一、双网络智能解析域名
[root@test named]# vi /etc/named.conf
acl telecom {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { telecom; };
};
view telecom {
match-clients { telecom; };
zone "jacktest.com" IN {
type master ;
file "telecom.jacktest.com.zone";
};
};
view unicom {
match-clients { any ; }; #any为上面telecom匹配不到则匹配,对外网络
zone "jacktest.com" IN {
type master ;
file "unicom.jacktest.com.zone";
};
};
[root@test named]# vi telecom.jacktest.com.zone
$TTL 43200
@ IN SOA ns1.jacktest.com. admin.jacktest.com. (
2016122001
1H
10M
7D
1D )
IN NS ns1
IN NS mail
ns1 IN A 192.168.1.3
mail IN A 192.168.1.12
www IN A 192.168.1.13
[root@test named]# named-checkconf #查看是否有语法错误
[root@test named]# chgrp named telecom.jacktest.com.zone
[root@test named]# chmod 640 telecom.jacktest.com.zone
[root@test named]# cp -p telecom.jacktest.com.zone unicom.jacktest.com.zone
[root@test named]# ll
total 44
-rw-r----- 1 root named 316 Dec 16 10:22 192.168.1.zone
drwxrwx--- 2 named named 4096 Dec 18 04:02 data
drwxrwx--- 2 named named 4096 Dec 13 14:58 dynamic
-rw-r----- 1 root named 457 Dec 17 08:56 jacktest.com.zone
-rw-r----- 1 root named 1892 Feb 18 2008 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Dec 13 15:48 slaves
-rw-r----- 1 root named 202 Dec 20 09:57 telecom.jacktest.com.zone
-rw-r----- 1 root named 202 Dec 20 09:57 unicom.jacktest.com.zone
[root@test named]# vi unicom.jacktest.com.zone
[root@test named]# service named restart
$TTL 43200
@ IN SOA ns1.jacktest.com. admin.jacktest.com. (
2016122001
1H
10M
7D
1D )
IN NS ns1
IN NS mail
ns1 IN A 192.168.1.3
mail IN A 10.16.1.16
www IN A 10.16.1.17
验证:
[root@test named]# dig -t A www.jacktest.com @192.168.1.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A www.jacktest.com @192.168.1.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47766
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.jacktest.com. IN A
;; ANSWER SECTION:
www.jacktest.com. 43200 IN A 192.168.1.13
;; AUTHORITY SECTION:
jacktest.com. 43200 IN NS ns1.jacktest.com.
jacktest.com. 43200 IN NS mail.jacktest.com.
;; ADDITIONAL SECTION:
ns1.jacktest.com. 43200 IN A 192.168.1.3
mail.jacktest.com. 43200 IN A 192.168.1.12
;; Query time: 1 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Tue Dec 20 10:01:25 2016
;; MSG SIZE rcvd: 119
[root@test named]# dig -t A www.jacktest.com @110.19.131.209
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A www.jacktest.com @110.19.131.209
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50618
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.jacktest.com. IN A
;; ANSWER SECTION:
www.jacktest.com. 43200 IN A 10.16.1.17
;; AUTHORITY SECTION:
jacktest.com. 43200 IN NS ns1.jacktest.com.
jacktest.com. 43200 IN NS mail.jacktest.com.
;; ADDITIONAL SECTION:
ns1.jacktest.com. 43200 IN A 192.168.1.3
mail.jacktest.com. 43200 IN A 10.16.1.16
;; Query time: 1 msec
;; SERVER: 110.19.131.209#53(110.19.131.209)
;; WHEN: Tue Dec 20 10:06:46 2016
;; MSG SIZE rcvd: 119
C:\Users\Administrator>nslookup
預設伺服器: ppp-wj-dc01.js.pcebg.com
Address: 110.19.131.3
> server 110.19.131.209
預設伺服器: [110.19.131.209]
Address: 110.19.131.209
> set q=A
> www.jacktest.com
伺服器: [110.19.131.209]
Address: 110.19.131.209
名稱: www.jacktest.com
Address: 10.16.1.17
二、同时解析多个域名
[root@test named]# vim a.net.zone
$TTL 43200
@ IN SOA ns1.a.net. admin.a.net. (
2016122001
1H
10M
3D
1D )
IN NS ns1
ns1 IN A 192.168.100.1
www IN A 192.168.100.100
[root@test named]# vi /etc/named.conf
acl telecom {
192.168.1.0/24;
127.0.0.0/8;
};
acl telecom {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { telecom; };
};
view telecom {
match-clients { telecom; };
zone "jacktest.com" IN {
type master ;
file "telecom.jacktest.com.zone";
};
zone "a.net" IN {
type master;
file "a.net.zone";
};
};
view unicom {
match-clients { any ; };
zone "jacktest.com" IN {
type master ;
file "unicom.jacktest.com.zone";
};
zone "a.net" IN {
type master;
file "a.net.zone";
};
};
验证:
[root@test named]# dig -t A www.a.net @192.168.1.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-21.P2.el5 <<>> -t A www.a.net @192.168.1.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34498
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.a.net. IN A
;; ANSWER SECTION:
www.a.net. 43200 IN A 192.168.100.100
;; AUTHORITY SECTION:
a.net. 43200 IN NS ns1.a.net.
;; ADDITIONAL SECTION:
ns1.a.net. 43200 IN A 192.168.100.1
;; Query time: 1 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Tue Dec 20 13:25:39 2016
;; MSG SIZE rcvd: 77
C:\Users\Administrator>nslookup
> www.a.net
伺服器: [10.109.131.209]
Address: 10.109.131.209
名稱: www.a.net
Address: 192.168.100.100
[root@test named]# vi /etc/named.conf
options {
directory "/var/named";
allow-recursion { telecom; };
querylog yes; #新增此行
};
[root@test named]# tail /var/log/messages
Dec 20 13:42:21 test named[21395]: command channel listening on 127.0.0.1#953
Dec 20 13:42:21 test named[21395]: zone jacktest.com/IN/telecom: loaded serial 2016122001
Dec 20 13:42:21 test named[21395]: zone a.net/IN/telecom: loaded serial 2016122001
Dec 20 13:42:21 test named[21395]: zone jacktest.com/IN/unicom: loaded serial 2016122001
Dec 20 13:42:21 test named[21395]: zone a.net/IN/unicom: loaded serial 2016122001
Dec 20 13:42:21 test named[21395]: running
Dec 20 13:42:21 test named[21395]: zone jacktest.com/IN/telecom: sending notifies (serial 2016122001)
Dec 20 13:42:21 test named[21395]: zone jacktest.com/IN/unicom: sending notifies (serial 2016122001)
Dec 20 13:43:13 test named[21395]: client 192.168.1.5#45743: view telecom: query: www.jacktest.com IN A + (192.168.1.3)
Dec 20 13:43:56 test named[21395]: client 192.168.1.5#39783: view telecom: query: www.a.net IN A + (192.168.1.3)
三、日志
logging {
channel querylog {
file "/var/log/named/bind_query.log" versions 5 ;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { querylog; };
};
[root@test named]# tail bind_query.log
20-Dec-2016 15:32:23.451 info: client 192.168.1.5#13891: view telecom: query: 1.168.192.in-addr.arpa IN SOA -E (192.168.1.3)
20-Dec-2016 15:39:40.682 info: client 192.168.1.5#10884: view telecom: query: 1.168.192.in-addr.arpa IN SOA -E (192.168.1.3)
20-Dec-2016 15:41:36.075 info: client 192.168.1.5#37186: view telecom: query: www.a.net IN A + (192.168.1.3)
20-Dec-2016 15:41:38.569 info: client 192.168.1.5#36758: view telecom: query: www.jacktest.com IN A + (192.168.1.3)
20-Dec-2016 15:45:36.840 info: client 192.168.1.5#52730: view telecom: query: www.a.net IN A + (192.168.1.3)
20-Dec-2016 15:45:39.035 info: client 192.168.1.5#39810: view telecom: query: www.jacktest.com IN A + (192.168.1.3)
20-Dec-2016 15:46:21.421 client 192.168.1.5#34619: view telecom: query: www.jacktest.com IN A + (192.168.1.3)
20-Dec-2016 15:46:28.241 client 192.168.1.5#59006: view telecom: query: www.a.net IN A + (192.168.1.3)
三、DNS传输日志
[root@test named]# vi /etc/named.conf
logging {
channel query_log {
file "/var/log/named/bind_query.log" versions 5 ;
severity dynamic;
print-time yes;
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 5 size 10k ;
severity debug 3;
print-time yes ;
};
category queries { query_log; };
category xfer-out { xfer_log; };
[root@jacktest ~]# dig -t axfr jacktest.com @192.168.1.3
[root@test named]# pwd
/var/log/named
[root@test named]# ls
bind_query.log bind_query.log.0 bind_query.log.1 transfer.log
[root@test named]# tail transfer.log
20-Dec-2016 16:04:09.827 client 192.168.1.5#43601: view telecom: transfer of 'jacktest.com/IN': AXFR started
20-Dec-2016 16:04:09.828 client 192.168.1.5#43601: view telecom: transfer of 'jacktest.com/IN': AXFR ended
四、查询压力测试
4.1. dnstop安装:
[root@test dnstop-20110502]# yum list all | grep curses
ncurses.i386 5.5-24.20060715 installed
ncurses-devel.i386 5.5-24.20060715 installed
[root@test dnstop-20110502]# yum list all | grep cap
libcap.i386 1.10-26 installed
libpcap.i386 14:0.9.4-14.el5 installed
libpcap-devel.i386 14:0.9.4-14.el5 installed
libtermcap.i386 2.0.8-46.1 installed
mailcap.noarch 2.1.23-1.fc6 installed
termcap.noarch 1:5.5-1.20060701.1 installed
4.2. bind-9.7.4安装:
[root@test ~]# tar xf bind-9.7.4.tar.gz
[root@test ~]# cd bind-9.7.4
[root@test bind-9.7.4]# cd contrib/
[root@test contrib]# ls
dbus dlz idn linux named-bootconf nanny nslint-2.1a3 pkcs11-keygen query-loc-0.4.0 queryperf sdb zkt
[root@test contrib]# cd queryperf/
[root@test queryperf]# ls
config.h.in configure configure.in input Makefile.in missing queryperf.c README utils
[root@test queryperf]# yum install make gcc
Package 1:make-3.81-3.el5.i386 already installed and latest version
Package gcc-4.1.2-46.el5.i386 already installed and latest version
Nothing to do
[root@test queryperf]# ./configure
[root@test queryperf]# make
gcc -DHAVE_CONFIG_H -c queryperf.c
gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf
[root@test queryperf]# ls
config.h config.log configure input Makefile.in queryperf queryperf.o utils
config.h.in config.status configure.in Makefile missing queryperf.c README
[root@test queryperf]# cp queryperf /bin/
[root@test queryperf]# queryperf -h
[root@test ~]# vi test.txt
www.jacktest.com A
jacktest.com NS
jacktest.com MX
mail.jacktest.com A
ns1.jacktest.com A
haha.jacktest.com A
imap.jacktest.com A
4.3. 查询压力测试
[root@test ~]# queryperf -d test.txt -s 192.168.1.3
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007-09-05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 192.168.1.3)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 22464 queries
Queries completed: 22464 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.009905 sec
RTT min: 0.000960 sec
RTT average: 0.002667 sec
RTT std deviation: 0.000483 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Wed Dec 21 14:36:23 2016
Finished at: Wed Dec 21 14:36:26 2016
Ran for: 3.026632 seconds
Queries per second: 7422.111443 qps
附:
bind-9.7.4下载地址: http://ftp.lip6.fr/pub/networking/dns/bind/9.7.4/
dnstop下载地址: http://dns.measurement-factory.com/tools/dnstop/src/
---end---
转载于:https://blog.51cto.com/wangfx/1884755
291
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
