参考文档

http://blog.51cto.com/yichenyang/1911098
http://blog.51cto.com/wubinary/1379595

一、安装

[root@prod-dns-01 etc]# yum -y install bind
[root@prod-dns-01 etc]# rpm -qa |grep bind
bind-9.9.4-61.el7.x86_64
rpcbind-0.2.0-42.el7.x86_64
bind-libs-9.9.4-61.el7.x86_64
bind-utils-9.9.4-61.el7.x86_64
bind-license-9.9.4-61.el7.noarch
bind-libs-lite-9.9.4-61.el7.x86_64
注意hosts文件 [root@prod-dns-01 etc]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.3.36 prod-dns-01 prod-dns-01.test.com prod-dns-01.test.net prod-dns-01.test.bo
172.20.3.37 prod-dns-02 prod-dns-02.test.com prod-dns-02.test.net prod-dns-02.test.bo

二、修改主配置

1、named.conf

[root@prod-dns-01 etc]# cat named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2、named.rfc1912.zones

[root@prod-dns-01 etc]# cat /etc/named.rfc1912.zones
zone "test.net" IN {
type master;
file "test.net.zone";
allow-transfer {127.0.0.1;172.20.3.36;172.20.3.37;};
};
zone "test.com" IN {
type master;
file "test.com.zone";
allow-transfer {127.0.0.1;172.20.3.36;172.20.3.37;};
};
zone "test.bo" IN {
type master;
file "test.bo.zone";
allow-transfer {127.0.0.1;172.20.3.36;172.20.3.37;};
};

3、注意权限

[root@prod-dns-01 named]# ls -lh
total 28K
drwxrwx--- 2 named named 23 Jun 8 13:45 data
drwxrwx--- 2 named named 31 Jun 8 13:56 dynamic
-rw-r----- 1 root named 2.3K May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
-rw-r----- 1 root named 848 Jun 8 14:04 test.bo.zone
-rw-r----- 1 root named 850 Jun 8 14:04 test.com.zone
-rw-r----- 1 root named 850 Jun 8 14:04 test.net.zone

4、检测配置 $TTL为定义的宏，表示下面资源记录ttl的值都为300秒 @符号可代表区域文件/etc/named.conf里面定义的区域名称，即："test.net."。

每个区域的资源记录第一条必须是SOA，SOA后面接DNS服务器的域名和电子邮箱地址，此处电子邮箱地址里的@因为有特殊用途，所以此处要用点号代替。SOA后面小括号里的各值所代表的意义如下所示： IN SOA prod-dns-01.test.net admin.test.net (
1806081510 ;标识序列号，十进制数字，不能超过10位，通常使用日期，年月日时分，代表18年6月8号15点10分修改记录 10M;新时间，即每隔多久到主服务器检查一次，此处为10分钟 5M ;重试时间，应该小于刷新时间，此处为5分钟 1D ;过期时间，此处为1天 2D ;主服务器挂后，从服务器至多工作的时间，此处为2天)

[root@prod-dns-01 named]# named-checkzone "test.net.zone" /var/named/test.net.zone
zone test.net.zone/IN: loaded serial 1806081010
OK

5、添加新A记录

[root@prod-dns-01 named]# vim test.com.zone
[root@prod-dns-01 named]# vim test.bo.zone
[root@prod-dns-01 named]# vim test.net.zone
[root@prod-dns-01 etc]# cat /var/named/test.net.zone
$TTL 300
;
@ IN SOA prod-dns-01.test.net admin.test.net (
1806081550 ; Serial
10M ; Refresh
5M ; Retry
1D ; Expire
2D ; TTL
)
;
IN NS dns1
IN NS dns2
dns1 IN A 172.20.3.36
dns2 IN A 172.20.3.37
;
;
prod-hadoop-master-01 IN A 172.20.3.4
prod-hadoop-master-02 IN A 172.20.3.5
prod-hadoop-data-01 IN A 172.20.3.6
prod-hadoop-data-02 IN A 172.20.3.7
prod-hadoop-data-03 IN A 172.20.3.8
prod-hadoop-data-04 IN A 172.20.3.9
prod-hadoop-data-05 IN A 172.20.3.10
prod-hadoop-data-06 IN A 172.20.3.11
prod-hadoop-data-07 IN A 172.20.3.12
prod-hadoop-data-08 IN A 172.20.3.13

6、配置生效

[root@prod-dns-01 named]# rndc reload
server reload successful

三、测试

[root@prod-hadoop-master-01 ~]# dig -t A prod-hadoop-data-01.test.com @172.20.3.36
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A prod-hadoop-data-01.test.com @172.20.3.36
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39022
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;prod-hadoop-data-01.test.com. IN A
;; ANSWER SECTION:
prod-hadoop-data-01.test.com. 300 IN A 172.20.3.6
;; AUTHORITY SECTION:
test.com. 300 IN NS dns2.test.com.
test.com. 300 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 300 IN A 172.20.3.36
dns2.test.com. 300 IN A 172.20.3.37
;; Query time: 1 msec
;; SERVER: 172.20.3.36#53(172.20.3.36)
;; WHEN: Fri Jun 8 14:05:36 2018
;; MSG SIZE rcvd: 133

四、主从同步

1、dns 从主配置

[root@prod-dns-02 etc]# cat /etc/named.conf
[root@prod-dns-02 etc]# cat /etc/named.rfc1912.zones
zone "test.net" IN {
type slave;
masters { 172.20.3.36; };
file "slaves/test.net.zone";
allow-transfer { none; };
};
zone "test.com" IN {
type slave;
masters { 172.20.3.36; };
file "slaves/test.com.zone";
allow-transfer { none; };
};
zone "test.bo" IN {
type slave;
masters { 172.20.3.36; };
file "slaves/test.bo.zone";
allow-transfer { none; };
};

2、启动dns从配置会同步主的zone文件

[root@prod-dns-02 etc]# ls -ls /var/named/slaves/
[root@prod-dns-02 etc]# systemctl start named.service
[root@prod-dns-02 etc]# systemctl status named.service
[root@prod-dns-02 etc]# ls /var/named/slaves/
test.bo.zone test.com.zone test.net.zone

3、测试dns从的解析

[root@prod-hadoop-master-01 ~]# dig -t A prod-hadoop-data-01.test.com @172.20.3.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A prod-hadoop-data-01.test.com @172.20.3.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6112
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;prod-hadoop-data-01.test.com. IN A
;; ANSWER SECTION:
prod-hadoop-data-01.test.com. 300 IN A 172.20.3.6
;; AUTHORITY SECTION:
test.com. 300 IN NS dns1.test.com.
test.com. 300 IN NS dns2.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 300 IN A 172.20.3.36
dns2.test.com. 300 IN A 172.20.3.37
;; Query time: 3 msec
;; SERVER: 172.20.3.37#53(172.20.3.37)
;; WHEN: Fri Jun 8 14:35:03 2018
;; MSG SIZE rcvd: 133

五、服务开机启动

[root@prod-dns-01 etc]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@prod-dns-02 etc]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

六、压力测试

[root@prod-dns-01 ~]# wget https://www.isc.org/downloads/file/bind-9-9-12/?version=tar-gz
[root@prod-dns-01 ~]# tar zxvf index.html?version=tar-gz
[root@prod-dns-01 queryperf]# cd bind-9.9.12/contrib/queryperf/
[root@prod-dns-01 queryperf]# ./configure
[root@prod-dns-01 queryperf]# make
使用300万书记，qps每秒达到1万以上 [root@prod-dns-01 queryperf]# ./queryperf -d testname.txt -s 172.20.3.37
DNS Query Performance Testing Tool
Version: Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp
[Status] Processing input data
[Status] Sending queries (beginning with 172.20.3.37)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 3034641 queries
Queries completed: 3034641 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.028393 sec
RTT min: 0.000110 sec
RTT average: 0.001711 sec
RTT std deviation: 0.001989 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Fri Jun 8 15:28:33 2018
Finished at: Fri Jun 8 15:33:10 2018
Ran for: 276.930575 seconds
Queries per second: 10958.129127 qps