源码安装bind

1.准备源码包:

bind官网:http://www.isc.org/downloads/bind/

[root@dns1~]#ll-rw-r--r--1rootroot8356463Dec1111:16bind-9.10.1-P1.tar.gz

2.编译环境正常,未安装rpm的bind程序包

[root@dns1~]#yumgroupinstallDevelopmenttools[root@dns1~]#yumgroupinstallServerPlatformDevelopment[root@dns1~]#rpm-qabind[root@dns1~]#

3.编译安装源码包:

解压源码:

[root@dns1~]#tarjxfbind-9.10.1-P1.tar.gz[root@dns1~]#cdbind-9.10.1-P1[root@dns1bind-9.10.1-P1]#

可以从中获取帮助:

[root@dns1bind-9.10.1-P1]#./configure --help |less

编译:设置安装路径,程序配置文件路径,禁用Ipv6,禁用chroot,允许多线程

[root@dns1bind-9.10.1-P1]#./configure--prefix=/usr/local/bind--sysconfdir=/etc/named/--disable-ipv6--disable-chroot--enable-threads

我这里编译出现了错误,依赖openssl-devel的包:

[root@dns1bind-9.10.1-P1]#yuminstallopenssl-devel

重新编译:

[root@dns1bind-9.10.1-P1]#./configure--prefix=/usr/local/bind--sysconfdir=/etc/named/--disable-ipv6--disable-chroot--enable-threads

安装程序:

[root@dns1bind-9.10.1-P1]#make&&makeinstall

4.尽量加入系统用户named来管理bind

[root@dns1~]#groupadd-r-g53named[root@dns1~]#useradd-r-gnamed-u53named

5.下面即将进行的步骤:

导出程序路径至PATH中

导出帮助文件

导出库文件和头文件:

如果开发没用使用其中的库就不用导出

[root@dns1~]#ls/usr/local/bind/sbin/arpanamednssec-revokelwresdnamed-rrcheckerddns-confgendnssec-settimenamednsec3hashdnssec-dsfromkeydnssec-signzonenamed-checkconfrndcdnssec-importkeydnssec-verifynamed-checkzonerndc-confgendnssec-keyfromlabelgenrandomnamed-compilezonetsig-keygendnssec-keygenisc-hmac-fixupnamed-journalprint[root@dns1~]#ls/usr/local/bind/bin/bind9-configdelvdighostisc-config.shnslookupnsupdate[root@dns1~]#vim.bash_profilePATH=$PATH:$HOME/bin:/usr/local/bind/bin:/usr/local/bind/sbin[root@dns1~]#source.bash_profile

6.源码安装是没有任何配置文件和服务脚本的哦!

#ls/etc/named/主配置文件#ls/var/named/区域解析库文件#ls/etc/rc.d/init.d启动脚本

我们自己来编写配置文件和服务脚本哦!

[root@dns1~]#mkdir/var/named[root@dns1~]#cd/var/named

访问一个能访问的DNS获取根区域文件:

[root@dns1named]#dig-tNS.@172.16.0.1>/var/named/named.ca[root@dns1named]#lsnamed.ca

编辑好本地解析库文件:

[root@dns1named]#vimnamed.localhost$TTL1D@INSOA@rname.invalid.(0;serial1D;refresh1H;retry1W;expire3H);minimumNS@A127.0.0.1


[root@dns1named]#vinamed.loopback$TTL1D@INSOA@rname.invalid.(0;serial1D;refresh1H;retry1W;expire3H);minimumNS@A127.0.0.1PTRlocalhost.


权限设置和设置属组为named:

[root@dns1named]#chmod640*[root@dns1named]#chown:named*[root@dns1named]#lltotal12-rw-r-----1rootnamed2100Dec1111:56named.ca-rw-r-----1rootnamed374Dec1111:57named.localhost-rw-r-----1rootnamed401Dec1111:58named.loopback


提供主配置文件:named.conf

先设置好rndc密钥配置文件:

[root@dns1named]#rndc-confgen-r/dev/urandom>/etc/named/rndc.conf


需要将rndc密钥文件配置在named.conf文件中:

[root@dns1named]#cat/etc/named/named.confoptions{directory"/var/named";};zone"."IN{typehint;file"named.ca";};zone"localhost"IN{typemaster;file"named.localhost";allow-update{none;};};zone"0.0.127.in-addr.arpa"IN{typemaster;file"named.loopback";allow-update{none;};};#Usewiththefollowinginnamed.conf,adjustingtheallowlistasneeded:key"rndc-key"{algorithmhmac-md5;secret"4a8/AsRRQ5OH5a0oRaBeAg==";};#controls{inet127.0.0.1port953allow{127.0.0.1;}keys{"rndc-key";};};#Endofnamed.conf


设置好文件的权限和属组:

[root@dns1named]#chmod640/etc/named/*[root@dns1named]#chown:named/etc/named/*[root@dns1named]#ll/etc/named/total12-rw-r-----1rootnamed2389Dec1111:29bind.keys-rw-r-----1rootnamed545Dec1112:09named.conf-rw-r-----1rootnamed479Dec1112:01rndc.conf


7.到这里我们其实可以启动named服务了!

但是有些复杂,只说一些命令哦!

查看帮助文件

#ls/usr/local/bind9/share/man#man-M/usr/local/bind9/share/mannamed


前台启动,日志也在前台记录

[root@dns1 named]# named -u named –g

使其在后台运行:

[root@dns1named]#named-unamed


查看启动状态:

[root@dns1named]#ss-tunl|grep:53udpUNCONN00172.16.31.100:53*:*udpUNCONN00127.0.0.1:53*:*tcpLISTEN010172.16.31.100:53*:*tcpLISTEN010127.0.0.1:53*:*tcpLISTEN0128:::53887:::*[root@dns1named]#psaux|grepnamednamed188700.01.113×××11848?Ssl12:230:00named-unamedroot188830.00.0103252824pts/1S+12:240:00grepnamed


关闭named服务:

[root@dns1named]#killallnamed[root@dns1named]#psaux|grepnamedroot188870.00.0103252824pts/1S+12:240:00grepnamed


8.我们现在来实现加入区域:

[root@dns1named]#vim/etc/named/named.confzone"oracle.com"IN{typemaster;file"oracle.com.zone";};


设置区域正向区域解析库文件:

[root@dns1named]#vim/var/named/oracle.com.zone$ORIGINoracle.com.@INSOAns.oracle.com.root.oracle.com.(2014121101;serial1D;refresh5M;retry1W;expiry1H);minimum@INNSns.oracle.com.INMX5mail.oracle.com.nsINA172.16.31.100wwwINA172.16.31.100wwwINA172.16.31.101mailINA172.16.31.100pop3INCNAMEmailiamp4INCNAMEmail


设置好权限和属组:

[root@dns1named]#chmod640oracle.com.zone[root@dns1named]#chown:namedoracle.com.zone


启动named服务:

[root@dns1named]#named-unamed



查看日志:

[root@dns1named]#tail/var/log/messagesDec1112:33:41dns1named[18945]:automaticemptyzone:8.B.D.0.1.0.0.2.IP6.ARPADec1112:33:41dns1named[18945]:commandchannellisteningon127.0.0.1#953Dec1112:33:41dns1named[18945]:theworkingdirectoryisnotwritableDec1112:33:41dns1named[18945]:managed-keys-zone:loadedserial0Dec1112:33:41dns1named[18945]:zonelocalhost/IN:loadedserial0Dec1112:33:41dns1named[18945]:oracle.com.zone:2:noTTLspecified;usingSOAMINTTLinsteadDec1112:33:41dns1named[18945]:zoneoracle.com/IN:loadedserial2014121101Dec1112:33:41dns1named[18945]:zone0.0.127.in-addr.arpa/IN:loadedserial0Dec1112:33:41dns1named[18945]:allzonesloadedDec1112:33:41dns1named[18945]:running


可以查询了:

[root@dns1named]#dig-tAwww.oracle.com@172.16.31.100;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6<<>>-tAwww.oracle.com@172.16.31.100;;globaloptions:+cmd;;Gotanswer:;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:15903;;flags:qraardra;QUERY:1,ANSWER:2,AUTHORITY:1,ADDITIONAL:1;;QUESTIONSECTION:;www.oracle.com.INA;;ANSWERSECTION:www.oracle.com.3600INA172.16.31.101www.oracle.com.3600INA172.16.31.100;;AUTHORITYSECTION:oracle.com.3600INNSns.oracle.com.;;ADDITIONALSECTION:ns.oracle.com.3600INA172.16.31.100;;Querytime:0msec;;SERVER:172.16.31.100#53(172.16.31.100);;WHEN:ThuDec1112:37:192014;;MSGSIZErcvd:97


成功了哦!

9.下面就可以进行服务启动脚本的书写了:

我们先将bind的帮助文件写进/etc/man.config进行调用:

方便named服务启动后生成pid文件:

[root@dns1named]#chownnamed:named/usr/local/bind/var/run/[root@dns1named]#touch/var/lock/subsys/named[root@dns1named]#touch/etc/rc.d/init.d/named[root@dns1named]#chmod755/etc/rc.d/init.d/named


[root@dns1named]#vim/etc/rc.d/init.d/named#!/bin/bash#namedanetworknameservice.#chkconfig:3453575#description:anameserverpidfile=/usr/local/bind/var/run/named/named.pidlockfile=/var/lock/subsys/namedconffile=/etc/named/named.confnamed=/usr/local/bind/sbin/namedprog=named[-r/etc/rc.d/init.d/functions]&&./etc/rc.d/init.d/functionsstart(){if[-e$lockfile];thenecho-n-e"$progisalreadyrunning.\n"warningecho-n-e\nexit0fiecho-n"Starting$prog:"daemon--pidfile$pidfile$named-unamed-c$conffiletetval=$?echoif[[$retval-eq0]];thentouch$lockfilereturn$retvalelserm-f$lockfile$pidfilereturn1fi}stop(){if[!-e$lockfile];thenecho-n"$progisstopped."warningechoexit0fiecho-n"Stopping$prog:"killproc$progretval=$?echoif[[$retval-eq0]];thenrm-f$lockfile$pidfilereturn0elseecho"Can'tstop$prog"return1fi}restart(){stopstart}reload(){echo-n"Reloadthe$prog:"killproc-HUP$progretval=$?echoreturn$retval}status(){ifpidof$prog&>/dev/null;thenecho-n"$progisrunning."successechoelseecho-n"$progisstopped."successechofi}usage(){echo"Usage:named{start|stop|status|reload|restart}"}case$1instart)start;;stop)stop;;restart)restart;;status)status;;reload)reload;;*)usageexit1;;esac


有个bug,warning函数会覆盖前面的输出

我怀疑是warning函数的问题!

就不管了o(∩_∩)o 哈哈

10.最后介绍一下DNS下面的压力测试工具:queryperf

实际测试要考虑带宽哦!

[root@dns1bind-9.10.1-P1]#lscontribdaneidnperftcpdnsqueryperfscriptszkt-1.1.2dlznslint-3.0a2query-loc-0.4.0READMEsdb[root@dns1bind-9.10.1-P1]#cdcontrib/queryperf/[root@dns1queryperf]#lsconfig.h.inconfigure.inMakefile.inqueryperf.cutilsconfigureinputmissingREADME


简单编译安装:

[root@dns1queryperf]#makeroot@dns1queryperf]#./configure


复制命令到bin下:

[root@dns1queryperf]#cpqueryperf/bin/


开始压力测试:

queryperf[-ddatafile][-sserver_addr][-pport][-qnum_queries][-bbufsize][-ttimeout][-n][-llimit][-ffamily][-1][-iinterval][-rarraysize][-uunit][-Hhistfile][-Tqps][-e][-D][-R][-c][-v][-h]常用选项:-ddatefile:选择要解析域名集合的文件,对哪些区域进行测试-sserver_addr:指定压力测试的服务器


我们需要建立一个解析域名集合的文件:

例如:

[root@dns1~]#vitest.txtwww.oracle.comAmail.oarcle.comAoracle.comNSoracle.comMXpop3.oracle.comAiamp4.oracle.comAwww.oracle.comAmail.oarcle.comAoracle.comNSoracle.comMXpop3.oracle.comAiamp4.oracle.comA


简单测试一下哦!

[root@dns1~]#queryperf-dtest.txt-s172.16.31.100DNSQueryPerformanceTestingToolVersion:$Id:queryperf.c,v1.122007/09/0507:36:04markaExp$[Status]Processinginputdata[Status]Sendingqueries(beginningwith272.16.31.100)[Timeout]Querytimedout:msgid2[Timeout]Querytimedout:msgid8[Status]TestingcompleteStatistics:Parseinputfile:onceEndeddueto:reachingendoffileQueriessent:12queriesQueriescompleted:12queriesQuerieslost:0queriesQueriesdelayed(?):0queriesRTTmax:0.004873secRTTmin:0.000074secRTTaverage:0.001751secRTTstddeviation:0.001375secRTToutofrange:0queriesPercentagecompleted:100.00%Percentagelost:0.00%Startedat:ThuDec1114:05:392014Finishedat:ThuDec1114:05:442014Ranfor:5.004047secondsQueriespersecond:2.398059qps

机器不咋的,处理的慢。

到这里源码安装Bind的介绍就结束了,shell脚本构建服务还是不熟练!