编译安装bind-9.9.5及测试

rgewr2

编译安装bind-9.9.5

环境：Development Tools和Server Platform Development

1 2	[iyunv@school ~]# tar xf bind-9.9.5.tar.gz   #解压 [iyunv@school ~]# cd bind-9.9.5               #进入目录

应该以普通用户运行，所以创建普通用户

1 2 3 4 5 6 7 8 9 10 11 12 13

[iyunv@school bind-9.9.5]# id named   #查看named用户是否存在 id: named: No such user [iyunv@school bind-9.9.5]# groupadd -r -g 53 named   #创建named组 [iyunv@school bind-9.9.5]# useradd -g named -r -u 53 named   #创建named用户 [iyunv@school bind-9.9.5]# id named   #查看named用户信息 uid=53(named) gid=53(named) groups=53(named) 编译安装 [iyunv@school bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6    [iyunv@school bind-9.9.5]# make && make install 选项： --enable-threads   #启用多线程功能 --disable-chroot   #不启用chroot功能 --disable-ipv6     #不启用ipv6

bind客户端工具：bind-libs,bind-utils在安装目录下bin下

定义环境变量：

1 2 3 4 5

[iyunv@school bind9]# vim /etc/profile.d/bind.sh export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH [iyunv@school bind9]# . /etc/profile.d/bind.sh [iyunv@school bind9]# dig -v DiG 9.9.5

导出MAN文档：

1 2	[iyunv@school named]# vim /etc/man.config MANPATH /usr/local/bind9/share/man

导出头文件
如果基于软件进行二次开发，则需要导出头文件和库文件。但named不需要。
导出库文件

1 2 3

[iyunv@school bind9]# ls lib libbind9.a  libdns.a  libisc.a  libisccc.a  libisccfg.a  liblwres.a 由于都是静态库，所以不用导出，否则需要编辑/etc/ld.so.conf.d/bind9.conf文件写入库目录

配置文件：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[iyunv@school ~]# cd /etc/named [iyunv@school named]# vim named.conf options {         directory "/var/named";   #区域文件所在目录         recursion yes;            #是否允许递归 }; zone "localhost" IN {                           type master;         file "localhost.zone";         allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN {         type master;         file "127.0.0.zone";         allow-update { none; }; };

更改属主属组

1 2 3 4 5 6 7 8 9

[iyunv@school named]# chown root:named named.conf [iyunv@school named]# chmod 640 named.conf [iyunv@school named]# mkdir /var/named/slaves -pv mkdir: created directory `/var/named' mkdir: created directory `/var/named/slaves' [iyunv@school named]# chown root:named /var/named [iyunv@school named]# chown named:named /var/named/slaves/ [iyunv@school named]# chmod 750 /var/named [iyunv@school named]# chmod 770 /var/named/slaves/

提供ca文件

1	[iyunv@school named]# dig -t NS . @a.root-servers.net > /var/named/named.ca

创建正反向解析文件：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[iyunv@school named]# vim localhost.zone $TTL 86400 @       IN      SOA     localhost.      admin.localhost. (                                 2015072301                                 3H                                 15M                                 7D                                 1D )         IN      NS      localhost.         IN      A       127.0.0.1 [iyunv@school named]# vim 127.0.0.zone $TTL 86400 @       IN      SOA     localhost.      admin.localhost. (                                 2015072301                                 3H                                 15M                                 7D                                 1D )         IN      NS      localhost.         IN      PTR     localhost.

更改属主属组

1 2 3 4 5 6 7 8

[iyunv@school named]# chgrp named 127.0.0.zone localhost.zone named.ca [iyunv@school named]# chmod 640 127.0.0.zone localhost.zone named.ca [iyunv@school named]# ll total 16 -rw-r-----. 1 root  named  133 Jul 23 19:50 127.0.0.zone -rw-r-----. 1 root  named  129 Jul 23 19:48 localhost.zone -rw-r-----. 1 root  named 2177 Jul 23 19:45 named.ca drwxrwx---. 2 named named 4096 Jul 23 19:39 slaves

检查配置文件、区域文件语法错误

1 2 3 4 5 6 7

[iyunv@school named]# named-checkconf /etc/named/named.conf [iyunv@school named]# named-checkzone "localhost" /var/named/localhost.zone zone localhost/IN: loaded serial 20150723 OK [iyunv@school named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone zone 0.0.127.in-addr.arpa/IN: loaded serial 20150723 OK

启动

1	[iyunv@school named]# named -g -u named -c /etc/named/named.conf

添加区域解析库文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[iyunv@school named]# vim /etc/named/named.conf zone "school.com" IN {         type master;         file "school.com.zone";         allow-transfer {192.168.0.0/24; 127.0.0.1; };         allow-update { none; }; }; [iyunv@school named]# vim /var/named/school.com.zone $TTL 3600 @       IN      SOA     ns.school.com.  admin.school.com. (                         2015072301                         1H                         10M                         7D                         1D )         IN      NS      ns ns      IN      A       192.168.0.9 www      IN      A       192.168.0.15

更改属主属组

1 2	[iyunv@school named]# chown :named school.com.zone [iyunv@school named]# chmod 640 school.com.zone

启动
[iyunv@school named]# named -u named -c /etc/named/named.conf
[iyunv@school named]# ss -tunl



重启后测试

1 2 3 4 5 6 7 8 9 10 11

[iyunv@school named]# dig -t A www.school.com @192.168.0.9 ; <<>> DiG 9.9.5 <<>> -t A www.school.com @192.168.0.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53521 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.school.com.INA ;; ANSWER SECTION:

生成rndc

1 2 3 4 5 6 7 8 9 10 11 12 13

[iyunv@school named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf [iyunv@school named]# cat /etc/named/rndc.conf 添加rndc信息 [iyunv@school named]# vim /etc/named/named.conf key "rndc-key" {         algorithm hmac-md5;         secret "tXqZXfssZ1HPhn28T+GhUA=="; };    controls {         inet 127.0.0.1 port 953                 allow { 127.0.0.1; } keys { "rndc-key"; }; };

重读配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

[iyunv@school named]# killall -HUP named [iyunv@school named]# rndc reload server reload successful [iyunv@school named]# rndc status version: 9.9.5 <id:f9b8a50e> CPUs found: 4 worker threads: 4 UDP listeners per interface: 4 number of zones: 101 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running

改属主属组

1 2	[iyunv@school named]# chmod 440 rndc.conf [iyunv@school named]# chgrp named rndc.conf

提供脚本

/etc/rc.d/init.d/functions函数很经典，应该多读

压力测试
bind-9.9.5/contrib/queryperf

编译
./configure
make不用make install
cp queryperf /usr/bin安装成功

建立一个测试文件
格式

1 2 3

ns.school.com A mail.school.com A pop.school.com A

测试

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

[iyunv@school ~]# queryperf -d test.txt -s 192.168.0.9 DNS Query Performance Testing Tool Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ [Status] Processing input data [Status] Sending queries (beginning with 192.168.0.9) [Status] Testing complete Statistics:   Parse input file:     once   Ended due to:         reaching end of file   Queries sent:         257664 queries   Queries completed:    257664 queries   Queries lost:         0 queries   Queries delayed(?):   0 queries   RTT max:          0.019282 sec   RTT min:              0.000038 sec   RTT average:          0.000383 sec   RTT std deviation:    0.000590 sec   RTT out of range:     0 queries   Percentage completed: 100.00%   Percentage lost:        0.00%   Started at:           Thu Jul 23 22:13:32 2015   Finished at:          Thu Jul 23 22:13:39 2015   Ran for:              6.266114 seconds   Queries per second:   41120.222198 qps