編譯安裝
1、下載並安裝Centos6 64位系統,記住不要最小化安裝,最好安裝帶圖形界面。內核2.6
2、系統安裝好後,配置阿里雲yum源,可連接外網。如果是內網自己去找yum源,這裏簡單介紹下配置阿里雲yum源
直接給出命令
cd /etc/yum.repos.d
mkdir files
mv *repo* files
vim base.repo
[base]
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck=0
保存退出VIM編輯器
執行yumclean all
執行yummakecache
執行yumrepolist all
注意;如果報錯根據報錯信息,逐個排錯
典型的故障是yum安全鎖,執行
rm -rf /var/run/yum.pid
3、安裝開發包組
1 | # yum groupinstall "Development Tools"
|
4、bind源碼包,請致3w.isc.org官網下載(我自己選擇的編譯版本是bind-9.10.1-P1.tar.gz)
5、下載(這裏是內網下載的,上面isc地址,自己去下)及解壓
1 2 | # wget -q ftp://10.1.0.1/pub/Sources/sources/bind/bind-9.10.1-P1.tar.gz
# tar -xf bind-9.10.1-P1.tar.gz
|
6、檢查並準備編譯環境
1 2 3 4 5 6 7 8 9 10 11 | # cd bind-9.10.1-P1 # ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads
程序安裝路徑 配置文件路徑 開啓多線程
# --enable-epoll --disable-chroot 多路複用IO 不使用chroot (2,4行是一行) checking for OpenSSL library... configure: error: OpenSSL was not found in any of /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; use --with-openssl=/path
If you don't want OpenSSL, use --without-openssl
# 缺少openssl 庫,一般來講編譯環境缺少的都會是開發包,安裝openssl開發包
# 注意;爲避免重複報錯,請執行以下openssl*的參數。全部安裝關於openssl軟件
# yum -y install openssl*
...
Complete! # openssl安裝完成
# 重新檢查編譯環境
# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads
--enable-epoll --disable-chroot
|
7、編譯
8、安裝
9、編輯配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | # vim /etc/named/named.conf
# 寫入下面的內容
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
|
10、編輯數據文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | # mkdir /var/named
# dig -t NS . @114.114.114.114 > /var/named/named.ca
# 注意;這條命令的意思是;從DNS114域裏去抓取13條根記錄,抓取的內容並追加到named.ca文件內 # vim /var/named/named.localhost
# 寫入下面內容
$TTL 86400
@ IN SOA localhost. admin.localhost. (
20160927
2H
10M
7D
1D
)
IN NS localhost.
localhost. IN A 127.0.0.1
# vim /var/named/named.loopback
# 寫入下面的內容
$TTL 86400
@ IN SOA localhost. admin.localhost. (
20160927
2H
10M
7D
1D
)
IN NS localhost.
1 IN PTR localhost.
|
11、設置運行環境
1 2 3 4 | # groupadd -g 53 -r named
# useradd -g named -r named
# chown root:named /etc/named/named.conf /var/named/*
# chmod 640 /etc/named/named.conf /var/named/*
|
12、導出環境變量
1 2 3 4 5 6 7 8 9 10 11 12 13 | # PATH環境變量
# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh
# source /etc/profile.d/named.sh
# 創建頭文件
# ln -sv /usr/local/bind9/include /usr/include/named
# 創建庫文件
# vim /etc/ld.so.d/named.conf
/usr/local/bind9/lib64
# 創建並指定man幫助文檔
# man -M /usr/local/bind9/share/man named
# 或者
# vim /etc/man.config
MANPATH /usr/local/bind9/share/man
|
13、試啓動
1 2 3 4 5 6 | # named -u named
# 以named用戶運行程序
# 查看監聽端口
# ss -tnul
# 查看日誌
# tail /var/log/messages
|
14、配置rndc(遠程管理工具,很顯然需要密鑰)。
1 2 3 4 5 | # 生成密鑰
# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
# 改變密鑰文件屬性
# chown root:named /etc/named/rndc.conf
# chmod 640 /etc/named/rndc.conf # 其他用戶沒有任何權限
|
15、打開rndc.conf按要求操作。
1 | # vim /etc/named/rndc.conf![wKiom1Mo64qCwth0AALgMSDeufs856.jpg]( "圖像 022.png")
|
![wKioL1Mo7B_w-mbUAAGzsrp--78700.jpg]( "圖像 023.png")
16、重啓服務,並測試rndc(本地測試)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | # killall named
# named -u named
# rndc status
version: 9.9.5 <id:f9b8a50e>
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
|
17、編輯服務配置腳本。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | # vim /etc/init.d/named
# 寫入腳本
#!/bin/bash
# description: daemon named
# chkconfig: 345 20 50
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
else
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
touch $lockFile
success
else
rm -f $lockFile $pidFile
failure
fi
echo
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
else
echo -n "Stopping named:"
killproc named
RETVAL=$?
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
success
else
echo "Cannot stop named."
failure
fi
echo
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
echo
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
else
echo -n "named is stopped..."
fi
echo
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
;;
esac
|
18、將腳本添加到服務中去並啓動。
1 2 3 4 5 6 7 | # chmod +x /etc/init.d/named # 給腳本增加執行權限
# chkconfig --add /etc/init.d/named
# chkconfig --list named
named 0:off 1:off 2:off 3:on 4:on 5:on 6:off
# service named start
Starting named: [ OK ]
# ss -tnul | grep ":53"
|
19、壓力測試
在編譯安裝BIND的時候,安裝程序中有個文件叫查詢性能的,是第三方提供的性能測試工具。這個程序包一般是不會安裝。也是需要手動去編譯,我們切換去queryperf目錄下、直接編譯:
cd/testdir/bind-9.10.1-P1/contrib
# ./configure
# make
完成、生成一個叫queryperf、直接cp到/usr/bin下:
# cp queryperf /usr/bin
# cp /usr/bin/ queryperf
接下來我們去創建一個查詢的域名的測試文件,在root的家目錄下創建一個query.txt文件;
用vim創建query.txt文件並填入以下內容
www.magedu.com A
magedu.com NS
magedu.com MX
pop3.magedu.com A
web.magedu.com A
添加這些內容、然後複製N次保存退出、再測試一下你的DNS服務器每秒可以執行的查詢次數是多少次、用時多少、看一下我的query.txt文件中有多少條:
# wc -l query.txt
要是你覺得不夠多再加,加到你滿意爲止,最少幾十萬行。才能測試出效果。那我們就來測試一下吧。
# queryperf -d query.txt -s 127.0.0.1![wKiom1frxAzzw-t_AAFCunI2XPk956.jpg]( "測試.jpg")
測試時你可以用htop看一下cpu佔用率:
# htop ![wKioL1frxDPC2MHrAABONNssSwI954.png]( "111.png")
20、打開日誌功能
rndc querylog
rndc status
queryperf -d test.txt -s 127.0.0.1
wc -l /var/log/message
故障排錯於一九四三,BIND測試自此結束!!!
21、附上需要手動創建的文件,如有遺漏後續補上(等Centos7測試完畢後,來更新此文檔。)
編譯安裝bind需要手動創建的文件
vim/etc/named/named.conf
mkdir/var/named
vim/var/named/named.ca
vim/var/named/named.localhost
vim/var/named/named.loopback
創建組groupadd -g 53 -r named
創建用戶useradd -g named -r named
vim/etc/named/rndc.conf
vim/etc/init.d/named
環境變量自己創建,創建頭文件,創建庫文件此,創建man幫助文檔
