给本地的域名服务器。
第二步:当本地的域名服务器收到请求后,就先查询本地的缓存,如果有该纪录项,则本地的域名服务器就直接把查询的结果返回。
第三步:如果本地的缓存中没有该纪录,则本地域名服务器就直接把请求发给根域名服务器,然后根域名服务器再返回给本地域名服务器一个所查询域(根的子域) 的主域名服务器的地址。
第四步:本地服务器再向上一步返回的域名服务器发送请求,然后接受请求的服务器查询自己的缓存,如果没有该纪录,则返回相关的下级的域名服务器的地址。
第五步:重复第四步,直到找到正确的纪录。
第六步:本地域名服务器把返回的结果保存到缓存,以备下一次使用,同时还将结果返回给客户机。
搭建主DNS服务器:
[root@localhost ~]# dnf install bind -y
[root@localhost ~]# vim /etc/named.conf
##注释以下两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
##只允许从服务器进行区域传输
allow-transfer {10.50.100.19;};
[root@localhost ~]# vim /etc/named.rfc1912.zones
##加入下面内容
zone "hinsang.org" IN {
type master;
file "hinsang.org.zone";
};
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/hinsang.ort.zone
$TTL 1D
@ IN SOA master admin.hinsang.org. (
1 ; serial ##修改文件版本好必须要修改!!!
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.50.100.18
slave A 10.50.100.19
www A 10.50.100.7
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone hinsang.org /var/named/hinsang.org.zone
zone hinsang.org/IN: loaded serial 0
OK
[root@localhost ~]# systemctl start named
搭建从DNS服务器:
[root@localhost ~]# dnf -y install bind
[root@localhost ~]# vim /etc/named.conf
##注释以下两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
##不允许其它主机进行区域传输
allow-transfer {none;};
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "hinsang.org" {
type slave;
masters {10.50.100.18;};
file "slaves/hinsang.org.slave";
};
[root@localhost ~]# systemctl start named
[root@localhost ~]# ls /var/named/slaves/hinsang.org.slave
/var/named/slaves/hinsang.org.slave
搭建WEB服务器:
[root@localhost ~]# dnf -y install httpd
[root@localhost ~]# echo hello,welcome to shenzhen! > /var/www/html/index.html
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# curl 10.50.100.7
hello,welcome to shenzhen!
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPADDR=10.50.100.7
NETMASK=255.0.0.0
GATEWAY=10.0.0.1
DNS1=10.50.100.18
DNS2=10.50.100.19
NAME="ens33"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33"
ONBOOT="yes"
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search centos8
nameserver 10.50.100.18
nameserver 10.50.100.19
[root@localhost ~]# dig www.hinsang.org
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> www.hinsang.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26494
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 03b35d021ced63b3bdc75a965fec40b25cdbe7523b6e1231 (good)
;; QUESTION SECTION:
;www.hinsang.org. IN A
;; ANSWER SECTION:
www.hinsang.org. 86400 IN A 10.50.100.7
;; AUTHORITY SECTION:
hinsang.org. 86400 IN NS master.hinsang.org.
hinsang.org. 86400 IN NS slave.hinsang.org.
;; ADDITIONAL SECTION:
master.hinsang.org. 86400 IN A 10.50.100.18
slave.hinsang.org. 86400 IN A 10.50.100.19
;; Query time: 1 msec
;; SERVER: 10.50.100.18#53(10.50.100.18)
;; WHEN: Wed Dec 30 16:56:19 CST 2020
;; MSG SIZE rcvd: 161
[root@localhost ~]# curl www.hinsang.org
hello,welcome to shenzhen!
主从DNS服务器测试:
##在主服务器上停止DNS服务
[root@localhost ~]# systemctl stop named
##验证从DNS服务器仍然可以查询
[root@localhost ~]# dig www.hinsang.org
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> www.hinsang.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 80e9fb0c42db69faf50614b25fec4f1724934dce686db06f (good)
;; QUESTION SECTION:
;www.hinsang.org. IN A
;; ANSWER SECTION:
www.hinsang.org. 86400 IN A 10.50.100.7
;; AUTHORITY SECTION:
hinsang.org. 86400 IN NS slave.hinsang.org.
hinsang.org. 86400 IN NS master.hinsang.org.
;; ADDITIONAL SECTION:
master.hinsang.org. 86400 IN A 10.50.100.18
slave.hinsang.org. 86400 IN A 10.50.100.19
;; Query time: 0 msec
;; SERVER: 10.50.100.19#53(10.50.100.19)
;; WHEN: Wed Dec 30 17:57:45 CST 2020
;; MSG SIZE rcvd: 161
[root@localhost ~]# curl www.hinsang.org
hello,welcome to shenzhen!
2.搭建并实现智能DNS。
环境要求:
需要五台主机
DNS主服务器和web服务器1:10.50.100.7/8,172.16.0.8/16
##修改服务器名称
[root@localhost ~]# hostnamectl set-hostname DNS-Web1
##配置两个IP地址
##ens33 10.50.100.7/8
##ens33:1 172.16.0.8/16
[root@DNS-Web1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33:1
[root@DNS-Web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33"
ONBOOT="yes"
[root@DNS-Web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33:1
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPADDR=172.16.0.8
NETMASK=255.255.0.0
DNS1=10.50.100.7
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33:1"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33:1"
ONBOOT="yes"
[root@DNS-Web1 ~]# nmcli con reload
[root@DNS-Web1 ~]# nmcli con up ens33
##关闭SElinux和firewalld防火墙
[root@DNS-Web1 ~]# systemctl stop firewalld
[root@DNS-Web1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DNS-Web1 ~]# getenforce
Enforcing
[root@DNS-Web1 ~]# setenforce 0
[root@DNS-Web1 ~]# getenforce
Permissive
##主DNS服务端配置文件实现view
[root@DNS-Web1 ~]# dnf -y install bind
[root@DNS-Web1 ~]# vim /etc/named.conf
#在文件最前面加下面行
acl beijingnet {
10.0.0.0/8;
};
acl shanghainet {
172.16.0.0/16;
};
acl othernet {
any;
};
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#在文件最后增加view
view beijingview {
match-clients {beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients {shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
##实现区域配置文件
[root@DNS-Web1 ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj
[root@DNS-Web1 ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh
[root@DNS-Web1 ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other
[root@DNS-Web1 ~]# vim /etc/named.rfc1912.zones.bj
#在文件最前面加入下面的行
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" {
type master;
file "magedu.org.zone.bj";
};
[root@DNS-Web1 ~]# vim /etc/named.rfc1912.zones.sh
#在文件最前面加入下面的行
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" {
type master;
file "magedu.org.zone.sh";
};
[root@DNS-Web1 ~]# vim /etc/named.rfc1912.zones.other
#在文件最前面加入下面的行
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" {
type master;
file "magedu.org.zone.other";
};
##修改三个文件的权限组
[root@DNS-Web1 ~]# ll /etc/named.*
-rw-r-----. 1 root named 1995 Dec 31 17:16 /etc/named.conf
-rw-r-----. 1 root named 1029 Aug 25 01:31 /etc/named.rfc1912.zones
-rw-r-----. 1 root root 1139 Dec 31 17:20 /etc/named.rfc1912.zones.bj
-rw-r-----. 1 root root 1143 Dec 31 17:25 /etc/named.rfc1912.zones.other
-rw-r-----. 1 root root 1139 Dec 31 17:23 /etc/named.rfc1912.zones.sh
-rw-r--r--. 1 root named 1070 Aug 25 01:31 /etc/named.root.key
[root@DNS-Web1 ~]# chgrp named /etc/named.rfc1912.zones.bj
[root@DNS-Web1 ~]# chgrp named /etc/named.rfc1912.zones.sh
[root@DNS-Web1 ~]# chgrp named /etc/named.rfc1912.zones.other
[root@DNS-Web1 ~]# ll /etc/named.*
-rw-r-----. 1 root named 1995 Dec 31 17:16 /etc/named.conf
-rw-r-----. 1 root named 1029 Aug 25 01:31 /etc/named.rfc1912.zones
-rw-r-----. 1 root named 1139 Dec 31 17:20 /etc/named.rfc1912.zones.bj
-rw-r-----. 1 root named 1143 Dec 31 17:25 /etc/named.rfc1912.zones.other
-rw-r-----. 1 root named 1139 Dec 31 17:23 /etc/named.rfc1912.zones.sh
-rw-r--r--. 1 root named 1070 Aug 25 01:31 /etc/named.root.key
##创建区域数据库文件
[root@DNS-Web1 ~]# cp -p /var/named/named.localhost /var/named/magedu.org.zone.bj
[root@DNS-Web1 ~]# vim /var/named/magedu.org.zone.bj
$TTL 1D
@ IN SOA master admin.magedu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.50.100.7
websrv A 10.50.100.8
www CNAME websrv
[root@DNS-Web1 ~]# cp -p /var/named/named.localhost /var/named/magedu.org.zone.sh
[root@DNS-Web1 ~]# vim /var/named/magedu.org.zone.sh
$TTL 1D
@ IN SOA master admin.magedu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.50.100.7
websrv A 172.16.0.7
www CNAME websrv
[root@DNS-Web1 ~]# cp -p /var/named/named.localhost /var/named/magedu.org.zone.other
[root@DNS-Web1 ~]# vim /var/named/magedu.org.zone.other
$TTL 1D
@ IN SOA master admin.magedu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.50.100.7
websrv A 127.0.0.1
www CNAME websrv
##检查配置文件语法是否正确
[root@DNS-Web1 ~]# named-checkconf
[root@DNS-Web1 ~]# named-checkzone /etc/named.rfc1912.zones.bj /var/named/magedu.org.zone.bj
/var/named/magedu.org.zone.bj:2: warning: master./etc/named.rfc1912.zones.bj: bad name (check-names)
/var/named/magedu.org.zone.bj:8: warning: master./etc/named.rfc1912.zones.bj: bad name (check-names)
/var/named/magedu.org.zone.bj:9: master./etc/named.rfc1912.zones.bj: bad owner name (check-names)
/var/named/magedu.org.zone.bj:10: websrv./etc/named.rfc1912.zones.bj: bad owner name (check-names)
zone /etc/named.rfc1912.zones.bj/IN: loaded serial 0
OK
[root@DNS-Web1 ~]# named-checkzone /etc/named.rfc1912.zones.sh /var/named/magedu.org.zone.sh
/var/named/magedu.org.zone.sh:2: warning: master./etc/named.rfc1912.zones.sh: bad name (check-names)
/var/named/magedu.org.zone.sh:8: warning: master./etc/named.rfc1912.zones.sh: bad name (check-names)
/var/named/magedu.org.zone.sh:9: master./etc/named.rfc1912.zones.sh: bad owner name (check-names)
/var/named/magedu.org.zone.sh:10: websrv./etc/named.rfc1912.zones.sh: bad owner name (check-names)
zone /etc/named.rfc1912.zones.sh/IN: loaded serial 0
OK
[root@DNS-Web1 ~]# named-checkzone /etc/named.rfc1912.zones.other /var/named/magedu.org.zone.other
/var/named/magedu.org.zone.other:2: warning: master./etc/named.rfc1912.zones.other: bad name (check-names)
/var/named/magedu.org.zone.other:8: warning: master./etc/named.rfc1912.zones.other: bad name (check-names)
/var/named/magedu.org.zone.other:9: master./etc/named.rfc1912.zones.other: bad owner name (check-names)
/var/named/magedu.org.zone.other:10: websrv./etc/named.rfc1912.zones.other: bad owner name (check-names)
zone /etc/named.rfc1912.zones.other/IN: loaded serial 2
OK
##启动DNS服务
[root@DNS-Web1 ~]# systemctl start named
[root@DNS-Web1 ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2021-01-05 14:29:18 CST; 14s ago
Process: 3040 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCES>
Process: 3036 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/name>
Main PID: 3042 (named)
Tasks: 7 (limit: 12333)
Memory: 114.5M
CGroup: /system.slice/named.service
└─3042 /usr/sbin/named -u named -c /etc/named.conf
##安装httpd服务
[root@DNS-Web1 ~]# dnf install -y httpd
[root@DNS-Web1 ~]# echo www.magedu.org in other > /var/www/html/index.html
[root@DNS-Web1 ~]# systemctl start httpd
[root@DNS-Web1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: reloading (reload) since Tue 2021-01-05 14:37:12 CST; 5s ago
Docs: man:httpd.service(8)
Main PID: 3509 (httpd)
Status: "Reading configuration..."
Tasks: 1 (limit: 12333)
Memory: 3.9M
CGroup: /system.slice/httpd.service
└─3509 /usr/sbin/httpd -DFOREGROUND
Jan 05 14:36:47 DNS-Web1 systemd[1]: Starting The Apache HTTP Server...
Jan 05 14:37:12 DNS-Web1 httpd[3509]: AH00558: httpd: Could not reliably determine the server's fully qua>
Jan 05 14:37:12 DNS-Web1 systemd[1]: Started The Apache HTTP Server.
[root@DNS-Web1 ~]# curl 10.50.100.7
www.magedu.org in other
web服务器2:10.50.100.8/8
##修改服务器名称
[root@web2 ~]# hostnamectl set-hostname Web2
[root@Web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:d2:e5:0d brd ff:ff:ff:ff:ff:ff
inet 10.50.100.8/8 brd 10.255.255.255 scope global dynamic noprefixroute ens33
valid_lft 1282sec preferred_lft 1282sec
##关闭SElinux和firewalld防火墙
[root@Web2 ~]# systemctl stop firewalld
[root@Web2 ~]# systemctl disable firewalld
[root@Web2 ~]# getenforce
Enforcing
[root@Web2 ~]# setenforce 0
[root@Web2 ~]# getenforce
Permissive
##安装httpd服务
[root@Web2 ~]# dnf -y install httpd
[root@Web2 ~]# echo www.magedu.org in Beijing > /var/www/html/index.html
[root@Web2 ~]# systemctl start httpd
[root@Web2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2021-01-05 14:40:23 CST; 26s ago
Docs: man:httpd.service(8)
Main PID: 8526 (httpd)
Status: "Started, listening on: port 80"
Tasks: 213 (limit: 12340)
Memory: 42.7M
CGroup: /system.slice/httpd.service
├─8526 /usr/sbin/httpd -DFOREGROUND
├─8527 /usr/sbin/httpd -DFOREGROUND
├─8528 /usr/sbin/httpd -DFOREGROUND
├─8529 /usr/sbin/httpd -DFOREGROUND
└─8530 /usr/sbin/httpd -DFOREGROUND
Jan 05 14:39:58 Web2 systemd[1]: Starting The Apache HTTP Server...
Jan 05 14:40:23 Web2 httpd[8526]: AH00558: httpd: Could not reliably determine the server's fully qualifi>
Jan 05 14:40:23 Web2 systemd[1]: Started The Apache HTTP Server.
Jan 05 14:40:43 Web2 httpd[8526]: Server configured, listening on: port 80
[root@Web2 ~]# curl 10.50.100.8
www.magedu.org in Beijing
web服务器3:172.16.0.7/16
##修改服务器名称
[root@localhost ~]# hostnamectl set-hostname Web3
##配置IP地址
[root@localhost ~]# ip a a 172.16.0.7/16 dev ens33 label ens33:1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:37:7e:37 brd ff:ff:ff:ff:ff:ff
inet 10.50.100.10/8 brd 10.255.255.255 scope global dynamic noprefixroute ens33
valid_lft 1513sec preferred_lft 1513sec
inet 172.16.0.7/16 scope global ens33:1
valid_lft forever preferred_lft forever
##关闭SElinux和firewalld防火墙
[root@Web3 ~]# systemctl stop firewalld
[root@Web3 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@Web3 ~]# getenforce
Enforcing
[root@Web3 ~]# setenforce 0
[root@Web3 ~]# getenforce
Permissive
##安装httpd服务
[root@Web3 ~]# dnf -y install httpd
[root@Web3 ~]# echo www.magedu.org in Shanghai > /var/www/html/index.html
[root@Web3 ~]# systemctl start httpd
[root@Web3 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: reloading (reload) since Tue 2021-01-05 14:43:06 CST; 17s ago
Docs: man:httpd.service(8)
Main PID: 16922 (httpd)
Status: "Reading configuration..."
Tasks: 1 (limit: 12333)
Memory: 4.0M
CGroup: /system.slice/httpd.service
└─16922 /usr/sbin/httpd -DFOREGROUND
Jan 05 14:42:39 Web3 systemd[1]: Starting The Apache HTTP Server...
Jan 05 14:43:06 Web3 httpd[16922]: AH00558: httpd: Could not reliably determine the server's fully qualif>
Jan 05 14:43:06 Web3 systemd[1]: Started The Apache HTTP Server.
[root@Web3 ~]# curl 10.50.100.10
www.magedu.org in Shanghai
DNS客户端1:10.50.100.9/8
##修改服务器名称
[root@localhost ~]# hostnamectl set-hostname beijingclient
##关闭SElinux和firewalld防火墙
[root@beijingclient ~]# systemctl stop firewalld
[root@beijingclient ~]# systemctl disable firewalld
[root@beijingclient ~]# getenforce
Enforcing
[root@beijingclient ~]# setenforce 0
[root@beijingclient ~]# getenforce
Permissive
DNS客户端2:172.16.0.6/16
##修改服务器名称
[root@localhost ~]# hostnamectl set-hostname shanghaiclient
##配置IP地址
[root@shanghaiclient ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33:1
[root@shanghaiclient ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPADDR=10.50.100.11
NETMASK=255.0.0.0
DNS1=10.50.100.7
NAME="ens33"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33"
ONBOOT="yes"
[root@shanghaiclient ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33:1
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPADDR=172.16.0.6
NETMASK=255.255.0.0
DNS1=10.50.100.7
NAME="ens33:1"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33:1"
ONBOOT="yes"
[root@shanghaiclient ~]# nmcli con reload
[root@shanghaiclient ~]# nmcli con up ens33
##关闭SElinux和firewalld防火墙
[root@shanghaiclient ~]# systemctl stop firewalld
[root@shanghaiclient ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@shanghaiclient ~]# getenforce
Enforcing
[root@shanghaiclient ~]# setenforce 0
[root@shanghaiclient ~]# getenforce
Permissive
客户端测试
##DNS客户端1:10.50.100.9/8 实现确保DNS指向10.50.100.7
[root@beijingclient ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=10.50.100.9
NETMASK=255.0.0.0
DNS1=10.50.100.7
[root@beijingclient ~]# nmcli con reload
[root@beijingclient ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@beijingclient ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.50.100.7
[root@beijingclient ~]# curl www.magedu.org
www.magedu.org in Beijing
##DNS客户端2:172.16.0.6/16 实现确保指向172.16.0.8
[root@shanghaiclient ~]# host www.magedu.org 172.16.0.8
Using domain server:
Name: 172.16.0.8
Address: 172.16.0.8#53
Aliases:
www.magedu.org is an alias for websrv.magedu.org.
websrv.magedu.org has address 172.16.0.7
##DNS客户端3:10.50.100.7 实现确保DNS指向127.0.0.1
[root@DNS-Web1 ~]# host www.magedu.org 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.magedu.org is an alias for websrv.magedu.org.
websrv.magedu.org has address 127.0.0.1
3.编译安装Mariadb,并启动后可以正常登录
##安装相关依赖包
[root@localhost ~]# yum -y install bison bison-devel zlib-devel libcurl-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel libarchive-devel
##创建数据库用户和目录,并修改文件夹权限
[root@localhost ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@localhost ~]# mkdir /data/mysql
[root@localhost ~]# chown mysql.mysql /data/mysql/
##下载并解压源码包,官网:www.mariadb.org
[root@localhost data]# tar xvf mariadb-10.2.36.tar.gz
##源码编译安装mariadb
[root@localhost mariadb-10.2.36]# cd mariadb-10.2.36/
/
cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
make && make install
##准备环境变量
[root@localhost mariadb-10.2.36]# echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost mariadb-10.2.36]# . /etc/profile.d/mysql.sh
##生成数据库文件
[root@localhost mariadb-10.2.36]# cd /app/mysql/
[root@localhost mysql]# scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql/' ...
OK
##准备配置文件
[root@localhost mysql]# cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
cp:是否覆盖"/etc/my.cnf"? y
##准备启动脚本,并启动数据库服务
[root@localhost mysql]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@localhost mysql]# chkconfig --add mysqld
[root@localhost mysql]# chkconfig
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执行 'systemctl list-unit-files'。
查看在具体 target 启用的服务请执行
'systemctl list-dependencies [target]'。
mysqld 0:关 1:关 2:开 3:开 4:开 5:开 6:关
netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关
network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
[root@localhost mysql]# service mysqld start
Starting mysqld (via systemctl): [ 确定 ]
##安全初始化
[root@localhost mysql]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
##登录数据库进行检验
[root@localhost mysql]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.2.36-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>