1、安装开发环境
[root@localhost ~]# yum -y groupinstall "Server Platform Development" "Development tools"
2、编译安装bind
[root@localhost ~]# tar xf bind-9.10.6.tar.gz
[root@localhost ~]# cd bind-9.10.6
[root@localhost bind-9.10.6]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot
[root@localhost bind-9.10.6]# make && make install
3、创建主配置文件
[root@localhost ~]# cat /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
[root@localhost ~]#
4、创建区域数据文件
[root@localhost ~]# mkdir /var/named
[root@localhost ~]# dig -t NS . > /var/named/named.ca
[root@localhost ~]# cat /var/named/named.localhost
$TTL 600
@ IN SOA localhost. admin.localhost. (
20170911
2H
10M
7D
1D
)
IN NS localhost.
localhost. IN A 127.0.0.1
[root@localhost ~]#
[root@localhost ~]# cat /var/named/named.loopback
$TTL 600
@ IN SOA localhost. admin.localhost. (
20170911
2H
10M
7D
1D
)
IN NS localhost.
1 IN PTR localhost.
[root@localhost ~]#
5、配置rndc
[root@localhost ~]# /usr/local/bind9/sbin/rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
[root@localhost ~]# cat /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "zo//G59pEcQvMCb3k34joQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
[root@localhost ~]#
6、创建用户、修改权限、启动服务
[root@localhost ~]# groupadd -g 53 -r named
[root@localhost ~]# useradd -u 53 -g 53 -r named
[root@localhost ~]# chown root:named /etc/named/* /var/named/*
[root@localhost ~]# chown 640 /etc/named/* /var/named/*
[root@localhost ~]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh
[root@localhost ~]# source /etc/profile.d/named.sh
[root@localhost ~]# named-checkzone "localhost" /var/named/named.localhost
zone localhost/IN: loaded serial 20170911
OK
[root@localhost ~]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback
zone 0.0.127.in-addr.arpa/IN: loaded serial 20170911
OK
[root@localhost ~]# named -u named
[root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 192.168.130.120:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
LISTEN 0 10 :::53 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:953 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 *:*
[root@localhost ~]#
7、配置服务脚本
[root@localhost ~]# cat /etc/rc.d/init.d/named
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
exit 0
fi
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockFile
return $RETVAL
else
rm -f $lockFile $pidFile
return 1
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
# exit 0
fi
echo -n "Stopping named:"
killproc named
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
return 0
else
echo "Cannot stop named."
failure
return 1
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
success
echo
else
echo -n "named is stopped..."
success
echo
fi
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit 4
;;
esac
[root@localhost ~]#
8、测试服务脚本
[root@localhost ~]# chmod +x /etc/rc.d/init.d/named
[root@localhost ~]# chkconfig --add named
[root@localhost ~]# chkconfig --list | grep named
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@localhost ~]# service named stop
Stopping named: [ OK ]
[root@localhost ~]# service named start
Starting named: [ OK ]
[root@localhost ~]# service named reload
Reloading named: [ OK ]
[root@localhost ~]#
bind性能测试(queryperf)
1、安装queryperf
[root@localhost ~]# cd /root/bind-9.10.6/contrib/queryperf
[root@localhost queryperf]# ./configure
[root@localhost queryperf]# make
[root@localhost queryperf]# cp queryperf /usr/bin/
2、配置区域数据文件
[root@localhost queryperf]# cat /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "zo//G59pEcQvMCb3k34joQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
zone "kaiyuandiantang.com" IN {
type master;
file "kaiyuandiantang.com.zone";
};
[root@localhost queryperf]#
3、配置数据库文件
[root@localhost queryperf]# cat /var/named/kaiyuandiantang.com.zone
$TTL 600
@ IN SOA ns1.kaiyuandiantang.com. admin.kaiyuandiantang.com. (
20170911
2H
10M
7D
1D
)
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.130.117
mail IN A 192.168.130.10
www IN A 192.168.130.20
pop IN CNAME mail
web IN CNAME www
* IN A 192.168.130.30
[root@localhost queryperf]#
4、生成测试文件
[root@localhost ~]# cat qureyperf.txt
kaiyuandiantang.com NS
kaiyuandiantang.com MX
ns1.kaiyuandiantang.com A
mail.kaiyuandiantang.com A
www.kaiyuandiantang.com A
pop.kaiyuandiantang.com CNAME
web.kaiyuandiantang.com CNAME
test1.kaiyuandiantang.com A
[root@localhost ~]#
5、bind性能测试
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone kaiyuandiantang.com /var/named/kaiyuandiantang.com.zone
zone kaiyuandiantang.com/IN: loaded serial 20170911
OK
[root@localhost ~]# service named reload
Reloading named: [ OK ]
[root@localhost ~]#
[root@localhost ~]# queryperf -d qureyperf.txt -s 192.168.130.120
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 192.168.130.120)
[Timeout] Query timed out: msg id 1
[Timeout] Query timed out: msg id 2
[Timeout] Query timed out: msg id 3
[Timeout] Query timed out: msg id 4
[Timeout] Query timed out: msg id 5
[Timeout] Query timed out: msg id 6
[Timeout] Query timed out: msg id 7
[Timeout] Query timed out: msg id 8
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 8 queries
Queries completed: 8 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: -1.000000 sec
RTT min: -1.000000 sec
RTT average: 0.000000 sec
RTT std deviation: 0.000000 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Sep 7 15:41:49 2017
Finished at: Thu Sep 7 15:41:54 2017
Ran for: 5.000128 seconds
Queries per second: 1.599959 qps
[root@localhost ~]#
本文转自开源殿堂 51CTO博客,原文链接:http://blog.51cto.com/kaiyuandiantang/1964397,如需转载请自行联系原作者