编译安装bind-9.9.5及测试

编译安装bind-9.9.5

环境：Development Tools和Server Platform Development

[root@school ~]# tar xf bind-9.9.5.tar.gz   #解压
[root@school ~]# cd bind-9.9.5               #进入目录

应该以普通用户运行，所以创建普通用户

[root@school bind-9.9.5]# id named   #查看named用户是否存在
id: named: No such user
[root@school bind-9.9.5]# groupadd -r -g 53 named   #创建named组
[root@school bind-9.9.5]# useradd -g named -r -u 53 named   #创建named用户
[root@school bind-9.9.5]# id named   #查看named用户信息
uid=53(named) gid=53(named) groups=53(named)
编译安装
[root@school bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6
[root@school bind-9.9.5]# make && make install
选项：
--enable-threads   #启用多线程功能
--disable-chroot   #不启用chroot功能
--disable-ipv6     #不启用ipv6

bind客户端工具：bind-libs,bind-utils在安装目录下bin下

定义环境变量：

[root@school bind9]# vim /etc/profile.d/bind.sh
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
[root@school bind9]# . /etc/profile.d/bind.sh
[root@school bind9]# dig -v
DiG 9.9.5

导出MAN文档：

[root@school named]# vim /etc/man.config
MANPATH /usr/local/bind9/share/man

导出头文件
如果基于软件进行二次开发，则需要导出头文件和库文件。但named不需要。
导出库文件

[root@school bind9]# ls lib
libbind9.a  libdns.a  libisc.a  libisccc.a  libisccfg.a  liblwres.a
由于都是静态库，所以不用导出，否则需要编辑/etc/ld.so.conf.d/bind9.conf文件写入库目录

配置文件：

[root@school ~]# cd /etc/named
[root@school named]# vim named.conf
options {
directory "/var/named";   #区域文件所在目录
recursion yes;            #是否允许递归
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
allow-update { none; };
};

更改属主属组

[root@school named]# chown root:named named.conf
[root@school named]# chmod 640 named.conf
[root@school named]# mkdir /var/named/slaves -pv
mkdir: created directory `/var/named'
mkdir: created directory `/var/named/slaves'
[root@school named]# chown root:named /var/named
[root@school named]# chown named:named /var/named/slaves/
[root@school named]# chmod 750 /var/named
[root@school named]# chmod 770 /var/named/slaves/

提供ca文件

[root@school named]# dig -t NS . @a.root-servers.net > /var/named/named.ca

创建正反向解析文件：

[root@school named]# vim localhost.zone
$TTL 86400
@       IN      SOA     localhost.      admin.localhost. (
2015072301
3H
15M
7D
1D )
IN      NS      localhost.
IN      A       127.0.0.1
[root@school named]# vim 127.0.0.zone
$TTL 86400
@       IN      SOA     localhost.      admin.localhost. (
2015072301
3H
15M
7D
1D )
IN      NS      localhost.
IN      PTR     localhost.

更改属主属组

[root@school named]# chgrp named 127.0.0.zone localhost.zone named.ca
[root@school named]# chmod 640 127.0.0.zone localhost.zone named.ca
[root@school named]# ll
total 16
-rw-r-----. 1 root  named  133 Jul 23 19:50 127.0.0.zone
-rw-r-----. 1 root  named  129 Jul 23 19:48 localhost.zone
-rw-r-----. 1 root  named 2177 Jul 23 19:45 named.ca
drwxrwx---. 2 named named 4096 Jul 23 19:39 slaves

检查配置文件、区域文件语法错误

[root@school named]# named-checkconf /etc/named/named.conf
[root@school named]# named-checkzone "localhost" /var/named/localhost.zone
zone localhost/IN: loaded serial 20150723
OK
[root@school named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/127.0.0.zone
zone 0.0.127.in-addr.arpa/IN: loaded serial 20150723
OK

启动

[root@school named]# named -g -u named -c /etc/named/named.conf

添加区域解析库文件

[root@school named]# vim /etc/named/named.conf
zone "school.com" IN {
type master;
file "school.com.zone";
allow-transfer {192.168.0.0/24; 127.0.0.1; };
allow-update { none; };
};
[root@school named]# vim /var/named/school.com.zone
$TTL 3600
@       IN      SOA     ns.school.com.  admin.school.com. (
2015072301
1H
10M
7D
1D )
IN      NS      ns
ns      IN      A       192.168.0.9
www      IN      A       192.168.0.15

更改属主属组

[root@school named]# chown :named school.com.zone
[root@school named]# chmod 640 school.com.zone

启动
[root@school named]# named -u named -c /etc/named/named.conf
[root@school named]# ss -tunl







重启后测试

[root@school named]# dig -t A www.school.com @192.168.0.9
; <<>> DiG 9.9.5 <<>> -t A www.school.com @192.168.0.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53521
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.school.com.INA
;; ANSWER SECTION:

生成rndc

[root@school named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
[root@school named]# cat /etc/named/rndc.conf
添加rndc信息
[root@school named]# vim /etc/named/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "tXqZXfssZ1HPhn28T+GhUA==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

重读配置文件

[root@school named]# killall -HUP named
[root@school named]# rndc reload
server reload successful
[root@school named]# rndc status
version: 9.9.5 <id:f9b8a50e>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

改属主属组

[root@school named]# chmod 440 rndc.conf
[root@school named]# chgrp named rndc.conf

提供脚本

/etc/rc.d/init.d/functions函数很经典，应该多读

压力测试
bind-9.9.5/contrib/queryperf

编译
./configure
make不用make install
cp queryperf /usr/bin安装成功

建立一个测试文件
格式

ns.school.com A
mail.school.com A
pop.school.com A

测试

[root@school ~]# queryperf -d test.txt -s 192.168.0.9

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 192.168.0.9)
[Status] Testing complete

Statistics:

Parse input file:     once
Ended due to:         reaching end of file

Queries sent:         257664 queries
Queries completed:    257664 queries
Queries lost:         0 queries
Queries delayed(?):   0 queries

RTT max:         	0.019282 sec
RTT min:              0.000038 sec
RTT average:          0.000383 sec
RTT std deviation:    0.000590 sec
RTT out of range:     0 queries

Percentage completed: 100.00%
Percentage lost:        0.00%

Started at:           Thu Jul 23 22:13:32 2015
Finished at:          Thu Jul 23 22:13:39 2015
Ran for:              6.266114 seconds

Queries per second:   41120.222198 qps