一、DNS介绍
DNS:Domain Name System 应用层协议
C/S架构,53/udp(对外服务), 53/tcp(区域传输)
DNS服务器实现:bind
1.1 DNS域名结构
- 根域
- 一级域名:Top Level Domain,简称tld
com, edu, mil, gov, net, org, int,arpa
三类:组织域、国家域(.cn, .ca, .hk, .tw)、反向域 - 二级域名
- 三级域名
- 最多127级域名
ICANN(The Internet Corporation for Assigned Names and Numbers)互联网名称与数字地址分配机构,负责在全球范围内对互联网通用顶级域名(gTLD)以及国家和地区顶级域名(ccTLD)系统的管理、以及根服务器系统的管理。
域名结构拓扑图
1.2 DNS解析工作原理
DNS查询类型:
递归查询
迭代查询
解析类型:
FQDN --> IP(正向)
IP --> FQDN(反向)
- 一次完整的查询请求经过的流程
Client -->hosts文件 -->DNS Service Local Cache --> DNS Server (递归) --> Server Cache --> 迭代 --> 根--> 顶级域名DNS-->二级域名DNS…
1.3 DNS配置
1.3.1 资源记录
- 区域解析库:由众多RR组成:
资源记录:Resource Record, RR
记录类型:A, AAAA, PTR, SOA, NS, CNAME, MX - SOA:Start Of Authority,起始授权记录;一个区域解析库有且仅能有一个SOA记录,必须位于解析库的第一条记录
- A:internet Address,作用,FQDN --> IP
- AAAA:FQDN --> IPv6
- PTR:PoinTeR,IP --> FQDN
- NS:Name Server,专用于标明当前区域的DNS服务器
- CNAME : Canonical Name,别名记录
- MX:Mail eXchanger,邮件交换器
- TXT:对域名进行标识和说明的一种方式,一般做验证记录时会使用此项,如:SPF(反垃圾邮件)记录,https验证等
资源记录定义的格式:
语法:name [TTL] IN rr_type value
注意:
- TTL可从全局继承
- @可用于引用当前区域的名字
- 同一个名字可以通过多条记录定义多个不同的值;此时DNS服务器会以轮询方式响应
- 同一个值也可能有多个不同的定义名字;通过多个不同的名字指向同一个值进行定义;此仅表示通过多个不同的名字可以找到同一个主机
1.3.2 搭建主-辅DNS服务器
主节点:
- 安装软件包
yum -y install bind
- 定义主区域
vi /etc/named.conf #编辑主配置文件
在第11行首加上//注释符
在第21行首加上//注释符
修改效果:
//监听所有ip地址 listen-on port 53 { 127.0.0.1; };
//允许来自所有主机的查询 allow-query { localhost; };
vi /etc/named.rfc1912.zones #添加如下内容:
zone "zxh.cn" IN {
type master;
file "zxh.cn.zone";
};
- 创建主区域数据文件
cd /var/named
vi zxh.cn.zone
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
NS ns1
ns1 A 172.16.77.131
www A 172.16.77.131
- 启动服务
systemctl start named
备节点:
- 安装软件包
yum -y install bind
- 定义从区域
vi /etc/named.conf #编辑主配置文件
在第11行首加上//注释符
在第21行首加上//注释符
修改效果:
//监听所有ip地址 listen-on port 53 { 127.0.0.1; };
//允许来自所有主机的查询 allow-query { localhost; };
vi /etc/named.rfc1912.zones #添加如下内容:
zone "zxh.cn" IN {
type slave;
masters {172.16.77.131;};
file "slaves/zxh.cn.zone";
};
- 启动服务,同步主节点区域数据文件
systemctl start named
立即同步需更新主节点区域数据文件定义的序列号,由1变成2:
vi /var/named/zxh.cn.zone
$TTL 1D
@ IN SOA zxh root (2 1H 1H 1D 3H)
NS ns1
ns1 A 172.16.77.131
www A 172.16.77.131
systemctl restart named ##主从节点都重启服务
- 测试
准备一台客户端测试机器,编辑解析器文件内容,指向主从DNS服务器地址:
vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.16.77.131
nameserver 172.16.77.132
dig www.zxh.cn ##通过命令进行解测试,能够正常返回解析结果
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25172
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.cn. IN A
;; ANSWER SECTION:
www.zxh.cn. 86400 IN A 172.16.77.131
;; AUTHORITY SECTION:
zxh.cn. 86400 IN NS ns1.zxh.cn.
;; ADDITIONAL SECTION:
ns1.zxh.cn. 86400 IN A 172.16.77.131
;; Query time: 0 msec
;; SERVER: 172.16.77.131#53(172.16.77.131)
;; WHEN: Sun Jul 05 22:59:55 CST 2020
;; MSG SIZE rcvd: 89
模拟主节点服务停机,再次进行测试:
systemctl stop named ##在主节点上执行
rndc flush
dig www.zxh.cn
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48532
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.cn. IN A
;; ANSWER SECTION:
www.zxh.cn. 86400 IN A 172.16.77.131
;; AUTHORITY SECTION:
zxh.cn. 86400 IN NS ns1.zxh.cn.
;; ADDITIONAL SECTION:
ns1.zxh.cn. 86400 IN A 172.16.77.131
;; Query time: 0 msec
;; SERVER: 172.16.77.132#53(172.16.77.132)
;; WHEN: Sun Jul 05 23:02:34 CST 2020
;; MSG SIZE rcvd: 89
从以上实验过程中能够看到主从DNS服务器已搭建成功,基本测试通过。
1.3.3 搭建实现智能DNS服务器
view:视图:实现智能DNS
- 一个bind服务器可定义多个view,每个view中可定义一个或多个zone
- 每个view用来匹配一组客户端
- 多个view内可能需要对同一个区域进行解析,但使用不同的区域解析库文件
示例:将匹配用户最佳接入IP地址的DNS请求定向到最近服务节点(北京、上海、其它地区)
- 编辑主配置文件/etc/named.conf,添加和修改如下内容:
acl beijingnet { 172.16.77.0/24; }; //定义北京地区用户网段
acl shanghainet { 192.168.75.0/24; }; //定义上海地区用户网段
acl othersnet { any;}; //定义其它地区用户网段
//定义3个地区视图并与进行匹配用户网段关联
view bj_view {
match-clients { beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view sh_view {
match-clients { shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view ot_view {
match-clients { othersnet;};
include "/etc/named.rfc1912.zones";
};
- 定义主区域
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj #创建北京区域定义文件
vi /etc/named.rfc1912.zones.bj #添加如下内容
zone "zxh.com" IN {
type master;
file "zxh.com.zone.bj";
};
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh #创建上海区域定义文件
vi /etc/named.rfc1912.zones.bj #添加如下内容
zone "zxh.com" IN {
type master;
file "zxh.com.zone.sh";
};
vi /etc/named.rfc1912.zones.bj #编辑其它区域定义文件,添加如下内容
zone "zxh.com" IN {
type master;
file "zxh.com.zone.others";
};
- 创建区域数据文件
cp -p named.localhost zxh.com.zone.bj #创建北京区域数据文件
vi /var/named/zxh.com.zone.bj #添加如下内容
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
NS ns1
ns1 A 172.16.77.131
www A 172.16.77.132
cp -p named.localhost zxh.com.zone.sh #创建上海区域数据文件
vi /var/named/zxh.com.zone.sh #添加如下内容
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.75.132
www A 192.168.75.131
cp -p named.localhost zxh.com.zone.others #创建其它区域数据文件
vi /var/named/zxh.com.zone.others #添加如下内容
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
NS ns1
ns1 A 172.16.77.132
www A 172.16.77.132
- 重启服务,使更改生效
systemctl restart named
- 测试
dig www.zxh.com @172.16.77.131 #模拟北京地区用户发起DNS请求
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.com @172.16.77.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40582
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.com. IN A
;; ANSWER SECTION:
www.zxh.com. 86400 IN A 172.16.77.132
;; AUTHORITY SECTION:
zxh.com. 86400 IN NS ns1.zxh.com.
;; ADDITIONAL SECTION:
ns1.zxh.com. 86400 IN A 172.16.77.131
;; Query time: 0 msec
;; SERVER: 172.16.77.131#53(172.16.77.131)
;; WHEN: Sun Jul 05 23:35:02 CST 2020
;; MSG SIZE rcvd: 90
dig www.zxh.com @192.168.75.131 #模拟上海地区用户发起DNS请求
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.com @192.168.75.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54160
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.com. IN A
;; ANSWER SECTION:
www.zxh.com. 86400 IN A 192.168.75.131
;; AUTHORITY SECTION:
zxh.com. 86400 IN NS ns1.zxh.com.
;; ADDITIONAL SECTION:
ns1.zxh.com. 86400 IN A 192.168.75.132
;; Query time: 0 msec
;; SERVER: 192.168.75.131#53(192.168.75.131)
;; WHEN: Sun Jul 05 23:36:47 CST 2020
;; MSG SIZE rcvd: 90
dig www.zxh.com @localhost #模拟其它地区用户发起DNS请求
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12232
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.com. IN A
;; ANSWER SECTION:
www.zxh.com. 86400 IN A 172.16.77.132
;; AUTHORITY SECTION:
zxh.com. 86400 IN NS ns1.zxh.com.
;; ADDITIONAL SECTION:
ns1.zxh.com. 86400 IN A 172.16.77.132
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sun Jul 05 23:37:38 CST 2020
;; MSG SIZE rcvd: 90
从以上实验过程中能够看到智能DNS服务器已搭建成功,基本测试通过。
二、MySQL介绍
MySQL是一款常见的关系型数据库管理系统。
版本演变:
MySQL:5.1 --> 5.5 --> 5.6 --> 5.7 -->8.0
MariaDB:5.5 -->10.0--> 10.1 --> 10.2 --> 10.3
2.1 MySQL特点
采用插件式存储引擎:也称为“表类型”,存储管理器有多种实现版本,功能和特性可能均略有差别;用户可根据需要灵活选择,Mysql5.5.5版本开始innoDB引擎是MYSQL默认引擎
MyISAM ==> Aria
InnoDB ==> XtraDB
- 单进程,多线程
- 诸多扩展和新特性
- 提供了较多测试组件
- 开源
2.2 Mariadb安装及登录
- 安装依赖软件包
yum -y install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
- 准备运行用户及数据目录
useradd -r -s /sbin/nologin -d /data/mysql/ mysql
mkdir /data/mysql
chown mysql.mysql /data/mysql
- 编译安装
tar xvf mariadb-10.2.18.tar.gz
cd mariadb-10.2.18/
cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
make && make install
- 准备环境变量
echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
. /etc/profile.d/mysql.sh
- 生成数据库文件
cd /app/mysql/
scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
- 准备配置文件
cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
- 准备启动脚本
cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
- 启动服务
chkconfig --add mysqld;service mysqld start
- 执行安全设置初始化脚本
cd scripts/
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] y #是否改变数据库管理员root口令
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y #是否移除匿名账号
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y #是否禁止root远程登录
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y #是否删除测试数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y #刷新权限表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
- 测试登录
mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.2.25-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
