编译安装bind-9.9.5
环境:Development Tools和Server Platform Development
[root@school ~]# tar xf bind-9.9.5.tar.gz #解压 [root@school ~]# cd bind-9.9.5 #进入目录
应该以普通用户运行,所以创建普通用户
[root@school bind-9.9.5]# id named #查看named用户是否存在 id: named: No such user [root@school bind-9.9.5]# groupadd -r -g 53 named #创建named组 [root@school bind-9.9.5]# useradd -g named -r -u 53 named #创建named用户 [root@school bind-9.9.5]# id named #查看named用户信息 uid=53(named) gid=53(named) groups=53(named) 编译安装 [root@school bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6 [root@school bind-9.9.5]# make && make install 选项: --enable-threads #启用多线程功能 --disable-chroot #不启用chroot功能 --disable-ipv6 #不启用ipv6
bind客户端工具:bind-libs,bind-utils在安装目录下bin下
定义环境变量:
[root@school bind9]# vim /etc/profile.d/bind.sh export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH [root@school bind9]# . /etc/profile.d/bind.sh [root@school bind9]# dig -v DiG 9.9.5
导出MAN文档:
[root@school named]# vim /etc/man.config MANPATH /usr/local/bind9/share/man
导出头文件
如果基于软件进行二次开发,则需要导出头文件和库文件。但named不需要。
导出库文件
[root@school bind9]# ls lib libbind9.a libdns.a libisc.a libisccc.a libisccfg.a liblwres.a 由于都是静态库,所以不用导出,否则需要编辑/etc/ld.so.conf.d/bind9.conf文件写入库目录
配置文件:
[root@school ~]# cd /etc/named [root@school named]# vim named.conf options { directory "/var/named"; #区域文件所在目录 recursion yes; #是否允许递归 }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "127.0.0.zone"; allow-update { none; }; };
更改属主属组
[root@school named]# chown root:named named.conf [root@school named]# chmod 640 named.conf [root@school named]# mkdir /var/named/slaves -pv mkdir: created directory `/var/named' mkdir: created directory `/var/named/slaves' [root@school named]# chown root:named /var/named [root@school named]# chown named:named /var/named/slaves/ [root@school named]# chmod 750 /var/named [root@school named]# chmod 770 /var/named/slaves/
提供ca文件
[root@school named]# dig -t NS . @a.root-servers.net > /var/named/named.ca
创建正反向解析文件:
[root@school named]# vim localhost.zone $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2015072301 3H 15M 7D 1D ) IN NS localhost. IN A 127.0.0.1 [root@school named]# vim 127.0.0.zone $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2015072301 3H 15M 7D 1D ) IN NS localhost. IN PTR localhost.
更改属主属组
[root@school named]# chgrp named 127.0.0.zone localhost.zone named.ca [root@school named]# chmod 640 127.0.0.zone localhost.zone named.ca [root@school named]# ll total 16 -rw-r-----. 1 root named 133 Jul 23 19:50 127.0.0.zone -rw-r-----. 1 root named 129 Jul 23 19:48 localhost.zone -rw-r-----. 1 root named 2177 Jul 23 19:45 named.ca drwxrwx---. 2 named named 4096 Jul 23 19:39 slaves
检查配置文件、区域文件语法错误
[root@school named]# named-checkconf /etc/named/named.conf [root@school named]# named-checkzone "localhost" /var/named/localhost.zone zone localhost/IN: loaded serial 20150723 OK [root@school named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone zone 0.0.127.in-addr.arpa/IN: loaded serial 20150723 OK
启动
[root@school named]# named -g -u named -c /etc/named/named.conf
添加区域解析库文件
[root@school named]# vim /etc/named/named.conf zone "school.com" IN { type master; file "school.com.zone"; allow-transfer {192.168.0.0/24; 127.0.0.1; }; allow-update { none; }; }; [root@school named]# vim /var/named/school.com.zone $TTL 3600 @ IN SOA ns.school.com. admin.school.com. ( 2015072301 1H 10M 7D 1D ) IN NS ns ns IN A 192.168.0.9 www IN A 192.168.0.15
更改属主属组
[root@school named]# chown :named school.com.zone [root@school named]# chmod 640 school.com.zone
启动
[root@school named]# named -u named -c /etc/named/named.conf
[root@school named]# ss -tunl
重启后测试
[root@school named]# dig -t A www.school.com @192.168.0.9 ; <<>> DiG 9.9.5 <<>> -t A www.school.com @192.168.0.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53521 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.school.com.INA ;; ANSWER SECTION:
生成rndc
[root@school named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf [root@school named]# cat /etc/named/rndc.conf 添加rndc信息 [root@school named]# vim /etc/named/named.conf key "rndc-key" { algorithm hmac-md5; secret "tXqZXfssZ1HPhn28T+GhUA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };
重读配置文件
[root@school named]# killall -HUP named [root@school named]# rndc reload server reload successful [root@school named]# rndc status version: 9.9.5 <id:f9b8a50e> CPUs found: 4 worker threads: 4 UDP listeners per interface: 4 number of zones: 101 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
改属主属组
[root@school named]# chmod 440 rndc.conf [root@school named]# chgrp named rndc.conf
提供脚本
/etc/rc.d/init.d/functions函数很经典,应该多读
压力测试
bind-9.9.5/contrib/queryperf
编译
./configure
make不用make install
cp queryperf /usr/bin安装成功
建立一个测试文件
格式
ns.school.com A mail.school.com A pop.school.com A
测试
[root@school ~]# queryperf -d test.txt -s 192.168.0.9 DNS Query Performance Testing Tool Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ [Status] Processing input data [Status] Sending queries (beginning with 192.168.0.9) [Status] Testing complete Statistics: Parse input file: once Ended due to: reaching end of file Queries sent: 257664 queries Queries completed: 257664 queries Queries lost: 0 queries Queries delayed(?): 0 queries RTT max: 0.019282 sec RTT min: 0.000038 sec RTT average: 0.000383 sec RTT std deviation: 0.000590 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Thu Jul 23 22:13:32 2015 Finished at: Thu Jul 23 22:13:39 2015 Ran for: 6.266114 seconds Queries per second: 41120.222198 qps