源码编译bind9

why-Source installation-bind9


安装rpm包那么方便,为什么要手动编译bind9呢,因为编译安装可以按照自己的需求拓展相应的模块,可以增加软件的灵活性哦~

how-Source installation-bind9

安装编译环境

编译源码通常都需要安装Devel包等~~~

[root@server1 yum.repos.d]# yum groupinstall "Development Tools" "Server Platform Development"

创建系统用户和组

[root@server1 bind-9.9.5]# groupadd -r -g 53 named
[root@server1 bind-9.9.5]# useradd  -u 53 -g named named  -r


注意:
 -r, --system                  create a system account

源码编译三部曲
[root@server1 bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads

[root@server1 bind-9.9.5]# make && make install

更改PATH环境变量,方便命令可在任何环境下执行

[root@server1 local]# vim /etc/profile.d/name.sh
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH

[root@server1 local]# . /etc/profile.d/name.sh
[root@server1 local]# echo $PATH
/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/local/bind9/bin:

通知系统重读库文件(因为bind库文件为静态,所以这步可以省略)

[root@server1 lib]# pwd
/usr/local/bind9/lib
[root@server1 lib]# ls
libbind9.a  libdns.a  libisc.a  libisccc.a  libisccfg.a  liblwres.a
[root@server1 lib]# cat /etc/ld.so.conf.d/name.conf
/usr/local/bind9/lib
[root@server1 lib]# ldconfig  -v

链接头文件所属路径

[root@server1 lib]# ln -sv /usr/local/bind9/include/  /usr/include/named
`/usr/include/named' -> `/usr/local/bind9/include/'

导出man文件所属路径

[root@server1 lib]# vim /etc/man.config
48 MANPATH /usr/local/bind9/share/man


编写named.conf

[root@server1 named]# vim /etc/named/named.conf
options {
       directory "/var/named";
};
zone "." IN{
       type hint;        #根域名解析
       file "name.ca";
};

zone "localhost" IN {     #localhost
       type master;    
       file "localhost.zone";
       allow-update {none;};
};

zone "0.0.127.in-addr.arpa" IN {  #127.0.0.1的PTR
       type master;
       file "named.local";
       allow-update {none; };
};

找一台能上外网的主机,寻找根域名服务器,编写named.ca

 dig -t NS . @192.168.2.1 >/var/ftp/pub/docs/dns/named.ca

编写本地区域解析文件

[root@server1 named]# vim named.local
$TTL 1d
@       IN      SOA     localhost. admin.localhost. (

                       2017062101
                       1h
                       5m
                       7d
                       1d)
       IN      NS      localhost.
1       IN      PTR     localhost.

[root@server1 named]# vim localhost.zone
$TTL 1d
@       IN      SOA     localhost. admin.localhost. (

                       2017062101
                       1h
                       5m
                       7d
                       1d)
       IN      NS      localhost.
localhost.      IN      A       127.0.0.1

更改权限信息

[root@server1 named]# chmod 640 /var/named/ -R
[root@server1 named]# chown named.named /var/named/ -R
[root@server1 named]# ls
localhost.zone  name.ca  named.local


必要的配置已经完成,让我们来看看,bind9能否正常启动


启动 named

1.debug运行
将debug信息输出到控制台==,无报错就是成功

[root@server1 named]# named -u named -f -g  -d 3
22-Jun-2017 09:55:41.701 starting BIND 9.9.5 -u named -f -g -d 3
...
...
22-Jun-2017 09:55:41.793 zone_timer: zone D.F.IP6.ARPA/IN: enter
22-Jun-2017 09:55:41.793 zone_maintenance: zone D.F.IP6.ARPA/IN: enter
22-Jun-2017 09:55:41.793 zone_settimer: zone D.F.IP6.ARPA/IN: enter

2.后台运行
[root@server1 named]# named -u named

配置rndc.key

[root@server1 ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
#  -r    指明随机数文件
# Start of rndc.conf
key "rndc-key" {
   algorithm hmac-md5;
   secret "dRB7GnWbWpYfvmf2/52ahg==";
};

options {
   default-key "rndc-key";
   default-server 127.0.0.1;
   default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#     algorithm hmac-md5;
#     secret "dRB7GnWbWpYfvmf2/52ahg==";
# };
#
# controls {
#     inet 127.0.0.1 port 953
#         allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

根据提示信息,将rndc的key信息追加named.conf

```
vim /etc/named/named.conf
...
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
      algorithm hmac-md5;
      secret "hVR73nDTM+opRcsa13kmdg==";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};

检验rndc是否成功启动

[root@server1 ~]# named -u named 
[root@server1 ~]# ss -antlpu |grep 53
udp    UNCONN     0      0            172.25.88.1:53                    *:*      users:(("named",2635,513))
udp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",2635,512))
udp    UNCONN     0      0            172.25.88.1:53                    *:*      users:(("named",2629,513))
udp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",2629,512))
tcp    LISTEN     0      10           172.25.88.1:53                    *:*      users:(("named",2629,21))
tcp    LISTEN     0      10             127.0.0.1:53                    *:*      users:(("named",2629,20))
tcp    LISTEN     0      128            127.0.0.1:953                   *:*      users:(("named",2629,22))
[root@server1 ~]# rndc status
version: 9.9.5
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running


压力测试


编译安装软件

[root@server1 queryperf]# ./configure 
[root@server queryperf]# make
[root@server queryperf]# cp queryperf /usr/local/bin/

[root@server1 queryperf]# pwd
/root/bind-9.9.5/contrib/queryperf

编写测试文件

[root@server queryperf]# vim test
www.lalala.com A
pop3.lalala.com A
lmap4.lalala.com A
web.lalala.com A
lalala.com NS
lalala.com MX
www.lalala.com A
...
...

开始测试^-^

[root@server1 queryperf]# queryperf -d test 

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete

Statistics:

 Parse input file:     once
 Ended due to:         reaching end of file

 Queries sent:         24684 queries
 Queries completed:    24684 queries
 Queries lost:         0 queries
 Queries delayed(?):   0 queries

 RTT max:             0.010893 sec
 RTT min:              0.000838 sec
 RTT average:          0.001360 sec
 RTT std deviation:    0.000279 sec
 RTT out of range:     0 queries

 Percentage completed: 100.00%
 Percentage lost:        0.00%

 Started at:           Thu Jun 22 05:26:29 2017
 Finished at:          Thu Jun 22 05:26:31 2017
 Ran for:              1.827324 seconds

 Queries per second:   13508.277678 qps  
#观测性能指标:QPS-QPS每秒查询率

注意: 开启rndc querylog,性能会极大的产生影响


[root@server queryperf]# rndc querylog
[root@server queryperf]# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 202
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@server queryperf]# queryperf -d test 

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete

Statistics:

 Parse input file:     once
 Ended due to:         reaching end of file

 Queries sent:         24684 queries
 Queries completed:    24684 queries
 Queries lost:         0 queries
 Queries delayed(?):   0 queries

 RTT max:             0.022877 sec
 RTT min:              0.000623 sec
 RTT average:          0.004682 sec
 RTT std deviation:    0.002453 sec
 RTT out of range:     0 queries

 Percentage completed: 100.00%
 Percentage lost:        0.00%

 Started at:           Thu Jun 22 05:32:47 2017
 Finished at:          Thu Jun 22 05:32:53 2017
 Ran for:              5.896463 seconds

 Queries per second:   4186.238428 qps  

可以看到打开querylog(查询日志),性能只有原来的3/1,所以一般情况下querylog为关闭状态