下载网址:www.isc.org
首选需要安装开发环境,包括openssl等开发包;
解压文件
tar -zxvf bind*.tar.gz
创建named使用的系统用户
groupadd -g 53 -r named
useradd -u 53 -r named
编译安装
cd bind9*
./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named --disable-ipv6 --disable-chroot --enable-threads
放置到指定目录 放置配置文件目录 禁用ipv6 禁用chroot 启用线程编译
make
make install
环境配置
添加path环境变量:vim /etc/profile.d/named.sh ==> export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
重读配置文件:. /etc/profile.d/named.sh
导出库文件:vim /etc/ld.so.conf.d/named.conf ==> /usr/local/bind9/lib
生成库文件搜索路径(可省);ldconfig -v
链接头文件:ln -sv /usr/local/bind9/include /usr/include/named
添加man手册文件路径:vim /etc/man.config(vim /etc/man_db.conf(centos7)) ==> MANPATH /usr/local/bind9/share/man
添加配置文件
mkdir /etc/named
chmod 770 /etc/named
cd /etc/named
vim named.conf
options {
…
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
chown root:named -R /etc/named/
chmod 640 /etc/named/*
mkdir /var/named
chmod 770 /var/named/
cd /var/named
dig -t NS . @server > named.ca (server:互联网上的dns服务器地址,前提需要联网,也可以通过复制或者逐条添加)
vim localhost.zone
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2018110201
1h
900
7d
1d )
@ IN NS localhost.
localhost IN A 127.0.0.1
vim named.local
$TTL 1d
@ IN SOA localhost. admin.localhost. (
2018110201
1h
900
7d
1d )
@ IN NS localhost.
1 IN PTR localhost.
chown root:named -R /var/named/
chmod 640 /var/named/*
RNDC配置:
生成秘钥:rndc-confgen -r /dev/urandom(指明随机数文件)
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "1W4vjerva3CEBn6gDSiODg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
将上述内容添加至/etc/named/rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "1W4vjerva3CEBn6gDSiODg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
将上述内容添加至/etc/named/named.conf
killall named
named -u named
然后就可以使用rndc命令了;
余下的配置就是根据自己的情况来添加域了;
模拟压力测试:
在bind加压文件包(contrib/)里有个queryperf,通过它可以模拟客户端访问你的这台DNS服务器,用于测试性能;
切换到此目录中直接执行./configure即可;
cd /root/bind-9.12.3/contrib/queryperf
./configure
make
cp queryperf /usr/local/bind9/bin
queryperf -d TEST_FILE -s DNS_SERVER
TEST_FILE:为自定义的目录,里面解析的条目越多,测试压力越大;
格式为: 域名 RR
www.guowei.com A
DNS_SERVER:为被测试的DNS服务器地址;
可通过top、vmstat、iostat等命令来查看各种性能;
注:根据马哥视频做的学习笔记,如有错误,欢迎指正;侵删;