第十三周作业

1、简述DNS服务器原理，并搭建主-辅服务器。

DNS服务器原理：DNS是分布式的，将其网上的域名和IP地址相互映射的对应关系，其中DNS服务器监听在TCP的53端口和UDP的53端口，TCP53端口是用来主从服务器同步的（UDP的端口没有开启的话，也无法正常同步），UDP的53端口是用来查询的。其中在互联网中，主机通过配置的DNS服务器，其DNS服务器如果是转发的话，应该是通过迭代查询，先查根服务器（.），后查顶级域(.com、edu等)，后查下级域（baidu、taobao等）直到查到其Ａ记录，给主机，然后主机通过IP正常上网。

用户使用浏览器输入网址时域名解析过程：

1.客户访问时，先查自己的hosts文件，有则返回

2.客户hosts中没有就去查自己的缓存，有则返回

3.客户缓存没有就去找dns服务器

4.dns服务器先找根服务器获得顶级域服务器地址

5.dns服务器在找顶级域服务器去获得二级域服务器地址

6.dns服务器从二级域服务器获得最终的IP地址

7.客户端从dns服务器中得到IP地址

DNS区域数据库文件

资源记录(Resource Record)的类型有以下几个：

（1）SOA：起始授权记录，只能有一个，必须放在第一条

（2）NS：域名服务记录，其中一个为主，可以有多个

（3）A：IPv4地址记录

（4）AAAA：IPv6地址记录

（5）CNAME：别名记录

（6）PTR：反向解析记录

（7）MX：邮件交换器

搭建主辅DNS服务器：

环境说明：DNS主服务器：192.168.17.10

DNS辅服务器：192.168.17.11

DNS子域主服务器：192.168.17.12

1.设置主DNS服务器(ip:192.168.1710)

[root@centos7 ~]# yum -y install bind -y #安装bind

[root@centos7 ~]# yum -y install bind-utils -y #安装bind工具包

[root@centos7 ~]# systemctl start named #启动服务

[root@centos7 ~]# netstat -tunlp #查看状态

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1523/named

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1331/sshd

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1523/named

tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 1433/sshd

tcp 0 0 0.0.0.0:41958 0.0.0.0:* LISTEN 1158/rpc.statd

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1138/rpcbind

tcp 0 0 ::1:53 :::* LISTEN 1523/named

tcp 0 0 :::22 :::* LISTEN 1331/sshd

tcp 0 0 :::57752 :::* LISTEN 1158/rpc.statd

tcp 0 0 ::1:953 :::* LISTEN 1523/named

tcp 0 0 ::1:6010 :::* LISTEN 1433/sshd

tcp 0 0 :::111 :::* LISTEN 1138/rpcbind

udp 0 0 127.0.0.1:53 0.0.0.0:* 1523/named

udp 0 0 0.0.0.0:68 0.0.0.0:* 1028/dhclient

udp 0 0 0.0.0.0:111 0.0.0.0:* 1138/rpcbind

udp 0 0 0.0.0.0:889 0.0.0.0:* 1138/rpcbind

udp 0 0 0.0.0.0:57083 0.0.0.0:* 1158/rpc.statd

udp 0 0 127.0.0.1:914 0.0.0.0:* 1158/rpc.statd

udp 0 0 ::1:53 :::* 1523/named

udp 0 0 :::36455 :::* 1158/rpc.statd

udp 0 0 :::111 :::* 1138/rpcbind

udp 0 0 :::889 :::* 1138/rpcbind

#其中53端口被监听，953端口被rndc监听

配置环境：

[root@centos7 ~]# vim /etc/resolv.conf #修改DNS配置文件

nameserver 192.168.17.10

[root@centos7 ~]# vim /etc/named.conf

listen-on port 53 { 192.168.17.10; }; #修改监听通信地址IP

allow-query { any; }; #允许任何人连接，设置成any

dnssec-enable no;

dnssec-validation no; #关闭dnssec,设置为no

配置解析一个正向区域：

[root@centos7 ~]# vim /etc/named.rfc1912.zones

zone "test.com" IN {

type master; # 定义主类型

file "/var/namedtest.com.zone";

};

建立区域数据文件：

[root@centos7 ~]# vim /var/named/test.com.zone

$TTL 3600

$ORIGIN test.com. #补一个后缀

@ IN SOA ns1.test.com. dnsadmin.test.com. (

2018053101

10M

1D )

IN NS ns1 #前面有补后缀可以简写，否则写全称最后要有点号

IN MX 10 mx1

IN MX 20 mx2

ns1 IN A 192.168.17.10

MX1 IN A 192.168.17.21

MX2 IN A 192.168.17.22

www IN A 192.168.17.10

web IN CNAME www

bbs IN A 192.168.17.23

bbs IN A 192.168.17.24

修改权限，检测语法：

[root@centos7 ~]# chgrp named /var/named/test.com.zone

[root@centos7 ~]# chmod o= /var/named/test.com.zone #修改新键的区域数据文件权限

[root@centos7 named]# named-checkconf

[root@centos7 named]# named-checkzone test.com /var/named/test.com.zone

zone test.com/IN: loaded serial 2018053101

服务器重载配置文件和区域数据文件：

[root@centos7 named]# rndc status

number of zones: 101

[root@centos7 named]# rndc reload

server reload successful

[root@centos7 named]# rndc status

number of zones: 102

#查看状态可以看到重载后数字加1

DNS主服务器正向解析测试：

[root@centos7 ~]# dig -t -A www.test.com

;; Warning, ignoring invalid type -A

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t -A www.test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18274

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.test.com. IN A

;; ANSWER SECTION:

www.test.com. 3600 IN A 192.168.17.10

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 1 msec

;; SERVER: 192.168.10.10#53(192.168.17.10)

;; WHEN: Thu May 31 21:55:26 EDT 2018

;; MSG SIZE rcvd: 91

[root@centos7 named]# dig -t A web.test.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A web.test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65204

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;web.test.com. IN A

;; ANSWER SECTION:

web.test.com. 3600 IN CNAME www.test.com.

www.test.com. 3600 IN A 192.168.17.10

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 1 msec

;; SERVER: 192.168.10.10#53(192.168.17.10)

;; WHEN: Thu May 31 21:11:25 EDT 2018

;; MSG SIZE rcvd: 109

[root@centos7 ~]# host -t A bbs.test.com

bbs.test.com has address 192.168.17.23

bbs.test.com has address 192.168.17.24

[root@centos7 ~]# host -t A bbs.test.com

bbs.test.com has address 192.168.17.23

bbs.test.com has address 192.168.17.24

[root@centos7 ~]# host -t A bbs.test.com

bbs.test.com has address 192.168.17.24

bbs.test.com has address 192.168.17.23

配置解析一个反向区域：

[root@centos7 ~]# vim /etc/named.rfc1912.zones

zone "10.168.192.in-addr.arpa" IN {

type master;

file "192.168.10.zone";

};

建立反向区域数据文件:

[root@centos7 ~]# vim /var/named/192.168.17.zone

$TTL 3600

$ORIGIN 17.168.192.in-addr.arpa.

@ IN SOA ns1.test.com. nsadmin.test.com. (

2018060101

10M

12H )

IN NS ns1.test.com. #反向解析此处不能简写

10 IN PTR ns1.test.com.

21 IN PTR mx1.test.com.

22 IN PTR mx2.test.com.

23 IN PTR bbs.test.com.

24 IN PTR bbs.test.com.

10 IN PTR www.test.com.

修改反向区域文件权限，检测语法:

[root@centos7 named]# chgrp named /var/named/192.168.17.zone

[root@centos7 named]# chmod o= /var/named/192.168.17zone

[root@centos7 named]# named-checkconf

[root@centos7 named]# named-checkzone 17.168.192.in-addr.arpa /var/named/192.168.17.zone

zone 17.168.192.in-addr.arpa/IN: loaded serial 2018060101

重载配置文件和区域数据文件:

[root@centos7 named]# rndc status

number of zones: 102

[root@centos7 named]# rndc reload

server reload successful

[root@centos7 named]# rndc status

number of zones: 103

主服务器反向解析测试:

[root@centos7 named]# dig -x 192.168.17.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.17.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25958

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;17.17.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

10.17.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.

10.17.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

;; AUTHORITY SECTION:

17.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 1 msec

;; SERVER: 192.168.10.10#53(192.168.17.10)

;; WHEN: Thu May 31 22:26:03 EDT 2020

;; MSG SIZE rcvd: 129

（2）.设置辅DNS服务器(ip:192.168.17.11)

[root@centos7 ~]# yum -y install bind bind-utils

[root@centos7 ~]# systemctl start named.service

[root@centos7 ~]# vim /etc/resolv.conf

nameserver 192.168.17.11

[root@centos7 ~]# vim /etc/named.conf

listen-on port 53 { 192.168.17.11; };

allow-query { any; };

dnssec-enable no;

dnssec-validation no;

配置192.168.17.11辅服务器的正向区域

[root@centos7 ~]# vim /etc/named.rfc1912.zones

zone "test.com" IN { #正向区域

type slave;

file "slaves/test.com.zone"; #区域数据文件位置

masters { 192.168.17.10; }; #定义正向区域主服务器IP

};

[root@centos7 ~]# named-checkconf

来到192.168.1710主服务器上去配置文件

[root@centos7 ~]# vim /etc/named.rfc1912.zones

zone "test.com" IN { #正向区域

type slave;

file "slaves/test.com.zone"; #区域数据文件位置

masters { 192.168.17.10; }; #定义正向区域主服务器IP

};

[root@centos7 ~]# named-checkconf

[root@centos7 ~]# vim /var/named/test.com.zone

$TTL 3600

$ORIGIN test.com.

@ IN SOA ns1.test.com. dnsadmin.test.com. (

2018053102 #每次修改文件时手动加1，从服务器才会更新

10M

1D )

IN NS ns1

IN NS ns2 #增加A记录指向192.168.17.11辅服务器

IN MX 10 mx1

IN MX 20 mx2

ns1 IN A 192.168.17.10

ns2 IN A 192.168.17.11 #辅服务器IP

MX1 IN A 192.168.17.21

MX2 IN A 192.168.17.22

www IN A 192.168.17.10

web IN CNAME www

bbs IN A 192.168.17.23

bbs IN A 192.168.17.24

[root@centos7 ~]# named-checkzone test.com /var/named/test.com.zone

zone test.com/IN: loaded serial 2018053102

[root@centos7 ~]# rndc reload

server reload successful

[root@centos7 ~]# rndc status

server is up and running

#检测语法，检测状态都正常

来到192.168.17.11辅服务器

[root@centos7 slaves]# dig -t A www.test.com @192.168.17.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.17.11

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45851

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.test.com. IN A

;; ANSWER SECTION:

www.test.com. 3600 IN A 192.168.17.10

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns2.test.com.

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

ns2.test.com. 3600 IN A 192.168.17.11

;; Query time: 0 msec

;; SERVER: 192.168.10.11#53(192.168.17.11)

;; WHEN: Thu May 31 23:20:16 EDT 2018

;; MSG SIZE rcvd: 125

进一步对主辅服务器进行测试,来到192.168.17.10主服务器

[root@centos7 ~]# vim /var/named/test.com.zone

$TTL 3600

$ORIGIN test.com.

@ IN SOA ns1.test.com. dnsadmin.test.com. (

2018053103 #序列号加1

10M

1D )

IN NS ns1

IN NS ns2

IN MX 10 mx1

IN MX 20 mx2

ns1 IN A 192.168.17.10

ns2 IN A 192.168.17.11

MX1 IN A 192.168.17.21

MX2 IN A 192.168.17.22

www IN A 192.168.17.10

web IN CNAME www

bbs IN A 192.168.17.23

bbs IN A 192.168.17.24

pop3 IN A 192.168.17.25 #增加一条A记录

[root@centos7 ~]# rndc reload

server reload successful

#重载配置

来到192.168.17.11辅服务器

[root@centos7 ~]# systemctl status named.service

● named.service - Berkeley Internet Name Domain (DNS)

Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)

Active: active (running) since Thu 2018-05-31 22:38:36 EDT; 54min ago

Process: 1090 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)

Process: 1087 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Main PID: 1093 (named)

CGroup: /system.slice/named.service

└─1093 /usr/sbin/named -u named -c /etc/named.conf

May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053102

May 31 23:17:11 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.17.10#53: Transfer completed.../sec)

May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053102)

May 31 23:30:31 localhost.localdomain named[1093]: client 192.168.17.10#2372: received notify for zone 'test.com'

May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: refresh: unexpected rcode (REFUSED) from master 1....0#0)

May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: Transfer started.

May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.17.10#53: connected using 19...46792

May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053103

May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.17.10#53: Transfer completed.../sec)

May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053103)

Hint: Some lines were ellipsized, use -l to show in full.

#辅服务器不需要reload，此时看到自动更新到新序列号，文件也传输过来了

[root@centos7 ~]# dig -t A pop3.test.com @192.168.17.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.test.com @192.168.17.11

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24355

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;pop3.test.com. IN A

;; ANSWER SECTION:

pop3.test.com. 3600 IN A 192.168.17.25

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

test.com. 3600 IN NS ns2.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

ns2.test.com. 3600 IN A 192.168.17.11

;; Query time: 1 msec

;; SERVER: 192.168.17.11#53(192.168.17.11)

;; WHEN: Thu May 31 23:54:58 EDT 2018

;; MSG SIZE rcvd: 126

配置192.168.17.11辅服务器反向区域

[root@centos7 ~]# vim /etc/named.rfc1912.zones

zone "17.168.192.in-addr.arpa" IN {

type slave;

file "slaves/192.168.17.zone";

masters { 192.168.17.10; };

};

[root@centos7 ~]# named-checkconf

配置192.168.17.10主服务器反向区域的数据文件：

[root@centos7 ~]# vim /var/named/192.168.17.zone

$TTL 3600

$ORIGIN 17.168.192.in-addr.arpa.

@ IN SOA ns1.test.com. nsadmin.test.com. (

2018060102

10M

12H )

IN NS ns1.test.com.

IN NS ns2.test.com. #增加PTR记录指向192.168.17.11辅服务器

10 IN PTR ns1.test.com.

11 IN PTR ns2.test.com. #192.168.17.11辅服务器名称

21 IN PTR mx1.test.com.

22 IN PTR mx2.test.com.

23 IN PTR bbs.test.com.

24 IN PTR bbs.test.com.

10 IN PTR www.test.com.

[root@centos7 ~]# named-checkzone 17.168.192.in-addr.arpa /var/named/192.168.17.zone

zone 17.168.192.in-addr.arpa/IN: loaded serial 2018060102

[root@centos7 ~]# rndc reload

server reload successful

#检测语法，重载配置

来到192.168.17.11辅服务器

[root@centos7 ~]# rndc reload

server reload successful

[root@centos7 ~]# ll /var/named/slaves/

total 8

-rw-r--r-- 1 named named 600 Jun 1 02:23 192.168.17.zone

-rw-r--r-- 1 named named 574 Jun 1 02:10 test.com.zone

#反向区域的数据文件也已经同步过来

测试在192.168.17.11辅服务器反向解析IP

[root@centos7 ~]# dig -x 192.168.17.10 @192.168.17.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.17.10 @192.168.17.11

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50592

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;10.17.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

10.17.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.

10.17.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

;; AUTHORITY SECTION:

17.168.192.in-addr.arpa. 3600 IN NS ns2.test.com.

17.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

ns2.test.com. 3600 IN A 192.168.17.11

;; Query time: 1 msec

;; SERVER: 192.168.17.11#53(192.168.17.11)

;; WHEN: Fri Jun 01 02:25:17 EDT 2018

;; MSG SIZE rcvd: 163

进一步主辅同步测试，在192.168.17.10主中添加一条PTR

[root@centos7 ~]# vim /var/named/192.168.17.zone

$TTL 3600

$ORIGIN 17.168.192.in-addr.arpa.

@ IN SOA ns1.test.com. nsadmin.test.com. (

2018060103 #序列号加1

10M

12H )

IN NS ns1.test.com.

IN NS ns2.test.com.

10 IN PTR ns1.test.com.

11 IN PTR ns2.test.com.

21 IN PTR mx1.test.com.

22 IN PTR mx2.test.com.

23 IN PTR bbs.test.com.

24 IN PTR bbs.test.com.

10 IN PTR www.test.com.

25 IN PTR pop3.test.com. #增加一条RTR数据

[root@centos7 ~]# rndc reload

server reload successful

在192.168.17.11辅服务器测试

[root@centos7 ~]# dig -x 192.168.17.25 @192.168.17.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.17.25 @192.168.17.11

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35322

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;25.17.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

25.17.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.

;; AUTHORITY SECTION:

17.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.

17.168.192.in-addr.arpa. 3600 IN NS ns2.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

ns2.test.com. 3600 IN A 192.168.17.11

;; Query time: 1 msec

;; SERVER: 192.168.17.11#53(192.168.17.11)

;; WHEN: Fri Jun 01 02:36:48 EDT 2018

;; MSG SIZE rcvd: 150

手动测试区域传送功能

[root@centos7 ~]# dig -t axfr test.com @192.168.17.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.17.11

;; global options: +cmd

test.com. 3600 IN SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400

test.com. 3600 IN MX 10 mx1.test.com.

test.com. 3600 IN MX 20 mx2.test.com.

test.com. 3600 IN NS ns1.test.com.

test.com. 3600 IN NS ns2.test.com.

bbs.test.com. 3600 IN A 192.168.17.23

bbs.test.com. 3600 IN A 192.168.17.24

MX1.test.com. 3600 IN A 192.168.17.21

MX2.test.com. 3600 IN A 192.168.17.22

ns1.test.com. 3600 IN A 192.168.17.10

ns2.test.com. 3600 IN A 192.168.17.11

pop3.test.com. 3600 IN A 192.168.17.25

web.test.com. 3600 IN CNAME www.test.com.

www.test.com. 3600 IN A 192.168.17.10

test.com. 3600 IN SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400

;; Query time: 1 msec

;; SERVER: 192.168.17.11#53(192.168.17.11)

;; WHEN: Fri Jun 01 02:40:11 EDT 2018

;; XFR size: 15 records (messages 1, bytes 350)

[root@centos7 ~]# dig -t axfr 17.168.192.in-addr.arpa @192.168.17.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr 17.168.192.in-addr.arpa @192.168.17.10

;; global options: +cmd

17.168.192.in-addr.arpa. 3600 IN SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200

17.168.192.in-addr.arpa. 3600 IN NS ns1.test.com.

17.168.192.in-addr.arpa. 3600 IN NS ns2.test.com.

10.17.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.

10.17.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

11.17.168.192.in-addr.arpa. 3600 IN PTR ns2.test.com.

21.17.168.192.in-addr.arpa. 3600 IN PTR mx1.test.com.

22.17.168.192.in-addr.arpa. 3600 IN PTR mx2.test.com.

23.17.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.

24.17.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.

25.17.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.

17.168.192.in-addr.arpa. 3600 IN SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200

;; Query time: 2 msec

;; SERVER: 192.168.17.10#53(192.168.17.10)

;; WHEN: Fri Jun 01 02:42:53 EDT 2018

;; XFR size: 12 records (messages 1, bytes 319)

2、搭建并实现智能DNS。

要实现DNS服务器的智能解析，需要先理解一个概念：view

假如有台web主机，www.test.com是域名，它有两个IP，一个接内网IP为192.168.17.10，一个接外网IP为1.1.1.1。来自互联网的用户会解析成1.1.1.1，而来自内网的用户不需要解析成外网IP在连进来，只需要直接解析成内网IP192.168.17.10就可以了。这种根据客户端的不同来源将同一个主机解析成不同的结果，就叫做view。

修改主DNS的named.conf配置文件

[root@centos7 ~]# vim /etc/named.conf

options {

......

};

logging {

......

};

view internal {

match-clients { 192.168.17.11; }; #设置此IP解析成外网

zone "." IN {

type hint;

file "named.ca";

};

zone "test.com" IN {

type master;

file "test.com/internal";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

view external {

match-clients { any; };#除了上面的IP范围，其他所有IP解析成内网

zone "." IN {

type hint;

file "named.ca";

};

zone "test.com" IN {

type master;

file "test.com/external";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

建立两个正向区域数据文件

[root@centos7 ~]# vim /var/named/test.com/internal

$TTL 3600

$ORIGIN test.com.

@ IN SOA ns1.test.com. dnsadmin.test.com. (

2018053101

10M

1D )

IN NS ns1

ns1 IN A 192.168.17.10

www IN A 1.1.1.1

web IN CNAME www

bbs IN A 1.1.1.2

bbs IN A 1.1.1.3

[root@centos7 ~]# vim /var/named/test.com/external

$TTL 3600

$ORIGIN test.com.

@ IN SOA ns1.test.com. dnsadmin.test.com. (

2018053101

10M

1D )

IN NS ns1

ns1 IN A 192.168.17.10

www IN A 192.168.17.10

web IN CNAME www

bbs IN A 192.168.17.23

bbs IN A 192.168.17.24

检测语法并设置权限

[root@centos7 ~]# named-checkconf

[root@centos7 ~]# named-checkzone test.com /var/named/test.com/internal

zone test.com/IN: loaded serial 2018053101

[root@centos7 ~]# named-checkzone test.com /var/named/test.com/external

zone test.com/IN: loaded serial 2018053101

[root@centos7 ~]# chgrp named /var/named/test.com/{internal,external}

[root@centos7 ~]# chmod o= /var/named/test.com/{internal,external}

[root@centos7 ~]# rndc reload

server reload successful

用192.168.17.12进行解析，解析成内网IP

[root@centos7 ~]# dig -t A www.test.com @192.168.17.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.17.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47742

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.test.com. IN A

;; ANSWER SECTION:

www.test.com. 3600 IN A 192.168.17.10

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 2 msec

;; SERVER: 192.168.17.10#53(192.168.17.10)

;; WHEN: Sat Jun 02 02:45:02 EDT 2018

;; MSG SIZE rcvd: 91

[root@centos7 ~]# dig -t A bbs.test.com @192.168.17.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.17.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36168

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;bbs.test.com. IN A

;; ANSWER SECTION:

bbs.test.com. 3600 IN A 192.168.17.24

bbs.test.com. 3600 IN A 192.168.17.23

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 1 msec

;; SERVER: 192.168.10.10#53(192.168.17.10)

;; WHEN: Sat Jun 02 02:45:20 EDT 2018

;; MSG SIZE rcvd: 107

用192.168.10.11进行解析，解析成外网IP

[root@centos7 ~]# dig -t A www.test.com @192.168.17.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.17.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39708

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.test.com. IN A

;; ANSWER SECTION:

www.test.com. 3600 IN A 1.1.1.1

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 1 msec

;; SERVER: 192.168.10.10#53(192.168.17.10)

;; WHEN: Sat Jun 02 02:47:01 EDT 2018

;; MSG SIZE rcvd: 91

[root@centos7 ~]# dig -t A bbs.test.com @192.168.17.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.17.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44362

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;bbs.test.com. IN A

;; ANSWER SECTION:

bbs.test.com. 3600 IN A 1.1.1.2

bbs.test.com. 3600 IN A 1.1.1.3

;; AUTHORITY SECTION:

test.com. 3600 IN NS ns1.test.com.

;; ADDITIONAL SECTION:

ns1.test.com. 3600 IN A 192.168.17.10

;; Query time: 1 msec

;; SERVER: 192.168.10.10#53(192.168.17.10)

;; WHEN: Sat Jun 02 02:47:24 EDT 2018

;; MSG SIZE rcvd: 107

此时一个智能DNS服务器就搭建完成了，比如在我国应用比较多的场景是按照客户端的线路是电信线路还是网通线路，服务器自动解析成自己服务器上相对应的电信IP或者网通IP，从而使客户端和服务端连接在同一个运营商的线路上，获得最好的网速。

3、编译安装Mariadb，并启动后可以正常登录

[root@centos7 ~]#wget https://mariadb.org/download/ #官网下载Mariadb

[root@centos7 ~]#tar -xvzf mariadb-10.3.11.tar.gz #解压

现在提前预定安装目录为/usr/local/mysql并且数据目录为/data1/mysql，这里要建立用户和目录，并且赋予mysql用户权限，操作如下：（可自己定义）

[root@centos7 ~]#groupadd -r mysql

[root@centos7 ~]#useradd -g mysql -s /sbin/nologin mysql

[root@centos7 ~]#mkdir /usr/local/mysql

[root@centos7 ~]#mkdir -p /data1/mysql

[root@centos7 ~]#chown -R mysql:mysql /data1/mysql/

进入安装包路径下

[root@centos7 ~]#cd mariadb--10.3.11

cmake .

-DCMAKE_INSTALL_PREFIX=/usr/local/mysql #指定安装位置（可自定义）

-DMYSQL_DATADIR=/data1/mysql #指定数据目录（可自定义）

-DSYSCONFDIR=/etc #配置文件所在的目录（一般放在etc目录下）

-DWITHOUT_TOKUDB=1 #这个参数一般都要设置上，表示不安装tokudb引擎

-DWITH_INNOBASE_STORAGE_ENGINE=1

-DWITH_ARCHIVE_STPRAGE_ENGINE=1

-DWITH_BLACKHOLE_STORAGE_ENGINE=1

-DWIYH_READLINE=1 -DWIYH_SSL=system

-DVITH_ZLIB=system -DWITH_LOBWRAP=0

-DMYSQL_UNIX_ADDR=/tmp/mysql.sock

-DDEFAULT_CHARSET=utf8

-DDEFAULT_COLLATION=utf8_general_ci

#-DWITHOUT_TOKUDB=1这个参数一般都要设置上，表示不安装tokudb引擎，tokudb是MySQL中一款开源的存储引擎，可以管理大量数据并且有一些新的特性，这些是Innodb所不具备的，这里之所以不安装，是因为一般计算机默认是没有Percona Server的，并且加载tokudb还要依赖jemalloc内存优化，一般开发中也是不用tokudb的，所以暂时屏蔽掉，否则在系统中找不到依赖会出现：CMake Error at storage/tokudb/PerconaFT/cmake_modules/TokuSetupCompiler.cmake:179 (message)这样的错误

执行编译安装

make&&make install

解压完之后就可以进入mariadb的安装路径下执行以下命令进行授权和服务设置：

chown -R mysql:mysql .

scripts/mysql_install_db --datadir=/data1/mysql --user=mysql

chown -R root .

cp support-files/mysql.server /etc/init.d/mysqld

启动服务：

systemctl start mysqld.service

设置my.cnf文件

vim /etc/my.cnf

[mysqld]

datadir=/data1/mysql

socket=/tmp/mysql.sock #设为编译执行的本地socket

user=mysql

lower_case_table_names=1 #设置数据表大小写不敏感（值为0时大小写敏感）

MariaDB设置初始化密码及修改密码

[root@centos7 ~]# mysql

　　MariaDB[(none)]> UPDATE mysql.user SET password = PASSWORD(‘newpassword’) WHERE USER = ‘root’;

　　MariaDB[(none)]> FLUSH PRIVILEGES;

授权远程登陆

grant all privileges on *.* to '用户名'@'%' identified by '登录密码' with grant option；

flush privileges;