1、域名系统 DNS 1.1 名字解析介绍和DNS 当前TCP/IP网络中的设备之间进行通信,是利用和依赖于IP地址实现的。但数字形式的IP地址是很难记忆的。当网络设备众多,想要记住每个设备的
1、域名系统 DNS
1.1 名字解析介绍和DNS
当前TCP/IP网络中的设备之间进行通信,是利用和依赖于IP地址实现的。但数字形式的IP地址是很难记忆的。当网络设备众多,想要记住每个设备的IP地址,可以说是“不可能完成的任务”。那么如何解决这一难题呢?我们可以给每个网络设备起一个友好的名称,如:www.magedu.org,这种由文字组成的名称,显而易见要更容易记忆。但是计算机不会理解这种名称的,我们可以利用一种名字解析服务将名称转化成(解析)成IP地址。从而我们就可以利用名称来直接访问网络中设备了。除此之外还有一个重要功能,利用名称解析服务可以实现主机和IP的解耦,即:当主机IP变化时,只需要修改名称服务即可,用户仍可以通过原有的名称进行访问而不受影响。实现此服务的方法是多样的。如下面所述:本地名称解析配置文件:hostsLinux: /etc/hostswindows: %WINDIR%/system32/drivers/etc/hosts122.10.117.2 www.magedu.org93.46.8.89 www.google.comDNS:Domain Name System 域名系统,应用层协议,是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网基于C/S架构,服务器端:53/udp, 53/tcpBIND:Bekerley Internet Name Domain,由 ISC (www.isc.org)提供的DNS软件实现DNS域名结构
1.2 DNS工作原理
- 用户访问指定的域名时,将该请求发送给本地域名服务器,本地域名服务器先查看本机DNS缓存,看是否存在域名对应的ip地址缓存,如果存在相关记录则直接返回查询到的ip地址给用户。
- 如果本地缓存没有该记录,则本地域名服务器把请求发送给系统设置的根域名服务器,然后根域服务器再返回被本地域名服务器一个查询域(根域的一级子域)的主域名服务器地址。
- 本地服务器再向上一步返回的域名服务器发送请求,然后接受请求的服务器查询自己的缓存,如果没有该记录,则返回相关的下级(根域二级子域)域名服务器的地址
- 重复上一步的查询,直到找到正确的记录,用户通过获取到的ip地址进行访问,同时本地域名服务器把返回的结果保存到缓存,供下次访问使用。
1.3 DNS查询类型
递归查询: 最终结果,负责到底
迭代查询:最好结果,不负责到底
1.4 解析类型
- FQDN ---> IP正向解析
- IP ---> FQDN 反向解析
1.5 完整的查询请求经过的流程
Client --> hosts文件 --> Client DNS Service Local cache --> DNS Server(recursion递归) --> DNS Server Cache --> DNS iteration(迭代) --> 根 --> 顶级域名DNS --> 二级域名DNS...
1.6 配置DNS主从服务器
1.6.1 环境准备
需要4台主机
DNS主服务器: 10.0.0.8
DNS从服务器: 10.0.0.18
Web服务器: 10.0.0.7
DNS客户端: 10.0.0.6
关闭Selinux
关闭防火墙
时间同步
1.6.2 配置步骤
1.6.2.1 主DNS服务端配置
[root@dnsmaster ~]#yum install bind -y
[root@dnsmaster ~]#vim /etc/named.conf
#注释掉下面两行
options {
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#只允许从服务器进行区域传输
allow-transfer { 10.0.0.18;};
[root@dnsmaster ~]#vim /etc/named.rfc1912.zones
#加上这段
zone "magedu.org" IN {
type master;
file "magedu.org.zone";
};
[root@dnsmaster ~]#cp -p /var/named/named.localhost /var/named/magedu.org.zone
#如果没有 -p ,需要改权限, chgrp named magedu.org.zone
[root@dnsmaster ~]#ll /var/named/magedu.org.zone
-rw-r----- 1 root named 152 May 28 04:49 /var/named/magedu.org.zone
[root@dnsmaster ~]#vim /var/named/magedu.org.zone
$TTL 1D
@ IN SOA master admin.magedu.org. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.8
slave A 10.0.0.18
www IN CNAME websrv
websrv IN A 10.0.0.8
websrv IN A 10.0.0.18
[root@dnsmaster ~]#systemctl start named #第一次启动服务
[root@dnsmaster ~]#rndc reload #不是第一次启动服务
1.6.2.2 从DNS服务器配置
[root@dnsslave ~]#yum -y install bind
[root@dnsslave ~]#vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none;};
[root@dnsslave ~]#vim /etc/named.rfc1912.zones
#加上这段
zone "magedu.org" IN {
type slave;
masters { 10.0.0.8;};
file "slaves/magedu.org.slave"; };
[root@dnsslave ~]#systemctl status named #第一次启动
[root@dnssalve ~]#rndc reload #不是第一次启动
server reload successful
[root@dnssalve ~]#ls /var/named/slaves/magedu.org.slave #查看区域数据库文件是否生成
/var/named/slaves/magedu.org.slave
1.6.2.3 客户端测试主从DNS服务架构
[root@webclient ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33
DNS1="10.0.0.8"
DNS2="10.0.0.18"
[root@webclient ~]#cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.8
nameserver 10.0.0.18
#验证DNS服务器是否可以查询
[root@webclient ~]#yum -y install bind-utils Dig
[root@webclient ~]#dig www.magedu.org
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.magedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42729
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.magedu.org. IN A
;; ANSWER SECTION:
www.magedu.org. 86400 IN CNAME websrv.magedu.org.
websrv.magedu.org. 86400 IN A 10.0.0.18
websrv.magedu.org. 86400 IN A 10.0.0.8
;; AUTHORITY SECTION:
magedu.org. 86400 IN NS master.magedu.org.
magedu.org. 86400 IN NS slave.magedu.org.
;; ADDITIONAL SECTION:
master.magedu.org. 86400 IN A 10.0.0.8
slave.magedu.org. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Tue Jun 22 22:48:55 CST 2021
;; MSG SIZE rcvd: 169
#在主服务器上停止DNS服务
[root@dnsmaster ~]#systemctl stop named
#验证辅DNS服务器仍然可以查询
[root@webclient ~]#dig www.magedu.org
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.magedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31645
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.magedu.org. IN A
;; AUTHORITY SECTION:
magedu.org. 10800 IN SOA master.magedu.org. admin.magedu.org. 1 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 10.0.0.18#53(10.0.0.18)
;; WHEN: Tue Jun 22 23:03:01 CST 2021
;; MSG SIZE rcvd: 92
2、智能DNS相关技术
2.1 bind中ACL
ACL:把一个或多个地址归并为一个集合,并通过一个统一的名称调用
注意:只能先定义后使用;因此一般定义在配置文件中,处于options的前面
格式:
acl acl_name {
ip;
net/prelen;
……
};
#范例
acl bjnet {
172.16.0.0/16;
10.10.10.10;
};
2.2 bind有四个内置的acl
- none 没有一个主机
- any 任意主机
- localhost 本机
- localnet 本机的IP同掩码运算后得到的网络地址
2.3 访问控制的指令
- allow-query { }; 允许查询的主机,白名单
- allow-transfer { }; 允许区域传送的主机,白名单
- allow-recursion { }; 允许递归的主机,建议全局使用
- allow-update { }; 允许更新区域数据库中的内容
2.4 view 视图
2.4.1 视图:将ACL和区域数据库实现对应关系,以实现智能DNS
一个bind服务器可定义多个view,每个view中可定义一个或多个zone
每个view用来匹配一组客户端
多个view内可能需要对同一个区域进行解析,但使用不同的区域解析库文件
注意:
- 一旦启用了view,所有的zone都只能定义在view中
- 仅在允许递归请求的客户端所在view中定义根区域
- 客户端请求到达时,是自上而下检查每个view所服务的客户端列表
2.4.2 view 格式
view VIEW_NAME {
match_clients { bjnet ; };
zone "magedu.org" {
type master;
file "magedu.org.zone.bj";
};
include "/etc/named.rfc1912.zones";
};
view VIEW_NAME {
match_clinets { shnet; };
zone "magedu.org" {
type master;
file "magedu.org.zone.sh";
};
include "/etc/named.rfc1912.zones"
};
2.5 实例: 利用view实现智能 DNS
2.5.1 DNS服务器的网卡配置
#配置两个IP地址
#ens33: 10.0.0.8/24
#ens37: 192.168.233.8/24
[root@dnsmaster network-scripts]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:69:25:9d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::9c5c:b7f5:f8c5:58b2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:69:25:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.233.8/24 brd 192.168.233.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::50f2:1900:61d2:93d5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.5.2 主DNS服务端配置文件实现view
[root@CentOS8 ~]#vim /etc/named.conf
# 在文件最前面加下面行
acl bjnet {
192.168.233.0/24;
};
acl shnet {
10.0.0.0/24;
};
acl othernet {
any;
};
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#创建view
view bjview {
match-clients {bjnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shview {
match-clients {shnet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones.other";
};
2.5.3 实现区域配置文件
[root@CentOS8 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj
[root@CentOS8 ~]#chgrp named /etc/named.rfc1912.zones.bj
[root@CentOS8 ~]#cp -p /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh
[root@CentOS8 ~]#cp -p /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.other
[root@CentOS8 ~]#ll /etc/named.rfc1912.zones*
-rw-r----- 1 root named 1096 Jun 22 21:35 /etc/named.rfc1912.zones
-rw-r----- 1 root named 1208 Jun 26 23:13 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named 1208 Jun 26 23:13 /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1208 Jun 26 23:13 /etc/named.rfc1912.zones.sh
[root@CentOS8 ~]#vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" {
type master;
file "magedu.org.zone.bj";
};
[root@CentOS8 ~]#vim /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" {
type master;
file "magedu.org.zone.sh";
};
[root@CentOS8 ~]#vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.org" {
type master;
file "magedu.org.zone.other";
};
2.5.4 创建区域数据库文件
[root@CentOS8 named]#vim magedu.org.zone.bj
$TTL 1D
@ IN SOA master admin (
2021062701;
1D;
1H;
1W;
3H );
NS master
master A 10.0.0.8
www A 10.0.0.100
[root@CentOS8 named]#vim magedu.org.zone.sh
$TTL 1D
@ IN SOA master admin (
2021062701;
1D;
1H;
1W;
3H );
NS master
master A 10.0.0.8
www A 192.168.233.100
[root@CentOS8 named]#vim magedu.org.zone.other
$TTL 1D
@ IN SOA master admin (
2021062701;
1D;
1H;
1W;
3H );
NS master
master A 10.0.0.8
www A 127.0.0.1
[root@CentOS8 named]#systemctl stauts named
[root@CentOS8 named]#rndc reload
2.5.5 客户端验证
[root@client ~]#yum -y install bind-utils
[root@client ~]#host www.magedu.org 10.0.0.8
Using domain server:
Name: 10.0.0.8
Address: 10.0.0.8#53
Aliases:
www.magedu.org has address 192.168.233.100
[root@server1 ~]#host www.magedu.org 192.168.233.8
Using domain server:
Name: 192.168.233.8
Address: 192.168.233.8#53
Aliases:
www.magedu.org has address 10.0.0.100
[root@CentOS8 ~]#host www.magedu.org 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.magedu.org has address 127.0.0.1
3、编译、二进制安装MYSQL5.7
3.1 通用二进制格式安装 MYSQL
3.3.1 创建用户
[root@CentOS8 ~]#groupadd -r -g 306 mysql
[root@CentOS8 ~]#useradd -r -g 306 -u 306 -d /data/mysql mysql
3.3.2 安装相关包
[root@CentOS8 data]#yum -y install libaio numactl-libs
3.3.3 准备二进制程序文件
[root@CentOS8 src]#wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz
# 二进制安装文件必须解压到/usr/local
[root@CentOS8 src]#tar xf mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@CentOS8 src]#cd /usr/local/
[root@CentOS8 local]#ln -s mysql-5.7.33-linux-glibc2.12-x86_64/ mysql
[root@CentOS8 local]#chown -R root.root /usr/local/mysql
3.3.4 配置环境变量
[root@CentOS8 local]#echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@CentOS8 local]#. /etc/profile.d/mysql.sh
3.3.5 准备配置文件
[root@CentOS8 local]#vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
3.3.6 生成数据库文件,并提前root密码
[root@CentOS8 local]#mysqld --initialize --user=mysql --datadir=/data/mysql
[root@CentOS8 local]#grep password /data/mysql/mysql.log
或者
[root@CentOS8 local]#awk '/temporary password/{print $NF}' /data/mysql/mysql.log
-mYNGF8YiqJg
3.3.7 准备服务脚本和启动
[root@CentOS8 local]#cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@CentOS8 local]#chkconfig --add mysqld
[root@CentOS8 local]#service mysqld start
Starting MySQL. SUCCESS!
3.3.8 修改口令 ,并测试登录
[root@CentOS8 local]#mysqladmin -uroot -p'-mYNGF8YiqJg' password 123.com
[root@server1 local]#mysql -uroot -p123.com
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.33 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
3.3.9 设置开机启动
[root@server1 local]#vim /etc/rc.local
#添加下面内容
/etc/init.d/mysqld start
[root@server1 local]#chmod +x /etc/rc.local
3.2 源码编译安装MYSQL5.7
3.2.1 安装相关依赖包
[root@mysql-db ~]#yum -y install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
3.2.2 创建用户和数据目录
[root@mysql-db ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@mysql-db ~]#mkdir /data/mysql
[root@mysql-db ~]#chown mysql.mysql /data/mysql/
3.3.3 下载并解压缩源码包
[root@mysql-db src]#wget https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-5.7/mysql-boost-5.7.31.tar.gz
[root@mysql-db src]#tar zxvf mysql-boost-5.7.31.tar.gz
[root@mysql-db src]#cd mysql-5.7.31/
3.3.4 源码编译安装MYSQL5.7
[root@mysql-db mysql-5.7.31]#cmake -DCMAKE_INSTALL_PREFIX=/app/mysql -DMYSQL_DATADIR=/data/mysql/ -DSYSCONFDIR=/etc/ -DMYSQL_USER=mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_BOOST=boost
[root@mysql-db mysql-5.7.31]#make && make install
#编译安装完成后文件目录内容, 并修改用户组
[root@mysql-db mysql-5.7.31]#cd /app/mysql/
[root@mysql-db mysql]#ll
total 296
drwxr-xr-x 2 root root 4096 Jun 29 22:01 bin
drwxr-xr-x 2 root root 55 Jun 29 22:01 docs
drwxr-xr-x 3 root root 4096 Jun 29 22:01 include
drwxr-xr-x 4 root root 192 Jun 29 22:01 lib
-rw-r--r-- 1 root root 275393 Jun 2 2020 LICENSE
drwxr-xr-x 4 root root 30 Jun 29 22:01 man
drwxr-xr-x 10 root root 4096 Jun 29 22:01 mysql-test
-rw-r--r-- 1 root root 587 Jun 2 2020 README
-rw-r--r-- 1 root root 587 Jun 2 2020 README-test
drwxr-xr-x 28 root root 4096 Jun 29 22:01 share
drwxr-xr-x 2 root root 90 Jun 29 22:01 support-files
[root@mysql-db mysql]#chown -R mysql.mysql /app/mysql/
3.3.5 配置环境变量
[root@mysql-db mysql]#echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@mysql-db mysql]#. /etc/profile.d/mysql.sh
3.3.6 准备配置文件
[root@mysql-db mysql]#cp /etc/my.cnf{,.bak}
[root@mysql-db mysql]#vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
socket=/data/mysql/mysql.sock
[mysqld_safe]
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
3.3.7 生成数据库文件,并提取root密码
[root@mysql-db mysql]#mysqld --initialize --user=mysql --datadir=/data/mysql
...省略...
2021-06-29T14:38:20.823587Z 1 [Note] A temporary password is generated for root@localhost: Vwd*jkKMY4UB #生成的root密码
[root@mysql-db mysql]#grep password /data/mysql/mysql.log
[root@mysql-db mysql]#awk '/temporary password/{print $NF}' /data/mysql/mysql.log
Vwd*jkKMY4UB
3.3.8 准备服务脚本和启动
[root@mysql-db mysql]#cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@mysql-db mysql]#chkconfig --add mysqld
[root@mysql-db mysql]#service mysqld start
Starting MySQL. SUCCESS!
3.3.9 修改口令,并测试登录
[root@mysql-db bin]#mysqladmin -uroot -p'Vwd*jkKMY4UB' password 123.com
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@mysql-db bin]#mysql -uroot -p123.com
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.31 Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql> exit
Bye
3.3.10 设置开机启动
[root@mysql-db bin]#systemctl enable mysqld
mysqld.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig mysqld on