标签:
DNS主从服务,子域授权,view视图,日志系统,压力测试
DNS性能测试工具queryperfDNS查询过程:
DNS主从建立:
环境:
主服务器:10.140.165.93
从服务器:10.140.165.169
关闭防火墙,关闭selinux.
主服务器建立:
[root@cnhzdhcp16593 ~]# yum -y install bind-util bind #安装bind服务 [root@cnhzdhcp16593 ~]# vim /etc/named.conf #编辑主配置文件 options { directory "/var/named"; allow-recursion { 10.140.165.0/24; }; #定义递归的网段; notify yes; #开启通知功能; }; zone "." IN { #定义根域 type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; allow-transfer { none; }; #定义不允许区域传送; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-transfer { none; }; #定义不允许区域传送; }; zone "izyno.com" IN { #定义正向解析服务 type master; file "izyno.com.zone"; allow-transfer { 10.140.165.169; }; #只允许从DNS传送 }; zone "165.140.10.in-addr.arpa" IN { #定义反向解析; type master; file "165.140.10.zone"; allow-transfer { 10.140.165.169; }; #只允许从DNS传送; }; 定义正向,反向区域文件: [root@cnhzdhcp16593 named]# cd /var/named/ [root@cnhzdhcp16593 named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@cnhzdhcp16593 named]# vim izyno.com.zone #编辑正向区域 $TTL 300 @ IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101201 3H 10M 1D 2D ) @ IN NS ns1 #定义主机记录 ---NS(Name Server)记录是域名服务器记录,用来指定该域名由哪个DNS服务器来进行解析。 @ IN NS ns2 #从服务器主机记录 @ IN MX 10 mail #邮件主机记录 ns1 IN A 10.140.165.93 #定义A记录 ns2 IN A 10.140.165.169 #从服务器A记录 mail IN A 10.140.165.90 www IN A 10.140.165.91 www IN A 10.140.165.92 ftp IN CNAME www #定义别名 注释:时间单位:M(分钟) H(小时) D(天) W(周) ,默认单位是秒。 邮箱格式:admin.izyno.com 不能使用@,@有特殊意义。 [root@cnhzdhcp16593 named]# vim 165.140.10.zone #编辑反向区域文件 $TTL 300 @ IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101201 3H 10M 1D 2D ) @ IN NS ns1.izyno.com. @ IN NS ns2.izyno.com. 93 IN PTR ns1.izyno.com. 169 IN PTR ns2.izyno.com. 91 IN PTR www.izyno.com. 92 IN PTR www.izyno.com. [root@cnhzdhcp16593 named]# ll total 36 -rw-r--r--. 1 root root 242 Oct 12 20:59 165.140.10.zone drwxrwx---. 2 named named 4096 Sep 28 18:54 data drwxrwx---. 2 named named 4096 Sep 28 18:54 dynamic -rw-r--r--. 1 root root 275 Oct 12 20:43 izyno.com.zone [root@cnhzdhcp16593 named]# chmod 640 * #设置权限 [root@cnhzdhcp16593 named]# chown root.named * #设置属主属组 [root@cnhzdhcp16593 named]# named-checkzone "165.140.10.in-addr.apar" /var/named/165.140.10.zone #测试反向区域配置是否正确 zone 165.140.10.in-addr.apar/IN: loaded serial 2016101201 OK [root@cnhzdhcp16593 named]# named-checkzone "izyno.com.zone" /var/named/izyno.com.zone #测试反向区域配置文件是否正确 zone izyno.com.zone/IN: loaded serial 2016101201 OK [root@cnhzdhcp16593 named]#named-checkconfig #测试主配置文件配置是否正确. [root@cnhzdhcp16593 named]# service named restart #重启 Stopping named: [ OK ] Starting named: [ OK ] [root@cnhzdhcp16593 named]# tail /var/log/messages #查看日志 Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: loaded serial 2016101201 Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0 Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: loaded serial 2016101201 Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone localhost/IN: loaded serial 0 Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied Oct 12 21:06:08 cnhzdhcp16593 named[13086]: dynamic/managed-keys.bind.jnl: open: permission denied Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: journal rollforward failed: unexpected error Oct 12 21:06:08 cnhzdhcp16593 named[13086]: running Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201) Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: sending notifies (serial 2016101201) 从服务器建立: 10.140.165.169 [root@localhost ~]# yum -y install bind-utils bind [root@localhost ~]# vim /etc/named.conf #编辑主配置文件. options { directory "/var/named"; allow-recursion { 10.140.165.0/24; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; allow-transfer { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-transfer { none; }; }; zone "izyno.com" IN { type slave; #指定为从服务器dns file "slaves/izyno.com.zone"; #指定区域文件地址; masters { 10.140.165.93; }; #指定主服务器dns地址; allow-transfer { none; }; #为了安全,不允许任何人传送; }; zone "165.140.10.in-addr.arpa" IN { #反向从 type slave; file "slaves/165.140.10.zone"; masters { 10.140.165.93; }; allow-transfer { none; }; }; [root@localhost ~]# ll /etc/named.conf #文件属主属组必须是root.named,权限为640 -rw-r----- 1 root named 952 Oct 12 13:25 /etc/named.conf [root@cnhzdhcp16593 named]# service named restart #重启服务 Stopping named: . [ OK ] Starting named: [ OK ] [root@cnhzdhcp16593 named]# cat /var/log/messages #查看日志 managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied 如果出现以上错误在named下新建: [root@cnhzdhcp16593 named]# touch managed-keys.bind [root@localhost slaves]# ls #查看是否同步成功 165.140.10.zone izyno.com.zone 165.140.10.in-addr.arpa IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101201 ; serial 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.izyno.com. NS ns2.izyno.com. $ORIGIN 165.140.10.in-addr.arpa. 169 PTR ns2.izyno.com. 91 PTR www.izyno.com. 92 PTR www.izyno.com. 93 PTR ns1.izyno.com. [root@localhost slaves]# cat izyno.com.zone $ORIGIN . $TTL 300 ; 5 minutes izyno.com IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101201 ; serial 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.izyno.com. NS ns2.izyno.com. MX 10 mail.izyno.com. $ORIGIN izyno.com. ftp CNAME www mail A 10.140.165.90 ns1 A 10.140.165.93 ns2 A 10.140.165.169 www A 10.140.165.91 A 10.140.165.92 添加主服务器正向记录,查看是否通知从服务器: [root@cnhzdhcp16593 named]# cat izyno.com.zone | grep bbs bbs IN A 10.140.165.94 [root@cnhzdhcp16593 named]# tail /var/log/messages Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: loaded serial 2016101202 Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone localhost/IN: loaded serial 0 Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied Oct 12 21:29:37 cnhzdhcp16593 named[13501]: dynamic/managed-keys.bind.jnl: open: permission denied Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: journal rollforward failed: unexpected error Oct 12 21:29:37 cnhzdhcp16593 named[13501]: running Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201) Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: sending notifies (serial 2016101202) Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended 查看从服务器区域文件: [root@localhost slaves]# cat izyno.com.zone $ORIGIN . $TTL 300 ; 5 minutes izyno.com IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101202 ; serial 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.izyno.com. NS ns2.izyno.com. MX 10 mail.izyno.com. $ORIGIN izyno.com. bbs A 10.140.165.94 ftp CNAME www mail A 10.140.165.90 ns1 A 10.140.165.93 ns2 A 10.140.165.169 www A 10.140.165.91 A 10.140.165.92 添加主服务器反向记录,查看是否通知从服务器: [root@cnhzdhcp16593 named]# cat 165.140.10.zone | grep 90 90 IN PTR mail.izyno.com. [root@cnhzdhcp16593 named]# tail /var/log/messages Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101202 Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone localhost/IN: loaded serial 0 Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied Oct 12 21:37:23 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error Oct 12 21:37:23 cnhzdhcp16593 named[13642]: running Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202) Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101202) Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR started Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR ended 查看从服务器同步记录: [root@localhost slaves]# cat 165.140.10.zone $ORIGIN . $TTL 300 ; 5 minutes 165.140.10.in-addr.arpa IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101202 ; serial 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.izyno.com. NS ns2.izyno.com. $ORIGIN 165.140.10.in-addr.arpa. 169 PTR ns2.izyno.com. 90 PTR mail.izyno.com. 91 PTR www.izyno.com. 92 PTR www.izyno.com. 93 PTR ns1.izyno.com. 子域授权: 环境: 主服务器:10.140.165.93 从服务器:10.140.165.160 子域服务器:10.140.164.184 编辑主服务器配置文件,添加子域NS和A记录: cache IN NS ns1.cache 51cache IN NS ns1.cache ns1.cache IN A 10.140.165.95 ns1.51cache IN A 10.140.165.96 [root@cnhzdhcp16593 named]# service named reload Reloading named: [ OK ] [root@cnhzdhcp16593 named]# tail /var/log/messages Oct 12 23:15:16 cnhzdhcp16593 named[13642]: Warning: ‘empty-zones-enable/disable-empty-zone‘ not set: disabling RFC 1918 empty zones Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading configuration succeeded Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied Oct 12 23:15:16 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading zones succeeded Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101203 Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101203) Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended 配置子域DNS服务器: 配置主配置文件: options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; allow-transfer { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-transfer { none; }; }; zone "cache.izyno.com" IN { #添加cache子域 type master; file "cache.izyno.com.zone"; allow-transfer { none; }; }; zone "51cache.izyno.com" IN { #添加51cache子域 type master; file "51cache.izyno.com.zone"; allow-transfer { none; }; }; 添加子域区域文件: [root@localhost named]# cat /var/named/cache.izyno.com.zone $TTL 300 @ IN SOA ns1.cache.izyno.com. admin.cache.izyno.com. ( 2016101201 3H 10M 1D 2D ) @ IN NS ns1 ns1 IN A 10.140.164.184 www IN A 10.140.164.185 bbs IN A 10.140.164.186 注:权限为640,属主root属组named 测试: 主服务器测试: [root@cnhzdhcp16593 named]# dig -t A www.cache.izyno.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64774 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.cache.izyno.com. IN A ;; ANSWER SECTION: www.cache.izyno.com. 300 IN A 10.140.164.185 ;; AUTHORITY SECTION: cache.izyno.com. 300 IN NS ns1.cache.izyno.com. ;; ADDITIONAL SECTION: ns1.cache.izyno.com. 300 IN A 10.140.164.184 ;; Query time: 1 msec ;; SERVER: 10.140.165.93#53(10.140.165.93) ;; WHEN: Thu Oct 13 01:21:49 2016 ;; MSG SIZE rcvd: 87 在子域添加父域解析: [root@localhost named]# tail -5 /etc/named.conf options { directory "/var/named"; allow-recursion { any; }; #可以结合上面的选项设置成对自身的客户机允许递归,但对外查询禁止递归 recursion yes; #指定named是否代表客户机查询其它名字服务器。 }; zone "izyno.com" IN { type forward; #区域的转发类型 forward first; #only表示仅转发 ;first表示先进行转发,如果没查询到结果,那么它自己还会根据根提示向外迭代查询 forwarders { 10.140.165.93; }; #指定转发器是谁. }; 在父域测试: [root@cnhzdhcp16593 named]# dig -t A www.cache.izyno.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30533 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.cache.izyno.com. IN A ;; ANSWER SECTION: www.cache.izyno.com. 300 IN A 10.140.164.185 ;; AUTHORITY SECTION: cache.izyno.com. 300 IN NS ns1.cache.izyno.com. ;; ADDITIONAL SECTION: ns1.cache.izyno.com. 300 IN A 10.140.164.184 ;; Query time: 1 msec ;; SERVER: 10.140.165.93#53(10.140.165.93) ;; WHEN: Thu Oct 13 17:29:35 2016 ;; MSG SIZE rcvd: 87 在从域测试: [root@localhost slaves]# dig -t A www.cache.izyno.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60515 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: 问题段 ;www.cache.izyno.com. IN A ;; ANSWER SECTION: 答案段 www.cache.izyno.com. 300 IN A 10.140.164.185 ;; AUTHORITY SECTION: 权威答案 cache.izyno.com. 300 IN NS ns1.cache.izyno.com. ;; ADDITIONAL SECTION: 补充权威DNS的A记录 ns1.cache.izyno.com. 300 IN A 10.140.164.184 ;; Query time: 1 msec ;; SERVER: 10.140.165.169#53(10.140.165.169) ;; WHEN: Thu Oct 13 09:37:48 2016 ;; MSG SIZE rcvd: 87 rndc控制 [root@cnhzdhcp16593 named]# rndc-confgen > /etc/rndc.conf #生成rndc配置文件. [root@cnhzdhcp16593 named]# tail /etc/named.conf #将rndc.conf文件后半段追加到named.conf.可以看到已经追加. # Use with the following in named.conf, adjusting the allow list as needed: key "rndc-key" { algorithm hmac-md5; secret "gfyHFoLk5hOynTKpYKy0MA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; #End of named.conf [root@cnhzdhcp16593 named]# rm -rf /etc/rndc.key #删除系统自带的key [root@cnhzdhcp16593 named]# service named restart Stopping named: [ OK ] Starting named: [ OK ] [root@cnhzdhcp16593 named]# rndc status version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 CPUs found: 4 worker threads: 4 number of zones: 20 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running [root@cnhzdhcp16593 named]# rndc flush [root@cnhzdhcp16593 named]# rndc notify "izyno.com." zone notify queued [root@cnhzdhcp16593 named]# tail /var/log/messages Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied Oct 13 17:51:52 cnhzdhcp16593 named[27535]: dynamic/managed-keys.bind.jnl: open: permission denied Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: journal rollforward failed: unexpected error Oct 13 17:51:52 cnhzdhcp16593 named[27535]: running Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204) Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202) Oct 13 17:52:06 cnhzdhcp16593 named[27535]: received control channel command ‘flush‘ Oct 13 17:52:06 cnhzdhcp16593 named[27535]: flushing caches in all views succeeded Oct 13 17:52:19 cnhzdhcp16593 named[27535]: received control channel command ‘notify izyno.com.‘ Oct 13 17:52:19 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204) [root@cnhzdhcp16593 named]# rndc stop [root@cnhzdhcp16593 named]# netstat -tunlp | grep "53" udp 0 0 :::53400 :::* 14866/rpc.mountd [root@cnhzdhcp16593 named]# service named start Starting named: [ OK ] [root@cnhzdhcp16593 named]# netstat -tunlp | grep "53" tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 27594/named tcp 0 0 10.140.165.93:53 0.0.0.0:* LISTEN 27594/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27594/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27594/named udp 0 0 192.168.1.1:53 0.0.0.0:* 27594/named udp 0 0 10.140.165.93:53 0.0.0.0:* 27594/named udp 0 0 127.0.0.1:53 0.0.0.0:* 27594/named udp 0 0 :::53400 :::* 14866/rpc.mountd DNS视图及其日志系统 dns服务器地址:10.140.165.93 编辑named.conf文件: acl net { #定义acl表,可以添加网段单独的IP地址 10.140.165.0/24; 127.0.0.0/8; }; options { directory "/var/named"; allow-recursion { net; }; #允许递归 }; view lian { #定义视图 match-clients { net; }; #定义那些客户访问 zone "izyno.com" IN type master; file "lian.izyno.com.zone"; }; }; view dian { match-clients { any; }; zone "izyno.com" IN type master; file "dian.izyno.com.zone"; }; }; [root@cnhzdhcp16593 named]# named-checkconf [root@cnhzdhcp16593 named]# chown root.named /etc/named.conf [root@cnhzdhcp16593 named]# chmod 640 /etc/named.conf 定义区域文件: [root@cnhzdhcp16593 named]# cat lian.izyno.com.zone $TTL 300 @ IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101302 3H 10M 1D 1D ) @ IN NS ns1 ns1 IN A 10.140.165.93 www IN A 192.168.0.2 shell IN A 192.169.0.3 [root@cnhzdhcp16593 named]# cat dian.izyno.com.zone $TTL 300 @ IN SOA ns1.izyno.com. admin.izyno.com. ( 2016101301 3H 10M 1D 1D ) @ IN NS ns1 ns1 IN A 10.140.165.93 www IN A 192.168.0.1 shell IN A 192.169.0.2 测试: 在165主机测试: [root@localhost named]# dig -t A www.izyno.com @10.140.165.93 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com @10.140.165.93 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53954 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.izyno.com. IN A ;; ANSWER SECTION: www.izyno.com. 300 IN A 192.168.0.2 ;; AUTHORITY SECTION: izyno.com. 300 IN NS ns1.izyno.com. ;; ADDITIONAL SECTION: ns1.izyno.com. 300 IN A 10.140.165.93 ;; Query time: 1 msec ;; SERVER: 10.140.165.93#53(10.140.165.93) ;; WHEN: Thu Oct 13 10:45:18 2016 ;; MSG SIZE rcvd: 81 在164网段测试: [root@localhost named]# dig -t A www.izyno.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36363 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.izyno.com. IN A ;; ANSWER SECTION: www.izyno.com. 300 IN A 192.168.0.1 ;; AUTHORITY SECTION: izyno.com. 300 IN NS ns1.izyno.com. ;; ADDITIONAL SECTION: ns1.izyno.com. 300 IN A 10.140.165.93 ;; Query time: 0 msec ;; SERVER: 10.140.165.93#53(10.140.165.93) ;; WHEN: Thu Oct 13 10:46:44 2016 ;; MSG SIZE rcvd: 81 定义日志系统: ~]# vim /etc/named.conf [root@soysauce ~]# cat /etc/named.conf acl innet { 172.16.0.0/16; }; options { directory "/var/named"; allow-recursion { innet; }; querylog yes; }; logging { # 增加日志系统配置 channel query_log { file "/var/log/named/bind_query.log" versions 3 size 10M; severity dynamic; # 日志级别 print-category yes; # 日志中显示日志来源,即记录了哪一类日志 print-time yes; # 日志中显示时间 print-severity yes; # 日志中显示记录的日志级别 }; channel xfer_log { file "/var/log/named/transfer.log" versions 3 size 10M; severity debug 3; print-category yes; print-time yes; print-severity yes; }; category xfer-out { xfer_log; }; # 记录传送日志 category queries { query_log; }; # 记录查询日志 }; view telecom { match-clients { innet; }; zone "soysauce.com" IN { type master; file "telecom.soysauce.com.zone"; }; }; view unicom { match-clients { any; }; zone "soysauce.com" IN { type master; file "unicom.soysauce.com.zone"; }; }; [root@soysauce ~]# mkdir /var/log/named [root@soysauce ~]# chown named.named /var/log/named # 修改属主属组为named,否则无法写入日志 [root@soysauce ~]# mkdir /var/log/named [root@soysauce ~]# chown named.named /var/log/named [root@soysauce ~]# named-checkconf [root@soysauce ~]# service named reload Reloading named: [ OK ] [root@soysauce ~]# !dig # 本次发起一次查询 dig -t A www.soysauce.com. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23698 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.soysauce.com. IN A ;; ANSWER SECTION: www.soysauce.com. 86400 IN A 172.16.1.110 ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 34 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Fri Dec 11 21:21:14 2015 ;; MSG SIZE rcvd: 84 [root@CentOS5 ~]# dig -t A www.soysauce.com. @172.16.1.111 # 另外一台主机发起一次查询 ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.soysauce.com. @172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59167 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.soysauce.com. IN A ;; ANSWER SECTION: www.soysauce.com. 86400 IN A 172.16.1.110 ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 8 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Fri Dec 11 20:43:35 2015 ;; MSG SIZE rcvd: 84 [root@soysauce ~]# cat /var/log/named/bind_query.log # 可以看到查询日志已然生成 11-Dec-2015 21:21:14.608 queries: info: client 172.16.1.111#48637: view telecom: query: www.soysauce.com IN A + (172.16.1.111) 11-Dec-2015 21:23:12.112 queries: info: client 172.16.1.110#50474: view telecom: query: www.soysauce.com IN A + (172.16.1.111) [root@node1 ~]# dig -t axfr soysauce.com. @172.16.1.111 # 另外一台主机发起区域传送 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. @172.16.1.111 ;; global options: +cmd soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400 soysauce.com. 86400 IN NS ns1.soysauce.com. bbs.soysauce.com. 86400 IN A 172.16.1.112 ns1.soysauce.com. 86400 IN A 172.16.1.111 www.soysauce.com. 86400 IN A 172.16.1.110 soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400 ;; Query time: 41 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Sat Dec 12 16:48:46 2015 ;; XFR size: 6 records (messages 1, bytes 182) [root@soysauce ~]# tail /var/log/named/transfer.log # 可以看到传送日志已然生成 11-Dec-2015 21:42:54.416 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR started 11-Dec-2015 21:42:54.418 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR ended DNS性能测试工具queryperf [root@soysauce tmp]# ll total 10964 -rw-r--r-- 1 root root 8471531 Dec 12 2015 bind-9.10.2-P4.tar.gz [root@soysauce tmp]# tar xf bind-9.10.2-P4.tar.gz [root@soysauce tmp]# ls bind-9.10.2-P4 bind-9.10.2-P4.tar.gz [root@soysauce tmp]# cd bind-9.10.2-P4/contrib [root@soysauce contrib]# ls dane dlz idn nslint-3.0a2 perftcpdns query-loc-0.4.0 queryperf README scripts sdb zkt-1.1.3 [root@soysauce contrib]# cd queryperf/ [root@soysauce queryperf]# ls config.h.in configure configure.in input Makefile.in missing queryperf.c README utils [root@soysauce queryperf]# ./configure checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/tmp/bind-9.10.2-P4/contrib/queryperf‘: configure: error: no acceptable C compiler found in $PATH See `config.log‘ for more details [root@soysauce queryperf]# yum install -y gcc make # 安装gcc、make编译工具 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * epel: mirrors.opencas.cn Setting up Install Process Package 1:make-3.81-20.el6.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package gcc.x86_64 0:4.4.7-16.el6 will be installed --> Processing Dependency: libgomp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: cpp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: libgcc >= 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-16.el6.x86_64 --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 ---> Package cpp.x86_64 0:4.4.7-16.el6 will be installed --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-16.el6.x86_64 ---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.3 will be installed --> Processing Dependency: glibc-headers = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64 --> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.166.el6_7.3.x86_64 ---> Package libgcc.x86_64 0:4.4.7-4.el6 will be updated ---> Package libgcc.x86_64 0:4.4.7-16.el6 will be an update ---> Package libgomp.x86_64 0:4.4.7-16.el6 will be installed --> Running transaction check ---> Package glibc.x86_64 0:2.12-1.132.el6 will be updated --> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-common-2.12-1.132.el6.x86_64 ---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be an update ---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.3 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.166.el6_7.3.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.166.el6_7.3.x86_64 ---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed ---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed --> Running transaction check ---> Package glibc-common.x86_64 0:2.12-1.132.el6 will be updated ---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be an update ---> Package kernel-headers.x86_64 0:2.6.32-573.8.1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================== Installing: gcc x86_64 4.4.7-16.el6 base 10 M Installing for dependencies: cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k cpp x86_64 4.4.7-16.el6 base 3.7 M glibc-devel x86_64 2.12-1.166.el6_7.3 updates 986 k glibc-headers x86_64 2.12-1.166.el6_7.3 updates 615 k kernel-headers x86_64 2.6.32-573.8.1.el6 updates 3.9 M libgomp x86_64 4.4.7-16.el6 base 134 k mpfr x86_64 2.4.1-6.el6 base 157 k ppl x86_64 0.10.2-11.el6 base 1.3 M Updating for dependencies: glibc x86_64 2.12-1.166.el6_7.3 updates 3.8 M glibc-common x86_64 2.12-1.166.el6_7.3 updates 14 M libgcc x86_64 4.4.7-16.el6 base 103 k Transaction Summary ======================================================================================================================================== Install 9 Package(s) Upgrade 3 Package(s) Total download size: 39 M Downloading Packages: (1/12): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00 (2/12): cpp-4.4.7-16.el6.x86_64.rpm | 3.7 MB 00:03 (3/12): gcc-4.4.7-16.el6.x86_64.rpm | 10 MB 00:09 (4/12): glibc-2.12-1.166.el6_7.3.x86_64.rpm | 3.8 MB 00:03 (5/12): glibc-common-2.12-1.166.el6_7.3.x86_64.rpm | 14 MB 00:13 (6/12): glibc-devel-2.12-1.166.el6_7.3.x86_64.rpm | 986 kB 00:00 (7/12): glibc-headers-2.12-1.166.el6_7.3.x86_64.rpm | 615 kB 00:00 (8/12): kernel-headers-2.6.32-573.8.1.el6.x86_64.rpm | 3.9 MB 00:03 (9/12): libgcc-4.4.7-16.el6.x86_64.rpm | 103 kB 00:00 (10/12): libgomp-4.4.7-16.el6.x86_64.rpm | 134 kB 00:00 (11/12): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00 (12/12): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------- Total 1.0 MB/s | 39 MB 00:38 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : libgcc-4.4.7-16.el6.x86_64 1/15 Updating : glibc-2.12-1.166.el6_7.3.x86_64 2/15 Updating : glibc-common-2.12-1.166.el6_7.3.x86_64 3/15 Installing : libgomp-4.4.7-16.el6.x86_64 4/15 Installing : mpfr-2.4.1-6.el6.x86_64 5/15 Installing : cpp-4.4.7-16.el6.x86_64 6/15 Installing : ppl-0.10.2-11.el6.x86_64 7/15 Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 8/15 Installing : kernel-headers-2.6.32-573.8.1.el6.x86_64 9/15 Installing : glibc-headers-2.12-1.166.el6_7.3.x86_64 10/15 Installing : glibc-devel-2.12-1.166.el6_7.3.x86_64 11/15 Installing : gcc-4.4.7-16.el6.x86_64 12/15 Cleanup : glibc-2.12-1.132.el6.x86_64 13/15 Cleanup : glibc-common-2.12-1.132.el6.x86_64 14/15 Cleanup : libgcc-4.4.7-4.el6.x86_64 15/15 Verifying : glibc-devel-2.12-1.166.el6_7.3.x86_64 1/15 Verifying : libgomp-4.4.7-16.el6.x86_64 2/15 Verifying : glibc-headers-2.12-1.166.el6_7.3.x86_64 3/15 Verifying : gcc-4.4.7-16.el6.x86_64 4/15 Verifying : mpfr-2.4.1-6.el6.x86_64 5/15 Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 6/15 Verifying : kernel-headers-2.6.32-573.8.1.el6.x86_64 7/15 Verifying : cpp-4.4.7-16.el6.x86_64 8/15 Verifying : glibc-common-2.12-1.166.el6_7.3.x86_64 9/15 Verifying : glibc-2.12-1.166.el6_7.3.x86_64 10/15 Verifying : ppl-0.10.2-11.el6.x86_64 11/15 Verifying : libgcc-4.4.7-16.el6.x86_64 12/15 Verifying : glibc-2.12-1.132.el6.x86_64 13/15 Verifying : glibc-common-2.12-1.132.el6.x86_64 14/15 Verifying : libgcc-4.4.7-4.el6.x86_64 15/15 Installed: gcc.x86_64 0:4.4.7-16.el6 Dependency Installed: cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-16.el6 glibc-devel.x86_64 0:2.12-1.166.el6_7.3 glibc-headers.x86_64 0:2.12-1.166.el6_7.3 kernel-headers.x86_64 0:2.6.32-573.8.1.el6 libgomp.x86_64 0:4.4.7-16.el6 mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6 Dependency Updated: glibc.x86_64 0:2.12-1.166.el6_7.3 glibc-common.x86_64 0:2.12-1.166.el6_7.3 libgcc.x86_64 0:4.4.7-16.el6 Complete! [root@soysauce queryperf]# ./configure checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for library containing res_mkquery... no checking for library containing __res_mkquery... -lresolv checking for library containing res_9_mkquery... no checking for socket in -lsocket... no checking for inet_ntoa in -lnsl... yes checking for gethostbyname2... yes checking for getaddrinfo... yes checking for getnameinfo... yes checking for socklen_t... yes checking for sa_len... no configure: creating ./config.status config.status: creating Makefile config.status: creating config.h [root@soysauce queryperf]# make gcc -DHAVE_CONFIG_H -c queryperf.c gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf [root@soysauce queryperf]# ls config.h config.log configure input Makefile.in queryperf queryperf.o utils config.h.in config.status configure.in Makefile missing queryperf.c README [root@soysauce queryperf]# cp queryperf /bin/ 2、使用queryperf进行性能测试 [root@soysauce queryperf]# cd /var/named/ [root@soysauce named]# vim test.named [root@soysauce named]# queryperf -d test.named -s 172.16.1.111 DNS Query Performance Testing Tool Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ [Status] Processing input data [Status] Sending queries (beginning with 172.16.1.111) [Status] Testing complete Statistics: Parse input file: once Ended due to: reaching end of file Queries sent: 5 queries Queries completed: 5 queries Queries lost: 0 queries Queries delayed(?): 0 queries RTT max: 0.001431 sec RTT min: 0.000060 sec RTT average: 0.000910 sec RTT std deviation: 0.000472 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Sat Dec 12 00:15:35 2015 Finished at: Sat Dec 12 00:15:35 2015 Ran for: 0.001507 seconds Queries per second: 3317.850033 qps # 每秒查询率
DNS主从服务,子域授权,view视图,日志系统,压力测试rsync配置
标签:
原文地址:http://www.cnblogs.com/ligao/p/5967670.html