CentOS6服务管理之DNS-源码安装Bind-9.10

源码安装bind

1.准备源码包：

bind官网：http://www.isc.org/downloads/bind/

[root@dns1 ~]#ll-rw-r--r--   1 root root 8356463 Dec 11 11:16 bind-9.10.1-P1.tar.gz

2.编译环境正常，未安装rpm的bind程序包

[root@dns1 ~]#yumgroupinstall Development tools[root@dns1 ~]#yumgroupinstall Server Platform Development[root@dns1 ~]# rpm-qa bind[root@dns1 ~]#

3.编译安装源码包：

解压源码：

[root@dns1 ~]#tar jxf bind-9.10.1-P1.tar.gz[root@dns1 ~]#cd bind-9.10.1-P1[root@dns1bind-9.10.1-P1]#

可以从中获取帮助：

[root@dns1bind-9.10.1-P1]#./configure --help |less

编译：设置安装路径，程序配置文件路径，禁用Ipv6，禁用chroot，允许多线程

[root@dns1bind-9.10.1-P1]#./configure --prefix=/usr/local/bind   --sysconfdir=/etc/named/  --disable-ipv6  --disable-chroot   --enable-threads

我这里编译出现了错误，依赖openssl-devel的包：

[root@dns1bind-9.10.1-P1]#yum install openssl-devel

重新编译：

[root@dns1bind-9.10.1-P1]#./configure --prefix=/usr/local/bind   --sysconfdir=/etc/named/  --disable-ipv6  --disable-chroot   --enable-threads

安装程序：

[root@dns1bind-9.10.1-P1]#make && make install

4.尽量加入系统用户named来管理bind

[root@dns1 ~]#groupadd -r -g 53 named[root@dns1 ~]# useradd-r -g named -u 53 named

5.下面即将进行的步骤：

导出程序路径至PATH中

导出帮助文件

导出库文件和头文件：

如果开发没用使用其中的库就不用导出

[root@dns1 ~]#ls /usr/local/bind/sbin/arpaname             dnssec-revoke    lwresd              named-rrcheckerddns-confgen         dnssec-settime   named              nsec3hashdnssec-dsfromkey     dnssec-signzone  named-checkconf     rndcdnssec-importkey     dnssec-verify    named-checkzone     rndc-confgendnssec-keyfromlabel  genrandom        named-compilezone   tsig-keygendnssec-keygen        isc-hmac-fixup   named-journalprint[root@dns1 ~]#ls /usr/local/bind/bin/bind9-config  delv dig  host  isc-config.sh nslookup  nsupdate [root@dns1 ~]#vim .bash_profilePATH=$PATH:$HOME/bin:/usr/local/bind/bin:/usr/local/bind/sbin[root@dns1 ~]#source  .bash_profile

6.源码安装是没有任何配置文件和服务脚本的哦！

#ls/etc/named/               主配置文件#ls/var/named/               区域解析库文件#ls/etc/rc.d/init.d          启动脚本

我们自己来编写配置文件和服务脚本哦！

[root@dns1 ~]#mkdir /var/named[root@dns1 ~]#cd /var/named

访问一个能访问的DNS获取根区域文件：

[root@dns1named]# dig -t NS . @172.16.0.1 >/var/named/named.ca[root@dns1named]# lsnamed.ca

编辑好本地解析库文件：

[root@dns1 named]# vim named.localhost$TTL 1D@      IN SOA  @ rname.invalid. (                                        0       ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H)    ; minimum       NS      @       A       127.0.0.1

[root@dns1 named]#vi named.loopback$TTL 1D@      IN SOA  @ rname.invalid. (                                        0       ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H)    ; minimum       NS      @       A       127.0.0.1       PTR     localhost.

权限设置和设置属组为named：

[root@dns1 named]# chmod 640 *[root@dns1 named]# chown :named *[root@dns1 named]# lltotal 12-rw-r----- 1 root named 2100 Dec 11 11:56named.ca-rw-r----- 1 root named  374 Dec 11 11:57 named.localhost-rw-r----- 1 root named  401 Dec 11 11:58 named.loopback

提供主配置文件：named.conf

先设置好rndc密钥配置文件：

[root@dns1 named]# rndc-confgen -r /dev/urandom> /etc/named/rndc.conf

需要将rndc密钥文件配置在named.conf文件中：

[root@dns1 named]# cat /etc/named/named.conf options {       directory "/var/named";}; zone "."  IN {       type hint;       file "named.ca";}; zone "localhost" IN {       type master;       file "named.localhost";       allow-update { none; };}; zone "0.0.127.in-addr.arpa" IN {       type master;       file "named.loopback";       allow-update { none; };}; # Use with the following in named.conf,adjusting the allow list as needed: key"rndc-key" {       algorithm hmac-md5;       secret "4a8/AsRRQ5OH5a0oRaBeAg=="; };#  controls{       inet 127.0.0.1 port 953               allow { 127.0.0.1; } keys { "rndc-key"; }; };#End of named.conf

设置好文件的权限和属组：

[root@dns1 named]# chmod 640 /etc/named/*[root@dns1 named]# chown :named /etc/named/*[root@dns1 named]# ll /etc/named/total 12-rw-r----- 1 root named 2389 Dec 11 11:29bind.keys-rw-r----- 1 root named  545 Dec 11 12:09 named.conf-rw-r----- 1 root named  479 Dec 11 12:01 rndc.conf

7.到这里我们其实可以启动named服务了！

但是有些复杂，只说一些命令哦！

查看帮助文件

#ls /usr/local/bind9/share/man#man -M /usr/local/bind9/share/man named

前台启动，日志也在前台记录

[root@dns1 named]# named -u named -g

使其在后台运行：

[root@dns1 named]# named -u named

查看启动状态：

[root@dns1 named]# ss -tunl |grep :53udp   UNCONN     0      0         172.16.31.100:53                   *:*     udp   UNCONN     0      0              127.0.0.1:53                    *:*     tcp   LISTEN     0      10        172.16.31.100:53                   *:*     tcp   LISTEN     0      10             127.0.0.1:53                    *:*     tcp   LISTEN     0      128                   :::53887                :::*     [root@dns1 named]# ps aux |grep namednamed   18870  0.0  1.1 13××× 11848 ?        Ssl 12:23   0:00 named -u namedroot    18883  0.0  0.0 103252  824 pts/1    S+   12:24  0:00 grep named

关闭named服务：

[root@dns1 named]# killall named[root@dns1 named]# ps aux |grep namedroot    18887  0.0  0.0 103252  824 pts/1    S+   12:24  0:00 grep named

8.我们现在来实现加入区域：

[root@dns1 named]# vim /etc/named/named.confzone "oracle.com" IN {       type master;       file "oracle.com.zone";};

设置区域正向区域解析库文件：

[root@dns1 named]#vim /var/named/oracle.com.zone$ORIGIN oracle.com.@      IN      SOA     ns.oracle.com.  root.oracle.com. (                        2014121101      ;serial                        1D              ;refresh                        5M              ;retry                        1W              ;expiry                        1H)             ;minimum@      IN      NS      ns.oracle.com.              IN      MX  5  mail.oracle.com.ns     IN      A       172.16.31.100www    IN      A       172.16.31.100www    IN      A      172.16.31.101mail   IN      A       172.16.31.100pop3   IN      CNAME   mailiamp4  IN      CNAME   mail

设置好权限和属组：

[root@dns1 named]# chmod 640 oracle.com.zone [root@dns1 named]# chown :named oracle.com.zone

启动named服务：

[root@dns1 named]# named -u named

查看日志：

[root@dns1 named]# tail /var/log/messages Dec 11 12:33:41 dns1 named[18945]: automaticempty zone: 8.B.D.0.1.0.0.2.IP6.ARPADec 11 12:33:41 dns1 named[18945]: commandchannel listening on 127.0.0.1#953Dec 11 12:33:41 dns1 named[18945]: the workingdirectory is not writableDec 11 12:33:41 dns1 named[18945]:managed-keys-zone: loaded serial 0Dec 11 12:33:41 dns1 named[18945]: zonelocalhost/IN: loaded serial 0Dec 11 12:33:41 dns1 named[18945]:oracle.com.zone:2: no TTL specified; using SOA MINTTL insteadDec 11 12:33:41 dns1 named[18945]: zoneoracle.com/IN: loaded serial 2014121101Dec 11 12:33:41 dns1 named[18945]: zone0.0.127.in-addr.arpa/IN: loaded serial 0Dec 11 12:33:41 dns1 named[18945]: all zonesloadedDec 11 12:33:41 dns1 named[18945]: running

可以查询了：

[root@dns1 named]# dig -t A www.oracle.com@172.16.31.100 ; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.oracle.com@172.16.31.100;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 15903;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION:;www.oracle.com.                        IN      A ;; ANSWER SECTION:www.oracle.com.         3600   IN      A       172.16.31.101www.oracle.com.         3600   IN      A       172.16.31.100 ;; AUTHORITY SECTION:oracle.com.             3600    IN     NS      ns.oracle.com. ;; ADDITIONAL SECTION:ns.oracle.com.          3600    IN     A       172.16.31.100 ;; Query time: 0 msec;; SERVER: 172.16.31.100#53(172.16.31.100);; WHEN: Thu Dec 11 12:37:19 2014;; MSG SIZE rcvd: 97

成功了哦！

9.下面就可以进行服务启动脚本的书写了：

我们先将bind的帮助文件写进/etc/man.config进行调用：

方便named服务启动后生成pid文件：

[root@dns1 named]# chown named:named/usr/local/bind/var/run/ [root@dns1 named]# touch /var/lock/subsys/named[root@dns1 named]# touch /etc/rc.d/init.d/named[root@dns1 named]# chmod 755/etc/rc.d/init.d/named

[root@dns1 named]# vim /etc/rc.d/init.d/named#!/bin/bash# named a network name service.# chkconfig: 345 35 75# description: a name serverpidfile=/usr/local/bind/var/run/named/named.pidlockfile=/var/lock/subsys/namedconffile=/etc/named/named.confnamed=/usr/local/bind/sbin/namedprog=named [ -r /etc/rc.d/init.d/functions ] && ./etc/rc.d/init.d/functions  start() {       if [ -e $lockfile ] ; then               echo -n -e "$prog is already running.\n"               warning               echo -n -e \n               exit 0       fi        echo -n "Starting $prog:"       daemon --pidfile $pidfile $named -u named -c $conffile       tetval=$?       echo       if [[ $retval -eq  0  ]] ; then               touch $lockfile                return $retval       else               rm -f $lockfile $pidfile                return 1       fi} stop() {       if [ ! -e $lockfile ] ; then               echo -n "$prog is stopped."               warning               echo               exit 0       fi        echo -n "Stopping $prog:"       killproc $prog       retval=$?       echo        if [[ $retval -eq 0 ]] ; then               rm -f $lockfile $pidfile               return 0       else               echo "Can't stop $prog"               return 1       fi} restart() {       stop       start} reload() {       echo -n "Reload the $prog:"       killproc -HUP $prog       retval=$?       echo       return $retval} status() {       if pidof $prog &>/dev/null; then               echo -n "$prog is running."               success               echo       else               echo -n "$prog is stopped."               success               echo       fi} usage() {       echo "Usage:named {start|stop|status|reload|restart}"} case $1 instart)       start;;stop)       stop;;restart)       restart;;status)       status;;reload)       reload;;*)       usage       exit 1       ;;esac

有个bug，warning函数会覆盖前面的输出

我怀疑是warning函数的问题！

就不管了o(∩_∩)o 哈哈

10.最后介绍一下DNS下面的压力测试工具：queryperf

实际测试要考虑带宽哦！

[root@dns1bind-9.10.1-P1]# ls contribdane  idn          perftcpdns       queryperf  scripts zkt-1.1.2dlz   nslint-3.0a2 query-loc-0.4.0  README     sdb[root@dns1bind-9.10.1-P1]# cd contrib/queryperf/[root@dns1queryperf]# lsconfig.h.in  configure.in Makefile.in  queryperf.c  utilsconfigure   input         missing      README

简单编译安装：

[root@dns1 queryperf]# makeroot@dns1 queryperf]# ./configure

复制命令到bin下：

[root@dns1 queryperf]# cp queryperf /bin/

开始压力测试：

queryperf [-d datafile] [-s server_addr] [-p port] [-qnum_queries]                [-b bufsize] [-t timeout] [-n] [-l limit] [-f family] [-1]                [-i interval] [-r arraysize] [-u unit] [-H histfile]                [-T qps] [-e] [-D] [-R] [-c] [-v] [-h]常用选项：-d datefile：选择要解析域名集合的文件，对哪些区域进行测试-s server_addr：指定压力测试的服务器

我们需要建立一个解析域名集合的文件：

例如：

[root@dns1 ~]#vi test.txtwww.oracle.com Amail.oarcle.com Aoracle.com NSoracle.com MXpop3.oracle.com Aiamp4.oracle.com Awww.oracle.com Amail.oarcle.com Aoracle.com NSoracle.com MXpop3.oracle.com Aiamp4.oracle.com A

简单测试一下哦！

[root@dns1 ~]# queryperf -d test.txt -s172.16.31.100 DNS Query Performance Testing ToolVersion: $Id: queryperf.c,v 1.12 2007/09/0507:36:04 marka Exp $ [Status] Processing input data[Status] Sending queries (beginning with272.16.31.100)[Timeout] Query timed out: msg id 2[Timeout] Query timed out: msg id 8[Status] Testing complete Statistics:   Parseinput file:     once  Endeddue to:         reaching end of file   Queriessent:         12 queries  Queriescompleted:    12 queries  Querieslost:         0 queries  Queriesdelayed(?):   0 queries   RTTmax:              0.004873 sec  RTTmin:              0.000074 sec  RTTaverage:          0.001751 sec  RTT stddeviation:    0.001375 sec  RTT outof range:     0 queries  Percentage completed: 100.00% Percentage lost:        0.00%   Startedat:           Thu Dec 11 14:05:39 2014 Finished at:          Thu Dec 1114:05:44 2014  Ranfor:              5.004047 seconds   Queriesper second:   2.398059 qps

机器不咋的，处理的慢。

到这里源码安装Bind的介绍就结束了，shell脚本构建服务还是不熟练！