标签:
DNS主从服务,子域授权,view视图,日志系统,压力测试
DNS性能测试工具queryperfDNS查询过程:
DNS主从建立:
环境:
主服务器:10.140.165.93
从服务器:10.140.165.169
关闭防火墙,关闭selinux.
主服务器建立:
[root@cnhzdhcp16593 ~]# yum -y install bind-util bind #安装bind服务
[root@cnhzdhcp16593 ~]# vim /etc/named.conf #编辑主配置文件
options {
directory "/var/named";
allow-recursion { 10.140.165.0/24; }; #定义递归的网段;
notify yes; #开启通知功能;
};
zone "." IN { #定义根域
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; }; #定义不允许区域传送;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; }; #定义不允许区域传送;
};
zone "izyno.com" IN { #定义正向解析服务
type master;
file "izyno.com.zone";
allow-transfer { 10.140.165.169; }; #只允许从DNS传送
};
zone "165.140.10.in-addr.arpa" IN { #定义反向解析;
type master;
file "165.140.10.zone";
allow-transfer { 10.140.165.169; }; #只允许从DNS传送;
};
定义正向,反向区域文件:
[root@cnhzdhcp16593 named]# cd /var/named/
[root@cnhzdhcp16593 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@cnhzdhcp16593 named]# vim izyno.com.zone #编辑正向区域
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201
3H
10M
1D
2D )
@ IN NS ns1 #定义主机记录 ---NS(Name Server)记录是域名服务器记录,用来指定该域名由哪个DNS服务器来进行解析。
@ IN NS ns2 #从服务器主机记录
@ IN MX 10 mail #邮件主机记录
ns1 IN A 10.140.165.93 #定义A记录
ns2 IN A 10.140.165.169 #从服务器A记录
mail IN A 10.140.165.90
www IN A 10.140.165.91
www IN A 10.140.165.92
ftp IN CNAME www #定义别名
注释:时间单位:M(分钟) H(小时) D(天) W(周) ,默认单位是秒。 邮箱格式:admin.izyno.com 不能使用@,@有特殊意义。
[root@cnhzdhcp16593 named]# vim 165.140.10.zone #编辑反向区域文件
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201
3H
10M
1D
2D )
@ IN NS ns1.izyno.com.
@ IN NS ns2.izyno.com.
93 IN PTR ns1.izyno.com.
169 IN PTR ns2.izyno.com.
91 IN PTR www.izyno.com.
92 IN PTR www.izyno.com.
[root@cnhzdhcp16593 named]# ll
total 36
-rw-r--r--. 1 root root 242 Oct 12 20:59 165.140.10.zone
drwxrwx---. 2 named named 4096 Sep 28 18:54 data
drwxrwx---. 2 named named 4096 Sep 28 18:54 dynamic
-rw-r--r--. 1 root root 275 Oct 12 20:43 izyno.com.zone
[root@cnhzdhcp16593 named]# chmod 640 * #设置权限
[root@cnhzdhcp16593 named]# chown root.named * #设置属主属组
[root@cnhzdhcp16593 named]# named-checkzone "165.140.10.in-addr.apar" /var/named/165.140.10.zone #测试反向区域配置是否正确
zone 165.140.10.in-addr.apar/IN: loaded serial 2016101201
OK
[root@cnhzdhcp16593 named]# named-checkzone "izyno.com.zone" /var/named/izyno.com.zone #测试反向区域配置文件是否正确
zone izyno.com.zone/IN: loaded serial 2016101201
OK
[root@cnhzdhcp16593 named]#named-checkconfig #测试主配置文件配置是否正确.
[root@cnhzdhcp16593 named]# service named restart #重启
Stopping named: [ OK ]
Starting named: [ OK ]
[root@cnhzdhcp16593 named]# tail /var/log/messages #查看日志
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: loaded serial 2016101201
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: loaded serial 2016101201
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone localhost/IN: loaded serial 0
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: running
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201)
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: sending notifies (serial 2016101201)
从服务器建立: 10.140.165.169
[root@localhost ~]# yum -y install bind-utils bind
[root@localhost ~]# vim /etc/named.conf #编辑主配置文件.
options {
directory "/var/named";
allow-recursion { 10.140.165.0/24; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "izyno.com" IN {
type slave; #指定为从服务器dns
file "slaves/izyno.com.zone"; #指定区域文件地址;
masters { 10.140.165.93; }; #指定主服务器dns地址;
allow-transfer { none; }; #为了安全,不允许任何人传送;
};
zone "165.140.10.in-addr.arpa" IN { #反向从
type slave;
file "slaves/165.140.10.zone";
masters { 10.140.165.93; };
allow-transfer { none; };
};
[root@localhost ~]# ll /etc/named.conf #文件属主属组必须是root.named,权限为640
-rw-r----- 1 root named 952 Oct 12 13:25 /etc/named.conf
[root@cnhzdhcp16593 named]# service named restart #重启服务
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@cnhzdhcp16593 named]# cat /var/log/messages #查看日志
managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
如果出现以上错误在named下新建:
[root@cnhzdhcp16593 named]# touch managed-keys.bind
[root@localhost slaves]# ls #查看是否同步成功
165.140.10.zone izyno.com.zone
165.140.10.in-addr.arpa IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
$ORIGIN 165.140.10.in-addr.arpa.
169 PTR ns2.izyno.com.
91 PTR www.izyno.com.
92 PTR www.izyno.com.
93 PTR ns1.izyno.com.
[root@localhost slaves]# cat izyno.com.zone
$ORIGIN .
$TTL 300 ; 5 minutes
izyno.com IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
MX 10 mail.izyno.com.
$ORIGIN izyno.com.
ftp CNAME www
mail A 10.140.165.90
ns1 A 10.140.165.93
ns2 A 10.140.165.169
www A 10.140.165.91
A 10.140.165.92
添加主服务器正向记录,查看是否通知从服务器:
[root@cnhzdhcp16593 named]# cat izyno.com.zone | grep bbs
bbs IN A 10.140.165.94
[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: loaded serial 2016101202
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone localhost/IN: loaded serial 0
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: running
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201)
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: sending notifies (serial 2016101202)
Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started
Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended
查看从服务器区域文件:
[root@localhost slaves]# cat izyno.com.zone
$ORIGIN .
$TTL 300 ; 5 minutes
izyno.com IN SOA ns1.izyno.com. admin.izyno.com. (
2016101202 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
MX 10 mail.izyno.com.
$ORIGIN izyno.com.
bbs A 10.140.165.94
ftp CNAME www
mail A 10.140.165.90
ns1 A 10.140.165.93
ns2 A 10.140.165.169
www A 10.140.165.91
A 10.140.165.92
添加主服务器反向记录,查看是否通知从服务器:
[root@cnhzdhcp16593 named]# cat 165.140.10.zone | grep 90
90 IN PTR mail.izyno.com.
[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101202
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone localhost/IN: loaded serial 0
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: running
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202)
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101202)
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR started
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR ended
查看从服务器同步记录:
[root@localhost slaves]# cat 165.140.10.zone
$ORIGIN .
$TTL 300 ; 5 minutes
165.140.10.in-addr.arpa IN SOA ns1.izyno.com. admin.izyno.com. (
2016101202 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
$ORIGIN 165.140.10.in-addr.arpa.
169 PTR ns2.izyno.com.
90 PTR mail.izyno.com.
91 PTR www.izyno.com.
92 PTR www.izyno.com.
93 PTR ns1.izyno.com.
子域授权:
环境:
主服务器:10.140.165.93
从服务器:10.140.165.160
子域服务器:10.140.164.184
编辑主服务器配置文件,添加子域NS和A记录:
cache IN NS ns1.cache
51cache IN NS ns1.cache
ns1.cache IN A 10.140.165.95
ns1.51cache IN A 10.140.165.96
[root@cnhzdhcp16593 named]# service named reload
Reloading named: [ OK ]
[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: Warning: ‘empty-zones-enable/disable-empty-zone‘ not set: disabling RFC 1918 empty zones
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading configuration succeeded
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading zones succeeded
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101203
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101203)
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended
配置子域DNS服务器:
配置主配置文件:
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "cache.izyno.com" IN { #添加cache子域
type master;
file "cache.izyno.com.zone";
allow-transfer { none; };
};
zone "51cache.izyno.com" IN { #添加51cache子域
type master;
file "51cache.izyno.com.zone";
allow-transfer { none; };
};
添加子域区域文件:
[root@localhost named]# cat /var/named/cache.izyno.com.zone
$TTL 300
@ IN SOA ns1.cache.izyno.com. admin.cache.izyno.com. (
2016101201
3H
10M
1D
2D )
@ IN NS ns1
ns1 IN A 10.140.164.184
www IN A 10.140.164.185
bbs IN A 10.140.164.186
注:权限为640,属主root属组named
测试:
主服务器测试:
[root@cnhzdhcp16593 named]# dig -t A www.cache.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64774
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.cache.izyno.com. IN A
;; ANSWER SECTION:
www.cache.izyno.com. 300 IN A 10.140.164.185
;; AUTHORITY SECTION:
cache.izyno.com. 300 IN NS ns1.cache.izyno.com.
;; ADDITIONAL SECTION:
ns1.cache.izyno.com. 300 IN A 10.140.164.184
;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 01:21:49 2016
;; MSG SIZE rcvd: 87
在子域添加父域解析:
[root@localhost named]# tail -5 /etc/named.conf
options {
directory "/var/named";
allow-recursion { any; }; #可以结合上面的选项设置成对自身的客户机允许递归,但对外查询禁止递归
recursion yes; #指定named是否代表客户机查询其它名字服务器。
};
zone "izyno.com" IN {
type forward; #区域的转发类型
forward first; #only表示仅转发 ;first表示先进行转发,如果没查询到结果,那么它自己还会根据根提示向外迭代查询
forwarders { 10.140.165.93; }; #指定转发器是谁.
};
在父域测试:
[root@cnhzdhcp16593 named]# dig -t A www.cache.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30533
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.cache.izyno.com. IN A
;; ANSWER SECTION:
www.cache.izyno.com. 300 IN A 10.140.164.185
;; AUTHORITY SECTION:
cache.izyno.com. 300 IN NS ns1.cache.izyno.com.
;; ADDITIONAL SECTION:
ns1.cache.izyno.com. 300 IN A 10.140.164.184
;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 17:29:35 2016
;; MSG SIZE rcvd: 87
在从域测试:
[root@localhost slaves]# dig -t A www.cache.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60515
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION: 问题段
;www.cache.izyno.com. IN A
;; ANSWER SECTION: 答案段
www.cache.izyno.com. 300 IN A 10.140.164.185
;; AUTHORITY SECTION: 权威答案
cache.izyno.com. 300 IN NS ns1.cache.izyno.com.
;; ADDITIONAL SECTION: 补充权威DNS的A记录
ns1.cache.izyno.com. 300 IN A 10.140.164.184
;; Query time: 1 msec
;; SERVER: 10.140.165.169#53(10.140.165.169)
;; WHEN: Thu Oct 13 09:37:48 2016
;; MSG SIZE rcvd: 87
rndc控制
[root@cnhzdhcp16593 named]# rndc-confgen > /etc/rndc.conf #生成rndc配置文件.
[root@cnhzdhcp16593 named]# tail /etc/named.conf #将rndc.conf文件后半段追加到named.conf.可以看到已经追加.
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "gfyHFoLk5hOynTKpYKy0MA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#End of named.conf
[root@cnhzdhcp16593 named]# rm -rf /etc/rndc.key #删除系统自带的key
[root@cnhzdhcp16593 named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@cnhzdhcp16593 named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1
CPUs found: 4
worker threads: 4
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@cnhzdhcp16593 named]# rndc flush
[root@cnhzdhcp16593 named]# rndc notify "izyno.com."
zone notify queued
[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: running
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204)
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202)
Oct 13 17:52:06 cnhzdhcp16593 named[27535]: received control channel command ‘flush‘
Oct 13 17:52:06 cnhzdhcp16593 named[27535]: flushing caches in all views succeeded
Oct 13 17:52:19 cnhzdhcp16593 named[27535]: received control channel command ‘notify izyno.com.‘
Oct 13 17:52:19 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204)
[root@cnhzdhcp16593 named]# rndc stop
[root@cnhzdhcp16593 named]# netstat -tunlp | grep "53"
udp 0 0 :::53400 :::* 14866/rpc.mountd
[root@cnhzdhcp16593 named]# service named start
Starting named: [ OK ]
[root@cnhzdhcp16593 named]# netstat -tunlp | grep "53"
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 27594/named
tcp 0 0 10.140.165.93:53 0.0.0.0:* LISTEN 27594/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27594/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27594/named
udp 0 0 192.168.1.1:53 0.0.0.0:* 27594/named
udp 0 0 10.140.165.93:53 0.0.0.0:* 27594/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 27594/named
udp 0 0 :::53400 :::* 14866/rpc.mountd
DNS视图及其日志系统
dns服务器地址:10.140.165.93
编辑named.conf文件:
acl net { #定义acl表,可以添加网段单独的IP地址
10.140.165.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { net; }; #允许递归
};
view lian { #定义视图
match-clients { net; }; #定义那些客户访问
zone "izyno.com" IN
type master;
file "lian.izyno.com.zone";
};
};
view dian {
match-clients { any; };
zone "izyno.com" IN
type master;
file "dian.izyno.com.zone";
};
};
[root@cnhzdhcp16593 named]# named-checkconf
[root@cnhzdhcp16593 named]# chown root.named /etc/named.conf
[root@cnhzdhcp16593 named]# chmod 640 /etc/named.conf
定义区域文件:
[root@cnhzdhcp16593 named]# cat lian.izyno.com.zone
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101302
3H
10M
1D
1D )
@ IN NS ns1
ns1 IN A 10.140.165.93
www IN A 192.168.0.2
shell IN A 192.169.0.3
[root@cnhzdhcp16593 named]# cat dian.izyno.com.zone
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101301
3H
10M
1D
1D )
@ IN NS ns1
ns1 IN A 10.140.165.93
www IN A 192.168.0.1
shell IN A 192.169.0.2
测试:
在165主机测试:
[root@localhost named]# dig -t A www.izyno.com @10.140.165.93
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com @10.140.165.93
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.izyno.com. IN A
;; ANSWER SECTION:
www.izyno.com. 300 IN A 192.168.0.2
;; AUTHORITY SECTION:
izyno.com. 300 IN NS ns1.izyno.com.
;; ADDITIONAL SECTION:
ns1.izyno.com. 300 IN A 10.140.165.93
;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 10:45:18 2016
;; MSG SIZE rcvd: 81
在164网段测试:
[root@localhost named]# dig -t A www.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36363
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.izyno.com. IN A
;; ANSWER SECTION:
www.izyno.com. 300 IN A 192.168.0.1
;; AUTHORITY SECTION:
izyno.com. 300 IN NS ns1.izyno.com.
;; ADDITIONAL SECTION:
ns1.izyno.com. 300 IN A 10.140.165.93
;; Query time: 0 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 10:46:44 2016
;; MSG SIZE rcvd: 81
定义日志系统:
~]# vim /etc/named.conf
[root@soysauce ~]# cat /etc/named.conf
acl innet {
172.16.0.0/16;
};
options {
directory "/var/named";
allow-recursion { innet; };
querylog yes;
};
logging { # 增加日志系统配置
channel query_log {
file "/var/log/named/bind_query.log" versions 3 size 10M;
severity dynamic; # 日志级别
print-category yes; # 日志中显示日志来源,即记录了哪一类日志
print-time yes; # 日志中显示时间
print-severity yes; # 日志中显示记录的日志级别
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 3 size 10M;
severity debug 3;
print-category yes;
print-time yes;
print-severity yes;
};
category xfer-out { xfer_log; }; # 记录传送日志
category queries { query_log; }; # 记录查询日志
};
view telecom {
match-clients { innet; };
zone "soysauce.com" IN {
type master;
file "telecom.soysauce.com.zone";
};
};
view unicom {
match-clients { any; };
zone "soysauce.com" IN {
type master;
file "unicom.soysauce.com.zone";
};
};
[root@soysauce ~]# mkdir /var/log/named
[root@soysauce ~]# chown named.named /var/log/named # 修改属主属组为named,否则无法写入日志
[root@soysauce ~]# mkdir /var/log/named
[root@soysauce ~]# chown named.named /var/log/named
[root@soysauce ~]# named-checkconf
[root@soysauce ~]# service named reload
Reloading named: [ OK ]
[root@soysauce ~]# !dig # 本次发起一次查询
dig -t A www.soysauce.com.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.soysauce.com. IN A
;; ANSWER SECTION:
www.soysauce.com. 86400 IN A 172.16.1.110
;; AUTHORITY SECTION:
soysauce.com. 86400 IN NS ns1.soysauce.com.
;; ADDITIONAL SECTION:
ns1.soysauce.com. 86400 IN A 172.16.1.111
;; Query time: 34 msec
;; SERVER: 172.16.1.111#53(172.16.1.111)
;; WHEN: Fri Dec 11 21:21:14 2015
;; MSG SIZE rcvd: 84
[root@CentOS5 ~]# dig -t A www.soysauce.com. @172.16.1.111 # 另外一台主机发起一次查询
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.soysauce.com. @172.16.1.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.soysauce.com. IN A
;; ANSWER SECTION:
www.soysauce.com. 86400 IN A 172.16.1.110
;; AUTHORITY SECTION:
soysauce.com. 86400 IN NS ns1.soysauce.com.
;; ADDITIONAL SECTION:
ns1.soysauce.com. 86400 IN A 172.16.1.111
;; Query time: 8 msec
;; SERVER: 172.16.1.111#53(172.16.1.111)
;; WHEN: Fri Dec 11 20:43:35 2015
;; MSG SIZE rcvd: 84
[root@soysauce ~]# cat /var/log/named/bind_query.log # 可以看到查询日志已然生成
11-Dec-2015 21:21:14.608 queries: info: client 172.16.1.111#48637: view telecom: query: www.soysauce.com IN A + (172.16.1.111)
11-Dec-2015 21:23:12.112 queries: info: client 172.16.1.110#50474: view telecom: query: www.soysauce.com IN A + (172.16.1.111)
[root@node1 ~]# dig -t axfr soysauce.com. @172.16.1.111 # 另外一台主机发起区域传送
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. @172.16.1.111
;; global options: +cmd
soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400
soysauce.com. 86400 IN NS ns1.soysauce.com.
bbs.soysauce.com. 86400 IN A 172.16.1.112
ns1.soysauce.com. 86400 IN A 172.16.1.111
www.soysauce.com. 86400 IN A 172.16.1.110
soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400
;; Query time: 41 msec
;; SERVER: 172.16.1.111#53(172.16.1.111)
;; WHEN: Sat Dec 12 16:48:46 2015
;; XFR size: 6 records (messages 1, bytes 182)
[root@soysauce ~]# tail /var/log/named/transfer.log # 可以看到传送日志已然生成
11-Dec-2015 21:42:54.416 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR started
11-Dec-2015 21:42:54.418 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR ended
DNS性能测试工具queryperf
[root@soysauce tmp]# ll
total 10964
-rw-r--r-- 1 root root 8471531 Dec 12 2015 bind-9.10.2-P4.tar.gz
[root@soysauce tmp]# tar xf bind-9.10.2-P4.tar.gz
[root@soysauce tmp]# ls
bind-9.10.2-P4 bind-9.10.2-P4.tar.gz
[root@soysauce tmp]# cd bind-9.10.2-P4/contrib
[root@soysauce contrib]# ls
dane dlz idn nslint-3.0a2 perftcpdns query-loc-0.4.0 queryperf README scripts sdb zkt-1.1.3
[root@soysauce contrib]# cd queryperf/
[root@soysauce queryperf]# ls
config.h.in configure configure.in input Makefile.in missing queryperf.c README utils
[root@soysauce queryperf]# ./configure
checking for gcc... no
checking for cc... no
checking for cl.exe... no
configure: error: in `/tmp/bind-9.10.2-P4/contrib/queryperf‘:
configure: error: no acceptable C compiler found in $PATH
See `config.log‘ for more details
[root@soysauce queryperf]# yum install -y gcc make # 安装gcc、make编译工具
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirrors.opencas.cn
Setting up Install Process
Package 1:make-3.81-20.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.4.7-16.el6 will be installed
--> Processing Dependency: libgomp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: cpp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: libgcc >= 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-16.el6.x86_64
--> Running transaction check
---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed
--> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64
--> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64
---> Package cpp.x86_64 0:4.4.7-16.el6 will be installed
--> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-16.el6.x86_64
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.3 will be installed
--> Processing Dependency: glibc-headers = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64
--> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.166.el6_7.3.x86_64
---> Package libgcc.x86_64 0:4.4.7-4.el6 will be updated
---> Package libgcc.x86_64 0:4.4.7-16.el6 will be an update
---> Package libgomp.x86_64 0:4.4.7-16.el6 will be installed
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.132.el6 will be updated
--> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-common-2.12-1.132.el6.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.3 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.166.el6_7.3.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.166.el6_7.3.x86_64
---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed
---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.132.el6 will be updated
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be an update
---> Package kernel-headers.x86_64 0:2.6.32-573.8.1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Installing:
gcc x86_64 4.4.7-16.el6 base 10 M
Installing for dependencies:
cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k
cpp x86_64 4.4.7-16.el6 base 3.7 M
glibc-devel x86_64 2.12-1.166.el6_7.3 updates 986 k
glibc-headers x86_64 2.12-1.166.el6_7.3 updates 615 k
kernel-headers x86_64 2.6.32-573.8.1.el6 updates 3.9 M
libgomp x86_64 4.4.7-16.el6 base 134 k
mpfr x86_64 2.4.1-6.el6 base 157 k
ppl x86_64 0.10.2-11.el6 base 1.3 M
Updating for dependencies:
glibc x86_64 2.12-1.166.el6_7.3 updates 3.8 M
glibc-common x86_64 2.12-1.166.el6_7.3 updates 14 M
libgcc x86_64 4.4.7-16.el6 base 103 k
Transaction Summary
========================================================================================================================================
Install 9 Package(s)
Upgrade 3 Package(s)
Total download size: 39 M
Downloading Packages:
(1/12): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00
(2/12): cpp-4.4.7-16.el6.x86_64.rpm | 3.7 MB 00:03
(3/12): gcc-4.4.7-16.el6.x86_64.rpm | 10 MB 00:09
(4/12): glibc-2.12-1.166.el6_7.3.x86_64.rpm | 3.8 MB 00:03
(5/12): glibc-common-2.12-1.166.el6_7.3.x86_64.rpm | 14 MB 00:13
(6/12): glibc-devel-2.12-1.166.el6_7.3.x86_64.rpm | 986 kB 00:00
(7/12): glibc-headers-2.12-1.166.el6_7.3.x86_64.rpm | 615 kB 00:00
(8/12): kernel-headers-2.6.32-573.8.1.el6.x86_64.rpm | 3.9 MB 00:03
(9/12): libgcc-4.4.7-16.el6.x86_64.rpm | 103 kB 00:00
(10/12): libgomp-4.4.7-16.el6.x86_64.rpm | 134 kB 00:00
(11/12): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00
(12/12): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00
----------------------------------------------------------------------------------------------------------------------------------------
Total 1.0 MB/s | 39 MB 00:38
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : libgcc-4.4.7-16.el6.x86_64 1/15
Updating : glibc-2.12-1.166.el6_7.3.x86_64 2/15
Updating : glibc-common-2.12-1.166.el6_7.3.x86_64 3/15
Installing : libgomp-4.4.7-16.el6.x86_64 4/15
Installing : mpfr-2.4.1-6.el6.x86_64 5/15
Installing : cpp-4.4.7-16.el6.x86_64 6/15
Installing : ppl-0.10.2-11.el6.x86_64 7/15
Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 8/15
Installing : kernel-headers-2.6.32-573.8.1.el6.x86_64 9/15
Installing : glibc-headers-2.12-1.166.el6_7.3.x86_64 10/15
Installing : glibc-devel-2.12-1.166.el6_7.3.x86_64 11/15
Installing : gcc-4.4.7-16.el6.x86_64 12/15
Cleanup : glibc-2.12-1.132.el6.x86_64 13/15
Cleanup : glibc-common-2.12-1.132.el6.x86_64 14/15
Cleanup : libgcc-4.4.7-4.el6.x86_64 15/15
Verifying : glibc-devel-2.12-1.166.el6_7.3.x86_64 1/15
Verifying : libgomp-4.4.7-16.el6.x86_64 2/15
Verifying : glibc-headers-2.12-1.166.el6_7.3.x86_64 3/15
Verifying : gcc-4.4.7-16.el6.x86_64 4/15
Verifying : mpfr-2.4.1-6.el6.x86_64 5/15
Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 6/15
Verifying : kernel-headers-2.6.32-573.8.1.el6.x86_64 7/15
Verifying : cpp-4.4.7-16.el6.x86_64 8/15
Verifying : glibc-common-2.12-1.166.el6_7.3.x86_64 9/15
Verifying : glibc-2.12-1.166.el6_7.3.x86_64 10/15
Verifying : ppl-0.10.2-11.el6.x86_64 11/15
Verifying : libgcc-4.4.7-16.el6.x86_64 12/15
Verifying : glibc-2.12-1.132.el6.x86_64 13/15
Verifying : glibc-common-2.12-1.132.el6.x86_64 14/15
Verifying : libgcc-4.4.7-4.el6.x86_64 15/15
Installed:
gcc.x86_64 0:4.4.7-16.el6
Dependency Installed:
cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-16.el6 glibc-devel.x86_64 0:2.12-1.166.el6_7.3
glibc-headers.x86_64 0:2.12-1.166.el6_7.3 kernel-headers.x86_64 0:2.6.32-573.8.1.el6 libgomp.x86_64 0:4.4.7-16.el6
mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6
Dependency Updated:
glibc.x86_64 0:2.12-1.166.el6_7.3 glibc-common.x86_64 0:2.12-1.166.el6_7.3 libgcc.x86_64 0:4.4.7-16.el6
Complete!
[root@soysauce queryperf]# ./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for library containing res_mkquery... no
checking for library containing __res_mkquery... -lresolv
checking for library containing res_9_mkquery... no
checking for socket in -lsocket... no
checking for inet_ntoa in -lnsl... yes
checking for gethostbyname2... yes
checking for getaddrinfo... yes
checking for getnameinfo... yes
checking for socklen_t... yes
checking for sa_len... no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
[root@soysauce queryperf]# make
gcc -DHAVE_CONFIG_H -c queryperf.c
gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf
[root@soysauce queryperf]# ls
config.h config.log configure input Makefile.in queryperf queryperf.o utils
config.h.in config.status configure.in Makefile missing queryperf.c README
[root@soysauce queryperf]# cp queryperf /bin/
2、使用queryperf进行性能测试
[root@soysauce queryperf]# cd /var/named/
[root@soysauce named]# vim test.named
[root@soysauce named]# queryperf -d test.named -s 172.16.1.111
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 172.16.1.111)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 5 queries
Queries completed: 5 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.001431 sec
RTT min: 0.000060 sec
RTT average: 0.000910 sec
RTT std deviation: 0.000472 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Sat Dec 12 00:15:35 2015
Finished at: Sat Dec 12 00:15:35 2015
Ran for: 0.001507 seconds
Queries per second: 3317.850033 qps # 每秒查询率
DNS主从服务,子域授权,view视图,日志系统,压力测试rsync配置
标签:
原文地址:http://www.cnblogs.com/ligao/p/5967670.html
