linux dns服務和MariaDB10.2.31原始碼編譯安裝
阿新 • • 發佈:2020-12-26
一、簡述DNS伺服器原理,並搭建主-輔伺服器。
當前TCP/IP網路中的裝置之間進行通訊,是利用和依賴於IP地址實現的。但數字形式的IP地址是很難記憶的。當網路裝置眾多,想要記住每個裝置的IP地址,可以說是“不可能完成的任務”。那麼如何解決這一難題呢?我們可以給每個網路裝置起一個友好的名稱,如:www.abc.com,這種由文字組成的名稱,顯而易見要更容易記憶。但是計算機不會理解這種名稱的,我們可以利用一種名字解析服務將名稱轉化成(解析)成IP地址。從而我們就可以利用名稱來直接訪問網路中裝置了。除此之外還有一個重要功能,利用名稱解析服務可以實現主機和IP的解耦,即:當主機IP變化時,只需要修改名稱服務即可,使用者仍可以通過原有的名稱進行訪問而不受影響。
DNS工作原理:
第一步:客戶機提出域名解析請求,並將該請求傳送給本地的域名伺服器。
第二步:當本地的域名伺服器收到請求後,就先查詢本地的快取,如果有該紀錄項,則本地的域名伺服器就直接把查詢的結果返回。
第三步:如果本地的快取中沒有該紀錄,則本地域名伺服器就直接把請求發給根域名伺服器,然後根域名伺服器再返回給本地域名伺服器一個所查詢域(根的子域) 的主域名伺服器的地址。
第四步:本地伺服器再向上一步返回的域名伺服器傳送請求,然後接受請求的伺服器查詢自己的快取,如果沒有該紀錄,則返回相關的下級的域名伺服器的地址。
第五步:重複第四步,直到找到正確的紀錄。
第六步:本地域名伺服器把返回的結果儲存到快取,以備下一次使用,同時還將結果返回給客戶機。
搭建主從DNS伺服器,我們假設有一個wjwj.le的域。
1、需要兩臺伺服器實現,在兩臺伺服器安裝DNS服務相關軟體,並啟動服務。
[root@centos8 ~]#dnf -y install bind bind-utils
[root@centos8 ~]#systemctl enable --now named
開始配置主伺服器
2、修改配置檔案,使DNS服務監聽伺服器上所有IP地址,併為所有客戶提供服務。
[root@centos8 ~]#vim /etc/named.conf #註釋掉下面兩行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #在options下新增從伺服器地址,只允許從伺服器同步,以保證安全。 allow-transfer {10.0.0.88;};
3、定義區域解析庫檔案並設定許可權。
[root@centos8 /var/named]#vim /var/named/wjwj.le.zone
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 10.0.0.7
www2 CNAME websrv
websrv A 10.0.0.6
websrv A 10.0.0.7
[root@centos8 ~]#chmod 640 /var/named/wjwj.le.zone;chgrp named /var/named/wjwj.le.zone
4、編輯 /etc/named.rfc1912.zones 檔案,將區域解析庫檔名寫入。
[root@centos8 ~]#vim /etc/named.rfc1912.zones
zone "wjwj.le" IN {
type master;
file "wjwj.le.zone";
5、使用命令檢查配置檔案和區域解析庫檔案是否有錯誤。
[root@centos8 ~]#named-checkconf
[root@centos8 ~]#named-checkzone "wjwj.le" /var/named/wjwj.le.zone
zone wjwj.le/IN: loaded serial 20201201
OK
6、使配置檔案生效。
[root@centos8 ~]rndc reload
下面開始配置從伺服器。
7、修改配置檔案,使DNS服務監聽伺服器上所有IP地址,併為所有IP地址的客戶提供服務。
[root@centos8 ~]#vim /etc/named.conf
#註釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#在options下新增以從伺服器地址,防止其他主機同步:
allow-transfer {10.0.0.88;};
8、編輯從伺服器的/etc/named.rfc1912.zones檔案,新增從伺服器配置。從伺服器不需要單獨編寫解析庫檔案,直接和主伺服器同步,並且儲存的是加密格式,不能直接檢視。
[root@centos88 ~]#vim /etc/named.rfc1912.zones
zone "wjwj.le" IN {
type slave;
masters {10.0.0.78};
file "slave/wjwj.le.zone.slave";
};
9、修改從伺服器DNS服務配置檔案,使DNS服務監聽伺服器上所有IP地址,併為所有的客戶提供服務。
[root@centos8 ~]#vim /etc/named.conf
#註釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#在options下新增以從伺服器地址,防止其他主機同步,增加安全性
allow-transfer {none;};
10、使配置檔案生效。
[root@centos88 ~]rndc reload
11、測試服務是否正常。
#測試主伺服器
[root@centos76 ~]#host www2.wjwj.le 10.0.0.78
Using domain server:
Name: 10.0.0.78
Address: 10.0.0.78#53
Aliases:
www2.wjwj.le is an alias for websrv.wjwj.le.
websrv.wjwj.le has address 10.0.0.6
websrv.wjwj.le has address 10.0.0.7
#測試從伺服器是否正常
[root@centos76 ~]#host www2.wjwj.le 10.0.0.88
Using domain server:
Name: 10.0.0.88
Address: 10.0.0.88#53
Aliases:
www2.wjwj.le is an alias for websrv.wjwj.le.
websrv.wjwj.le has address 10.0.0.6
websrv.wjwj.le has address 10.0.0.7
12、在主伺服器的區域解析庫檔案中新增一條記錄,測試從伺服器是否能改自動同步。
[root@centos8 ~]#vim /var/named/wjwj.le.zone
#新增一條記錄
ftp A 10.0.0.111
#務必修改版本號,把數值改大一些即可,否則從伺服器不會同步
#使配置生效
[root@centos8 ~]#rndc reload
server reload successful
#使用另外一臺主機進行測試,測試從伺服器資料是否正確
[root@centos76 ~]#dig ftp.wjwj.le @10.0.0.88
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> ftp.wjwj.le @10.0.0.88
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46485
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.wjwj.le. IN A
;; ANSWER SECTION:
ftp.wjwj.le. 86400 IN A 10.0.0.111
;; AUTHORITY SECTION:
wjwj.le. 86400 IN NS ns2.wjwj.le.
wjwj.le. 86400 IN NS ns1.wjwj.le.
;; ADDITIONAL SECTION:
ns1.wjwj.le. 86400 IN A 10.0.0.78
ns2.wjwj.le. 86400 IN A 10.0.0.88
;; Query time: 1 msec
;; SERVER: 10.0.0.88#53(10.0.0.88)
;; WHEN: Fri Dec 25 17:28:48 CST 2020
;; MSG SIZE rcvd: 124
13、主從DNS服務搭建成功。
二、搭建並實現智慧DNS。
智慧DNS可以根據使用者IP地址判斷使用者所在地區和線路,返回給使用者最合適的IP地址,加速使用者訪問。我們假設北京的網段是192.168.0.0/24,上海的網段是10.0.0.0/24來模擬智慧DNS服務。
1、安裝DNS軟體並啟動。
[root@centos8 ~]#yum install bind bind-utils -y;systemctl enable --now named
2、給伺服器新增一個192.168.0.100/24的IP.
[root@centos8 ~]#ip a a 192.168.0.100/24 dev bond0 label bond0:1
3、修改配置檔案。
[root@centos8 ~]#vim /etc/named.conf
#在檔案最前面加下面行
acl beijing {
192.168.0.0/24;
};
acl shanghai {
10.0.0.0/24;
};
acl other {
any;
};
#註釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
# 建立view
view beijingview {
match-clients { beijing;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients { shanghai;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { other;};
include "/etc/named.rfc1912.zones.other";
};
#刪除以下內容
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
4、分別建立區域配置檔案,設定許可權。
[root@centos8 ~]#vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "wjwj.le" {
type master;
file "wjwj.le.zone.bj";
};
[root@centos8 ~]#vim /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "wjwj.le" {
type master;
file "wjwj.le.zone.sh";
};
[root@centos8 ~]#vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "wjwj.le" {
type master;
file "wjwj.le.zone.other";
};
[root@centos8 ~]#chmod 640 /etc/named.rfc1912.zones*;chgrp named /etc/named.rfc1912.zones*
[root@centos8 ~]#ll /etc/named.rfc1912.zones*
-rw-r----- 1 root named 1219 Dec 25 18:39 /etc/named.rfc1912.zones
-rw-r----- 1 root named 118 Dec 25 21:13 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named 121 Dec 25 21:14 /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 118 Dec 25 21:13 /etc/named.rfc1912.zones.sh
5、分別建立不同地區區域資料庫檔案,可複製現有檔案進行修改。
[root@centos8 ~]#vim /var/named/wjwj.le.zone.bj
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 192.168.0.100
[root@centos8 ~]#vim /var/named/wjwj.le.zone.sh
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 10.0.0.100
[root@centos8 ~]#vim /var/named/wjwj.le.zone.other
$TTL 1D
@ IN SOA ns1 admin.wjwj.le. (
20201203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 10.0.0.78
ns2 A 10.0.0.88
www A 127.0.0.1
6、使配置生效
[root@centos8 ~]#rndc reload
server reload successful
7、測試不同IP訪問效果,實現智慧DNS功能。
[root@centos76 ~]#host www.wjwj.le 192.168.0.100
Using domain server:
Name: 192.168.0.100
Address: 192.168.0.100#53
Aliases:
www.wjwj.le has address 192.168.0.100
[root@centos76 ~]#host www.wjwj.le 10.0.0.88
Using domain server:
Name: 10.0.0.88
Address: 10.0.0.88#53
Aliases:
www.wjwj.le has address 10.0.0.100
[root@centos8 ~]#host www.wjwj.le 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.wjwj.le has address 127.0.0.1
三、編譯安裝Mariadb,並啟動後可以正常登入。
1、安裝相關依賴包。
[root@centos8 ~]#yum -y install bison zlib-devel libcurl-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
2、建立使用者和資料目錄。
[root@centos8 ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql
3、準備資料庫目錄。
[root@centos8 ~]#mkdir /data/mysql
[root@centos8 ~]#chown mysql.mysql /data/mysql
4、準備原始碼包並解壓縮。
[root@centos8 /data]#tar xf mariadb-10.2.31.tar.gz
5、開始編譯安裝。
[root@centos8 /data]#cd mariadb-10.2.31/
[root@centos8 /data/mariadb-10.2.31]#cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
[root@centos8 /data/mariadb-10.2.31]#make -j 4 && make install
6、生成資料庫檔案。
[root@centos8 /data/mariadb-10.2.31]#cd /app/mysql/
[root@centos8 /app/mysql]#scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql/' ...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:
'./bin/mysqladmin' -u root password 'new-password'
'./bin/mysqladmin' -u root -h centos88.wj3721.top password 'new-password'
Alternatively you can run:
'./bin/mysql_secure_installation'
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.
You can start the MariaDB daemon with:
cd '.' ; ./bin/mysqld_safe --datadir='/data/mysql/'
You can test the MariaDB daemon with mysql-test-run.pl
cd './mysql-test' ; perl mysql-test-run.pl
Please report any problems at http://mariadb.org/jira
The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
7、準備配置檔案、啟動指令碼,並啟動服務。
[root@centos8 /app/mysql]#cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
[root@centos8 /app/mysql]#cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@centos8 /app/mysql]#chkconfig --add mysqld
[root@centos8 /app/mysql]#service mysqld start
Starting mysqld (via systemctl): [ OK ]
8、安全初始化,設定root密碼,其他均選y,否則不用輸入密碼就可登入,還有其他安全隱患。
[root@centos8 ~]#mysql_secure_installation
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
9、登入資料庫,需要輸入賬號密碼才能登入。
[root@centos88 ~]#mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@centos88 ~]#mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 10.2.31-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]>