DNS主从服务,子域授权,view视图,日志系统,压力测试
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS主从服务,子域授权,view视图,日志系统,压力测试相关的知识,希望对你有一定的参考价值。
DNS性能测试工具queryperfDNS查询过程:
DNS主从建立:
环境:
主服务器:10.140.165.93
从服务器:10.140.165.169
关闭防火墙,关闭selinux.
主服务器建立:
[[email protected] ~]# yum -y install bind-util bind #安装bind服务
[[email protected] ~]# vim /etc/named.conf #编辑主配置文件
options {
directory "/var/named";
allow-recursion { 10.140.165.0/24; }; #定义递归的网段;
notify yes; #开启通知功能;
};zone "." IN { #定义根域
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; }; #定义不允许区域传送;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; }; #定义不允许区域传送;
};
zone "izyno.com" IN { #定义正向解析服务
type master;
file "izyno.com.zone";
allow-transfer { 10.140.165.169; }; #只允许从DNS传送
};
zone "165.140.10.in-addr.arpa" IN { #定义反向解析;
type master;
file "165.140.10.zone";
allow-transfer { 10.140.165.169; }; #只允许从DNS传送;
};定义正向,反向区域文件:
[[email protected] named]# cd /var/named/
[[email protected] named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[[email protected] named]# vim izyno.com.zone #编辑正向区域$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201
3H
10M
1D
2D )
@ IN NS ns1 #定义主机记录 ---NS(Name Server)记录是域名服务器记录,用来指定该域名由哪个DNS服务器来进行解析。
@ IN NS ns2 #从服务器主机记录
@ IN MX 10 mail #邮件主机记录
ns1 IN A 10.140.165.93 #定义A记录
ns2 IN A 10.140.165.169 #从服务器A记录
mail IN A 10.140.165.90
www IN A 10.140.165.91
www IN A 10.140.165.92
ftp IN CNAME www #定义别名注释:时间单位:M(分钟) H(小时) D(天) W(周) ,默认单位是秒。 邮箱格式:admin.izyno.com 不能使用@,@有特殊意义。
[[email protected] named]# vim 165.140.10.zone #编辑反向区域文件
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201
3H
10M
1D
2D )
@ IN NS ns1.izyno.com.
@ IN NS ns2.izyno.com.
93 IN PTR ns1.izyno.com.
169 IN PTR ns2.izyno.com.
91 IN PTR www.izyno.com.
92 IN PTR www.izyno.com.[[email protected] named]# ll
total 36
-rw-r--r--. 1 root root 242 Oct 12 20:59 165.140.10.zone
drwxrwx---. 2 named named 4096 Sep 28 18:54 data
drwxrwx---. 2 named named 4096 Sep 28 18:54 dynamic
-rw-r--r--. 1 root root 275 Oct 12 20:43 izyno.com.zone[[email protected] named]# chmod 640 * #设置权限
[[email protected] named]# chown root.named * #设置属主属组[[email protected] named]# named-checkzone "165.140.10.in-addr.apar" /var/named/165.140.10.zone #测试反向区域配置是否正确
zone 165.140.10.in-addr.apar/IN: loaded serial 2016101201
OK[[email protected] named]# named-checkzone "izyno.com.zone" /var/named/izyno.com.zone #测试反向区域配置文件是否正确
zone izyno.com.zone/IN: loaded serial 2016101201
OK
[[email protected] named]#named-checkconfig #测试主配置文件配置是否正确.[[email protected] named]# service named restart #重启
Stopping named: [ OK ]
Starting named: [ OK ]
[[email protected] named]# tail /var/log/messages #查看日志
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: loaded serial 2016101201
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: loaded serial 2016101201
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone localhost/IN: loaded serial 0
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: running
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201)
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: sending notifies (serial 2016101201)
从服务器建立: 10.140.165.169
[[email protected] ~]# yum -y install bind-utils bind
[[email protected] ~]# vim /etc/named.conf #编辑主配置文件.
options {
directory "/var/named";
allow-recursion { 10.140.165.0/24; };
};zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "izyno.com" IN {
type slave; #指定为从服务器dns
file "slaves/izyno.com.zone"; #指定区域文件地址;
masters { 10.140.165.93; }; #指定主服务器dns地址;
allow-transfer { none; }; #为了安全,不允许任何人传送;
};
zone "165.140.10.in-addr.arpa" IN { #反向从
type slave;
file "slaves/165.140.10.zone";
masters { 10.140.165.93; };
allow-transfer { none; };
};[[email protected] ~]# ll /etc/named.conf #文件属主属组必须是root.named,权限为640
-rw-r----- 1 root named 952 Oct 12 13:25 /etc/named.conf[[email protected] named]# service named restart #重启服务
Stopping named: . [ OK ]
Starting named: [ OK ][[email protected] named]# cat /var/log/messages #查看日志
managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
如果出现以上错误在named下新建:
[[email protected] named]# touch managed-keys.bind
[[email protected] slaves]# ls #查看是否同步成功
165.140.10.zone izyno.com.zone165.140.10.in-addr.arpa IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
$ORIGIN 165.140.10.in-addr.arpa.
169 PTR ns2.izyno.com.
91 PTR www.izyno.com.
92 PTR www.izyno.com.
93 PTR ns1.izyno.com.
[[email protected] slaves]# cat izyno.com.zone
$ORIGIN .
$TTL 300 ; 5 minutes
izyno.com IN SOA ns1.izyno.com. admin.izyno.com. (
2016101201 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
MX 10 mail.izyno.com.
$ORIGIN izyno.com.
ftp CNAME www
mail A 10.140.165.90
ns1 A 10.140.165.93
ns2 A 10.140.165.169
www A 10.140.165.91
A 10.140.165.92
添加主服务器正向记录,查看是否通知从服务器:
[[email protected] named]# cat izyno.com.zone | grep bbs
bbs IN A 10.140.165.94[[email protected] named]# tail /var/log/messages
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: loaded serial 2016101202
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone localhost/IN: loaded serial 0
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: running
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201)
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: sending notifies (serial 2016101202)
Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started
Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended查看从服务器区域文件:
[[email protected] slaves]# cat izyno.com.zone
$ORIGIN .
$TTL 300 ; 5 minutes
izyno.com IN SOA ns1.izyno.com. admin.izyno.com. (
2016101202 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
MX 10 mail.izyno.com.
$ORIGIN izyno.com.
bbs A 10.140.165.94
ftp CNAME www
mail A 10.140.165.90
ns1 A 10.140.165.93
ns2 A 10.140.165.169
www A 10.140.165.91
A 10.140.165.92添加主服务器反向记录,查看是否通知从服务器:
[[email protected] named]# cat 165.140.10.zone | grep 90
90 IN PTR mail.izyno.com.[[email protected] named]# tail /var/log/messages
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101202
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone localhost/IN: loaded serial 0
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: running
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202)
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101202)
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR started
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR ended查看从服务器同步记录:
[[email protected] slaves]# cat 165.140.10.zone
$ORIGIN .
$TTL 300 ; 5 minutes
165.140.10.in-addr.arpa IN SOA ns1.izyno.com. admin.izyno.com. (
2016101202 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.izyno.com.
NS ns2.izyno.com.
$ORIGIN 165.140.10.in-addr.arpa.
169 PTR ns2.izyno.com.
90 PTR mail.izyno.com.
91 PTR www.izyno.com.
92 PTR www.izyno.com.
93 PTR ns1.izyno.com.
子域授权:
环境:
主服务器:10.140.165.93
从服务器:10.140.165.160
子域服务器:10.140.164.184
编辑主服务器配置文件,添加子域NS和A记录:
cache IN NS ns1.cache
51cache IN NS ns1.cache
ns1.cache IN A 10.140.165.95
ns1.51cache IN A 10.140.165.96[[email protected] named]# service named reload
Reloading named: [ OK ]
[[email protected] named]# tail /var/log/messages
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: Warning: ‘empty-zones-enable/disable-empty-zone‘ not set: disabling RFC 1918 empty zones
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading configuration succeeded
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading zones succeeded
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101203
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101203)
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended
配置子域DNS服务器:
配置主配置文件:
options {
directory "/var/named";
};zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "cache.izyno.com" IN { #添加cache子域
type master;
file "cache.izyno.com.zone";
allow-transfer { none; };
};
zone "51cache.izyno.com" IN { #添加51cache子域
type master;
file "51cache.izyno.com.zone";
allow-transfer { none; };
};
添加子域区域文件:
[[email protected] named]# cat /var/named/cache.izyno.com.zone
$TTL 300
@ IN SOA ns1.cache.izyno.com. admin.cache.izyno.com. (
2016101201
3H
10M
1D
2D )
@ IN NS ns1
ns1 IN A 10.140.164.184
www IN A 10.140.164.185
bbs IN A 10.140.164.186
注:权限为640,属主root属组named
测试:
主服务器测试:
[[email protected] named]# dig -t A www.cache.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64774
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;www.cache.izyno.com. IN A;; ANSWER SECTION:
www.cache.izyno.com. 300 IN A 10.140.164.185;; AUTHORITY SECTION:
cache.izyno.com. 300 IN NS ns1.cache.izyno.com.;; ADDITIONAL SECTION:
ns1.cache.izyno.com. 300 IN A 10.140.164.184;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 01:21:49 2016
;; MSG SIZE rcvd: 87
在子域添加父域解析:
[[email protected] named]# tail -5 /etc/named.conf
options {
directory "/var/named";
allow-recursion { any; }; #可以结合上面的选项设置成对自身的客户机允许递归,但对外查询禁止递归recursion yes; #指定named是否代表客户机查询其它名字服务器。
};
zone "izyno.com" IN {
type forward; #区域的转发类型
forward first; #only表示仅转发 ;first表示先进行转发,如果没查询到结果,那么它自己还会根据根提示向外迭代查询
forwarders { 10.140.165.93; }; #指定转发器是谁.
};在父域测试:
[[email protected] named]# dig -t A www.cache.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30533
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;www.cache.izyno.com. IN A;; ANSWER SECTION:
www.cache.izyno.com. 300 IN A 10.140.164.185;; AUTHORITY SECTION:
cache.izyno.com. 300 IN NS ns1.cache.izyno.com.;; ADDITIONAL SECTION:
ns1.cache.izyno.com. 300 IN A 10.140.164.184;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 17:29:35 2016
;; MSG SIZE rcvd: 87在从域测试:
[[email protected] slaves]# dig -t A www.cache.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60515
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION: 问题段
;www.cache.izyno.com. IN A;; ANSWER SECTION: 答案段
www.cache.izyno.com. 300 IN A 10.140.164.185;; AUTHORITY SECTION: 权威答案
cache.izyno.com. 300 IN NS ns1.cache.izyno.com.;; ADDITIONAL SECTION: 补充权威DNS的A记录
ns1.cache.izyno.com. 300 IN A 10.140.164.184;; Query time: 1 msec
;; SERVER: 10.140.165.169#53(10.140.165.169)
;; WHEN: Thu Oct 13 09:37:48 2016
;; MSG SIZE rcvd: 87
rndc控制
[[email protected] named]# rndc-confgen > /etc/rndc.conf #生成rndc配置文件.
[[email protected] named]# tail /etc/named.conf #将rndc.conf文件后半段追加到named.conf.可以看到已经追加.
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "gfyHFoLk5hOynTKpYKy0MA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#End of named.conf[[email protected] named]# rm -rf /etc/rndc.key #删除系统自带的key
[[email protected] named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[[email protected] named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1
CPUs found: 4
worker threads: 4
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[[email protected] named]# rndc flush
[[email protected] named]# rndc notify "izyno.com."
zone notify queued
[[email protected] named]# tail /var/log/messages
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: running
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204)
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202)
Oct 13 17:52:06 cnhzdhcp16593 named[27535]: received control channel command ‘flush‘
Oct 13 17:52:06 cnhzdhcp16593 named[27535]: flushing caches in all views succeeded
Oct 13 17:52:19 cnhzdhcp16593 named[27535]: received control channel command ‘notify izyno.com.‘
Oct 13 17:52:19 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204)
[[email protected] named]# rndc stop[[email protected] named]# netstat -tunlp | grep "53"
udp 0 0 :::53400 :::* 14866/rpc.mountd
[[email protected] named]# service named start
Starting named: [ OK ]
[[email protected] named]# netstat -tunlp | grep "53"
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 27594/named
tcp 0 0 10.140.165.93:53 0.0.0.0:* LISTEN 27594/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27594/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27594/named
udp 0 0 192.168.1.1:53 0.0.0.0:* 27594/named
udp 0 0 10.140.165.93:53 0.0.0.0:* 27594/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 27594/named
udp 0 0 :::53400 :::* 14866/rpc.mountd
DNS视图及其日志系统
dns服务器地址:10.140.165.93
编辑named.conf文件:
acl net { #定义acl表,可以添加网段单独的IP地址
10.140.165.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { net; }; #允许递归
};view lian { #定义视图
match-clients { net; }; #定义那些客户访问
zone "izyno.com" IN
type master;
file "lian.izyno.com.zone";
};
};
view dian {
match-clients { any; };
zone "izyno.com" IN
type master;
file "dian.izyno.com.zone";
};
};[[email protected] named]# named-checkconf
[[email protected] named]# chown root.named /etc/named.conf
[[email protected] named]# chmod 640 /etc/named.conf
定义区域文件:
[[email protected] named]# cat lian.izyno.com.zone
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101302
3H
10M
1D
1D )
@ IN NS ns1
ns1 IN A 10.140.165.93
www IN A 192.168.0.2
shell IN A 192.169.0.3[[email protected] named]# cat dian.izyno.com.zone
$TTL 300
@ IN SOA ns1.izyno.com. admin.izyno.com. (
2016101301
3H
10M
1D
1D )
@ IN NS ns1
ns1 IN A 10.140.165.93
www IN A 192.168.0.1
shell IN A 192.169.0.2测试:
在165主机测试:
[[email protected] named]# dig -t A www.izyno.com @10.140.165.93
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com @10.140.165.93
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;www.izyno.com. IN A;; ANSWER SECTION:
www.izyno.com. 300 IN A 192.168.0.2;; AUTHORITY SECTION:
izyno.com. 300 IN NS ns1.izyno.com.;; ADDITIONAL SECTION:
ns1.izyno.com. 300 IN A 10.140.165.93;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 10:45:18 2016
;; MSG SIZE rcvd: 81
在164网段测试:
[[email protected] named]# dig -t A www.izyno.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36363
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available;; QUESTION SECTION:
;www.izyno.com. IN A;; ANSWER SECTION:
www.izyno.com. 300 IN A 192.168.0.1;; AUTHORITY SECTION:
izyno.com. 300 IN NS ns1.izyno.com.;; ADDITIONAL SECTION:
ns1.izyno.com. 300 IN A 10.140.165.93;; Query time: 0 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 10:46:44 2016
;; MSG SIZE rcvd: 81
定义日志系统:
~]
# vim /etc/named.conf
[[email protected] ~]
# cat /etc/named.conf
acl innet {
172.16.0.0
/16
;
};
options {
directory
"/var/named"
;
allow-recursion { innet; };
querylog
yes
;
};
logging {
# 增加日志系统配置
channel query_log {
file
"/var/log/named/bind_query.log"
versions 3 size 10M;
severity dynamic;
# 日志级别
print-category
yes
;
# 日志中显示日志来源,即记录了哪一类日志
print-
time
yes
;
# 日志中显示时间
print-severity
yes
;
# 日志中显示记录的日志级别
};
channel xfer_log {
file
"/var/log/named/transfer.log"
versions 3 size 10M;
severity debug 3;
print-category
yes
;
print-
time
yes
;
print-severity
yes
;
};
category xfer-out { xfer_log; };
# 记录传送日志
category queries { query_log; };
# 记录查询日志
};
view telecom {
match-clients { innet; };
zone
"soysauce.com"
IN {
type
master;
file
"telecom.soysauce.com.zone"
;
};
};
view unicom {
match-clients { any; };
zone
"soysauce.com"
IN {
type
master;
file
"unicom.soysauce.com.zone"
;
};
};
[[email protected] ~]
# mkdir /var/log/named
[[email protected] ~]
# chown named.named /var/log/named # 修改属主属组为named,否则无法写入日志
[[email protected] ~]
# mkdir /var/log/named
[[email protected] ~]
# chown named.named /var/log/named
[[email protected] ~]
# named-checkconf
[[email protected] ~]
# service named reload
Reloading named: [ OK ]
[[email protected] ~]
# !dig # 本次发起一次查询
dig
-t A www.soysauce.com.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
id
: 23698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.soysauce.com. IN A
;; ANSWER SECTION:
www.soysauce.com. 86400 IN A 172.16.1.110
;; AUTHORITY SECTION:
soysauce.com. 86400 IN NS ns1.soysauce.com.
;; ADDITIONAL SECTION:
ns1.soysauce.com. 86400 IN A 172.16.1.111
;; Query
time
: 34 msec
;; SERVER: 172.16.1.111
#53(172.16.1.111)
;; WHEN: Fri Dec 11 21:21:14 2015
;; MSG SIZE rcvd: 84
[[email protected] ~]
# dig -t A www.soysauce.com. @172.16.1.111 # 另外一台主机发起一次查询
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.soysauce.com. @172.16.1.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
id
: 59167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.soysauce.com. IN A
;; ANSWER SECTION:
www.soysauce.com. 86400 IN A 172.16.1.110
;; AUTHORITY SECTION:
soysauce.com. 86400 IN NS ns1.soysauce.com.
;; ADDITIONAL SECTION:
ns1.soysauce.com. 86400 IN A 172.16.1.111
;; Query
time
: 8 msec
;; SERVER: 172.16.1.111
#53(172.16.1.111)
;; WHEN: Fri Dec 11 20:43:35 2015
;; MSG SIZE rcvd: 84
[[email protected] ~]
# cat /var/log/named/bind_query.log # 可以看到查询日志已然生成
11-Dec-2015 21:21:14.608 queries: info: client 172.16.1.111
#48637: view telecom: query: www.soysauce.com IN A + (172.16.1.111)
11-Dec-2015 21:23:12.112 queries: info: client 172.16.1.110
#50474: view telecom: query: www.soysauce.com IN A + (172.16.1.111)
[[email protected] ~]
# dig -t axfr soysauce.com. @172.16.1.111 # 另外一台主机发起区域传送
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. @172.16.1.111
;; global options: +cmd
soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400
soysauce.com. 86400 IN NS ns1.soysauce.com.
bbs.soysauce.com. 86400 IN A 172.16.1.112
ns1.soysauce.com. 86400 IN A 172.16.1.111
www.soysauce.com. 86400 IN A 172.16.1.110
soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400
;; Query
time
: 41 msec
;; SERVER: 172.16.1.111
#53(172.16.1.111)
;; WHEN: Sat Dec 12 16:48:46 2015
;; XFR size: 6 records (messages 1, bytes 182)
[[email protected] ~]
# tail /var/log/named/transfer.log # 可以看到传送日志已然生成
11-Dec-2015 21:42:54.416 xfer-out: info: client 172.16.1.101
#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR started
11-Dec-2015 21:42:54.418 xfer-out: info: client 172.16.1.101
#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR ended
DNS性能测试工具queryperf
[[email protected] tmp]
# ll
total 10964
-rw-r--r-- 1 root root 8471531 Dec 12 2015 bind-9.10.2-P4.
tar
.gz
[[email protected] tmp]
# tar xf bind-9.10.2-P4.tar.gz
[[email protected] tmp]
# ls
bind-9.10.2-P4 bind-9.10.2-P4.
tar
.gz
[[email protected] tmp]
# cd bind-9.10.2-P4/contrib
[[email protected] contrib]
# ls
dane dlz idn nslint-3.0a2 perftcpdns query-loc-0.4.0 queryperf README scripts sdb zkt-1.1.3
[[email protected] contrib]
# cd queryperf/
[[email protected] queryperf]
# ls
config.h.
in
configure configure.
in
input Makefile.
in
missing queryperf.c README utils
[[email protected] queryperf]
# ./configure
checking
for
gcc... no
checking
for
cc... no
checking
for
cl.exe... no
configure: error:
in
`
/tmp/bind-9
.10.2-P4
/contrib/queryperf
‘:
configure: error: no acceptable C compiler found
in
$PATH
See `config.log‘
for
more
details
[[email protected] queryperf]
# yum install -y gcc make # 安装gcc、make编译工具
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirrors.opencas.cn
Setting up Install Process
Package 1:
make
-3.81-20.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.4.7-16.el6 will be installed
--> Processing Dependency: libgomp = 4.4.7-16.el6
for
package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: cpp = 4.4.7-16.el6
for
package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: libgcc >= 4.4.7-16.el6
for
package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12
for
package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: cloog-ppl >= 0.15
for
package: gcc-4.4.7-16.el6.x86_64
--> Processing Dependency: libgomp.so.1()(64bit)
for
package: gcc-4.4.7-16.el6.x86_64
--> Running transaction check
---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed
--> Processing Dependency: libppl_c.so.2()(64bit)
for
package: cloog-ppl-0.15.7-1.2.el6.x86_64
--> Processing Dependency: libppl.so.7()(64bit)
for
package: cloog-ppl-0.15.7-1.2.el6.x86_64
---> Package cpp.x86_64 0:4.4.7-16.el6 will be installed
--> Processing Dependency: libmpfr.so.1()(64bit)
for
package: cpp-4.4.7-16.el6.x86_64
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.3 will be installed
--> Processing Dependency: glibc-headers = 2.12-1.166.el6_7.3
for
package: glibc-devel-2.12-1.166.el6_7.3.x86_64
--> Processing Dependency: glibc = 2.12-1.166.el6_7.3
for
package: glibc-devel-2.12-1.166.el6_7.3.x86_64
--> Processing Dependency: glibc-headers
for
package: glibc-devel-2.12-1.166.el6_7.3.x86_64
---> Package libgcc.x86_64 0:4.4.7-4.el6 will be updated
---> Package libgcc.x86_64 0:4.4.7-16.el6 will be an update
---> Package libgomp.x86_64 0:4.4.7-16.el6 will be installed
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.132.el6 will be updated
--> Processing Dependency: glibc = 2.12-1.132.el6
for
package: glibc-common-2.12-1.132.el6.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.3 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1
for
package: glibc-headers-2.12-1.166.el6_7.3.x86_64
--> Processing Dependency: kernel-headers
for
package: glibc-headers-2.12-1.166.el6_7.3.x86_64
---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed
---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.132.el6 will be updated
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be an update
---> Package kernel-headers.x86_64 0:2.6.32-573.8.1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Installing:
gcc x86_64 4.4.7-16.el6 base 10 M
Installing
for
dependencies:
cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k
cpp x86_64 4.4.7-16.el6 base 3.7 M
glibc-devel x86_64 2.12-1.166.el6_7.3 updates 986 k
glibc-headers x86_64 2.12-1.166.el6_7.3 updates 615 k
kernel-headers x86_64 2.6.32-573.8.1.el6 updates 3.9 M
libgomp x86_64 4.4.7-16.el6 base 134 k
mpfr x86_64 2.4.1-6.el6 base 157 k
ppl x86_64 0.10.2-11.el6 base 1.3 M
Updating
for
dependencies:
glibc x86_64 2.12-1.166.el6_7.3 updates 3.8 M
glibc-common x86_64 2.12-1.166.el6_7.3 updates 14 M
libgcc x86_64 4.4.7-16.el6 base 103 k
Transaction Summary
========================================================================================================================================
Install 9 Package(s)
Upgrade 3 Package(s)
Total download size: 39 M
Downloading Packages:
(1
/12
): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00
(2
/12
): cpp-4.4.7-16.el6.x86_64.rpm | 3.7 MB 00:03
(3
/12
): gcc-4.4.7-16.el6.x86_64.rpm | 10 MB 00:09
(4
/12
): glibc-2.12-1.166.el6_7.3.x86_64.rpm | 3.8 MB 00:03
(5
/12
): glibc-common-2.12-1.166.el6_7.3.x86_64.rpm | 14 MB 00:13
(6
/12
): glibc-devel-2.12-1.166.el6_7.3.x86_64.rpm | 986 kB 00:00
(7
/12
): glibc-headers-2.12-1.166.el6_7.3.x86_64.rpm | 615 kB 00:00
(8
/12
): kernel-headers-2.6.32-573.8.1.el6.x86_64.rpm | 3.9 MB 00:03
(9
/12
): libgcc-4.4.7-16.el6.x86_64.rpm | 103 kB 00:00
(10
/12
): libgomp-4.4.7-16.el6.x86_64.rpm | 134 kB 00:00
(11
/12
): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00
(12
/12
): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00
----------------------------------------------------------------------------------------------------------------------------------------
Total 1.0 MB
/s
| 39 MB 00:38
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : libgcc-4.4.7-16.el6.x86_64 1
/15
Updating : glibc-2.12-1.166.el6_7.3.x86_64 2
/15
Updating : glibc-common-2.12-1.166.el6_7.3.x86_64 3
/15
Installing : libgomp-4.4.7-16.el6.x86_64 4
/15
Installing : mpfr-2.4.1-6.el6.x86_64 5
/15
Installing : cpp-4.4.7-16.el6.x86_64 6
/15
Installing : ppl-0.10.2-11.el6.x86_64 7
/15
Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 8
/15
Installing : kernel-headers-2.6.32-573.8.1.el6.x86_64 9
/15
Installing : glibc-headers-2.12-1.166.el6_7.3.x86_64 10
/15
Installing : glibc-devel-2.12-1.166.el6_7.3.x86_64 11
/15
Installing : gcc-4.4.7-16.el6.x86_64 12
/15
Cleanup : glibc-2.12-1.132.el6.x86_64 13
/15
Cleanup : glibc-common-2.12-1.132.el6.x86_64 14
/15
Cleanup : libgcc-4.4.7-4.el6.x86_64 15
/15
Verifying : glibc-devel-2.12-1.166.el6_7.3.x86_64 1
/15
Verifying : libgomp-4.4.7-16.el6.x86_64 2
/15
Verifying : glibc-headers-2.12-1.166.el6_7.3.x86_64 3
/15
Verifying : gcc-4.4.7-16.el6.x86_64 4
/15
Verifying : mpfr-2.4.1-6.el6.x86_64 5
/15
Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 6
/15
Verifying : kernel-headers-2.6.32-573.8.1.el6.x86_64 7
/15
Verifying : cpp-4.4.7-16.el6.x86_64 8
/15
Verifying : glibc-common-2.12-1.166.el6_7.3.x86_64 9
/15
Verifying : glibc-2.12-1.166.el6_7.3.x86_64 10
/15
Verifying : ppl-0.10.2-11.el6.x86_64 11
/15
Verifying : libgcc-4.4.7-16.el6.x86_64 12
/15
Verifying : glibc-2.12-1.132.el6.x86_64 13
/15
Verifying : glibc-common-2.12-1.132.el6.x86_64 14
/15
Verifying : libgcc-4.4.7-4.el6.x86_64 15
/15
Installed:
gcc.x86_64 0:4.4.7-16.el6
Dependency Installed:
cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-16.el6 glibc-devel.x86_64 0:2.12-1.166.el6_7.3
glibc-headers.x86_64 0:2.12-1.166.el6_7.3 kernel-headers.x86_64 0:2.6.32-573.8.1.el6 libgomp.x86_64 0:4.4.7-16.el6
mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6
Dependency Updated:
glibc.x86_64 0:2.12-1.166.el6_7.3 glibc-common.x86_64 0:2.12-1.166.el6_7.3 libgcc.x86_64 0:4.4.7-16.el6
Complete!
[[email protected] queryperf]
# ./configure
checking
for
gcc... gcc
checking whether the C compiler works...
yes
checking
for
C compiler default output
file
name... a.out
checking
for
suffix of executables...
checking whether we are cross compiling... no
checking
for
suffix of object files... o
checking whether we are using the GNU C compiler...
yes
checking whether gcc accepts -g...
yes
checking
for
gcc option to accept ISO C89... none needed
checking
for
library containing res_mkquery... no
checking
for
library containing __res_mkquery... -lresolv
checking
for
library containing res_9_mkquery... no
checking
for
socket
in
-lsocket... no
checking
for
inet_ntoa
in
-lnsl...
yes
checking
for
gethostbyname2...
yes
checking
for
getaddrinfo...
yes
checking
for
getnameinfo...
yes
checking
for
socklen_t...
yes
checking
for
sa_len... no
configure: creating .
/config
.status
config.status: creating Makefile
config.status: creating config.h
[[email protected] queryperf]
# make
gcc -DHAVE_CONFIG_H -c queryperf.c
gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf
[[email protected] queryperf]
# ls
config.h config.log configure input Makefile.
in
queryperf queryperf.o utils
config.h.
in
config.status configure.
in
Makefile missing queryperf.c README
[[email protected] queryperf]
# cp queryperf /bin/
2、使用queryperf进行性能测试
[[email protected] queryperf]
# cd /var/named/
[[email protected] named]
# vim test.named
[[email protected] named]
# queryperf -d test.named -s 172.16.1.111
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,
v
1.12 2007
/09/05
07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 172.16.1.111)
[Status] Testing complete
Statistics:
Parse input
file
: once
Ended due to: reaching end of
file
Queries sent: 5 queries
Queries completed: 5 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.001431 sec
RTT min: 0.000060 sec
RTT average: 0.000910 sec
RTT std deviation: 0.000472 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Sat Dec 12 00:15:35 2015
Finished at: Sat Dec 12 00:15:35 2015
Ran
for
: 0.001507 seconds
Queries per second: 3317.850033 qps
# 每秒查询率
以上是关于DNS主从服务,子域授权,view视图,日志系统,压力测试的主要内容,如果未能解决你的问题,请参考以下文章