# 1、域名系统 DNS ## 1.1 名字解析介绍和DNS 当前TCP/IP网络中的设备之间进行通信，是利用和依赖于IP地址实现的。但数字形式的IP地址是很难记 忆的。当网络设备众多，想要记住每个设备的IP地址，可以说是“不可能完成的任务”。那么如何解决这 一难题呢？我们可以给每个网络设备起一个友好的名称，如：www.magedu.org，这种由文字组成的名 称，显而易见要更容易记忆。但是计算机不会理解这种名称的，我们可以利用一种名字解析服务将名称 转化成（解析）成IP地址。从而我们就可以利用名称来直接访问网络中设备了。除此之外还有一个重要 功能，利用名称解析服务可以实现主机和IP的解耦，即：当主机IP变化时，只需要修改名称服务即可， 用户仍可以通过原有的名称进行访问而不受影响。 实现此服务的方法是多样的。如下面所述： 本地名称解析配置文件：hosts Linux: /etc/hosts windows: %WINDIR%/system32/drivers/etc/hosts 122.10.117.2 www.magedu.org 93.46.8.89 www.google.com DNS：Domain Name System 域名系统,应用层协议,是互联网的一项服务。它作为将域名和IP地址相互 映射的一个分布式数据库，能够使人更方便地访问互联网 基于C/S架构，服务器端：53/udp, 53/tcp BIND：Bekerley Internet Name Domain,由 ISC （www.isc.org）提供的DNS软件实现DNS域名结构 ## 1.2 DNS工作原理 - 用户访问指定的域名时，将该请求发送给本地域名服务器，本地域名服务器先查看本机DNS缓存，看是否存在域名对应的ip地址缓存，如果存在相关记录则直接返回查询到的ip地址给用户。 - 如果本地缓存没有该记录，则本地域名服务器把请求发送给系统设置的根域名服务器，然后根域服务器再返回被本地域名服务器一个查询域（根域的一级子域）的主域名服务器地址。 - 本地服务器再向上一步返回的域名服务器发送请求，然后接受请求的服务器查询自己的缓存，如果没有该记录，则返回相关的下级（根域二级子域）域名服务器的地址 - 重复上一步的查询，直到找到正确的记录，用户通过获取到的ip地址进行访问，同时本地域名服务器把返回的结果保存到缓存，供下次访问使用。 ## 1.3 DNS查询类型 1. 递归查询： 最终结果，负责到底 2. 迭代查询：最好结果，不负责到底 ## 1.4 解析类型 - FQDN ---> IP正向解析 - IP ---> FQDN 反向解析 ## 1.5 完整的查询请求经过的流程 ``` Client --> hosts文件 --> Client DNS Service Local cache --> DNS Server(recursion递归) --> DNS Server Cache --> DNS iteration(迭代) --> 根 --> *域名DNS --> 二级域名DNS... ``` ## 1.6 配置DNS主从服务器 ### 1.6.1 环境准备 ```bash 需要4台主机 DNS主服务器： 10.0.0.8 DNS从服务器： 10.0.0.18 Web服务器： 10.0.0.7 DNS客户端： 10.0.0.6 关闭Selinux 关闭防火墙 时间同步 ``` ### 1.6.2 配置步骤 #### 1.6.2.1 主DNS服务端配置 ```bash [root@dnsmaster ~]#yum install bind -y [root@dnsmaster ~]#vim /etc/named.conf #注释掉下面两行 options { // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #只允许从服务器进行区域传输 allow-transfer { 10.0.0.18;}; [root@dnsmaster ~]#vim /etc/named.rfc1912.zones #加上这段 zone "magedu.org" IN { type master; file "magedu.org.zone"; }; [root@dnsmaster ~]#cp -p /var/named/named.localhost /var/named/magedu.org.zone #如果没有 -p ,需要改权限， chgrp named magedu.org.zone [root@dnsmaster ~]#ll /var/named/magedu.org.zone -rw-r----- 1 root named 152 May 28 04:49 /var/named/magedu.org.zone [root@dnsmaster ~]#vim /var/named/magedu.org.zone $TTL 1D @ IN SOA master admin.magedu.org. ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master NS slave master A 10.0.0.8 slave A 10.0.0.18 www IN CNAME websrv websrv IN A 10.0.0.8 websrv IN A 10.0.0.18 [root@dnsmaster ~]#systemctl start named #第一次启动服务 [root@dnsmaster ~]#rndc reload #不是第一次启动服务 ``` #### 1.6.2.2 从DNS服务器配置 ```bash [root@dnsslave ~]#yum -y install bind [root@dnsslave ~]#vim /etc/named.conf #注释掉下面两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; allow-transfer { none;}; [root@dnsslave ~]#vim /etc/named.rfc1912.zones #加上这段 zone "magedu.org" IN { type slave; masters { 10.0.0.8;}; file "slaves/magedu.org.slave"; }; [root@dnsslave ~]#systemctl status named #第一次启动 [root@dnssalve ~]#rndc reload #不是第一次启动 server reload successful [root@dnssalve ~]#ls /var/named/slaves/magedu.org.slave #查看区域数据库文件是否生成 /var/named/slaves/magedu.org.slave ``` #### 1.6.2.3 客户端测试主从DNS服务架构 ```bash [root@webclient ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33 DNS1="10.0.0.8" DNS2="10.0.0.18" [root@webclient ~]#cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.0.0.8 nameserver 10.0.0.18 #验证DNS服务器是否可以查询 [root@webclient ~]#yum -y install bind-utils Dig [root@webclient ~]#dig www.magedu.org ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.magedu.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42729 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 10.0.0.18 websrv.magedu.org. 86400 IN A 10.0.0.8 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS master.magedu.org. magedu.org. 86400 IN NS slave.magedu.org. ;; ADDITIONAL SECTION: master.magedu.org. 86400 IN A 10.0.0.8 slave.magedu.org. 86400 IN A 10.0.0.18 ;; Query time: 0 msec ;; SERVER: 10.0.0.8#53(10.0.0.8) ;; WHEN: Tue Jun 22 22:48:55 CST 2021 ;; MSG SIZE rcvd: 169 #在主服务器上停止DNS服务 [root@dnsmaster ~]#systemctl stop named #验证辅DNS服务器仍然可以查询 [root@webclient ~]#dig www.magedu.org ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.magedu.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31645 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; AUTHORITY SECTION: magedu.org. 10800 IN SOA master.magedu.org. admin.magedu.org. 1 86400 3600 604800 10800 ;; Query time: 1 msec ;; SERVER: 10.0.0.18#53(10.0.0.18) ;; WHEN: Tue Jun 22 23:03:01 CST 2021 ;; MSG SIZE rcvd: 92 ``` # 2、智能DNS相关技术 ## 2.1 bind中ACL ACL：把一个或多个地址归并为一个集合，并通过一个统一的名称调用 注意：只能先定义后使用；因此一般定义在配置文件中，处于options的前面 格式： ```bash acl acl_name { ip; net/prelen; …… }; #范例 acl bjnet { 172.16.0.0/16; 10.10.10.10; }; ``` ## 2.2 bind有四个内置的acl - none 没有一个主机 - any 任意主机 - localhost 本机 - localnet 本机的IP同掩码运算后得到的网络地址 ## 2.3 访问控制的指令 - allow-query { }; 允许查询的主机，白名单 - allow-transfer { }; 允许区域传送的主机，白名单 - allow-recursion { }; 允许递归的主机，建议全局使用 - allow-update { }; 允许更新区域数据库中的内容 ## 2.4 view 视图 ### 2.4.1 视图：将ACL和区域数据库实现对应关系，以实现智能DNS 1. 一个bind服务器可定义多个view，每个view中可定义一个或多个zone 2. 每个view用来匹配一组客户端 3. 多个view内可能需要对同一个区域进行解析，但使用不同的区域解析库文件 **注意：** - 一旦启用了view，所有的zone都只能定义在view中 - 仅在允许递归请求的客户端所在view中定义根区域 - 客户端请求到达时，是自上而下检查每个view所服务的客户端列表 ### 2.4.2 view 格式 ``` view VIEW_NAME { match_clients { bjnet ; }; zone "magedu.org" { type master; file "magedu.org.zone.bj"; }; include "/etc/named.rfc1912.zones"; }; view VIEW_NAME { match_clinets { shnet; }; zone "magedu.org" { type master; file "magedu.org.zone.sh"; }; include "/etc/named.rfc1912.zones" }; ``` ## 2.5 实例： 利用view实现智能 DNS ### 2.5.1 DNS服务器的网卡配置 ```bash #配置两个IP地址 #ens33: 10.0.0.8/24 #ens37: 192.168.233.8/24 [root@dnsmaster network-scripts]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:69:25:9d brd ff:ff:ff:ff:ff:ff inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::9c5c:b7f5:f8c5:58b2/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:69:25:a7 brd ff:ff:ff:ff:ff:ff inet 192.168.233.8/24 brd 192.168.233.255 scope global noprefixroute ens37 valid_lft forever preferred_lft forever inet6 fe80::50f2:1900:61d2:93d5/64 scope link noprefixroute valid_lft forever preferred_lft forever ``` ### 2.5.2 主DNS服务端配置文件实现view ```bash [root@CentOS8 ~]#vim /etc/named.conf # 在文件最前面加下面行 acl bjnet { 192.168.233.0/24; }; acl shnet { 10.0.0.0/24; }; acl othernet { any; }; #注释掉下面两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #创建view view bjview { match-clients {bjnet;}; include "/etc/named.rfc1912.zones.bj"; }; view shview { match-clients {shnet;}; include "/etc/named.rfc1912.zones.sh"; }; view otherview { match-clients {othernet;}; include "/etc/named.rfc1912.zones.other"; }; ``` ### 2.5.3 实现区域配置文件 ```bash [root@CentOS8 ~]#cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj [root@CentOS8 ~]#chgrp named /etc/named.rfc1912.zones.bj [root@CentOS8 ~]#cp -p /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh [root@CentOS8 ~]#cp -p /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.other [root@CentOS8 ~]#ll /etc/named.rfc1912.zones* -rw-r----- 1 root named 1096 Jun 22 21:35 /etc/named.rfc1912.zones -rw-r----- 1 root named 1208 Jun 26 23:13 /etc/named.rfc1912.zones.bj -rw-r----- 1 root named 1208 Jun 26 23:13 /etc/named.rfc1912.zones.other -rw-r----- 1 root named 1208 Jun 26 23:13 /etc/named.rfc1912.zones.sh [root@CentOS8 ~]#vim /etc/named.rfc1912.zones.bj zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" { type master; file "magedu.org.zone.bj"; }; [root@CentOS8 ~]#vim /etc/named.rfc1912.zones.sh zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" { type master; file "magedu.org.zone.sh"; }; [root@CentOS8 ~]#vim /etc/named.rfc1912.zones.other zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" { type master; file "magedu.org.zone.other"; }; ``` ### 2.5.4 创建区域数据库文件 ```bash [root@CentOS8 named]#vim magedu.org.zone.bj $TTL 1D @ IN SOA master admin ( 2021062701; 1D; 1H; 1W; 3H ); NS master master A 10.0.0.8 www A 10.0.0.100 [root@CentOS8 named]#vim magedu.org.zone.sh $TTL 1D @ IN SOA master admin ( 2021062701; 1D; 1H; 1W; 3H ); NS master master A 10.0.0.8 www A 192.168.233.100 [root@CentOS8 named]#vim magedu.org.zone.other $TTL 1D @ IN SOA master admin ( 2021062701; 1D; 1H; 1W; 3H ); NS master master A 10.0.0.8 www A 127.0.0.1 [root@CentOS8 named]#systemctl stauts named [root@CentOS8 named]#rndc reload ``` ### 2.5.5 客户端验证 ```bash [root@client ~]#yum -y install bind-utils [root@client ~]#host www.magedu.org 10.0.0.8 Using domain server: Name: 10.0.0.8 Address: 10.0.0.8#53 Aliases: www.magedu.org has address 192.168.233.100 [root@server1 ~]#host www.magedu.org 192.168.233.8 Using domain server: Name: 192.168.233.8 Address: 192.168.233.8#53 Aliases: www.magedu.org has address 10.0.0.100 [root@CentOS8 ~]#host www.magedu.org 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: www.magedu.org has address 127.0.0.1 ``` # 3、编译、二进制安装MYSQL5.7 ## 3.1 通用二进制格式安装 MYSQL ### 3.3.1 创建用户 ```bash [root@CentOS8 ~]#groupadd -r -g 306 mysql [root@CentOS8 ~]#useradd -r -g 306 -u 306 -d /data/mysql mysql ``` ### 3.3.2 安装相关包 ```bash [root@CentOS8 data]#yum -y install libaio numactl-libs ``` ### 3.3.3 准备二进制程序文件 ```bash [root@CentOS8 src]#wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz # 二进制安装文件必须解压到/usr/local [root@CentOS8 src]#tar xf mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ [root@CentOS8 src]#cd /usr/local/ [root@CentOS8 local]#ln -s mysql-5.7.33-linux-glibc2.12-x86_64/ mysql [root@CentOS8 local]#chown -R root.root /usr/local/mysql ``` ### 3.3.4 配置环境变量 ```bash [root@CentOS8 local]#echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh [root@CentOS8 local]#. /etc/profile.d/mysql.sh ``` ### 3.3.5 准备配置文件 ```bash [root@CentOS8 local]#vim /etc/my.cnf [mysqld] datadir=/data/mysql skip_name_resolve=1 socket=/data/mysql/mysql.sock log-error=/data/mysql/mysql.log pid-file=/data/mysql/mysql.pid [client] socket=/data/mysql/mysql.sock ``` ### 3.3.6 生成数据库文件，并提前root密码 ```bash [root@CentOS8 local]#mysqld --initialize --user=mysql --datadir=/data/mysql [root@CentOS8 local]#grep password /data/mysql/mysql.log 或者 [root@CentOS8 local]#awk '/temporary password/{print $NF}' /data/mysql/mysql.log -mYNGF8YiqJg ``` ### 3.3.7 准备服务脚本和启动 ```bash [root@CentOS8 local]#cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [root@CentOS8 local]#chkconfig --add mysqld [root@CentOS8 local]#service mysqld start Starting MySQL. SUCCESS! ``` ### 3.3.8 修改口令 ，并测试登录 ```bash [root@CentOS8 local]#mysqladmin -uroot -p'-mYNGF8YiqJg' password 123.com [root@server1 local]#mysql -uroot -p123.com mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.7.33 MySQL Community Server (GPL) Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) ``` ### 3.3.9 设置开机启动 ```bash [root@server1 local]#vim /etc/rc.local #添加下面内容 /etc/init.d/mysqld start [root@server1 local]#chmod +x /etc/rc.local ``` ## 3.2 源码编译安装MYSQL5.7 ### 3.2.1 安装相关依赖包 ```bash [root@mysql-db ~]#yum -y install bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel ``` ### 3.2.2 创建用户和数据目录 ```bash [root@mysql-db ~]#useradd -r -s /sbin/nologin -d /data/mysql mysql [root@mysql-db ~]#mkdir /data/mysql [root@mysql-db ~]#chown mysql.mysql /data/mysql/ ``` ### 3.3.3 下载并解压缩源码包 ```bash [root@mysql-db src]#wget https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-5.7/mysql-boost-5.7.31.tar.gz [root@mysql-db src]#tar zxvf mysql-boost-5.7.31.tar.gz [root@mysql-db src]#cd mysql-5.7.31/ ``` ### 3.3.4 源码编译安装MYSQL5.7 ```bash [root@mysql-db mysql-5.7.31]#cmake -DCMAKE_INSTALL_PREFIX=/app/mysql -DMYSQL_DATADIR=/data/mysql/ -DSYSCONFDIR=/etc/ -DMYSQL_USER=mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_BOOST=boost [root@mysql-db mysql-5.7.31]#make && make install ```  ```bash #编译安装完成后文件目录内容， 并修改用户组 [root@mysql-db mysql-5.7.31]#cd /app/mysql/ [root@mysql-db mysql]#ll total 296 drwxr-xr-x 2 root root 4096 Jun 29 22:01 bin drwxr-xr-x 2 root root 55 Jun 29 22:01 docs drwxr-xr-x 3 root root 4096 Jun 29 22:01 include drwxr-xr-x 4 root root 192 Jun 29 22:01 lib -rw-r--r-- 1 root root 275393 Jun 2 2020 LICENSE drwxr-xr-x 4 root root 30 Jun 29 22:01 man drwxr-xr-x 10 root root 4096 Jun 29 22:01 mysql-test -rw-r--r-- 1 root root 587 Jun 2 2020 README -rw-r--r-- 1 root root 587 Jun 2 2020 README-test drwxr-xr-x 28 root root 4096 Jun 29 22:01 share drwxr-xr-x 2 root root 90 Jun 29 22:01 support-files [root@mysql-db mysql]#chown -R mysql.mysql /app/mysql/ ``` ### 3.3.5 配置环境变量 ```bash [root@mysql-db mysql]#echo 'PATH=/app/mysql/bin:$PATH' > /etc/profile.d/mysql.sh [root@mysql-db mysql]#. /etc/profile.d/mysql.sh ``` ### 3.3.6 准备配置文件 ```bash [root@mysql-db mysql]#cp /etc/my.cnf{,.bak} [root@mysql-db mysql]#vim /etc/my.cnf [mysqld] datadir=/data/mysql socket=/data/mysql/mysql.sock [mysqld_safe] log-error=/data/mysql/mysql.log pid-file=/data/mysql/mysql.pid [client] socket=/data/mysql/mysql.sock ``` ### 3.3.7 生成数据库文件，并提取root密码 ```bash [root@mysql-db mysql]#mysqld --initialize --user=mysql --datadir=/data/mysql ...省略... 2021-06-29T14:38:20.823587Z 1 [Note] A temporary password is generated for root@localhost: Vwd*jkKMY4UB #生成的root密码 [root@mysql-db mysql]#grep password /data/mysql/mysql.log [root@mysql-db mysql]#awk '/temporary password/{print $NF}' /data/mysql/mysql.log Vwd*jkKMY4UB ``` ### 3.3.8 准备服务脚本和启动 ```bash [root@mysql-db mysql]#cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [root@mysql-db mysql]#chkconfig --add mysqld [root@mysql-db mysql]#service mysqld start Starting MySQL. SUCCESS! ``` ### 3.3.9 修改口令，并测试登录 ```bash [root@mysql-db bin]#mysqladmin -uroot -p'Vwd*jkKMY4UB' password 123.com mysqladmin: [Warning] Using a password on the command line interface can be insecure. Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. [root@mysql-db bin]#mysql -uroot -p123.com mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.31 Source distribution Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) mysql> exit Bye ``` ### 3.3.10 设置开机启动 ```bash [root@mysql-db bin]#systemctl enable mysqld mysqld.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig mysqld on ```