view
view配置
1、刪除最下面的根區域
options {
listen-on port 53 { 10.201.106.129; };
/* listen-on-v6 port 53 { ::1; }; */
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
/* Path to ISC DLV key
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
*/
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2、將跟區域添加至/etc/named.rfc1912.conf最上面
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
3、在全局配置文件/etc/named.conf定義一個ACL方便調用
acl mynet {
10.201.106.0/24;
127.0.0.0/8;
};
4、定義view,直接將這個區域包起來
[root@qq ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
view internal {
match-client { mynet; };
allow-recursion { mynet; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
zone "106.201.10.in-addr.arpa" IN {
type master;
file "10.201.106.zone";
};
zone "zz.com" IN {
type master;
file "zz.com.zone";
};
};
重啓服務
[root@qq ~]# named-checkconf
[root@qq ~]#
[root@qq ~]#
[root@qq ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@qq ~]#
5、解析測試
[root@qq ~]# dig -t A www.zz.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.zz.com. IN A
;; ANSWER SECTION:
www.zz.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
zz.com. 86400 IN NS ns1.zz.com.
;; ADDITIONAL SECTION:
ns1.zz.com. 86400 IN A 10.201.106.129
不在ACL範圍的解析不了
C:\Users\Administrator>nslookup www.zz.com
服務器: UnKnown
Address: 10.201.106.129
*** UnKnown 找不到 www.zz.com: Query refused
可以在acl裏面加入外網的段,讓其能夠解析;
6、添加外網view
在/etc/named.rfc1912配置文件增加外部view
view external {
match-clients { any; };
zone "zz.com" IN {
type master;
file "zz.com.external";
allow-update { none; };
};
};
7、配置外網view的正向區域文件,爲了方便直接copy內部的
[root@qq named]# cp zz.com.zone zz.com.external -a
[root@qq named]# ll
total 44
-rw-r----- 1 root named 365 Aug 3 10:19 10.201.106.zone
drwxrwx--- 2 named named 4096 Aug 2 18:37 data
drwxrwx--- 2 named named 4096 Aug 3 23:56 dynamic
-rw-r----- 1 root named 588 Aug 3 09:46 magedu.com.zone
-rw-r----- 1 root named 2075 Apr 23 2014 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Oct 15 2014 slaves
-rw-r----- 1 root named 230 Aug 3 21:14 zz.com.external
-rw-r----- 1 root named 230 Aug 3 21:14 zz.com.zone
更改一下外部view的解析庫文件,如www和*
[root@qq named]# vim zz.com.external
$TTL 1D
$ORIGIN zz.com.
@ IN SOA ns1.zz.com. admin.zz.com. (
2016042501
1H
5M
3D
1D )
IN NS ns1
ns1 IN A 10.201.106.129
www IN A 2.2.2.2
* IN A 2.2.2.2
[root@qq named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 39
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 2/0/1000
tcp clients: 0/100
server is up and running
8、測試外部view和內部view的解析結果
內部解析
[root@qq named]# dig -t A www.zz.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42710
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.zz.com. IN A
;; ANSWER SECTION:
www.zz.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
zz.com. 86400 IN NS ns1.zz.com.
外部解析
[root@qq ~]# dig -t A www.zz.com @10.201.106.129
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.zz.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 433
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zz.com. IN A
;; ANSWER SECTION:
www.zz.com. 86400 IN A 2.2.2.2
;; AUTHORITY SECTION:
zz.com. 86400 IN NS ns1.zz.com.
編譯安裝bind
安裝環境包
[root@qq mnt]# yum groupinstall "Server Platfrom Development" -y
解壓源碼包
lftp 10.201.106.128:/pub> get bind-9.10.4-P2.tar.gz
9298010 bytes transferred
lftp 10.201.106.128:/pub> exit
[root@qq ~]# tar xf bind-9.10.4-P2.tar.gz
[root@qq ~]# ll
total 9132
-rw-------. 1 root root 1441 Jul 28 00:49 anaconda-ks.cfg
drwxrwxr-x. 12 10132 wheel 4096 Jul 14 08:49 bind-9.10.4-P2
-rw-r--r--. 1 root root 9298010 Aug 12 2016 bind-9.10.4-P2.tar.gz
-rw-r--r--. 1 root root 27632 Jul 28 00:49 install.log
-rw-r--r--. 1 root root 7572 Jul 28 00:46 install.log.syslog
查看安裝手冊
[root@qq bind-9.10.4-P2]# less README
或者INSTALL
添加一個系統組和一個系統用戶,-r:系統 named
[root@qq bind-9.10.4-P2]# groupadd -g 53 named
[root@qq bind-9.10.4-P2]# groupdel named
[root@qq bind-9.10.4-P2]#
[root@qq bind-9.10.4-P2]#
[root@qq bind-9.10.4-P2]# groupadd -g 53 -r named
[root@qq bind-9.10.4-P2]# useradd -u 53 -r -g named named
[root@qq bind-9.10.4-P2]# id named
uid=53(named) gid=53(named) groups=53(named)
開始編譯安裝
prefix:安裝目錄;sysconfdir:配置文件目錄;disable-ipv6:禁用ipv6;disabled-chroot:關閉chroot功能;enabled-threads:開啓CPU多線程,增加性能;
1、編譯選項
[root@qq bind-9.10.4-P2]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads
……
Very verbose query trace logging (--enable-querytrace)
Use GNU libtool (--with-libtool)
Automated Testing Framework (--with-atf)
Python tools (--with-python)
XML statistics (--with-libxml2)
JSON statistics (--with-libjson)
For more detail, use --enable-full-report.
========================================================================
[root@qq bind-9.10.4-P2]#
[root@qq bind-9.10.4-P2]# make
[root@qq bind-9.10.4-P2]# make install
編譯安裝完成後,還有一大堆需要更改的。。無愛了
編譯好後,大部分東西都沒有
[root@qq bind-9.10.4-P2]# cd /etc/named
[root@qq named]# ls
bind.keys
[root@qq named]# cd /var/named
-bash: cd: /var/named: No such file or directory
[root@qq named]# cd /usr/local/bind9/
[root@qq bind9]# ls
bin include lib sbin share var
[root@qq bind9]#
1、建立bind下的bin和sbin程序的環境變量
[root@qq bind9]# vim /etc/profile.d/named.sh
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
重讀配置文件
[root@qq bind9]# . /etc/profile.d/named.sh
[root@qq bind9]# echo $PATH
/usr/local/bind9/bin:/usr/local/bind9/sbin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@qq bind9]#
2、導出庫文件搜索路徑
2.1首先確認庫文件的路徑
[root@qq lib]# pwd
/usr/local/bind9/lib
[root@qq lib]# ls
libbind9.a libirs.a libisccc.a liblwres.a
libdns.a libisc.a libisccfg.a
2.2導入庫文件
[root@qq bind9]# vim /etc/ld.so.conf.d/named.conf
/usr/local/bind9/lib
2.3讓系統重新讀取庫文件
[root@qq lib]# ldconfig -v
3、導出頭文件搜索路徑(通過建立軟鏈接)
[root@qq bind9]# ln -sv /usr/local/bind9/include /usr/include/named
`/usr/include/named' -> `/usr/local/bind9/include'
[root@qq bind9]# ll /usr/include/ | grep name
lrwxrwxrwx. 1 root root 24 Jul 28 02:52 named -> /usr/local/bind9/include
測試正常
[root@qq bind9]# ls /usr/include/named/
bind9 dns dst irs isc isccc isccfg lwres pk11 pkcs11
[root@qq bind9]#
4、導出幫助文件搜索路徑
vim /etc/man.config
# Every automatically generated MANPATH includes these fields
#
MANPATH /usr/man
MANPATH /usr/share/man
MANPATH /usr/local/man
MANPATH /usr/local/share/man
MANPATH /usr/X11R6/man
MANPATH /usr/local/bind9/share/man **
5 自己創建配置文件。。
[root@qq man]# cd /etc/named/
[root@qq named]# ls
bind.keys
[root@qq named]# vim named.conf
[root@qq named]# vim named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
[root@qq named]# mkdir /var/named
[root@qq named]# named-checkconf
/etc/named/named.conf:8: option 'allow-update' is not allowed in 'hint' zone '.'
[root@qq named]# vim named.conf
[root@qq named]#
[root@qq named]# named-checkconf
6、查詢並保持根節點文件
[root@qq named]# dig -t NS . @10.201.106.2 > /var/named/named.ca
7、不知道是幹啥,跟着馬哥建就是了,好像是建立正向記錄
[root@qq named]# vim localhost.zone
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2015042501
1h
5m
7d
1d )
IN NS localhost.
localhost. IN A 127.0.0.1
[root@qq named]# named-checkzone "localhost.zone" /var/named/localhost.zone
/var/named/localhost.zone:9: ignoring out-of-zone data (localhost)
zone localhost.zone/IN: loaded serial 2015042501
OK
8、建立反向記錄
[root@qq named]# cp localhost.zone named.local
[root@qq named]# ls
localhost.zone named.ca named.local
[root@qq named]# vim named.
[root@qq named]# vim named.
named.ca named.local
[root@qq named]# vim named.local
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2015042501
1h
5m
7d
1d )
IN NS localhost.
1 IN PTR localhost.
9、更改文件權限
[root@qq named]# ls
localhost.zone named.ca named.local
[root@qq named]#
[root@qq named]#
[root@qq named]# chmod 640 ./*
[root@qq named]# chown :named *
[root@qq named]# ll
total 12
-rw-r-----. 1 root named 131 Jul 28 11:15 localhost.zone
-rw-r-----. 1 root named 1389 Jul 28 11:09 named.ca
-rw-r-----. 1 root named 125 Jul 28 11:19 named.local
[root@qq named]#
更改配置文件權限
[root@qq named]# chmod 640 /etc/named/named.conf
[root@qq named]# chown :named /etc/named/named.conf
[root@qq named]# ll /etc/named/named.conf
-rw-r-----. 1 root named 274 Jul 28 03:21 /etc/named/named.conf
[root@qq named]#
10、啓動服務
[root@qq named]# named -u named -f -g -d 3 #以named運行,打開調試功能,運行在前臺,把標準錯誤都輸出到前臺;
後臺運行
[root@qq named]# named -u named
[root@qq named]#
[root@qq named]# ss -tuln | grep :53
udp UNCONN 0 0 10.201.106.129:53 *:*
udp UNCONN 0 0 127.0.0.1:53 *:*
tcp LISTEN 0 10 10.201.106.129:53 *:*
tcp LISTEN 0 10 127.0.0.1:53
關閉進程
[root@qq named]# killall named
[root@qq named]# ss -tuln | grep :53
[root@qq named]#
11、新建一個區域,解析測試
11.1 配置文件定義區域
[root@qq named]# vim /etc/named/named.conf
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
allow-update { none; };
};
11.2創建正向解析庫文件
[root@qq named]# vim magedu.com.zone
[root@qq named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@ IN SOA ns.magedu.com. admin.magedu.com (
2015042501
2h
10m
1w
1d )
IN NS ns
ns IN A 10.201.106.129
www IN A 10.201.106.129
[root@qq named]# chmod 640 magedu.com.zone
[root@qq named]# chgrp named magedu.com.zone
[root@qq named]#
[root@qq named]# named -u named
[root@qq named]# tail /var/lo
local/ lock/ log/ lost+found/
[root@qq named]# tail /var/log/messages
Jul 28 11:38:30 qq named[50004]: automatic empty zone: EMPTY.AS112.ARPA
Jul 28 11:38:30 qq named[50004]: configuring command channel from '/etc/named/rndc.key'
Jul 28 11:38:30 qq named[50004]: couldn't add command channel 127.0.0.1#953: file not found
Jul 28 11:38:30 qq named[50004]: the working directory is not writable
Jul 28 11:38:30 qq named[50004]: managed-keys-zone: loaded serial 0
Jul 28 11:38:30 qq named[50004]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2015042501
Jul 28 11:38:30 qq named[50004]: zone magedu.com/IN: loaded serial 2015042501
Jul 28 11:38:30 qq named[50004]: zone localhost/IN: loaded serial 2015042501
Jul 28 11:38:30 qq named[50004]: all zones loaded
Jul 28 11:38:30 qq named[50004]: running
[root@qq named]#
12、。。。還是測試
rndc: neither /etc/named/rndc.conf nor /etc/named/rndc.key was found
[root@qq named]#
[root@qq named]#
[root@qq named]# dig -t A www.magedu.com @10.201.106.129
; <<>> DiG 9.10.4-P2 <<>> -t A www.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39817
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns.magedu.com.
13、創建rndc配置文件
13.1 通過rndc-confgen生成rndc.KEY,這一步可不做,跳到13.2
[root@qq named]# rndc-confgen -r /dev/urandom
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "OJ8rQL9q45gpTiKw2h5PvQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "OJ8rQL9q45gpTiKw2h5PvQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
[root@qq named]#
13.2 生成rndc.conf文件
[root@qq named]# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
[root@qq named]#
13.3 複製rndc.conf下面的文件到/etc/named/named.conf
[root@qq named]# vim /etc/named/named.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "PiBSI46XujOPu3H6bIaqaQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
End of named.conf
:.,$-1s@^# @@g
重啓服務
[root@qq named]#
[root@qq named]# killall named
[root@qq named]#
[root@qq named]# named -u named
[root@qq named]#
重載服務
[root@qq named]# killall -SIGHUP named
[root@qq named]#
rndc已經可以正常使用
[root@qq named]# rndc status
version: BIND 9.10.4-P2 <id:7658a94>
boot time: Thu, 28 Jul 2016 03:56:20 GMT
last configured: Thu, 28 Jul 2016 03:56:23 GMT
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@qq named]#
[root@qq named]# rndc reload
server reload successful
[root@qq named]#
壓測
壓測文件
[root@qq contrib]# cd scripts/
[root@qq scripts]# ls
check5011.pl dnssec-keyset.sh zone-edit.sh
check-secure-delegation.pl named-bootconf.sh zone-edit.sh.in
check-secure-delegation.pl.in nanny.pl
[root@qq scripts]# cd ..
[root@qq contrib]# cd query
-bash: cd: query: No such file or directory
[root@qq contrib]# cd query
query-loc-0.4.0/ queryperf/
[root@qq contrib]# cd queryperf/ #壓測命令
[root@qq queryperf]# ls
config.h.in configure.in Makefile.in queryperf.c utils
configure input missing README
[root@qq queryperf]#
編譯壓力測試命令 querypref
/root/bind-9.10.4-P2/contrib/queryperf
[root@qq queryperf]# ls
config.h.in configure.in Makefile.in queryperf.c utils
configure input missing README
[root@qq queryperf]# ./configure
gcc -DHAVE_CONFIG_H -c queryperf.c
gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf
[root@qq queryperf]# ls
config.h config.status input missing queryperf.o
config.h.in configure Makefile queryperf(**可執行程序) README
config.log configure.in Makefile.in queryperf.c utils
[root@qq queryperf]#
[root@qq queryperf]# cp queryperf /usr/local/bind9/bin/
[root@qq queryperf]# queryperf -h
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
……
開始測試
1、定義測試文件
[root@qq ~]# vim test
www.magedu.com A
magedu.com NS
2、測試開始
[root@qq ~]# queryperf -d test -s 10.201.106.129
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 10.201.106.129)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 2 queries
Queries completed: 2 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.000221 sec
RTT min: 0.000037 sec
RTT average: 0.000129 sec
RTT std deviation: 0.000102 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jul 28 12:15:16 2016
Finished at: Thu Jul 28 12:15:16 2016
Ran for: 0.000282 seconds
Queries per second: 7092.198582 qps #每秒可以接受7000次查詢
開啓日誌查詢會影響解析性能,平常建議關閉,網絡帶寬也是極大的限制了性能
rndc querylog
[root@qq ~]# tail /var/log/messages
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (pop3.magedu.com): query: pop3.magedu.com IN A + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (imap4.magedu.com): query: imap4.magedu.com IN A + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (web.magedu.com): query: web.magedu.com IN A + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (magedu.com): query: magedu.com IN NS + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (magedu.com): query: magedu.com IN MX + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (pop3.magedu.com): query: pop3.magedu.com IN A + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (imap4.magedu.com): query: imap4.magedu.com IN A + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (web.magedu.com): query: web.magedu.com IN A + (10.201.106.129)
Jul 28 12:26:21 qq named[50085]: client 10.201.106.129#49986 (magedu.com): query: magedu.com IN NS + (10.201.106.129)
Jul 28 12:26:21 qq rsyslogd-2177: imuxsock begins to drop messages from pid 50085 due to rate-limiting
[root@qq ~]# rnd status
-bash: rnd: command not found
[root@qq ~]# rndc status
version: BIND 9.10.4-P2 <id:7658a94>
boot time: Thu, 28 Jul 2016 03:56:20 GMT
last configured: Thu, 28 Jul 2016 03:56:47 GMT
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
沒有日誌和開啓前後對比
結果整整慢了將近一半;
[root@qq ~]# queryperf -d test -s 10.201.106.129
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 10.201.106.129)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 299999 queries
Queries completed: 299999 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.226639 sec
RTT min: 0.000059 sec
RTT average: 0.001974 sec
RTT std deviation: 0.002054 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jul 28 12:30:17 2016
Finished at: Thu Jul 28 12:30:46 2016
Ran for: 29.882607 seconds
Queries per second: 10039.251261 qps
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]#
[root@qq ~]# queryperf -d test -s 10.201.106.129
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 10.201.106.129)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 299999 queries
Queries completed: 299999 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.031779 sec
RTT min: 0.000077 sec
RTT average: 0.003518 sec
RTT std deviation: 0.000623 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Thu Jul 28 12:31:04 2016
Finished at: Thu Jul 28 12:31:57 2016
Ran for: 53.061621 seconds
Queries per second: 5653.785059 qps
