源码编译bind9
why-Source installation-bind9
安装rpm包那么方便,为什么要手动编译bind9呢,因为编译安装可以按照自己的需求拓展相应的模块,可以增加软件的灵活性哦~
how-Source installation-bind9
安装编译环境
编译源码通常都需要安装Devel包等~~~
[root@server1 yum.repos.d]# yum groupinstall "Development Tools" "Server Platform Development"
创建系统用户和组
[root@server1 bind-9.9.5]# groupadd -r -g 53 named
[root@server1 bind-9.9.5]# useradd -u 53 -g named named -r
注意:
-r, --system create a system account
源码编译三部曲
[root@server1 bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads
[root@server1 bind-9.9.5]# make && make install
更改PATH环境变量,方便命令可在任何环境下执行
[root@server1 local]# vim /etc/profile.d/name.sh
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
[root@server1 local]# . /etc/profile.d/name.sh
[root@server1 local]# echo $PATH
/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/local/bind9/bin:
通知系统重读库文件(因为bind库文件为静态,所以这步可以省略)
[root@server1 lib]# pwd
/usr/local/bind9/lib
[root@server1 lib]# ls
libbind9.a libdns.a libisc.a libisccc.a libisccfg.a liblwres.a
[root@server1 lib]# cat /etc/ld.so.conf.d/name.conf
/usr/local/bind9/lib
[root@server1 lib]# ldconfig -v
链接头文件所属路径
[root@server1 lib]# ln -sv /usr/local/bind9/include/ /usr/include/named
`/usr/include/named' -> `/usr/local/bind9/include/'
导出man文件所属路径
[root@server1 lib]# vim /etc/man.config
48 MANPATH /usr/local/bind9/share/man
编写named.conf
[root@server1 named]# vim /etc/named/named.conf
options {
directory "/var/named";
};
zone "." IN{
type hint; #根域名解析
file "name.ca";
};
zone "localhost" IN { #localhost
type master;
file "localhost.zone";
allow-update {none;};
};
zone "0.0.127.in-addr.arpa" IN { #127.0.0.1的PTR
type master;
file "named.local";
allow-update {none; };
};
找一台能上外网的主机,寻找根域名服务器,编写named.ca
dig -t NS . @192.168.2.1 >/var/ftp/pub/docs/dns/named.ca
编写本地区域解析文件
[root@server1 named]# vim named.local
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2017062101
1h
5m
7d
1d)
IN NS localhost.
1 IN PTR localhost.
[root@server1 named]# vim localhost.zone
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2017062101
1h
5m
7d
1d)
IN NS localhost.
localhost. IN A 127.0.0.1
更改权限信息
[root@server1 named]# chmod 640 /var/named/ -R
[root@server1 named]# chown named.named /var/named/ -R
[root@server1 named]# ls
localhost.zone name.ca named.local
必要的配置已经完成,让我们来看看,bind9能否正常启动
启动 named
1.debug运行
将debug信息输出到控制台==,无报错就是成功
[root@server1 named]# named -u named -f -g -d 3
22-Jun-2017 09:55:41.701 starting BIND 9.9.5 -u named -f -g -d 3
...
...
22-Jun-2017 09:55:41.793 zone_timer: zone D.F.IP6.ARPA/IN: enter
22-Jun-2017 09:55:41.793 zone_maintenance: zone D.F.IP6.ARPA/IN: enter
22-Jun-2017 09:55:41.793 zone_settimer: zone D.F.IP6.ARPA/IN: enter
2.后台运行
[root@server1 named]# named -u named
配置rndc.key
[root@server1 ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
# -r 指明随机数文件
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "dRB7GnWbWpYfvmf2/52ahg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "dRB7GnWbWpYfvmf2/52ahg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
根据提示信息,将rndc的key信息追加named.conf
```
vim /etc/named/named.conf
...
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "hVR73nDTM+opRcsa13kmdg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
检验rndc是否成功启动
[root@server1 ~]# named -u named
[root@server1 ~]# ss -antlpu |grep 53
udp UNCONN 0 0 172.25.88.1:53 *:* users:(("named",2635,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2635,512))
udp UNCONN 0 0 172.25.88.1:53 *:* users:(("named",2629,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2629,512))
tcp LISTEN 0 10 172.25.88.1:53 *:* users:(("named",2629,21))
tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",2629,20))
tcp LISTEN 0 128 127.0.0.1:953 *:* users:(("named",2629,22))
[root@server1 ~]# rndc status
version: 9.9.5
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
压力测试
编译安装软件
[root@server1 queryperf]# ./configure
[root@server queryperf]# make
[root@server queryperf]# cp queryperf /usr/local/bin/
[root@server1 queryperf]# pwd
/root/bind-9.9.5/contrib/queryperf
编写测试文件
[root@server queryperf]# vim test
www.lalala.com A
pop3.lalala.com A
lmap4.lalala.com A
web.lalala.com A
lalala.com NS
lalala.com MX
www.lalala.com A
...
...
开始测试^-^
[root@server1 queryperf]# queryperf -d test
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 24684 queries
Queries completed: 24684 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.010893 sec
RTT min: 0.000838 sec
RTT average: 0.001360 sec
RTT std deviation: 0.000279 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jun 22 05:26:29 2017
Finished at: Thu Jun 22 05:26:31 2017
Ran for: 1.827324 seconds
Queries per second: 13508.277678 qps
#观测性能指标:QPS-QPS每秒查询率
注意: 开启rndc querylog,性能会极大的产生影响
[root@server queryperf]# rndc querylog
[root@server queryperf]# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 202
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@server queryperf]# queryperf -d test
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 24684 queries
Queries completed: 24684 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.022877 sec
RTT min: 0.000623 sec
RTT average: 0.004682 sec
RTT std deviation: 0.002453 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jun 22 05:32:47 2017
Finished at: Thu Jun 22 05:32:53 2017
Ran for: 5.896463 seconds
Queries per second: 4186.238428 qps
可以看到打开querylog(查询日志),性能只有原来的3/1,所以一般情况下querylog为关闭状态