首页 > 代码库 > DNS主从服务,子域授权,view视图,日志系统,压力测试rsync配置

DNS主从服务,子域授权,view视图,日志系统,压力测试rsync配置

DNS主从服务,子域授权,view视图,日志系统,压力测试

DNS性能测试工具queryperfDNS查询过程:

技术分享

DNS主从建立:

环境:

主服务器:10.140.165.93

从服务器:10.140.165.169

关闭防火墙,关闭selinux.

主服务器建立:

[root@cnhzdhcp16593 ~]# yum -y install bind-util bind    #安装bind服务

[root@cnhzdhcp16593 ~]# vim /etc/named.conf    #编辑主配置文件

options {
        directory       "/var/named";
        allow-recursion { 10.140.165.0/24; };    #定义递归的网段;
        notify yes;  #开启通知功能;
};

zone "." IN {         #定义根域
        type hint;
        file "named.ca";
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-transfer { none; };    #定义不允许区域传送;
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-transfer { none; };   #定义不允许区域传送;
};
zone "izyno.com" IN {      #定义正向解析服务
        type master;
        file "izyno.com.zone";
        allow-transfer { 10.140.165.169; };   #只允许从DNS传送
};
zone "165.140.10.in-addr.arpa" IN {    #定义反向解析;
        type master;
        file "165.140.10.zone";
        allow-transfer { 10.140.165.169; };    #只允许从DNS传送;
};

定义正向,反向区域文件:

[root@cnhzdhcp16593 named]# cd /var/named/
[root@cnhzdhcp16593 named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@cnhzdhcp16593 named]# vim izyno.com.zone    #编辑正向区域

$TTL 300
@       IN      SOA     ns1.izyno.com.  admin.izyno.com. (          
                                2016101201
                                3H
                                10M
                                1D
                                2D )
@       IN      NS      ns1     #定义主机记录   ---NS(Name Server)记录是域名服务器记录,用来指定该域名由哪个DNS服务器来进行解析。
@       IN      NS      ns2     #从服务器主机记录
@       IN      MX  10  mail   #邮件主机记录
ns1     IN      A       10.140.165.93   #定义A记录
ns2     IN      A       10.140.165.169  #从服务器A记录
mail    IN      A       10.140.165.90
www     IN      A       10.140.165.91
www     IN      A       10.140.165.92
ftp     IN      CNAME   www   #定义别名

注释:时间单位:M(分钟) H(小时) D(天)   W(周) ,默认单位是秒。 邮箱格式:admin.izyno.com 不能使用@,@有特殊意义。

[root@cnhzdhcp16593 named]# vim 165.140.10.zone   #编辑反向区域文件

$TTL 300
@       IN      SOA     ns1.izyno.com. admin.izyno.com. (
                        2016101201
                        3H
                        10M
                        1D
                        2D )
@       IN      NS      ns1.izyno.com.
@       IN      NS      ns2.izyno.com.
93      IN      PTR     ns1.izyno.com.
169     IN      PTR     ns2.izyno.com.
91      IN      PTR     www.izyno.com.
92      IN      PTR     www.izyno.com.

[root@cnhzdhcp16593 named]# ll
total 36
-rw-r--r--. 1 root  root   242 Oct 12 20:59 165.140.10.zone
drwxrwx---. 2 named named 4096 Sep 28 18:54 data
drwxrwx---. 2 named named 4096 Sep 28 18:54 dynamic
-rw-r--r--. 1 root  root   275 Oct 12 20:43 izyno.com.zone

[root@cnhzdhcp16593 named]# chmod 640 *  #设置权限
[root@cnhzdhcp16593 named]# chown root.named *  #设置属主属组

[root@cnhzdhcp16593 named]# named-checkzone "165.140.10.in-addr.apar" /var/named/165.140.10.zone     #测试反向区域配置是否正确
zone 165.140.10.in-addr.apar/IN: loaded serial 2016101201
OK

[root@cnhzdhcp16593 named]# named-checkzone "izyno.com.zone" /var/named/izyno.com.zone   #测试反向区域配置文件是否正确
zone izyno.com.zone/IN: loaded serial 2016101201
OK
[root@cnhzdhcp16593 named]#named-checkconfig   #测试主配置文件配置是否正确.

[root@cnhzdhcp16593 named]# service named restart   #重启
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@cnhzdhcp16593 named]# tail /var/log/messages  #查看日志
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: loaded serial 2016101201
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: loaded serial 2016101201
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone localhost/IN: loaded serial 0
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: running
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201)
Oct 12 21:06:08 cnhzdhcp16593 named[13086]: zone izyno.com/IN: sending notifies (serial 2016101201)

从服务器建立:  10.140.165.169

[root@localhost ~]# yum -y install bind-utils bind

[root@localhost ~]# vim /etc/named.conf    #编辑主配置文件.

options {
        directory       "/var/named";
        allow-recursion { 10.140.165.0/24; };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-transfer { none; };
};
zone "izyno.com" IN {
        type slave;   #指定为从服务器dns
        file "slaves/izyno.com.zone";   #指定区域文件地址;
        masters { 10.140.165.93; };  #指定主服务器dns地址;
        allow-transfer { none; };  #为了安全,不允许任何人传送;
};
zone "165.140.10.in-addr.arpa" IN {   #反向从
        type slave;
        file "slaves/165.140.10.zone";
        masters { 10.140.165.93; };
        allow-transfer { none; };
};

[root@localhost ~]# ll /etc/named.conf     #文件属主属组必须是root.named,权限为640
-rw-r----- 1 root named 952 Oct 12 13:25 /etc/named.conf

[root@cnhzdhcp16593 named]# service named restart  #重启服务
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]

[root@cnhzdhcp16593 named]# cat /var/log/messages  #查看日志

managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied

如果出现以上错误在named下新建:

[root@cnhzdhcp16593 named]# touch managed-keys.bind

[root@localhost slaves]# ls  #查看是否同步成功
165.140.10.zone  izyno.com.zone

165.140.10.in-addr.arpa    IN SOA    ns1.izyno.com. admin.izyno.com. (
                2016101201 ; serial
                10800      ; refresh (3 hours)
                600        ; retry (10 minutes)
                86400      ; expire (1 day)
                172800     ; minimum (2 days)
                )
            NS    ns1.izyno.com.
            NS    ns2.izyno.com.
$ORIGIN 165.140.10.in-addr.arpa.
169            PTR    ns2.izyno.com.
91            PTR    www.izyno.com.
92            PTR    www.izyno.com.
93            PTR    ns1.izyno.com.
[root@localhost slaves]# cat izyno.com.zone 
$ORIGIN .
$TTL 300    ; 5 minutes
izyno.com        IN SOA    ns1.izyno.com. admin.izyno.com. (
                2016101201 ; serial
                10800      ; refresh (3 hours)
                600        ; retry (10 minutes)
                86400      ; expire (1 day)
                172800     ; minimum (2 days)
                )
            NS    ns1.izyno.com.
            NS    ns2.izyno.com.
            MX    10 mail.izyno.com.
$ORIGIN izyno.com.
ftp            CNAME    www
mail            A    10.140.165.90
ns1            A    10.140.165.93
ns2            A    10.140.165.169
www            A    10.140.165.91
            A    10.140.165.92

添加主服务器正向记录,查看是否通知从服务器:

[root@cnhzdhcp16593 named]# cat izyno.com.zone | grep bbs
bbs    IN    A    10.140.165.94

[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: loaded serial 2016101202
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone localhost/IN: loaded serial 0
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: running
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101201)
Oct 12 21:29:37 cnhzdhcp16593 named[13501]: zone izyno.com/IN: sending notifies (serial 2016101202)
Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started
Oct 12 21:29:38 cnhzdhcp16593 named[13501]: client 10.140.165.169#43849: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended

查看从服务器区域文件:

[root@localhost slaves]# cat izyno.com.zone 
$ORIGIN .
$TTL 300    ; 5 minutes
izyno.com        IN SOA    ns1.izyno.com. admin.izyno.com. (
                2016101202 ; serial
                10800      ; refresh (3 hours)
                600        ; retry (10 minutes)
                86400      ; expire (1 day)
                172800     ; minimum (2 days)
                )
            NS    ns1.izyno.com.
            NS    ns2.izyno.com.
            MX    10 mail.izyno.com.
$ORIGIN izyno.com.
bbs            A    10.140.165.94
ftp            CNAME    www
mail            A    10.140.165.90
ns1            A    10.140.165.93
ns2            A    10.140.165.169
www            A    10.140.165.91
            A    10.140.165.92

添加主服务器反向记录,查看是否通知从服务器:

[root@cnhzdhcp16593 named]# cat 165.140.10.zone | grep 90
90    IN    PTR    mail.izyno.com.

[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101202
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone localhost/IN: loaded serial 0
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: running
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202)
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101202)
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR started
Oct 12 21:37:23 cnhzdhcp16593 named[13642]: client 10.140.165.169#40309: transfer of ‘165.140.10.in-addr.arpa/IN‘: AXFR-style IXFR ended

查看从服务器同步记录:

[root@localhost slaves]# cat 165.140.10.zone 
$ORIGIN .
$TTL 300    ; 5 minutes
165.140.10.in-addr.arpa    IN SOA    ns1.izyno.com. admin.izyno.com. (
                2016101202 ; serial
                10800      ; refresh (3 hours)
                600        ; retry (10 minutes)
                86400      ; expire (1 day)
                172800     ; minimum (2 days)
                )
            NS    ns1.izyno.com.
            NS    ns2.izyno.com.
$ORIGIN 165.140.10.in-addr.arpa.
169            PTR    ns2.izyno.com.
90            PTR    mail.izyno.com.
91            PTR    www.izyno.com.
92            PTR    www.izyno.com.
93            PTR    ns1.izyno.com.

子域授权:

环境:

主服务器:10.140.165.93

从服务器:10.140.165.160

子域服务器:10.140.164.184

编辑主服务器配置文件,添加子域NS和A记录:

cache   IN      NS      ns1.cache
51cache IN      NS      ns1.cache
ns1.cache       IN      A       10.140.165.95
ns1.51cache     IN      A       10.140.165.96

[root@cnhzdhcp16593 named]# service named reload
Reloading named:                                           [  OK  ]
[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: Warning: ‘empty-zones-enable/disable-empty-zone‘ not set: disabling RFC 1918 empty zones
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading configuration succeeded
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: reloading zones succeeded
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: loaded serial 2016101203
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: zone izyno.com/IN: sending notifies (serial 2016101203)
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR started
Oct 12 23:15:16 cnhzdhcp16593 named[13642]: client 10.140.165.169#40467: transfer of ‘izyno.com/IN‘: AXFR-style IXFR ended

配置子域DNS服务器:

配置主配置文件:

options {
        directory       "/var/named";
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-transfer { none; };
};
zone "cache.izyno.com" IN {      #添加cache子域
        type master;
        file "cache.izyno.com.zone";
        allow-transfer { none; };
};
zone "51cache.izyno.com" IN {    #添加51cache子域
        type master;
        file "51cache.izyno.com.zone";
        allow-transfer { none; };
};

添加子域区域文件:

[root@localhost named]# cat /var/named/cache.izyno.com.zone 
$TTL 300
@    IN    SOA    ns1.cache.izyno.com.    admin.cache.izyno.com. (
                2016101201
                3H
                10M
                1D
                2D )
@    IN    NS    ns1
ns1    IN    A    10.140.164.184
www    IN    A    10.140.164.185
bbs    IN    A    10.140.164.186

注:权限为640,属主root属组named

测试:

主服务器测试:

[root@cnhzdhcp16593 named]# dig -t A www.cache.izyno.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64774
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.cache.izyno.com.        IN    A

;; ANSWER SECTION:
www.cache.izyno.com.    300    IN    A    10.140.164.185

;; AUTHORITY SECTION:
cache.izyno.com.    300    IN    NS    ns1.cache.izyno.com.

;; ADDITIONAL SECTION:
ns1.cache.izyno.com.    300    IN    A    10.140.164.184

;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 01:21:49 2016
;; MSG SIZE  rcvd: 87

在子域添加父域解析:

[root@localhost named]# tail -5 /etc/named.conf 

options {
        directory       "/var/named";
        allow-recursion { any; };  #可以结合上面的选项设置成对自身的客户机允许递归,但对外查询禁止递归

        recursion yes;   #指定named是否代表客户机查询其它名字服务器。

};

zone "izyno.com" IN {
    type forward;   #区域的转发类型
    forward first;   #only表示仅转发 ;first表示先进行转发,如果没查询到结果,那么它自己还会根据根提示向外迭代查询
    forwarders { 10.140.165.93; };  #指定转发器是谁.
};

在父域测试:

[root@cnhzdhcp16593 named]# dig -t A www.cache.izyno.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30533
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.cache.izyno.com.        IN    A

;; ANSWER SECTION:
www.cache.izyno.com.    300    IN    A    10.140.164.185

;; AUTHORITY SECTION:
cache.izyno.com.    300    IN    NS    ns1.cache.izyno.com.

;; ADDITIONAL SECTION:
ns1.cache.izyno.com.    300    IN    A    10.140.164.184

;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 17:29:35 2016
;; MSG SIZE  rcvd: 87

在从域测试:

[root@localhost slaves]# dig -t A www.cache.izyno.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.cache.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60515
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:   问题段
;www.cache.izyno.com.        IN    A

;; ANSWER SECTION:   答案段
www.cache.izyno.com.    300    IN    A    10.140.164.185

;; AUTHORITY SECTION:  权威答案
cache.izyno.com.    300    IN    NS    ns1.cache.izyno.com.

;; ADDITIONAL SECTION:    补充权威DNS的A记录
ns1.cache.izyno.com.    300    IN    A    10.140.164.184

;; Query time: 1 msec
;; SERVER: 10.140.165.169#53(10.140.165.169)
;; WHEN: Thu Oct 13 09:37:48 2016
;; MSG SIZE  rcvd: 87

rndc控制

[root@cnhzdhcp16593 named]# rndc-confgen > /etc/rndc.conf   #生成rndc配置文件.

[root@cnhzdhcp16593 named]# tail /etc/named.conf    #将rndc.conf文件后半段追加到named.conf.可以看到已经追加.
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
       algorithm hmac-md5;
       secret "gfyHFoLk5hOynTKpYKy0MA==";
}; 
controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
};
#End of named.conf

[root@cnhzdhcp16593 named]# rm -rf /etc/rndc.key  #删除系统自带的key

[root@cnhzdhcp16593 named]# service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@cnhzdhcp16593 named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1
CPUs found: 4
worker threads: 4
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@cnhzdhcp16593 named]# rndc flush
[root@cnhzdhcp16593 named]# rndc notify "izyno.com."
zone notify queued
[root@cnhzdhcp16593 named]# tail /var/log/messages
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: dynamic/managed-keys.bind.jnl: open: permission denied
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: managed-keys-zone ./IN: journal rollforward failed: unexpected error
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: running
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204)
Oct 13 17:51:52 cnhzdhcp16593 named[27535]: zone 165.140.10.in-addr.arpa/IN: sending notifies (serial 2016101202)
Oct 13 17:52:06 cnhzdhcp16593 named[27535]: received control channel command ‘flush‘
Oct 13 17:52:06 cnhzdhcp16593 named[27535]: flushing caches in all views succeeded
Oct 13 17:52:19 cnhzdhcp16593 named[27535]: received control channel command ‘notify izyno.com.‘
Oct 13 17:52:19 cnhzdhcp16593 named[27535]: zone izyno.com/IN: sending notifies (serial 2016101204)
[root@cnhzdhcp16593 named]# rndc stop

[root@cnhzdhcp16593 named]# netstat -tunlp | grep "53"
udp        0      0 :::53400                    :::*                                    14866/rpc.mountd    
[root@cnhzdhcp16593 named]# service named start
Starting named:                                            [  OK  ]
[root@cnhzdhcp16593 named]# netstat -tunlp | grep "53"
tcp        0      0 192.168.1.1:53              0.0.0.0:*                   LISTEN      27594/named         
tcp        0      0 10.140.165.93:53            0.0.0.0:*                   LISTEN      27594/named         
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      27594/named         
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      27594/named         
udp        0      0 192.168.1.1:53              0.0.0.0:*                               27594/named         
udp        0      0 10.140.165.93:53            0.0.0.0:*                               27594/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               27594/named         
udp        0      0 :::53400                    :::*                                    14866/rpc.mountd    

DNS视图及其日志系统

dns服务器地址:10.140.165.93

编辑named.conf文件:

acl net {       #定义acl表,可以添加网段单独的IP地址
        10.140.165.0/24;
        127.0.0.0/8;
};
options {
        directory "/var/named";
        allow-recursion { net; };  #允许递归
};

view lian {    #定义视图
        match-clients { net; };    #定义那些客户访问
        zone "izyno.com" IN
                type master;
                file "lian.izyno.com.zone";
        };
};
view dian {
        match-clients { any; };
        zone "izyno.com" IN
                type master;
                file "dian.izyno.com.zone";
        };
};

[root@cnhzdhcp16593 named]# named-checkconf 

[root@cnhzdhcp16593 named]# chown root.named /etc/named.conf
[root@cnhzdhcp16593 named]# chmod 640 /etc/named.conf

定义区域文件:

[root@cnhzdhcp16593 named]# cat lian.izyno.com.zone 
$TTL 300
@    IN    SOA    ns1.izyno.com. admin.izyno.com. (
                2016101302
                3H
                10M
                1D
                1D )
@    IN    NS    ns1
ns1    IN    A    10.140.165.93
www    IN    A    192.168.0.2
shell    IN    A    192.169.0.3

[root@cnhzdhcp16593 named]# cat dian.izyno.com.zone 
$TTL 300
@    IN    SOA    ns1.izyno.com. admin.izyno.com. (
                2016101301
                3H
                10M
                1D
                1D )
@    IN    NS    ns1
ns1    IN    A    10.140.165.93
www    IN    A    192.168.0.1
shell    IN    A    192.169.0.2

测试:

在165主机测试:

[root@localhost named]# dig -t A www.izyno.com @10.140.165.93

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com @10.140.165.93
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.izyno.com.            IN    A

;; ANSWER SECTION:
www.izyno.com.        300    IN    A    192.168.0.2

;; AUTHORITY SECTION:
izyno.com.        300    IN    NS    ns1.izyno.com.

;; ADDITIONAL SECTION:
ns1.izyno.com.        300    IN    A    10.140.165.93

;; Query time: 1 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 10:45:18 2016
;; MSG SIZE  rcvd: 81

在164网段测试:

[root@localhost named]# dig -t A www.izyno.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> -t A www.izyno.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36363
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.izyno.com.            IN    A

;; ANSWER SECTION:
www.izyno.com.        300    IN    A    192.168.0.1

;; AUTHORITY SECTION:
izyno.com.        300    IN    NS    ns1.izyno.com.

;; ADDITIONAL SECTION:
ns1.izyno.com.        300    IN    A    10.140.165.93

;; Query time: 0 msec
;; SERVER: 10.140.165.93#53(10.140.165.93)
;; WHEN: Thu Oct 13 10:46:44 2016
;; MSG SIZE  rcvd: 81

定义日志系统:

~]# vim /etc/named.conf

[root@soysauce ~]# cat /etc/named.conf

acl innet {

172.16.0.0/16;

};

options {

directory "/var/named";

allow-recursion { innet; };

querylog yes;

};

logging {                                              # 增加日志系统配置

channel query_log {                            

file "/var/log/named/bind_query.log" versions 3 size 10M;

severity dynamic;                            # 日志级别

print-category yes;                        # 日志中显示日志来源,即记录了哪一类日志

print-time yes;                            # 日志中显示时间

print-severity yes;                        # 日志中显示记录的日志级别

};

channel xfer_log {

file "/var/log/named/transfer.log" versions 3 size 10M;

severity debug 3;

print-category yes;

print-time yes;

print-severity yes;

};

category xfer-out { xfer_log; };                    # 记录传送日志

category queries { query_log; };                    # 记录查询日志

};

view telecom {

match-clients { innet; };

zone "soysauce.com" IN {

type master;

file "telecom.soysauce.com.zone";

};

};

view unicom {

match-clients { any; };

zone "soysauce.com" IN {

type master;

file "unicom.soysauce.com.zone";

};

};

[root@soysauce ~]# mkdir /var/log/named

[root@soysauce ~]# chown named.named /var/log/named    # 修改属主属组为named,否则无法写入日志

[root@soysauce ~]# mkdir /var/log/named

[root@soysauce ~]# chown named.named /var/log/named

[root@soysauce ~]# named-checkconf 

[root@soysauce ~]# service named reload

Reloading named:                                           [  OK  ]

[root@soysauce ~]# !dig                                            # 本次发起一次查询

dig -t A www.soysauce.com. 

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23698

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.soysauce.com.      IN  A

;; ANSWER SECTION:

www.soysauce.com.   86400   IN  A   172.16.1.110

;; AUTHORITY SECTION:

soysauce.com.       86400   IN  NS  ns1.soysauce.com.

;; ADDITIONAL SECTION:

ns1.soysauce.com.   86400   IN  A   172.16.1.111

;; Query time: 34 msec

;; SERVER: 172.16.1.111#53(172.16.1.111)

;; WHEN: Fri Dec 11 21:21:14 2015

;; MSG SIZE  rcvd: 84

[root@CentOS5 ~]# dig -t A www.soysauce.com. @172.16.1.111                # 另外一台主机发起一次查询

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5_11.3 <<>> -t A www.soysauce.com. @172.16.1.111

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59167

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.soysauce.com.      IN  A

;; ANSWER SECTION:

www.soysauce.com.   86400   IN  A   172.16.1.110

;; AUTHORITY SECTION:

soysauce.com.       86400   IN  NS  ns1.soysauce.com.

;; ADDITIONAL SECTION:

ns1.soysauce.com.   86400   IN  A   172.16.1.111

;; Query time: 8 msec

;; SERVER: 172.16.1.111#53(172.16.1.111)

;; WHEN: Fri Dec 11 20:43:35 2015

;; MSG SIZE  rcvd: 84

[root@soysauce ~]# cat /var/log/named/bind_query.log         # 可以看到查询日志已然生成

11-Dec-2015 21:21:14.608 queries: info: client 172.16.1.111#48637: view telecom: query: www.soysauce.com IN A + (172.16.1.111)

11-Dec-2015 21:23:12.112 queries: info: client 172.16.1.110#50474: view telecom: query: www.soysauce.com IN A + (172.16.1.111)

[root@node1 ~]# dig -t axfr soysauce.com. @172.16.1.111        # 另外一台主机发起区域传送

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. @172.16.1.111

;; global options: +cmd

soysauce.com.       86400   IN  SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400

soysauce.com.       86400   IN  NS  ns1.soysauce.com.

bbs.soysauce.com.   86400   IN  A   172.16.1.112

ns1.soysauce.com.   86400   IN  A   172.16.1.111

www.soysauce.com.   86400   IN  A   172.16.1.110

soysauce.com.       86400   IN  SOA ns1.soysauce.com. admin.soysauce.com. 2015121101 3600 600 86400 86400

;; Query time: 41 msec

;; SERVER: 172.16.1.111#53(172.16.1.111)

;; WHEN: Sat Dec 12 16:48:46 2015

;; XFR size: 6 records (messages 1, bytes 182)

[root@soysauce ~]# tail /var/log/named/transfer.log                     # 可以看到传送日志已然生成

11-Dec-2015 21:42:54.416 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR started

11-Dec-2015 21:42:54.418 xfer-out: info: client 172.16.1.101#58015: view telecom: transfer of ‘soysauce.com/IN‘: AXFR ended

DNS性能测试工具queryperf

[root@soysauce tmp]# ll

total 10964

-rw-r--r-- 1 root root 8471531 Dec 12  2015 bind-9.10.2-P4.tar.gz

[root@soysauce tmp]# tar xf bind-9.10.2-P4.tar.gz 

[root@soysauce tmp]# ls

bind-9.10.2-P4  bind-9.10.2-P4.tar.gz

[root@soysauce tmp]# cd bind-9.10.2-P4/contrib

[root@soysauce contrib]# ls

dane  dlz  idn  nslint-3.0a2  perftcpdns  query-loc-0.4.0  queryperf  README  scripts  sdb  zkt-1.1.3

[root@soysauce contrib]# cd queryperf/

[root@soysauce queryperf]# ls

config.h.in configure  configure.in input  Makefile.in missing  queryperf.c  README  utils

[root@soysauce queryperf]# ./configure 

checking for gcc... no

checking for cc... no

checking for cl.exe... no

configure: error: in `/tmp/bind-9.10.2-P4/contrib/queryperf‘:

configure: error: no acceptable C compiler found in $PATH

See `config.log‘ for more details    

[root@soysauce queryperf]# yum install -y gcc make                # 安装gcc、make编译工具

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* epel: mirrors.opencas.cn

Setting up Install Process

Package 1:make-3.81-20.el6.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package gcc.x86_64 0:4.4.7-16.el6 will be installed

--> Processing Dependency: libgomp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64

--> Processing Dependency: cpp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64

--> Processing Dependency: libgcc >= 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64

--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-16.el6.x86_64

--> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-16.el6.x86_64

--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-16.el6.x86_64

--> Running transaction check

---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed

--> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64

--> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64

---> Package cpp.x86_64 0:4.4.7-16.el6 will be installed

--> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-16.el6.x86_64

---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.3 will be installed

--> Processing Dependency: glibc-headers = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64

--> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-devel-2.12-1.166.el6_7.3.x86_64

--> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.166.el6_7.3.x86_64

---> Package libgcc.x86_64 0:4.4.7-4.el6 will be updated

---> Package libgcc.x86_64 0:4.4.7-16.el6 will be an update

---> Package libgomp.x86_64 0:4.4.7-16.el6 will be installed

--> Running transaction check

---> Package glibc.x86_64 0:2.12-1.132.el6 will be updated

--> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-common-2.12-1.132.el6.x86_64

---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be an update

---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.3 will be installed

--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.166.el6_7.3.x86_64

--> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.166.el6_7.3.x86_64

---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed

---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed

--> Running transaction check

---> Package glibc-common.x86_64 0:2.12-1.132.el6 will be updated

---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be an update

---> Package kernel-headers.x86_64 0:2.6.32-573.8.1.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================

Package                            Arch                       Version                                Repository                   Size

========================================================================================================================================

Installing:

gcc                                x86_64                     4.4.7-16.el6                           base                         10 M

Installing for dependencies:

cloog-ppl                          x86_64                     0.15.7-1.2.el6                         base                         93 k

cpp                                x86_64                     4.4.7-16.el6                           base                        3.7 M

glibc-devel                        x86_64                     2.12-1.166.el6_7.3                     updates                     986 k

glibc-headers                      x86_64                     2.12-1.166.el6_7.3                     updates                     615 k

kernel-headers                     x86_64                     2.6.32-573.8.1.el6                     updates                     3.9 M

libgomp                            x86_64                     4.4.7-16.el6                           base                        134 k

mpfr                               x86_64                     2.4.1-6.el6                            base                        157 k

ppl                                x86_64                     0.10.2-11.el6                          base                        1.3 M

Updating for dependencies:

glibc                              x86_64                     2.12-1.166.el6_7.3                     updates                     3.8 M

glibc-common                       x86_64                     2.12-1.166.el6_7.3                     updates                      14 M

libgcc                             x86_64                     4.4.7-16.el6                           base                        103 k

Transaction Summary

========================================================================================================================================

Install       9 Package(s)

Upgrade       3 Package(s)

Total download size: 39 M

Downloading Packages:

(1/12): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm                                                                      |  93 kB     00:00     

(2/12): cpp-4.4.7-16.el6.x86_64.rpm                                                                              | 3.7 MB     00:03     

(3/12): gcc-4.4.7-16.el6.x86_64.rpm                                                                              |  10 MB     00:09     

(4/12): glibc-2.12-1.166.el6_7.3.x86_64.rpm                                                                      | 3.8 MB     00:03     

(5/12): glibc-common-2.12-1.166.el6_7.3.x86_64.rpm                                                               |  14 MB     00:13     

(6/12): glibc-devel-2.12-1.166.el6_7.3.x86_64.rpm                                                                | 986 kB     00:00     

(7/12): glibc-headers-2.12-1.166.el6_7.3.x86_64.rpm                                                              | 615 kB     00:00     

(8/12): kernel-headers-2.6.32-573.8.1.el6.x86_64.rpm                                                             | 3.9 MB     00:03     

(9/12): libgcc-4.4.7-16.el6.x86_64.rpm                                                                           | 103 kB     00:00     

(10/12): libgomp-4.4.7-16.el6.x86_64.rpm                                                                         | 134 kB     00:00     

(11/12): mpfr-2.4.1-6.el6.x86_64.rpm                                                                             | 157 kB     00:00     

(12/12): ppl-0.10.2-11.el6.x86_64.rpm                                                                            | 1.3 MB     00:00     

----------------------------------------------------------------------------------------------------------------------------------------

Total                                                                                                   1.0 MB/s |  39 MB     00:38     

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Updating   : libgcc-4.4.7-16.el6.x86_64                                                                                          1/15

Updating   : glibc-2.12-1.166.el6_7.3.x86_64                                                                                     2/15

Updating   : glibc-common-2.12-1.166.el6_7.3.x86_64                                                                              3/15

Installing : libgomp-4.4.7-16.el6.x86_64                                                                                         4/15

Installing : mpfr-2.4.1-6.el6.x86_64                                                                                             5/15

Installing : cpp-4.4.7-16.el6.x86_64                                                                                             6/15

Installing : ppl-0.10.2-11.el6.x86_64                                                                                            7/15

Installing : cloog-ppl-0.15.7-1.2.el6.x86_64                                                                                     8/15

Installing : kernel-headers-2.6.32-573.8.1.el6.x86_64                                                                            9/15

Installing : glibc-headers-2.12-1.166.el6_7.3.x86_64                                                                            10/15

Installing : glibc-devel-2.12-1.166.el6_7.3.x86_64                                                                              11/15

Installing : gcc-4.4.7-16.el6.x86_64                                                                                            12/15

Cleanup    : glibc-2.12-1.132.el6.x86_64                                                                                        13/15

Cleanup    : glibc-common-2.12-1.132.el6.x86_64                                                                                 14/15

Cleanup    : libgcc-4.4.7-4.el6.x86_64                                                                                          15/15

Verifying  : glibc-devel-2.12-1.166.el6_7.3.x86_64                                                                               1/15

Verifying  : libgomp-4.4.7-16.el6.x86_64                                                                                         2/15

Verifying  : glibc-headers-2.12-1.166.el6_7.3.x86_64                                                                             3/15

Verifying  : gcc-4.4.7-16.el6.x86_64                                                                                             4/15

Verifying  : mpfr-2.4.1-6.el6.x86_64                                                                                             5/15

Verifying  : cloog-ppl-0.15.7-1.2.el6.x86_64                                                                                     6/15

Verifying  : kernel-headers-2.6.32-573.8.1.el6.x86_64                                                                            7/15

Verifying  : cpp-4.4.7-16.el6.x86_64                                                                                             8/15

Verifying  : glibc-common-2.12-1.166.el6_7.3.x86_64                                                                              9/15

Verifying  : glibc-2.12-1.166.el6_7.3.x86_64                                                                                    10/15

Verifying  : ppl-0.10.2-11.el6.x86_64                                                                                           11/15

Verifying  : libgcc-4.4.7-16.el6.x86_64                                                                                         12/15

Verifying  : glibc-2.12-1.132.el6.x86_64                                                                                        13/15

Verifying  : glibc-common-2.12-1.132.el6.x86_64                                                                                 14/15

Verifying  : libgcc-4.4.7-4.el6.x86_64                                                                                          15/15

Installed:

gcc.x86_64 0:4.4.7-16.el6                                                                                                             

Dependency Installed:

cloog-ppl.x86_64 0:0.15.7-1.2.el6            cpp.x86_64 0:4.4.7-16.el6                     glibc-devel.x86_64 0:2.12-1.166.el6_7.3   

glibc-headers.x86_64 0:2.12-1.166.el6_7.3    kernel-headers.x86_64 0:2.6.32-573.8.1.el6    libgomp.x86_64 0:4.4.7-16.el6             

mpfr.x86_64 0:2.4.1-6.el6                    ppl.x86_64 0:0.10.2-11.el6                   

Dependency Updated:

glibc.x86_64 0:2.12-1.166.el6_7.3           glibc-common.x86_64 0:2.12-1.166.el6_7.3           libgcc.x86_64 0:4.4.7-16.el6          

Complete!

[root@soysauce queryperf]# ./configure 

checking for gcc... gcc

checking whether the C compiler works... yes

checking for C compiler default output file name... a.out

checking for suffix of executables... 

checking whether we are cross compiling... no

checking for suffix of object files... o

checking whether we are using the GNU C compiler... yes

checking whether gcc accepts -g... yes

checking for gcc option to accept ISO C89... none needed

checking for library containing res_mkquery... no

checking for library containing __res_mkquery... -lresolv

checking for library containing res_9_mkquery... no

checking for socket in -lsocket... no

checking for inet_ntoa in -lnsl... yes

checking for gethostbyname2... yes

checking for getaddrinfo... yes

checking for getnameinfo... yes

checking for socklen_t... yes

checking for sa_len... no

configure: creating ./config.status

config.status: creating Makefile

config.status: creating config.h

[root@soysauce queryperf]# make

gcc  -DHAVE_CONFIG_H -c queryperf.c

gcc  -DHAVE_CONFIG_H  queryperf.o  -lnsl -lresolv  -lm -o queryperf

[root@soysauce queryperf]# ls

config.h     config.log     configure     input     Makefile.in queryperf    queryperf.o  utils

config.h.in config.status  configure.in Makefile  missing      queryperf.c  README

[root@soysauce queryperf]# cp queryperf /bin/

2、使用queryperf进行性能测试

[root@soysauce queryperf]# cd /var/named/

[root@soysauce named]# vim test.named

[root@soysauce named]# queryperf -d test.named -s 172.16.1.111

DNS Query Performance Testing Tool

Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data

[Status] Sending queries (beginning with 172.16.1.111)

[Status] Testing complete

Statistics:

Parse input file:     once

Ended due to:         reaching end of file

Queries sent:         5 queries

Queries completed:    5 queries

Queries lost:         0 queries

Queries delayed(?):   0 queries

RTT max:          0.001431 sec

RTT min:              0.000060 sec

RTT average:          0.000910 sec

RTT std deviation:    0.000472 sec

RTT out of range:     0 queries

Percentage completed: 100.00%

Percentage lost:        0.00%

Started at:           Sat Dec 12 00:15:35 2015

Finished at:          Sat Dec 12 00:15:35 2015

Ran for:              0.001507 seconds

Queries per second:   3317.850033 qps                            # 每秒查询率

 

DNS主从服务,子域授权,view视图,日志系统,压力测试rsync配置