十三、DNS服務(wù)及Mariadb安裝

一、DNS介紹

???????DNS:Domain Name System 應(yīng)用層協(xié)議
???????C/S架構(gòu),53/udp(對外服務(wù)), 53/tcp(區(qū)域傳輸)

???????DNS服務(wù)器實(shí)現(xiàn):bind

1.1 DNS域名結(jié)構(gòu)

  • 根域
  • 一級域名:Top Level Domain,簡稱tld
    com, edu, mil, gov, net, org, int,arpa
    三類:組織域、國家域(.cn, .ca, .hk, .tw)、反向域
  • 二級域名
  • 三級域名
  • 最多127級域名

ICANN(The Internet Corporation for Assigned Names and Numbers)互聯(lián)網(wǎng)名稱與數(shù)字地址分配機(jī)構(gòu),負(fù)責(zé)在全球范圍內(nèi)對互聯(lián)網(wǎng)通用頂級域名(gTLD)以及國家和地區(qū)頂級域名(ccTLD)系統(tǒng)的管理、以及根服務(wù)器系統(tǒng)的管理。


域名結(jié)構(gòu)拓?fù)鋱D

1.2 DNS解析工作原理

DNS查詢類型:
遞歸查詢
迭代查詢
解析類型:
FQDN --> IP(正向)
IP --> FQDN(反向)

  • 一次完整的查詢請求經(jīng)過的流程
    Client -->hosts文件 -->DNS Service Local Cache --> DNS Server (遞歸) --> Server Cache --> 迭代 --> 根--> 頂級域名DNS-->二級域名DNS…

1.3 DNS配置

1.3.1 資源記錄

  • 區(qū)域解析庫:由眾多RR組成:
    資源記錄:Resource Record, RR
    記錄類型:A, AAAA, PTR, SOA, NS, CNAME, MX
  • SOA:Start Of Authority,起始授權(quán)記錄;一個(gè)區(qū)域解析庫有且僅能有一個(gè)SOA記錄,必須位于解析庫的第一條記錄
  • A:internet Address,作用,F(xiàn)QDN --> IP
  • AAAA:FQDN --> IPv6
  • PTR:PoinTeR,IP --> FQDN
  • NS:Name Server,專用于標(biāo)明當(dāng)前區(qū)域的DNS服務(wù)器
  • CNAME : Canonical Name,別名記錄
  • MX:Mail eXchanger,郵件交換器
  • TXT:對域名進(jìn)行標(biāo)識和說明的一種方式,一般做驗(yàn)證記錄時(shí)會使用此項(xiàng),如:SPF(反垃圾郵件)記錄,https驗(yàn)證等

資源記錄定義的格式:
語法:name [TTL] IN rr_type value
注意:

  1. TTL可從全局繼承
  2. @可用于引用當(dāng)前區(qū)域的名字
  3. 同一個(gè)名字可以通過多條記錄定義多個(gè)不同的值;此時(shí)DNS服務(wù)器會以輪詢方式響應(yīng)
  4. 同一個(gè)值也可能有多個(gè)不同的定義名字;通過多個(gè)不同的名字指向同一個(gè)值進(jìn)行定義;此僅表示通過多個(gè)不同的名字可以找到同一個(gè)主機(jī)

1.3.2 搭建主-輔DNS服務(wù)器

主節(jié)點(diǎn):

  • 安裝軟件包
yum -y install bind
  • 定義主區(qū)域
vi /etc/named.conf #編輯主配置文件
在第11行首加上//注釋符
在第21行首加上//注釋符
修改效果:
//監(jiān)聽所有ip地址      listen-on port 53 { 127.0.0.1; };
//允許來自所有主機(jī)的查詢      allow-query     { localhost; };

vi /etc/named.rfc1912.zones #添加如下內(nèi)容:
zone "zxh.cn" IN {
        type master;
        file "zxh.cn.zone";
};
  • 創(chuàng)建主區(qū)域數(shù)據(jù)文件
cd /var/named
vi zxh.cn.zone
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
        NS ns1
ns1 A 172.16.77.131
www A 172.16.77.131
  • 啟動服務(wù)
systemctl start named

備節(jié)點(diǎn):

  • 安裝軟件包
yum -y install bind
  • 定義從區(qū)域
vi /etc/named.conf #編輯主配置文件
在第11行首加上//注釋符
在第21行首加上//注釋符
修改效果:
//監(jiān)聽所有ip地址      listen-on port 53 { 127.0.0.1; };
//允許來自所有主機(jī)的查詢      allow-query     { localhost; };

vi /etc/named.rfc1912.zones #添加如下內(nèi)容:
zone "zxh.cn" IN {
        type slave;
        masters {172.16.77.131;};
        file "slaves/zxh.cn.zone";
};
  • 啟動服務(wù),同步主節(jié)點(diǎn)區(qū)域數(shù)據(jù)文件
systemctl start named

立即同步需更新主節(jié)點(diǎn)區(qū)域數(shù)據(jù)文件定義的序列號,由1變成2:
vi /var/named/zxh.cn.zone
$TTL 1D
@ IN SOA zxh root (2 1H 1H 1D 3H)
        NS ns1
ns1 A 172.16.77.131
www A 172.16.77.131

systemctl restart named  ##主從節(jié)點(diǎn)都重啟服務(wù)
  • 測試
準(zhǔn)備一臺客戶端測試機(jī)器,編輯解析器文件內(nèi)容,指向主從DNS服務(wù)器地址:
vi /etc/resolv.conf 
# Generated by NetworkManager
nameserver 172.16.77.131
nameserver 172.16.77.132

dig www.zxh.cn  ##通過命令進(jìn)行解測試,能夠正常返回解析結(jié)果

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25172
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.cn.                    IN      A

;; ANSWER SECTION:
www.zxh.cn.             86400   IN      A       172.16.77.131

;; AUTHORITY SECTION:
zxh.cn.                 86400   IN      NS      ns1.zxh.cn.

;; ADDITIONAL SECTION:
ns1.zxh.cn.             86400   IN      A       172.16.77.131

;; Query time: 0 msec
;; SERVER: 172.16.77.131#53(172.16.77.131)
;; WHEN: Sun Jul 05 22:59:55 CST 2020
;; MSG SIZE  rcvd: 89

模擬主節(jié)點(diǎn)服務(wù)停機(jī),再次進(jìn)行測試:
systemctl stop named  ##在主節(jié)點(diǎn)上執(zhí)行
rndc flush
dig www.zxh.cn

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48532
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.cn.                    IN      A

;; ANSWER SECTION:
www.zxh.cn.             86400   IN      A       172.16.77.131

;; AUTHORITY SECTION:
zxh.cn.                 86400   IN      NS      ns1.zxh.cn.

;; ADDITIONAL SECTION:
ns1.zxh.cn.             86400   IN      A       172.16.77.131

;; Query time: 0 msec
;; SERVER: 172.16.77.132#53(172.16.77.132)
;; WHEN: Sun Jul 05 23:02:34 CST 2020
;; MSG SIZE  rcvd: 89

從以上實(shí)驗(yàn)過程中能夠看到主從DNS服務(wù)器已搭建成功,基本測試通過。

1.3.3 搭建實(shí)現(xiàn)智能DNS服務(wù)器

view:視圖:實(shí)現(xiàn)智能DNS

  • 一個(gè)bind服務(wù)器可定義多個(gè)view,每個(gè)view中可定義一個(gè)或多個(gè)zone
  • 每個(gè)view用來匹配一組客戶端
  • 多個(gè)view內(nèi)可能需要對同一個(gè)區(qū)域進(jìn)行解析,但使用不同的區(qū)域解析庫文件

示例:將匹配用戶最佳接入IP地址的DNS請求定向到最近服務(wù)節(jié)點(diǎn)(北京、上海、其它地區(qū))

  • 編輯主配置文件/etc/named.conf,添加和修改如下內(nèi)容:
acl beijingnet { 172.16.77.0/24; };  //定義北京地區(qū)用戶網(wǎng)段
acl shanghainet { 192.168.75.0/24; };  //定義上海地區(qū)用戶網(wǎng)段
acl othersnet { any;};  //定義其它地區(qū)用戶網(wǎng)段

//定義3個(gè)地區(qū)視圖并與進(jìn)行匹配用戶網(wǎng)段關(guān)聯(lián)
view bj_view {
        match-clients { beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};

view sh_view {
        match-clients { shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};

view ot_view {
        match-clients { othersnet;};
include "/etc/named.rfc1912.zones";
};
  • 定義主區(qū)域
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj  #創(chuàng)建北京區(qū)域定義文件
vi /etc/named.rfc1912.zones.bj  #添加如下內(nèi)容
zone "zxh.com" IN {
        type master;
        file "zxh.com.zone.bj";
};

cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh  #創(chuàng)建上海區(qū)域定義文件
vi /etc/named.rfc1912.zones.bj  #添加如下內(nèi)容
zone "zxh.com" IN {
        type master;
        file "zxh.com.zone.sh";
};

vi /etc/named.rfc1912.zones.bj  #編輯其它區(qū)域定義文件,添加如下內(nèi)容
zone "zxh.com" IN {
        type master;
        file "zxh.com.zone.others";
};
  • 創(chuàng)建區(qū)域數(shù)據(jù)文件
cp -p named.localhost zxh.com.zone.bj  #創(chuàng)建北京區(qū)域數(shù)據(jù)文件
vi /var/named/zxh.com.zone.bj #添加如下內(nèi)容
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
        NS ns1
ns1 A 172.16.77.131
www A 172.16.77.132

cp -p named.localhost zxh.com.zone.sh  #創(chuàng)建上海區(qū)域數(shù)據(jù)文件
vi /var/named/zxh.com.zone.sh #添加如下內(nèi)容
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
        NS ns1
ns1 A 192.168.75.132
www A 192.168.75.131

cp -p named.localhost zxh.com.zone.others  #創(chuàng)建其它區(qū)域數(shù)據(jù)文件
vi /var/named/zxh.com.zone.others #添加如下內(nèi)容
$TTL 1D
@ IN SOA zxh root (1 1H 1H 1D 3H)
        NS ns1
ns1 A 172.16.77.132
www A 172.16.77.132
  • 重啟服務(wù),使更改生效
systemctl restart named
  • 測試
dig www.zxh.com @172.16.77.131  #模擬北京地區(qū)用戶發(fā)起DNS請求
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.com @172.16.77.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40582
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.com.                   IN      A

;; ANSWER SECTION:
www.zxh.com.            86400   IN      A       172.16.77.132

;; AUTHORITY SECTION:
zxh.com.                86400   IN      NS      ns1.zxh.com.

;; ADDITIONAL SECTION:
ns1.zxh.com.            86400   IN      A       172.16.77.131

;; Query time: 0 msec
;; SERVER: 172.16.77.131#53(172.16.77.131)
;; WHEN: Sun Jul 05 23:35:02 CST 2020
;; MSG SIZE  rcvd: 90

dig www.zxh.com @192.168.75.131  #模擬上海地區(qū)用戶發(fā)起DNS請求

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.com @192.168.75.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54160
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.com.                   IN      A

;; ANSWER SECTION:
www.zxh.com.            86400   IN      A       192.168.75.131

;; AUTHORITY SECTION:
zxh.com.                86400   IN      NS      ns1.zxh.com.

;; ADDITIONAL SECTION:
ns1.zxh.com.            86400   IN      A       192.168.75.132

;; Query time: 0 msec
;; SERVER: 192.168.75.131#53(192.168.75.131)
;; WHEN: Sun Jul 05 23:36:47 CST 2020
;; MSG SIZE  rcvd: 90

dig www.zxh.com @localhost  #模擬其它地區(qū)用戶發(fā)起DNS請求
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.zxh.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12232
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zxh.com.                   IN      A

;; ANSWER SECTION:
www.zxh.com.            86400   IN      A       172.16.77.132

;; AUTHORITY SECTION:
zxh.com.                86400   IN      NS      ns1.zxh.com.

;; ADDITIONAL SECTION:
ns1.zxh.com.            86400   IN      A       172.16.77.132

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sun Jul 05 23:37:38 CST 2020
;; MSG SIZE  rcvd: 90

從以上實(shí)驗(yàn)過程中能夠看到智能DNS服務(wù)器已搭建成功,基本測試通過。

二、MySQL介紹

???????MySQL是一款常見的關(guān)系型數(shù)據(jù)庫管理系統(tǒng)。
???????版本演變:
???????MySQL:5.1 --> 5.5 --> 5.6 --> 5.7 -->8.0
???????MariaDB:5.5 -->10.0--> 10.1 --> 10.2 --> 10.3

2.1 MySQL特點(diǎn)

???????采用插件式存儲引擎:也稱為“表類型”,存儲管理器有多種實(shí)現(xiàn)版本,功能和特性可能均略有差別;用戶可根據(jù)需要靈活選擇,Mysql5.5.5版本開始innoDB引擎是MYSQL默認(rèn)引擎
MyISAM ==> Aria
InnoDB ==> XtraDB

  • 單進(jìn)程,多線程
  • 諸多擴(kuò)展和新特性
  • 提供了較多測試組件
  • 開源

2.2 Mariadb安裝及登錄

  • 安裝依賴軟件包
yum -y install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
  • 準(zhǔn)備運(yùn)行用戶及數(shù)據(jù)目錄
useradd -r -s /sbin/nologin -d /data/mysql/ mysql
mkdir /data/mysql
chown mysql.mysql /data/mysql
  • 編譯安裝
tar xvf mariadb-10.2.18.tar.gz
cd mariadb-10.2.18/
cmake . \
-DCMAKE_INSTALL_PREFIX=/app/mysql \
-DMYSQL_DATADIR=/data/mysql/ \
-DSYSCONFDIR=/etc/ \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
make && make install
  • 準(zhǔn)備環(huán)境變量
echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
. /etc/profile.d/mysql.sh
  • 生成數(shù)據(jù)庫文件
cd /app/mysql/
scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
  • 準(zhǔn)備配置文件
cp /app/mysql/support-files/my-huge.cnf /etc/my.cnf
  • 準(zhǔn)備啟動腳本
cp /app/mysql/support-files/mysql.server /etc/init.d/mysqld
  • 啟動服務(wù)
chkconfig --add mysqld;service mysqld start
  • 執(zhí)行安全設(shè)置初始化腳本
cd scripts/
mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y #是否改變數(shù)據(jù)庫管理員root口令
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y #是否移除匿名賬號
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y #是否禁止root遠(yuǎn)程登錄
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y #是否刪除測試數(shù)據(jù)庫
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y  #刷新權(quán)限表
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
  • 測試登錄
mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.2.25-MariaDB-log Source distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容