Linux DNS之二DNS主从复制、子域授权及视图
上一篇讲了DNS的基础相关以及一个简单的DNS搭建过程,今天更加深入的讲一讲DNS的主从复制、子域授权以及视图功能。
大纲
一、DNS主从复制
二、DNS子域授权
三、DNS视图及日志系统
四、DNS性能测试工具queryperf
一、DNS主从复制
环境准备
主DNS 172.16.1.111 soysauce
从DNS 172.16.1.110 CentOS5
1、首先建立主DNS
[root@soysauce ~]# yum install -y "bind" "bind-utils" # 安装bind和bind-utils
[root@soysauce ~]# mv /etc/named.conf{,.back} # 备份系统自带的配置文件
[root@soysauce ~]# vim /etc/named.conf # 编辑主配置文件
[root@soysauce named]# cat /etc/named.conf
options {
directory "/var/named";
allow-recursion { 172.16.0.0/16; }; # 定义允许递归的网段
notify yes; # 开启通知功能
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; }; # 不允许区域传送
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; }; # 不允许区域传送
};
zone "soysauce.com" IN {
type master;
file "soysauce.com.zone";
allow-transfer { 172.16.1.110; }; # 定义只允许从DNS区域传送
};
zone "1.16.172.in-addr.arpa" {
type master;
file "172.16.1.zone";
allow-transfer { 172.16.1.110; }; # 定义只允许从DNS区域传送
};
[root@soysauce ~]# cd /var/named/
[root@soysauce named]# vim soysauce.com.zone
[root@soysauce named]# cat soysauce.com.zone # 定义soysauce.com.正向解析
$TTL 86400
@ IN SOA ns1.soysauce.com. admin.soysauce.com. (
2015121001
3H
10M
1D
2D )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 172.16.1.111
ns2 IN A 172.16.1.110
mail IN A 172.16.1.115
www IN A 172.16.1.112
www IN A 172.16.1.113
ftp IN CNAME www
[root@soysauce named]# vim 172.16.1.zone
[root@soysauce named]# cat 172.16.1.zone # 定义1.16.172.in-addr.arpa反向解析
$TTL 86400
@ IN SOA ns1.soysauce.com. admin.soysauce.com. (
2015121001
3H
10M
1D
2D )
IN NS ns1.soysauce.com.
IN NS ns2.soysauce.com.
111 IN PTR ns1.soysauce.com.
110 IN PTR ns2.soysauce.com.
115 IN PTR mail.soysauce.com.
112 IN PTR www.soysauce.com.
113 IN PTR www.soysauce.com.
[root@soysauce ~]# chmod 640 /etc/named.conf
[root@soysauce ~]# chown root.named /etc/named.conf
[root@soysauce ~]# ll /etc/named.conf
-rw-r----- 1 root named 529 Dec 3 14:13 /etc/named.conf
[root@soysauce ~]# named-checkconf # 检查配置文件是否有语法错误
[root@soysauce ~]# named-checkzone "soysauce.com." /var/named/soysauce.com.zone
zone soysauce.com/IN: loaded serial 2015121001
OK
[root@soysauce ~]# named-checkzone "1.16.172.in-addr-arpa" /var/named/172.16.1.zone
zone 1.16.172.in-addr-arpa/IN: loaded serial 2015121001
OK
[root@soysauce ~]# service named start # 启动主DNS
Starting named: [ OK ]
[root@soysauce ~]# tail /var/log/messages
[root@soysauce named]# tail /var/log/messages
Dec 11 14:07:32 CentOS6 named[9278]: command channel listening on 127.0.0.1#953
Dec 11 14:07:32 CentOS6 named[9278]: command channel listening on ::1#953
Dec 11 14:07:32 CentOS6 named[9278]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 11 14:07:32 CentOS6 named[9278]: zone 1.16.172.in-addr.arpa/IN: loaded serial 2015121001
Dec 11 14:07:32 CentOS6 named[9278]: zone soysauce.com/IN: loaded serial 2015121001
Dec 11 14:07:32 CentOS6 named[9278]: zone localhost/IN: loaded serial 0
Dec 11 14:07:32 CentOS6 named[9278]: managed-keys-zone ./IN: loaded serial 0
Dec 11 14:07:32 CentOS6 named[9278]: running
Dec 11 14:07:32 CentOS6 named[9278]: zone soysauce.com/IN: sending notifies (serial 2015121001)
Dec 11 14:07:32 CentOS6 named[9278]: zone 1.16.172.in-addr.arpa/IN: sending notifies (serial 2015121001)
[root@soysauce ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.16.1.111:53 0.0.0.0:* LISTEN 8800/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 8800/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1631/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8800/named
tcp 0 0 :::80 :::* LISTEN 8414/httpd
tcp 0 0 :::22 :::* LISTEN 1631/sshd
tcp 0 0 ::1:953 :::* LISTEN 8800/named
udp 0 0 172.16.1.111:53 0.0.0.0:* 8800/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 8800/named
2、建立从DNS
[root@CentOS5 ~]# yum install -y "bind97" "bind97-utils" # 此从DNS为CentOS5.8,所以bind为9.7版本
[root@CentOS5 ~]# mv /etc/named.conf{,.back}
[root@CentOS5 ~]# scp 172.16.1.111:/etc/named.conf /etc/named.conf
The authenticity of host '172.16.1.111 (172.16.1.111)' can't be established.
RSA key fingerprint is 1e:87:cd:f0:95:ff:a8:ef:19:bc:c6:e7:0a:87:6b:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.111' (RSA) to the list of known hosts.
root@172.16.1.111's password:
named.conf 100% 529 0.5KB/s 00:00
[root@CentOS5 ~]# vim /etc/named.conf
[root@CentOS5 ~]# cat /etc/named.conf
options {
directory "/var/named";
allow-recursion { 172.16.0.0/16; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "soysauce.com" IN {
type slave; # 类型为从DNS
file "slaves/soysauce.com.zone"; # 保存区域数据文件到/var/named/slaves目录下
masters { 172.16.1.111; }; # 指明主DNS的地址
allow-transfer { none; }; # 为了安全,不允许任何人传送
};
zone "1.16.172.in-addr.arpa" {
type slave;
file "slaves/172.16.1.zone"; # 此反向区域定义同上
masters { 172.16.1.111; };
allow-transfer { none; };
};
[root@CentOS5 ~]# ll /etc/named.conf
-rw-r----- 1 root root 574 Aug 29 05:59 /etc/named.conf
[root@CentOS5 ~]# chown .named /etc/named.conf
[root@CentOS5 ~]# named-checkconf
[root@CentOS5 named]# service named start
Starting named: [ OK ]
[root@CentOS5 named]# tail /var/log/messages # 查看区域传送日志
Dec 11 14:09:55 CentOS5 named[11183]: zone soysauce.com/IN: Transfer started.
Dec 11 14:09:55 CentOS5 named[11183]: transfer of 'soysauce.com/IN' from 172.16.1.111#53: connected using 172.16.1.110#52835
Dec 11 14:09:55 CentOS5 named[11183]: zone soysauce.com/IN: transferred serial 2015121001
Dec 11 14:09:55 CentOS5 named[11183]: transfer of 'soysauce.com/IN' from 172.16.1.111#53: Transfer completed: 1 messages, 11 records, 267 bytes, 0.006 secs (44500 bytes/sec)
Dec 11 14:09:55 CentOS5 named[11183]: zone soysauce.com/IN: sending notifies (serial 2015121001)
Dec 11 14:09:56 CentOS5 named[11183]: zone 1.16.172.in-addr.arpa/IN: Transfer started.
Dec 11 14:09:56 CentOS5 named[11183]: transfer of '1.16.172.in-addr.arpa/IN' from 172.16.1.111#53: connected using 172.16.1.110#46898
Dec 11 14:09:56 CentOS5 named[11183]: zone 1.16.172.in-addr.arpa/IN: transferred serial 2015121001
Dec 11 14:09:56 CentOS5 named[11183]: transfer of '1.16.172.in-addr.arpa/IN' from 172.16.1.111#53: Transfer completed: 1 messages, 9 records, 264 bytes, 0.008 secs (33000 bytes/sec)
Dec 11 14:09:56 CentOS5 named[11183]: zone 1.16.172.in-addr.arpa/IN: sending notifies (serial 2015121001)
[root@CentOS5 ~]# cd /var/named/slaves
[root@CentOS5 slaves]# ls # 可以看到数据文件已经同步过来了
172.16.1.zone soysauce.com.zone
[root@CentOS5 slaves]# cat soysauce.com.zone # 同步过来的正向区域数据文件
$ORIGIN .
$TTL 86400 ; 1 day
soysauce.com IN SOA ns1.soysauce.com. admin.soysauce.com. (
2015121001 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.soysauce.com.
NS ns2.soysauce.com.
MX 10 mail.soysauce.com.
$ORIGIN soysauce.com.
ftp CNAME www
mail A 172.16.1.115
ns1 A 172.16.1.111
ns2 A 172.16.1.110
www A 172.16.1.112
A 172.16.1.113
[root@CentOS5 slaves]# cat 172.16.1.zone # 同步过来的反向区域数据文件
$ORIGIN .
$TTL 86400 ; 1 day
1.16.172.in-addr.arpa IN SOA ns1.soysauce.com. admin.soysauce.com. (
2015121001 ; serial
10800 ; refresh (3 hours)
600 ; retry (10 minutes)
86400 ; expire (1 day)
172800 ; minimum (2 days)
)
NS ns1.soysauce.com.
NS ns2.soysauce.com.
$ORIGIN 1.16.172.in-addr.arpa.
110 PTR ns2.soysauce.com.
111 PTR ns1.soysauce.com.
112 PTR www.soysauce.com.
113 PTR www.soysauce.com.
115 PTR mail.soysauce.com.
3、增加主DNS正向解析记录,测试是否能通知从DNS
[root@soysauce named]# vim soysauce.com.zone [root@soysauce named]# tail -1 soysauce.com.zone # 新增一条A记录 bbs IN A 172.16.1.114 [root@soysauce named]# service named reload Reloading named: [ OK ] [root@soysauce named]# tail /var/log/messages Dec 11 14:15:34 CentOS6 named[9278]: using default UDP/IPv4 port range: [1024, 65535] Dec 11 14:15:34 CentOS6 named[9278]: using default UDP/IPv6 port range: [1024, 65535] Dec 11 14:15:34 CentOS6 named[9278]: sizing zone task pool based on 5 zones Dec 11 14:15:34 CentOS6 named[9278]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Dec 11 14:15:34 CentOS6 named[9278]: reloading configuration succeeded Dec 11 14:15:34 CentOS6 named[9278]: reloading zones succeeded Dec 11 14:15:34 CentOS6 named[9278]: zone soysauce.com/IN: loaded serial 2015121002 Dec 11 14:15:34 CentOS6 named[9278]: zone soysauce.com/IN: sending notifies (serial 2015121002) Dec 11 14:15:34 CentOS6 named[9278]: client 172.16.1.110#48166: transfer of 'soysauce.com/IN': AXFR-style IXFR started Dec 11 14:15:34 CentOS6 named[9278]: client 172.16.1.110#48166: transfer of 'soysauce.com/IN': AXFR-style IXFR ended # 可以看到已然传送 [root@CentOS5 slaves]# cat soysauce.com.zone # 再来看从DNS $ORIGIN . $TTL 86400 ; 1 day soysauce.com IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121002 ; serial # 序列号已然发生改 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.soysauce.com. NS ns2.soysauce.com. MX 10 mail.soysauce.com. $ORIGIN soysauce.com. bbs A 172.16.1.114 # 可以看到已然同步过来了 ftp CNAME www mail A 172.16.1.115 ns1 A 172.16.1.111 ns2 A 172.16.1.110 www A 172.16.1.112 A 172.16.1.113
4、增加主DNS反向解析记录,测试是否能通知从DNS
[root@soysauce named]# vim 172.16.1.zone [root@soysauce named]# tail -1 172.16.1.zone 114 IN PTR bbs.soysauce.com. # 新增一条A记录 [root@soysauce named]# service named reload Reloading named: [ OK ] [root@soysauce named]# tail /var/log/messages Dec 11 14:22:15 CentOS6 named[9278]: using default UDP/IPv4 port range: [1024, 65535] Dec 11 14:22:15 CentOS6 named[9278]: using default UDP/IPv6 port range: [1024, 65535] Dec 11 14:22:15 CentOS6 named[9278]: sizing zone task pool based on 5 zones Dec 11 14:22:15 CentOS6 named[9278]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Dec 11 14:22:15 CentOS6 named[9278]: reloading configuration succeeded Dec 11 14:22:15 CentOS6 named[9278]: reloading zones succeeded Dec 11 14:22:15 CentOS6 named[9278]: zone 1.16.172.in-addr.arpa/IN: loaded serial 2015121002 Dec 11 14:22:15 CentOS6 named[9278]: zone 1.16.172.in-addr.arpa/IN: sending notifies (serial 2015121002) Dec 11 14:22:15 CentOS6 named[9278]: client 172.16.1.110#41576: transfer of '1.16.172.in-addr.arpa/IN': AXFR-style IXFR started Dec 11 14:22:15 CentOS6 named[9278]: client 172.16.1.110#41576: transfer of '1.16.172.in-addr.arpa/IN': AXFR-style IXFR ended # 可以看到已然传送 [root@CentOS5 slaves]# cat 172.16.1.zone # 再来看从DNS $ORIGIN . $TTL 86400 ; 1 day 1.16.172.in-addr.arpa IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121002 ; serial # 序列号已然发生改变 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.soysauce.com. NS ns2.soysauce.com. $ORIGIN 1.16.172.in-addr.arpa. 110 PTR ns2.soysauce.com. 111 PTR ns1.soysauce.com. 112 PTR www.soysauce.com. 113 PTR www.soysauce.com. 114 PTR bbs.soysauce.com. # 这一条A记录已然同步过来 115 PTR mail.soysauce.com.
注意:得配置iptables和selinux以及区域数据文件中从DNS的定义,不然可能导致无法实现主从复制。
5、增加本地rndc控制
[root@soysauce ~]# rndc-confgen > /etc/rndc.conf # 生成rndc配置文件
[root@soysauce ~]# vim /etc/rndc.conf # 将后半段注释部分追加至/etc/named.conf文件中
[root@soysauce ~]# tail /etc/named.conf # 可以看到已然追加成功
# key "rndc-key" {
# algorithm hmac-md5;
# secret "zcuT2H5UyUdG/1maGgMTYg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
[root@soysauce ~]# vim /etc/named.conf # 去掉至倒数第二行的开头注释#号及空白
[root@soysauce ~]# tail /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "zcuT2H5UyUdG/1maGgMTYg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#End of named.conf
[root@soysauce ~]# rm /etc/rndc.key # 删除系统自带的key
[root@soysauce ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@soysauce ~]# rndc status # 查看统计信息
version: 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@soysauce ~]# rndc flush # 清空缓存
[root@soysauce ~]# rndc notify "soysauce.com." # 手动通知区域
zone notify queued
[root@soysauce ~]# tail /var/log/messages
Dec 11 15:26:49 CentOS6 named[9840]: managed-keys-zone ./IN: loaded serial 0
Dec 11 15:26:49 CentOS6 named[9840]: running
Dec 11 15:26:49 CentOS6 named[9840]: zone 1.16.172.in-addr.arpa/IN: sending notifies (serial 2015121002)
Dec 11 15:26:49 CentOS6 named[9840]: zone soysauce.com/IN: sending notifies (serial 2015121002)
Dec 11 15:28:30 CentOS6 named[9840]: received control channel command 'flush'
Dec 11 15:28:30 CentOS6 named[9840]: flushing caches in all views succeeded
Dec 11 15:28:46 CentOS6 named[9840]: received control channel command 'flush'
Dec 11 15:28:46 CentOS6 named[9840]: flushing caches in all views succeeded
Dec 11 15:29:28 CentOS6 named[9840]: received control channel command 'notify soysauce.com.'
Dec 11 15:29:28 CentOS6 named[9840]: zone soysauce.com/IN: sending notifies (serial 2015121002)
[root@soysauce ~]# rndc stop # 关闭named服务
[root@soysauce ~]# netstat -tunlp # 可以看到named服务已然关闭
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1631/sshd
tcp 0 0 :::80 :::* LISTEN 8414/httpd
tcp 0 0 :::22 :::* LISTEN 1631/sshd
[root@soysauce ~]# service named start
Starting named: [ OK ]
[root@soysauce ~]# netstat -tunlp # 可以看到named服务又重新启动了
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.16.1.111:53 0.0.0.0:* LISTEN 9909/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 9909/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1631/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 9909/named
tcp 0 0 :::80 :::* LISTEN 8414/httpd
tcp 0 0 :::22 :::* LISTEN 1631/sshd
udp 0 0 172.16.1.111:53 0.0.0.0:* 9909/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 9909/named
二、DNS子域授权
1、首先在上面那个主DNS中添加子域one.soysauce.com.和two.soysauce.com.
[root@soysauce named]# vim soysauce.com.zone [root@soysauce named]# cat soysauce.com.zone $TTL 86400 @ IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121006 # 此处应该改变,+1 3H 10M 1D 2D ) IN NS ns1 IN NS ns2 IN MX 10 mail ns1 IN A 172.16.1.111 ns2 IN A 172.16.1.110 mail IN A 172.16.1.115 www IN A 172.16.1.112 www IN A 172.16.1.113 ftp IN CNAME www bbs IN A 172.16.1.114 one IN NS ns1.one # 添加one子域的NS记录和对应的A记录 ns1.one IN A 172.16.1.102 two IN NS ns2.one # 添加two子域的NS记录和对应的A记录 ns1.two IN A 172.16.1.103 [root@soysauce named]# service named reload # 重读配置文件及区域数据文件 Reloading named: [ OK ] [root@soysauce named]# tail /var/log/messages Dec 11 18:03:17 CentOS6 named[10286]: using default UDP/IPv6 port range: [1024, 65535] Dec 11 18:03:17 CentOS6 named[10286]: sizing zone task pool based on 5 zones Dec 11 18:03:17 CentOS6 named[10286]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Dec 11 18:03:17 CentOS6 named[10286]: reloading configuration succeeded Dec 11 18:03:17 CentOS6 named[10286]: reloading zones succeeded Dec 11 18:03:17 CentOS6 named[10286]: zone soysauce.com/IN: two.soysauce.com/NS 'ns2.one.soysauce.com' has no SIBLING GLUE address records (A or AAAA) Dec 11 18:03:17 CentOS6 named[10286]: zone soysauce.com/IN: loaded serial 2015121006 Dec 11 18:03:17 CentOS6 named[10286]: zone soysauce.com/IN: sending notifies (serial 2015121006) Dec 11 18:03:17 CentOS6 named[10286]: client 172.16.1.110#43029: transfer of 'soysauce.com/IN': AXFR-style IXFR started Dec 11 18:03:17 CentOS6 named[10286]: client 172.16.1.110#43029: transfer of 'soysauce.com/IN': AXFR-style IXFR ended # 已通知从DNS完成区域传送
2、查看从DNS上soysauce.com.区域数据文件是否同步
[root@CentOS5 slaves]# pwd /var/named/slaves [root@CentOS5 slaves]# cat soysauce.com.zone $ORIGIN . $TTL 86400 ; 1 day soysauce.com IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121006 ; serial # 序列号已经发生改变 10800 ; refresh (3 hours) 600 ; retry (10 minutes) 86400 ; expire (1 day) 172800 ; minimum (2 days) ) NS ns1.soysauce.com. NS ns2.soysauce.com. MX 10 mail.soysauce.com. $ORIGIN soysauce.com. bbs A 172.16.1.114 ftp CNAME www mail A 172.16.1.115 ns1 A 172.16.1.111 ns2 A 172.16.1.110 one NS ns1.one $ORIGIN one.soysauce.com. ns1 A 172.16.1.102 $ORIGIN soysauce.com. two NS ns2.one $ORIGIN two.soysauce.com. ns1 A 172.16.1.103 # 可以看到one和two两个子域都已然同步 $ORIGIN soysauce.com. www A 172.16.1.112 A 172.16.1.113
3、配置子域one.soysauce.com.的DNS服务器
[root@node1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:5C:4E:8F
inet addr:172.16.1.102 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fe5c:4e8f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1590808 errors:0 dropped:0 overruns:0 frame:0
TX packets:783802 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:735399777 (701.3 MiB) TX bytes:284864150 (271.6 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:629537 errors:0 dropped:0 overruns:0 frame:0
TX packets:629537 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:61711838 (58.8 MiB) TX bytes:61711838 (58.8 MiB)
[root@node1 ~]# scp 172.16.1.111:/etc/named.conf /etc/named.conf # 为了方便,直接复制父域的主DNS配置文件
The authenticity of host '172.16.1.111 (172.16.1.111)' can't be established.
RSA key fingerprint is 1e:87:cd:f0:95:ff:a8:ef:19:bc:c6:e7:0a:87:6b:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.111' (RSA) to the list of known hosts.
root@172.16.1.111's password:
named.conf
named.conf 100% 705 0.7KB/s 00:00
[root@node1 ~]# yum install -y "bind" "bind-utils"
[root@node1 ~]# vim /etc/named.conf
[root@node1 ~]# cat /etc/named.conf
options {
directory "/var/named";
allow-recursion { 172.16.0.0/16; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "one.soysauce.com" IN {
type master;
file "one.soysauce.com.zone";
};
[root@node1 ~]# ll /etc/named.conf
-rw-r----- 1 root root 408 Dec 11 18:06 /etc/named.conf
[root@node1 ~]# chown .named /etc/named.conf
[root@node1 ~]# ll /etc/named.conf
-rw-r----- 1 root named 408 Dec 11 18:06 /etc/named.conf
[root@node1 ~]# scp 172.16.1.111:/var/named/soysauce.com.zone /var/named/one.soysauce.com.zone
root@172.16.1.111's password:
soysauce.com.zone 100% 389 0.4KB/s 00:00
[root@node1 ~]# cd /var/named/
[root@node1 named]# vim one.soysauce.com.zone
[root@node1 named]# cat one.soysauce.com.zone
$TTL 86400
@ IN SOA ns1.one.soysauce.com. admin.one.soysauce.com. (
2015121101
3H
10M
1D
2D )
IN NS ns1
ns1 IN A 172.16.1.118
www IN A 172.16.1.124
bbs IN A 172.16.1.126
[root@node1 named]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
4、测试子域是否能正常解析
[root@soysauce named]# dig -t NS one.soysauce.com. # 在父域的主DNS上测试解析NS记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t NS one.soysauce.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;one.soysauce.com. IN NS ;; ANSWER SECTION: one.soysauce.com. 86400 IN NS ns1.one.soysauce.com. ;; ADDITIONAL SECTION: ns1.one.soysauce.com. 86400 IN A 172.16.1.118 ;; Query time: 9 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Fri Dec 11 18:14:55 2015 ;; MSG SIZE rcvd: 68 [root@soysauce named]# dig -t A www.one.soysauce.com. # 在父域的主DNS上测试解析A记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.one.soysauce.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29307 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.one.soysauce.com. IN A ;; ANSWER SECTION: www.one.soysauce.com. 86400 IN A 172.16.1.124 ;; AUTHORITY SECTION: one.soysauce.com. 86394 IN NS ns1.one.soysauce.com. ;; ADDITIONAL SECTION: ns1.one.soysauce.com. 86394 IN A 172.16.1.118 ;; Query time: 4 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Fri Dec 11 18:15:01 2015 ;; MSG SIZE rcvd: 88 [root@CentOS5 slaves]# dig -t NS one.soysauce.com. @172.16.1.110 # 在父域的从DNS上测试解析NS记录 ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t NS one.soysauce.com. @172.16.1.110 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33180 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;one.soysauce.com. IN NS ;; ANSWER SECTION: one.soysauce.com. 86400 IN NS ns1.one.soysauce.com. ;; ADDITIONAL SECTION: ns1.one.soysauce.com. 86400 IN A 172.16.1.118 ;; Query time: 71 msec ;; SERVER: 172.16.1.110#53(172.16.1.110) ;; WHEN: Fri Dec 11 18:16:21 2015 ;; MSG SIZE rcvd: 68 [root@CentOS5 slaves]# dig -t A www.one.soysauce.com. @172.16.1.110 # 在父域的从DNS上测试解析A记录 ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.one.soysauce.com. @172.16.1.110 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59238 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.one.soysauce.com. IN A ;; ANSWER SECTION: www.one.soysauce.com. 86400 IN A 172.16.1.124 ;; AUTHORITY SECTION: one.soysauce.com. 86385 IN NS ns1.one.soysauce.com. ;; ADDITIONAL SECTION: ns1.one.soysauce.com. 86385 IN A 172.16.1.118 ;; Query time: 6 msec ;; SERVER: 172.16.1.110#53(172.16.1.110) ;; WHEN: Fri Dec 11 18:16:36 2015 ;; MSG SIZE rcvd: 88
注意:/etc/named.conf和/var/named目录下的区域数据文件的属主属组要为root:named,否则将无法正常解析
5、增加父域解析(转发域)
[root@node1 named]# vim /etc/named.conf
[root@node1 named]# tail -5 /etc/named.conf
zone "soysauce.com" IN {
type forward; # 如果是soysauce.com.域,则转发给172.16.1.111解析
forward first;
forwarders { 172.16.1.111; };
};
[root@node1 named]# named-checkconf
[root@node1 named]# service named reload
Reloading named: [ OK ]
[root@node1 named]# nslookup
> server 172.16.1.102 # 指定DNS服务器为自己
Default server: 172.16.1.102
Address: 172.16.1.102#53
> set q=A
> www.soysauce.com # 查询父域内www主机的A记录
Server: 172.16.1.102
Address: 172.16.1.102#53
Non-authoritative answer:
Name: www.soysauce.com
Address: 172.16.1.113 # 可以看到已然解析出来,虽然是非权威应答
Name: www.soysauce.com
Address: 172.16.1.112
> exit
三、DNS视图及日志系统
1、首先建立一个DNS服务器
[root@soysauce ~]# yum install -y "bind" "bind-utils"
2、编辑主配置文件/etc/named.conf,定义视图
[root@soysauce ~]# mv /etc/named.conf{,.back} # 备份系统自带的主配置文件
[root@soysauce ~]# vim /etc/named.conf # 自行编辑一个主配置文件
[root@soysauce ~]# ll /etc/named.conf
-rw-r--r-- 1 root root 412 Dec 11 19:08 /etc/named.conf
[root@soysauce ~]# chown .named /etc/named.conf
[root@soysauce ~]# chmod 640 named.conf
[root@soysauce ~]# ll /etc/named.conf
-rw-r----- 1 root named 412 Dec 11 19:08 /etc/named.conf
[root@soysauce ~]# cat /etc/named.conf
acl innet {
172.16.0.0/16;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { innet; };
};
view telecom { # 一旦定义视图,则所有的区域都必须定义在视图中
match-clients { innet; };
zone "soysauce.com" IN {
type master;
file "telecom.soysauce.com.zone";
};
};
view unicom {
match-clients { any; };
zone "soysauce.com" IN {
type master;
file "unicom.soysauce.com.zone";
};
};
[root@soysauce etc]# named-checkconf # 检查配置文件是否有语法错误
3、编辑区域数据文件
[root@soysauce named]# vim telecom.soysauce.com.zone [root@soysauce named]# cat telecom.soysauce.com.zone # telecom来源的区域数据文件 $TTL 86400 @ IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121101 1H 10M 1D 1D ) IN NS ns1 ns1 IN A 172.16.1.111 www IN A 172.16.1.110 [root@soysauce named]# ll telecom.soysauce.com.zone -rw-r--r-- 1 root root 173 Dec 11 19:23 telecom.soysauce.com.zone [root@soysauce named]# chown .named telecom.soysauce.com.zone [root@soysauce named]# chmod 640 telecom.soysauce.com.zone [root@soysauce named]# ll telecom.soysauce.com.zone -rw-r----- 1 root named 173 Dec 11 19:23 telecom.soysauce.com.zone [root@soysauce named]# cp -p telecom.soysauce.com.zone unicom.soysauce.com.zone [root@soysauce named]# vim unicom.soysauce.com.zone [root@soysauce named]# cat unicom.soysauce.com.zone # unicom来源的区域数据文件 $TTL 86400 @ IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121101 1H 10M 1D 1D ) IN NS ns1 ns1 IN A 172.16.1.111 www IN A 192.168.0.1 bbs IN A 192.168.0.2 [root@soysauce named]# named-checkzone "soysauce.com" /var/named/telecom.soysauce.com.zone zone soysauce.com/IN: loaded serial 2015121101 OK [root@soysauce named]# named-checkzone "soysauce.com" /var/named/unicom.soysauce.com.zone zone soysauce.com/IN: loaded serial 2015121101 OK
4、启动named服务
[root@soysauce named]# service named start Starting named: [ OK ] [root@soysauce named]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 172.16.1.111:53 0.0.0.0:* LISTEN 10623/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 10623/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1631/sshd tcp 0 0 :::80 :::* LISTEN 8414/httpd tcp 0 0 :::22 :::* LISTEN 1631/sshd udp 0 0 172.16.1.111:53 0.0.0.0:* 10623/named udp 0 0 127.0.0.1:53 0.0.0.0:* 10623/named [root@soysauce named]# tail /var/log/messages Dec 11 19:33:16 CentOS6 named[10623]: automatic empty zone: view unicom: 8.B.D.0.1.0.0.2.IP6.ARPA Dec 11 19:33:16 CentOS6 named[10623]: none:0: open: /etc/rndc.key: file not found Dec 11 19:33:16 CentOS6 named[10623]: couldn't add command channel 127.0.0.1#953: file not found Dec 11 19:33:16 CentOS6 named[10623]: none:0: open: /etc/rndc.key: file not found Dec 11 19:33:16 CentOS6 named[10623]: couldn't add command channel ::1#953: file not found Dec 11 19:33:16 CentOS6 named[10623]: zone soysauce.com/IN/telecom: loaded serial 2015121101 Dec 11 19:33:16 CentOS6 named[10623]: managed-keys-zone ./IN/telecom: loaded serial 0 Dec 11 19:33:16 CentOS6 named[10623]: zone soysauce.com/IN/unicom: loaded serial 2015121101 Dec 11 19:33:16 CentOS6 named[10623]: managed-keys-zone ./IN/unicom: loaded serial 0 Dec 11 19:33:16 CentOS6 named[10623]: running
5、测试是否能根据客户端来源返回不同解析结果
(1)、172.16.0.0/16网段内的主机访问
[root@CentOS5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:FE:82:38 inet addr:172.16.1.110 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fefe:8238/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:54732 errors:0 dropped:0 overruns:0 frame:0 TX packets:34703 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49545402 (47.2 MiB) TX bytes:4028063 (3.8 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:354 errors:0 dropped:0 overruns:0 frame:0 TX packets:354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:41992 (41.0 KiB) TX bytes:41992 (41.0 KiB) [root@CentOS5 ~]# dig -t A www.soysauce.com. @172.16.1.111 ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.soysauce.com. @172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9824 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.soysauce.com. IN A ;; ANSWER SECTION: www.soysauce.com. 86400 IN A 172.16.1.110 # 此处返回的是telecom.soysauce.com.zone中定义的地址 ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 5 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Fri Dec 11 18:59:55 2015 ;; MSG SIZE rcvd: 84
(2)、192.168.0.0/24网段内的主机访问
[root@node1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:5C:4E:8F inet addr:192.168.44.131 Bcast:192.168.44.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe5c:4e8f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1610221 errors:0 dropped:0 overruns:0 frame:0 TX packets:796884 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:751048206 (716.2 MiB) TX bytes:286242870 (272.9 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:701019 errors:0 dropped:0 overruns:0 frame:0 TX packets:701019 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:68980572 (65.7 MiB) TX bytes:68980572 (65.7 MiB) [root@node1 ~]# dig -t A www.soysauce.com. @172.16.1.111 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com. @172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32698 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.soysauce.com. IN A ;; ANSWER SECTION: www.soysauce.com. 86400 IN A 192.169.0.1 # 此处返回的是unicom.soysauce.com.zone中定义的地址 ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 3 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Fri Dec 11 23:21:31 2015 ;; MSG SIZE rcvd: 84
6、增加日志系统
[root@soysauce ~]# vim /etc/named.conf
[root@soysauce ~]# cat /etc/named.conf
acl innet {
172.16.0.0/16;
};
options {
directory "/var/named";
allow-recursion { innet; };
querylog yes;
};
logging { # 增加日志系统配置
channel query_log {
file "/var/log/named/bind_query.log" versions 3 size 10M;
severity dynamic; # 日志级别
print-category yes; # 日志中显示日志来源,即记录了哪一类日志
print-time yes; # 日志中显示时间
print-severity yes; # 日志中显示记录的日志级别
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 3 size 10M;
severity debug 3;
print-category yes;
print-time yes;
print-severity yes;
};
category xfer-out { xfer_log; }; # 记录传送日志
category queries { query_log; }; # 记录查询日志
};
view telecom {
match-clients { innet; };
zone "soysauce.com" IN {
type master;
file "telecom.soysauce.com.zone";
};
};
view unicom {
match-clients { any; };
zone "soysauce.com" IN {
type master;
file "unicom.soysauce.com.zone";
};
};
[root@soysauce ~]# mkdir /var/log/named
[root@soysauce ~]# chown named.named /var/log/named # 修改属主属组为named,否则无法写入日志
[root@soysauce ~]# mkdir /var/log/named
[root@soysauce ~]# chown named.named /var/log/named
[root@soysauce ~]# named-checkconf
[root@soysauce ~]# service named reload
Reloading named: [ OK ]
[root@soysauce ~]# !dig # 本次发起一次查询
dig -t A www.soysauce.com.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.soysauce.com. IN A
;; ANSWER SECTION:
www.soysauce.com. 86400 IN A 172.16.1.110
;; AUTHORITY SECTION:
soysauce.com. 86400 IN NS ns1.soysauce.com.
;; ADDITIONAL SECTION:
ns1.soysauce.com. 86400 IN A 172.16.1.111
;; Query time: 34 msec
;; SERVER: 172.16.1.111#53(172.16.1.111)
;; WHEN: Fri Dec 11 21:21:14 2015
;; MSG SIZE rcvd: 84
[root@CentOS5 ~]# dig -t A www.soysauce.com. @172.16.1.111 # 另外一台主机发起一次查询
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.soysauce.com. @172.16.1.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.soysauce.com. IN A
;; ANSWER SECTION:
www.soysauce.com. 86400 IN A 172.16.1.110
;; AUTHORITY SECTION:
soysauce.com. 86400 IN NS ns1.soysauce.com.
;; ADDITIONAL SECTION:
ns1.soysauce.com. 86400 IN A 172.16.1.111
;; Query time: 8 msec
;; SERVER: 172.16.1.111#53(172.16.1.111)
;; WHEN: Fri Dec 11 20:43:35 2015
;; MSG SIZE rcvd: 84
[root@soysauce ~]# cat /var/log/named/bind_query.log # 可以看到查询日志已然生成
11-Dec-2015 21:21:14.608 queries: info: client 172.16.1.111#48637: view telecom: query: www.soysauce.com IN A + (172.16.1.111)
11-Dec-2015 21:23:12.112 queries: info: client 172.16.1.110#50474: view telecom: query: www.soysauce.com IN A + (172.16.1.111)
[root@node1 ~]# dig -t axfr soysauce.com. @172.16.1.111 # 另外一台主机发起区域传送
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. @172.16.1.111
;; global options: +cmd
soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400
soysauce.com. 86400 IN NS ns1.soysauce.com.
bbs.soysauce.com. 86400 IN A 172.16.1.112
ns1.soysauce.com. 86400 IN A 172.16.1.111
www.soysauce.com. 86400 IN A 172.16.1.110
soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400
;; Query time: 41 msec
;; SERVER: 172.16.1.111#53(172.16.1.111)
;; WHEN: Sat Dec 12 16:48:46 2015
;; XFR size: 6 records (messages 1, bytes 182)
[root@soysauce ~]# tail /var/log/named/transfer.log # 可以看到传送日志已然生成
11-Dec-2015 21:42:54.416 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of 'soysauce.com/IN': AXFR started
11-Dec-2015 21:42:54.418 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of 'soysauce.com/IN': AXFR ended
四、DNS性能测试工具queryperf
1、下载bind-9.10.2的源码包,并编译生成二进制可执行程序
[root@soysauce tmp]# ll total 10964 -rw-r--r-- 1 root root 8471531 Dec 12 2015 bind-9.10.2-P4.tar.gz [root@soysauce tmp]# tar xf bind-9.10.2-P4.tar.gz [root@soysauce tmp]# ls bind-9.10.2-P4 bind-9.10.2-P4.tar.gz [root@soysauce tmp]# cd bind-9.10.2-P4/contrib [root@soysauce contrib]# ls dane dlz idn nslint-3.0a2 perftcpdns query-loc-0.4.0 queryperf README scripts sdb zkt-1.1.3 [root@soysauce contrib]# cd queryperf/ [root@soysauce queryperf]# ls config.h.in configure configure.in input Makefile.in missing queryperf.c README utils [root@soysauce queryperf]# ./configure checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: in `/tmp/bind-9.10.2-P4/contrib/queryperf': configure: error: no acceptable C compiler found in $PATH See `config.log' for more details [root@soysauce queryperf]# yum install -y gcc make # 安装gcc、make编译工具 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * epel: mirrors.opencas.cn Setting up Install Process Package 1:make-3.81-20.el6.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package gcc.x86_64 0:4.4.7-16.el6 will be installed --> Processing Dependency: libgomp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: cpp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: libgcc >= 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-16.el6.x86_64 --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 ---> Package cpp.x86_64 0:4.4.7-16.el6 will be installed --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-16.el6.x86_64 ---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.3 will be installed --> Processing Dependency: glibc-headers = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64 --> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.166.el6_7.3.x86_64 ---> Package libgcc.x86_64 0:4.4.7-4.el6 will be updated ---> Package libgcc.x86_64 0:4.4.7-16.el6 will be an update ---> Package libgomp.x86_64 0:4.4.7-16.el6 will be installed --> Running transaction check ---> Package glibc.x86_64 0:2.12-1.132.el6 will be updated --> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-common-2.12-1.132.el6.x86_64 ---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be an update ---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.3 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.166.el6_7.3.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.166.el6_7.3.x86_64 ---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed ---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed --> Running transaction check ---> Package glibc-common.x86_64 0:2.12-1.132.el6 will be updated ---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be an update ---> Package kernel-headers.x86_64 0:2.6.32-573.8.1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================== Installing: gcc x86_64 4.4.7-16.el6 base 10 M Installing for dependencies: cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k cpp x86_64 4.4.7-16.el6 base 3.7 M glibc-devel x86_64 2.12-1.166.el6_7.3 updates 986 k glibc-headers x86_64 2.12-1.166.el6_7.3 updates 615 k kernel-headers x86_64 2.6.32-573.8.1.el6 updates 3.9 M libgomp x86_64 4.4.7-16.el6 base 134 k mpfr x86_64 2.4.1-6.el6 base 157 k ppl x86_64 0.10.2-11.el6 base 1.3 M Updating for dependencies: glibc x86_64 2.12-1.166.el6_7.3 updates 3.8 M glibc-common x86_64 2.12-1.166.el6_7.3 updates 14 M libgcc x86_64 4.4.7-16.el6 base 103 k Transaction Summary ======================================================================================================================================== Install 9 Package(s) Upgrade 3 Package(s) Total download size: 39 M Downloading Packages: (1/12): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00 (2/12): cpp-4.4.7-16.el6.x86_64.rpm | 3.7 MB 00:03 (3/12): gcc-4.4.7-16.el6.x86_64.rpm | 10 MB 00:09 (4/12): glibc-2.12-1.166.el6_7.3.x86_64.rpm | 3.8 MB 00:03 (5/12): glibc-common-2.12-1.166.el6_7.3.x86_64.rpm | 14 MB 00:13 (6/12): glibc-devel-2.12-1.166.el6_7.3.x86_64.rpm | 986 kB 00:00 (7/12): glibc-headers-2.12-1.166.el6_7.3.x86_64.rpm | 615 kB 00:00 (8/12): kernel-headers-2.6.32-573.8.1.el6.x86_64.rpm | 3.9 MB 00:03 (9/12): libgcc-4.4.7-16.el6.x86_64.rpm | 103 kB 00:00 (10/12): libgomp-4.4.7-16.el6.x86_64.rpm | 134 kB 00:00 (11/12): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00 (12/12): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------- Total 1.0 MB/s | 39 MB 00:38 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : libgcc-4.4.7-16.el6.x86_64 1/15 Updating : glibc-2.12-1.166.el6_7.3.x86_64 2/15 Updating : glibc-common-2.12-1.166.el6_7.3.x86_64 3/15 Installing : libgomp-4.4.7-16.el6.x86_64 4/15 Installing : mpfr-2.4.1-6.el6.x86_64 5/15 Installing : cpp-4.4.7-16.el6.x86_64 6/15 Installing : ppl-0.10.2-11.el6.x86_64 7/15 Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 8/15 Installing : kernel-headers-2.6.32-573.8.1.el6.x86_64 9/15 Installing : glibc-headers-2.12-1.166.el6_7.3.x86_64 10/15 Installing : glibc-devel-2.12-1.166.el6_7.3.x86_64 11/15 Installing : gcc-4.4.7-16.el6.x86_64 12/15 Cleanup : glibc-2.12-1.132.el6.x86_64 13/15 Cleanup : glibc-common-2.12-1.132.el6.x86_64 14/15 Cleanup : libgcc-4.4.7-4.el6.x86_64 15/15 Verifying : glibc-devel-2.12-1.166.el6_7.3.x86_64 1/15 Verifying : libgomp-4.4.7-16.el6.x86_64 2/15 Verifying : glibc-headers-2.12-1.166.el6_7.3.x86_64 3/15 Verifying : gcc-4.4.7-16.el6.x86_64 4/15 Verifying : mpfr-2.4.1-6.el6.x86_64 5/15 Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 6/15 Verifying : kernel-headers-2.6.32-573.8.1.el6.x86_64 7/15 Verifying : cpp-4.4.7-16.el6.x86_64 8/15 Verifying : glibc-common-2.12-1.166.el6_7.3.x86_64 9/15 Verifying : glibc-2.12-1.166.el6_7.3.x86_64 10/15 Verifying : ppl-0.10.2-11.el6.x86_64 11/15 Verifying : libgcc-4.4.7-16.el6.x86_64 12/15 Verifying : glibc-2.12-1.132.el6.x86_64 13/15 Verifying : glibc-common-2.12-1.132.el6.x86_64 14/15 Verifying : libgcc-4.4.7-4.el6.x86_64 15/15 Installed: gcc.x86_64 0:4.4.7-16.el6 Dependency Installed: cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-16.el6 glibc-devel.x86_64 0:2.12-1.166.el6_7.3 glibc-headers.x86_64 0:2.12-1.166.el6_7.3 kernel-headers.x86_64 0:2.6.32-573.8.1.el6 libgomp.x86_64 0:4.4.7-16.el6 mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6 Dependency Updated: glibc.x86_64 0:2.12-1.166.el6_7.3 glibc-common.x86_64 0:2.12-1.166.el6_7.3 libgcc.x86_64 0:4.4.7-16.el6 Complete! [root@soysauce queryperf]# ./configure checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for library containing res_mkquery... no checking for library containing __res_mkquery... -lresolv checking for library containing res_9_mkquery... no checking for socket in -lsocket... no checking for inet_ntoa in -lnsl... yes checking for gethostbyname2... yes checking for getaddrinfo... yes checking for getnameinfo... yes checking for socklen_t... yes checking for sa_len... no configure: creating ./config.status config.status: creating Makefile config.status: creating config.h [root@soysauce queryperf]# make gcc -DHAVE_CONFIG_H -c queryperf.c gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf [root@soysauce queryperf]# ls config.h config.log configure input Makefile.in queryperf queryperf.o utils config.h.in config.status configure.in Makefile missing queryperf.c README [root@soysauce queryperf]# cp queryperf /bin/
2、使用queryperf进行性能测试
[root@soysauce queryperf]# cd /var/named/ [root@soysauce named]# vim test.named [root@soysauce named]# queryperf -d test.named -s 172.16.1.111 DNS Query Performance Testing Tool Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $ [Status] Processing input data [Status] Sending queries (beginning with 172.16.1.111) [Status] Testing complete Statistics: Parse input file: once Ended due to: reaching end of file Queries sent: 5 queries Queries completed: 5 queries Queries lost: 0 queries Queries delayed(?): 0 queries RTT max: 0.001431 sec RTT min: 0.000060 sec RTT average: 0.000910 sec RTT std deviation: 0.000472 sec RTT out of range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Started at: Sat Dec 12 00:15:35 2015 Finished at: Sat Dec 12 00:15:35 2015 Ran for: 0.001507 seconds Queries per second: 3317.850033 qps # 每秒查询率
转载于:https://blog.51cto.com/soysauce93/1721962