源码编译bind9
why-Source installation-bind9
安装rpm包那么方便,为什么要手动编译bind9呢,因为编译安装可以按照自己的需求拓展相应的模块,可以增加软件的灵活性哦~
how-Source installation-bind9
安装编译环境
编译源码通常都需要安装Devel包等~~~
[[email protected] yum.repos.d]# yum groupinstall "Development Tools" "Server Platform Development"
创建系统用户和组
[[email protected] bind-9.9.5]# groupadd -r -g 53 named[[email protected] bind-9.9.5]# useradd -u 53 -g named named -r 注意: -r, --system create a system account
源码编译三部曲[[email protected] bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads [[email protected] bind-9.9.5]# make && make install
更改PATH环境变量,方便命令可在任何环境下执行
[[email protected] local]# vim /etc/profile.d/name.shexport PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH [[email protected] local]# . /etc/profile.d/name.sh[[email protected] local]# echo $PATH/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/local/bind9/bin:
通知系统重读库文件(因为bind库文件为静态,所以这步可以省略)
[[email protected] lib]# pwd/usr/local/bind9/lib[[email protected] lib]# lslibbind9.a libdns.a libisc.a libisccc.a libisccfg.a liblwres.a[[email protected] lib]# cat /etc/ld.so.conf.d/name.conf/usr/local/bind9/lib[[email protected] lib]# ldconfig -v
链接头文件所属路径
[roo[email protected] lib]# ln -sv /usr/local/bind9/include/ /usr/include/named`/usr/include/named‘ -> `/usr/local/bind9/include/‘
导出man文件所属路径
[[email protected] lib]# vim /etc/man.config 48 MANPATH /usr/local/bind9/share/man
编写named.conf
[[email protected] named]# vim /etc/named/named.confoptions { directory "/var/named";};zone "." IN{ type hint; #根域名解析 file "name.ca";};
zone "localhost" IN { #localhost type master; file "localhost.zone"; allow-update {none;};};
zone "0.0.127.in-addr.arpa" IN { #127.0.0.1的PTR type master; file "named.local"; allow-update {none; };};
找一台能上外网的主机,寻找根域名服务器,编写named.ca
dig -t NS . @192.168.2.1 >/var/ftp/pub/docs/dns/named.ca
编写本地区域解析文件
[[email protected] named]# vim named.local$TTL 1d@ IN SOA localhost. admin.localhost. ( 2017062101 1h 5m 7d 1d) IN NS localhost.1 IN PTR localhost. [[email protected] named]# vim localhost.zone$TTL 1d@ IN SOA localhost. admin.localhost. ( 2017062101 1h 5m 7d 1d) IN NS localhost.localhost. IN A 127.0.0.1
更改权限信息
[[email protected] named]# chmod 640 /var/named/ -R[[email protected] named]# chown named.named /var/named/ -R[[email protected] named]# lslocalhost.zone name.ca named.local
必要的配置已经完成,让我们来看看,bind9能否正常启动
启动 named
1.debug运行将debug信息输出到控制台==,无报错就是成功 [[email protected] named]# named -u named -f -g -d 322-Jun-2017 09:55:41.701 starting BIND 9.9.5 -u named -f -g -d 3......22-Jun-2017 09:55:41.793 zone_timer: zone D.F.IP6.ARPA/IN: enter22-Jun-2017 09:55:41.793 zone_maintenance: zone D.F.IP6.ARPA/IN: enter22-Jun-2017 09:55:41.793 zone_settimer: zone D.F.IP6.ARPA/IN: enter 2.后台运行[[email protected] named]# named -u named
配置rndc.key
[[email protected] ~]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf # -r 指明随机数文件# Start of rndc.confkey "rndc-key" { algorithm hmac-md5; secret "dRB7GnWbWpYfvmf2/52ahg==";};
options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953;};# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:# key "rndc-key" {# algorithm hmac-md5;# secret "dRB7GnWbWpYfvmf2/52ahg==";# };# # controls {# inet 127.0.0.1 port 953# allow { 127.0.0.1; } keys { "rndc-key"; };# };# End of named.conf
根据提示信息,将rndc的key信息追加named.conf
```vim /etc/named/named.conf...# Use with the following in named.conf, adjusting the allow list as needed: key "rndc-key" { algorithm hmac-md5; secret "hVR73nDTM+opRcsa13kmdg=="; };
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };
检验rndc是否成功启动
[[email protected] ~]# named -u named [[email protected] ~]# ss -antlpu |grep 53udp UNCONN 0 0 172.25.88.1:53 *:* users:(("named",2635,513))udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2635,512))udp UNCONN 0 0 172.25.88.1:53 *:* users:(("named",2629,513))udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2629,512))tcp LISTEN 0 10 172.25.88.1:53 *:* users:(("named",2629,21))tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",2629,20))tcp LISTEN 0 128 127.0.0.1:953 *:* users:(("named",2629,22))[[email protected] ~]# rndc statusversion: 9.9.5 <id:f9b8a50e>CPUs found: 1worker threads: 1UDP listeners per interface: 1number of zones: 100debug level: 0xfers running: 0xfers deferred: 0soa queries in progress: 0query logging is OFFrecursive clients: 0/0/1000tcp clients: 0/100server is up and running
压力测试
编译安装软件
[[email protected] queryperf]# ./configure [[email protected] queryperf]# make[[email protected] queryperf]# cp queryperf /usr/local/bin/ [[email protected] queryperf]# pwd/root/bind-9.9.5/contrib/queryperf
编写测试文件
[[email protected] queryperf]# vim testwww.lalala.com A pop3.lalala.com A lmap4.lalala.com A web.lalala.com A lalala.com NS lalala.com MX www.lalala.com A ... ...
开始测试^-^
[[email protected] queryperf]# queryperf -d test DNS Query Performance Testing ToolVersion: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ [Status] Processing input data[Status] Sending queries (beginning with 127.0.0.1)[Status] Testing complete Statistics: Parse input file: once Ended due to: reaching end of file Queries sent: 24684 queries Queries completed: 24684 queries Queries lost: 0 queries Queries delayed(?): 0 queries RTT max: 0.010893 sec RTT min: 0.000838 sec RTT average: 0.001360 sec RTT std deviation: 0.000279 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Thu Jun 22 05:26:29 2017 Finished at: Thu Jun 22 05:26:31 2017 Ran for: 1.827324 seconds Queries per second: 13508.277678 qps #观测性能指标:QPS-QPS每秒查询率
注意: 开启rndc querylog,性能会极大的产生影响
[[email protected] queryperf]# rndc querylog[[email protected] queryperf]# rndc statusversion: 9.9.4-RedHat-9.9.4-14.el7 <id:8f9657aa>CPUs found: 1worker threads: 1UDP listeners per interface: 1number of zones: 202debug level: 0xfers running: 0xfers deferred: 0soa queries in progress: 0query logging is ONrecursive clients: 0/0/1000tcp clients: 0/100server is up and running
[[email protected] queryperf]# queryperf -d test DNS Query Performance Testing ToolVersion: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ [Status] Processing input data[Status] Sending queries (beginning with 127.0.0.1)[Status] Testing complete Statistics: Parse input file: once Ended due to: reaching end of file Queries sent: 24684 queries Queries completed: 24684 queries Queries lost: 0 queries Queries delayed(?): 0 queries RTT max: 0.022877 sec RTT min: 0.000623 sec RTT average: 0.004682 sec RTT std deviation: 0.002453 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Thu Jun 22 05:32:47 2017 Finished at: Thu Jun 22 05:32:53 2017 Ran for: 5.896463 seconds Queries per second: 4186.238428 qps
可以看到打开querylog(查询日志),性能只有原来的3/1,所以一般情况下querylog为关闭状态
DNS&BIND——源码编译bind9和DNS的压力测试
时间: 2024-10-24 00:49:04