dns主从配置
1.dns工作原理
image.png
2.搭建dns主从服务器架构
- 实验环境
dns 主server ip:172.16.2.131 centos7.6 bind
dns 从server ip:172.16.2.132 centos7.6 bind
web server ip:172.16.2.135 centos8.1 httpd
dns client ip:172.16.2.134
- web server配置
[root@centos8-node1 ~]# dnf install -y httpd //安装http服务
[root@centos8-node1 html]#vim /var/www/html/index.html //修改主页文件
www.test.com on 2.135
[root@centos8-node1 html]# systemctl start httpd //启动服务
- 主dns配置
[root@node1 ~]# yum install bind bind-utils -y //安装bind服务
[root@node1 ~]# vim /etc/named.conf //编辑配置文件
options {
// listen-on port 53 { 127.0.0.1; }; //注释掉此项
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; //注释掉此项
allow-transfer { 172.16.2.132; }; //加上此参数,允许从服务器通信
[root@node1 ~]# vim /etc/named.rfc1912.zones //添加域名
zone "test.com" IN {
type master;
file "test.com.zone";
}; //加入test域名,设为主服务器,指定解析文件地址
[root@node1 ~]# vim /var/named/test.com.zone //添加具体地址解析记录
$TTL 86400
@ IN SOA dns1 admin ( 1 1H 5M 7D 1D )
IN NS dns1
IN NS dns2
dns1 IN A 172.16.2.131
dns2 IN A 172.16.2.132
www IN A 172.16.2.135
[root@node1 named]# chmod 640 test.com.zone //修改文件权限
[root@node1 named]# chgrp named test.com.zone //修改属组,如不修改会造成服务无法读取此文件
[root@node1 ~]# named-checkconf //检查配置
[root@node1 ~]# named-checkzone "test.com" /var/named/test.com.zone //检查地址解析文件配置
zone test.com/IN: loaded serial 1
OK
[root@node1 ~]# systemctl start named //启动服务
- 在client端测试主服务器是否生效
[root@centos6 ~]# dig www.test.com @172.16.2.131 //使用dig命令 指定主服务器ip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> www.test.com @172.16.2.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41149
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 172.16.2.135 // 查询成功
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns2.test.com.
test.com. 86400 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 86400 IN A 172.16.2.131
dns2.test.com. 86400 IN A 172.16.2.132
;; Query time: 1 msec
;; SERVER: 172.16.2.131#53(172.16.2.131)
;; WHEN: Fri Mar 27 17:18:23 2020
;; MSG SIZE rcvd: 116
- 从dns服务器配置
[root@node2 slaves]# yum install -y bind //安装服务
[root@node2 slaves]# vim /etc/named.conf //修改配置文件
options {
// listen-on port 53 { 127.0.0.1; }; //注释掉此项
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; }; //注释掉此项
allow-transfer {none;}; //添加此参数,不允许其他服务器连接
/*
[root@node2 slaves]# vim /etc/named.rfc1912.zones //添加域名
zone "test.com" IN {
type slave;
masters { 172.16.2.131;};
file "slaves/test.com.zone"; //加入test域名,设为从服务器,指定主服务器地址,指定解析文件地址
};
[root@node2 slaves]# systemctl strat named //启动服务
[root@node2 slaves]# ll /var/named/slaves/ //查看解析文件是否已同步
total 4
-rw-r--r--. 1 named named 293 Mar 27 17:59 test.com.zone
- 在client端测试从服务器
[root@centos6 ~]# dig www.test.com @172.16.2.132
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> www.test.com @172.16.2.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11881
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 172.16.2.135 //查询成功
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns2.test.com.
test.com. 86400 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 86400 IN A 172.16.2.131
dns2.test.com. 86400 IN A 172.16.2.132
;; Query time: 2 msec
;; SERVER: 172.16.2.132#53(172.16.2.132)
;; WHEN: Fri Mar 27 18:04:03 2020
;; MSG SIZE rcvd: 116
- client端测试是否通过域名访问网页
[root@centos6 ~]# cat /etc/resolv.conf //客户端修改dns地址
# Generated by NetworkManager
search localdomain
nameserver 172.16.2.131
nameserver 172.16.2.132
[root@centos6 ~]# curl www.test.com //可以通过域名访问网页
www.test.com on 2.135
搭建智能dns
- 实验规划:
在dns上配置三个acl分别为test1,test2,test3,匹配地址172.16.2.132 172.16.2.134 及余下其他地址,通过view和acl的绑定来实现以下智能功能:
(1)让来自172.16.2.132的关于www.test.com的dns解析,解析成1.1.1.1
(2)让来自172.16.2.134的关于www.test.com的dns解析,解析成2.2.2.2
(3)让其余地址的关于www.test.com的dns解析,解析成3.3.3.3 - 2.实验环境:
(1)dns server ip:172.16.2.131 os: centos 7.6 安装 bind
(2)dns client 1 ip:172.16.2.132
(3)dns client 2 ip:172.16.2.134
(4)dns client 3 ip:172.16.2.135 - 服务器配置
[root@node1 named]# vim /etc/named.conf //修改配置文件,添加以下内容
acl test1 {
172.16.2.132;
};
acl test2 {
172.16.2.134;
};
acl test3 {
any;
};
//添加三个acl 匹配三个地址
view viewtest1{
match-clients{test1;};
include "/etc/named.rfc1912.zones.test1";
};
view viewtest2{
match-clients{test2;};
include "/etc/named.rfc1912.zones.test2";
};
view viewtest3{
match-clients{test3;};
include "/etc/named.rfc1912.zones.test3";
};
//添加三个view,匹配三个acl及区域文件
ps:一旦启用了view,所有的zone都只能定义在view中
[root@node1 named]# cp -a /etc/named.rfc1912.zones /etc/named.rfc1912.zones.test1 //复制三份区域文件,此处应使用-a选项,保证权限及属组正确
[root@node1 named]# cp -a /etc/named.rfc1912.zones /etc/named.rfc1912.zones.test2
[root@node1 named]# cp -a /etc/named.rfc1912.zones /etc/named.rfc1912.zones.test3
[root@node1 etc]# vim named.rfc1912.zones.test1 // 修改成不同的地址解析文件
zone "test.com" IN {
type master;
file "test.com.zone1";
[root@node1 etc]# vim named.rfc1912.zones.test2
zone "test.com" IN {
type master;
file "test.com.zone2";
[root@node1 etc]# vim named.rfc1912.zones.test3
zone "test.com" IN {
type master;
file "test.com.zone3";
[root@node1 named]# cp -a test.com.zone test.com.zone1 //复制三份地址解析文件,此处应使用-a选项,保证权限及属组正确
[root@node1 named]# cp -a test.com.zone test.com.zone2
[root@node1 named]# cp -a test.com.zone test.com.zone3
[root@node1 named]# vim test.com.zone1
$TTL 86400
@ IN SOA dns1 admin ( 1 1H 5M 7D 1D )
IN NS dns1
dns1 IN A 172.16.2.131
www IN A 1.1.1.1 //相同主机,修改成不同ip
[root@node1 named]# vim test.com.zone2
$TTL 86400
@ IN SOA dns1 admin ( 1 1H 5M 7D 1D )
IN NS dns1
dns1 IN A 172.16.2.131
www IN A 2.2.2.2 //相同主机,修改成不同ip
[root@node1 named]# vim test.com.zone3
$TTL 86400
@ IN SOA dns1 admin ( 1 1H 5M 7D 1D )
IN NS dns1
dns1 IN A 172.16.2.131
www IN A 3.3.3.3 //相同主机,修改成不同ip
[root@node1 etc]# systemctl restart named //重启dns服务
- 在client1上测试
[root@node2 slaves]# dig www.test.com @172.16.2.131
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.test.com @172.16.2.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36952
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 1.1.1.1 //已解析成1.1.1.1
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 86400 IN A 172.16.2.131
;; Query time: 0 msec
;; SERVER: 172.16.2.131#53(172.16.2.131)
;; WHEN: Sat Mar 28 00:00:01 CST 2020
;; MSG SIZE rcvd: 92
- 在client2上测试
[root@centos6 ~]# dig www.test.com @172.16.2.131
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> www.test.com @172.16.2.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48181
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 2.2.2.2 //已解析成2.2.2.2
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 86400 IN A 172.16.2.131
;; Query time: 0 msec
;; SERVER: 172.16.2.131#53(172.16.2.131)
;; WHEN: Sat Mar 28 00:13:07 2020
;; MSG SIZE rcvd: 81
- 在client3上测试
[root@centos8-node1 html]# dig www.test.com @172.16.2.131
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.test.com @172.16.2.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32010
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5d338667549070f470aceaf25e7e2530a15a44ce454b533b (good)
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 3.3.3.3 //已解析成3.3.3.3
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 86400 IN A 172.16.2.131
;; Query time: 0 msec
;; SERVER: 172.16.2.131#53(172.16.2.131)
;; WHEN: Sat Mar 28 00:14:18 CST 2020
;; MSG SIZE rcvd: 120
编译安装MariaDB
- 创建数据库目录
[root@node2 ~]# mkdir -p /data/mysql
- 创建mysql用户,设置为系统用户,指定家目录为刚生成的数据库目录
[root@node2 ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql
- 修改数据库目录的属主、属组
[root@node2 ~]# chown mysql:mysql /data/mysql
- 安装编译所需要的软件
[root@node2 ~]#yum install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel libdb-cxx-devel
- 解压缩源文件
[root@node2 ~]# tar -xvf mariadb-10.4.12.tar.gz
- 执行cmake
[root@node2 mariadb-10.4.12]# cd mariadb-10.4.12/
[root@node2 mariadb-10.4.12]# cmake . -DCMAKE_INSTALL_PREFIX=/app/mysql -DMYSQL_DATADIR=/data/mysql/ -DSYSCONFDIR=/etc/ -DMYSQL_USER=mysql -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITHOUT_MROONGA_STORAGE_ENGINE=1 -DWITH_DEBUG=0 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DENABLED_LOCAL_INFILE=1 -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci
- 执行编译
[root@node2 mariadb-10.4.12]# make -j 2 && make install
- 编译完成后,查看生成的程序文件
[root@node2 mysql]# ll /app/mysql/
总用量 176
drwxr-xr-x. 2 root root 4096 3月 30 23:21 bin
-rw-r--r--. 1 root root 17987 1月 27 04:43 COPYING
-rw-r--r--. 1 root root 2354 1月 27 04:43 CREDITS
drwxr-xr-x. 3 root root 18 3月 30 23:20 data
drwxr-xr-x. 2 root root 81 3月 30 23:20 docs
-rw-r--r--. 1 root root 8245 1月 27 04:43 EXCEPTIONS-CLIENT
drwxr-xr-x. 3 root root 19 3月 30 23:19 include
-rw-r--r--. 1 root root 8779 1月 27 04:43 INSTALL-BINARY
drwxr-xr-x. 4 root root 235 3月 30 23:20 lib
drwxr-xr-x. 4 root root 30 3月 30 23:21 man
drwxrwxr-x. 9 root root 4096 3月 30 23:21 mysql-test
-rw-r--r--. 1 root root 3102 1月 27 04:43 README.md
-rw-r--r--. 1 root root 19520 1月 27 04:43 README-wsrep
drwxr-xr-x. 2 root root 56 3月 30 23:21 scripts
drwxr-xr-x. 29 root root 4096 3月 30 23:21 share
drwxr-xr-x. 4 root root 4096 3月 30 23:21 sql-bench
drwxr-xr-x. 3 root root 165 3月 30 23:21 support-files
-rw-r--r--. 1 root root 86263 1月 27 04:43 THIRDPARTY
- 设置环境变量
[root@node2 mysql]# echo "PATH=/app/mysql/bin:$PATH" > /etc/profile.d/mysql.sh
[root@node2 mysql]# . /etc/profile.d/mysql.sh
- 利用脚本生成数据库
[root@node2 mysql]# cd /app/mysql/
[root@node2 mysql]# scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
- 设置配置文件,指定数据库位置 (10.3以后版本无需至support-files文件夹中复制配置文件,配置文件已直接复制进etc目录中)
[root@node2 my.cnf.d]# vim /etc/my.cnf
datadir=/data/mysql
socket=/data/mysql/mysql.sock
- 生成启动脚本
[root@node2 mariadb-10.4.12]# cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@node2 mariadb-10.4.12]# chkconfig --add mysqld
[root@node2 mariadb-10.4.12]# systemctl daemon-reload
- 启动服务
[root@node2 mariadb-10.4.12]# service mysqld start
- 查看3306端口是否监听
[root@node2 mariadb-10.4.12]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 10 172.16.2.132:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:953 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 80 :::3306 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 10 ::1:53 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:953 :::*
LISTEN 0 100 ::1:25 :::*
- 尝试登陆mysql
[root@node2 mariadb-10.4.12]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.4.12-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
- 执行mysql安全初始化
[root@node2 mariadb-10.4.12]# mysql_secure_installation
