1、安装开发环境
[[email protected] ~]# yum -y groupinstall "Server Platform Development" "Development tools"
2、编译安装bind
[[email protected] ~]# tar xf bind-9.10.6.tar.gz
[[email protected] ~]# cd bind-9.10.6
[[email protected] bind-9.10.6]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot
[[email protected] bind-9.10.6]# make && make install
3、创建主配置文件
[[email protected] ~]# cat /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
[[email protected] ~]#
4、创建区域数据文件
[[email protected] ~]# mkdir /var/named
[[email protected] ~]# dig -t NS . > /var/named/named.ca
[[email protected] ~]# cat /var/named/named.localhost
$TTL 600
@ IN SOA localhost. admin.localhost. (
20170911
2H
10M
7D
1D
)
IN NS localhost.
localhost. IN A 127.0.0.1
[[email protected] ~]#
[[email protected] ~]# cat /var/named/named.loopback
$TTL 600
@ IN SOA localhost. admin.localhost. (
20170911
2H
10M
7D
1D
)
IN NS localhost.
1 IN PTR localhost.
[[email protected] ~]#
5、配置rndc
[[email protected] ~]# /usr/local/bind9/sbin/rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
[[email protected] ~]# cat /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "zo//G59pEcQvMCb3k34joQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
[[email protected] ~]#
6、创建用户、修改权限、启动服务
[[email protected] ~]# groupadd -g 53 -r named
[[email protected] ~]# useradd -u 53 -g 53 -r named
[[email protected] ~]# chown root:named /etc/named/* /var/named/*
[[email protected] ~]# chown 640 /etc/named/* /var/named/*
[[email protected] ~]# echo ‘export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH‘ > /etc/profile.d/named.sh
[[email protected] ~]# source /etc/profile.d/named.sh
[[email protected] ~]# named-checkzone "localhost" /var/named/named.localhost
zone localhost/IN: loaded serial 20170911
OK
[[email protected] ~]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback
zone 0.0.127.in-addr.arpa/IN: loaded serial 20170911
OK
[[email protected] ~]# named -u named
[[email protected] ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 192.168.130.120:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
LISTEN 0 10 :::53 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:953 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 *:*
[[email protected] ~]#
7、配置服务脚本
[[email protected] ~]# cat /etc/rc.d/init.d/named
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
exit 0
fi
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockFile
return $RETVAL
else
rm -f $lockFile $pidFile
return 1
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
# exit 0
fi
echo -n "Stopping named:"
killproc named
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
return 0
else
echo "Cannot stop named."
failure
return 1
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
success
echo
else
echo -n "named is stopped..."
success
echo
fi
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit 4
;;
esac
[[email protected] ~]#
8、测试服务脚本
[[email protected] ~]# chmod +x /etc/rc.d/init.d/named
[[email protected] ~]# chkconfig --add named
[[email protected] ~]# chkconfig --list | grep named
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[[email protected] ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[[email protected] ~]# service named stop
Stopping named: [ OK ]
[[email protected] ~]# service named start
Starting named: [ OK ]
[[email protected] ~]# service named reload
Reloading named: [ OK ]
[[email protected] ~]#
bind性能测试(queryperf)
1、安装queryperf
[[email protected] ~]# cd /root/bind-9.10.6/contrib/queryperf
[[email protected] queryperf]# ./configure
[[email protected] queryperf]# make
[[email protected] queryperf]# cp queryperf /usr/bin/
2、配置区域数据文件
[[email protected] queryperf]# cat /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "zo//G59pEcQvMCb3k34joQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
zone "kaiyuandiantang.com" IN {
type master;
file "kaiyuandiantang.com.zone";
};
[[email protected] queryperf]#
3、配置数据库文件
[[email protected] queryperf]# cat /var/named/kaiyuandiantang.com.zone
$TTL 600
@ IN SOA ns1.kaiyuandiantang.com. admin.kaiyuandiantang.com. (
20170911
2H
10M
7D
1D
)
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.130.117
mail IN A 192.168.130.10
www IN A 192.168.130.20
pop IN CNAME mail
web IN CNAME www
* IN A 192.168.130.30
[[email protected] queryperf]#
4、生成测试文件
[[email protected] ~]# cat qureyperf.txt
kaiyuandiantang.com NS
kaiyuandiantang.com MX
ns1.kaiyuandiantang.com A
mail.kaiyuandiantang.com A
www.kaiyuandiantang.com A
pop.kaiyuandiantang.com CNAME
web.kaiyuandiantang.com CNAME
test1.kaiyuandiantang.com A
[[email protected] ~]#
5、bind性能测试
[[email protected] ~]# named-checkconf
[[email protected] ~]# named-checkzone kaiyuandiantang.com /var/named/kaiyuandiantang.com.zone
zone kaiyuandiantang.com/IN: loaded serial 20170911
OK
[[email protected] ~]# service named reload
Reloading named: [ OK ]
[[email protected] ~]#
[[email protected] ~]# queryperf -d qureyperf.txt -s 192.168.130.120
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 192.168.130.120)
[Timeout] Query timed out: msg id 1
[Timeout] Query timed out: msg id 2
[Timeout] Query timed out: msg id 3
[Timeout] Query timed out: msg id 4
[Timeout] Query timed out: msg id 5
[Timeout] Query timed out: msg id 6
[Timeout] Query timed out: msg id 7
[Timeout] Query timed out: msg id 8
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 8 queries
Queries completed: 8 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: -1.000000 sec
RTT min: -1.000000 sec
RTT average: 0.000000 sec
RTT std deviation: 0.000000 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Sep 7 15:41:49 2017
Finished at: Thu Sep 7 15:41:54 2017
Ran for: 5.000128 seconds
Queries per second: 1.599959 qps
[[email protected] ~]#