源碼編譯bind9
why-Source installation-bind9
安裝rpm包那麼方便,爲什麼要手動編譯bind9呢,因爲編譯安裝可以按照自己的需求拓展相應的模塊,可以增加軟件的靈活性哦~
how-Source installation-bind9
安裝編譯環境
編譯源碼通常都需要安裝Devel包等~~~
[root@server1 yum.repos.d]# yum groupinstall "Development Tools" "Server Platform Development"
創建系統用戶和組
[root@server1 bind-9.9.5]# groupadd -r -g 53 named
[root@server1 bind-9.9.5]# useradd -u 53 -g named named -r
注意:
-r, --system create a system account
源碼編譯三部曲
[root@server1 bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads
[root@server1 bind-9.9.5]# make && make install更改PATH環境變量,方便命令可在任何環境下執行
[root@server1 local]# vim /etc/profile.d/name.sh
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
[root@server1 local]# . /etc/profile.d/name.sh
[root@server1 local]# echo $PATH
/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/local/bind9/bin:
通知系統重讀庫文件(因爲bind庫文件爲靜態,所以這步可以省略)
[root@server1 lib]# pwd
/usr/local/bind9/lib
[root@server1 lib]# ls
libbind9.a libdns.a libisc.a libisccc.a libisccfg.a liblwres.a
[root@server1 lib]# cat /etc/ld.so.conf.d/name.conf
/usr/local/bind9/lib
[root@server1 lib]# ldconfig -v
鏈接頭文件所屬路徑
[root@server1 lib]# ln -sv /usr/local/bind9/include/ /usr/include/named
`/usr/include/named' -> `/usr/local/bind9/include/'
導出man文件所屬路徑
[root@server1 lib]# vim /etc/man.config
48 MANPATH /usr/local/bind9/share/man
編寫named.conf
[root@server1 named]# vim /etc/named/named.conf
options {
directory "/var/named";
};
zone "." IN{
type hint; #根域名解析
file "name.ca";
};
zone "localhost" IN { #localhost
type master;
file "localhost.zone";
allow-update {none;};
};
zone "0.0.127.in-addr.arpa" IN { #127.0.0.1的PTR
type master;
file "named.local";
allow-update {none; };
};
找一臺能上外網的主機,尋找根域名服務器,編寫named.ca
dig -t NS . @192.168.2.1 >/var/ftp/pub/docs/dns/named.ca
編寫本地區域解析文件
[root@server1 named]# vim named.local
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2017062101
1h
5m
7d
1d)
IN NS localhost.
1 IN PTR localhost.
[root@server1 named]# vim localhost.zone
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2017062101
1h
5m
7d
1d)
IN NS localhost.
localhost. IN A 127.0.0.1
更改權限信息
[root@server1 named]# chmod 640 /var/named/ -R
[root@server1 named]# chown named.named /var/named/ -R
[root@server1 named]# ls
localhost.zone name.ca named.local
必要的配置已經完成,讓我們來看看,bind9能否正常啓動
啓動 named
1.debug運行
將debug信息輸出到控制檯==,無報錯就是成功
[root@server1 named]# named -u named -f -g -d 3
22-Jun-2017 09:55:41.701 starting BIND 9.9.5 -u named -f -g -d 3
...
...
22-Jun-2017 09:55:41.793 zone_timer: zone D.F.IP6.ARPA/IN: enter
22-Jun-2017 09:55:41.793 zone_maintenance: zone D.F.IP6.ARPA/IN: enter
22-Jun-2017 09:55:41.793 zone_settimer: zone D.F.IP6.ARPA/IN: enter
2.後臺運行
[root@server1 named]# named -u named
配置rndc.key
[root@server1 ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
# -r 指明隨機數文件
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "dRB7GnWbWpYfvmf2/52ahg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "dRB7GnWbWpYfvmf2/52ahg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
根據提示信息,將rndc的key信息追加named.conf
```
vim /etc/named/named.conf
...
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "hVR73nDTM+opRcsa13kmdg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
檢驗rndc是否成功啓動
[root@server1 ~]# named -u named
[root@server1 ~]# ss -antlpu |grep 53
udp UNCONN 0 0 172.25.88.1:53 *:* users:(("named",2635,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2635,512))
udp UNCONN 0 0 172.25.88.1:53 *:* users:(("named",2629,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2629,512))
tcp LISTEN 0 10 172.25.88.1:53 *:* users:(("named",2629,21))
tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",2629,20))
tcp LISTEN 0 128 127.0.0.1:953 *:* users:(("named",2629,22))
[root@server1 ~]# rndc status
version: 9.9.5 <id:f9b8a50e>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
壓力測試
編譯安裝軟件
[root@server1 queryperf]# ./configure
[root@server queryperf]# make
[root@server queryperf]# cp queryperf /usr/local/bin/
[root@server1 queryperf]# pwd
/root/bind-9.9.5/contrib/queryperf
編寫測試文件
[root@server queryperf]# vim test
www.lalala.com A
pop3.lalala.com A
lmap4.lalala.com A
web.lalala.com A
lalala.com NS
lalala.com MX
www.lalala.com A
...
...
開始測試^-^
[root@server1 queryperf]# queryperf -d test
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 24684 queries
Queries completed: 24684 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.010893 sec
RTT min: 0.000838 sec
RTT average: 0.001360 sec
RTT std deviation: 0.000279 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jun 22 05:26:29 2017
Finished at: Thu Jun 22 05:26:31 2017
Ran for: 1.827324 seconds
Queries per second: 13508.277678 qps
#觀測性能指標:QPS-QPS每秒查詢率
注意: 開啓rndc querylog,性能會極大的產生影響
[root@server queryperf]# rndc querylog
[root@server queryperf]# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 202
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@server queryperf]# queryperf -d test
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 24684 queries
Queries completed: 24684 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.022877 sec
RTT min: 0.000623 sec
RTT average: 0.004682 sec
RTT std deviation: 0.002453 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jun 22 05:32:47 2017
Finished at: Thu Jun 22 05:32:53 2017
Ran for: 5.896463 seconds
Queries per second: 4186.238428 qps
可以看到打開querylog(查詢日誌),性能只有原來的3/1,所以一般情況下querylog爲關閉狀態