如来神掌第一式第十一招----DNS详解
###############################################################################
#
Name : Mahavairocana
#
Author : Mahavairocana
#
QQ : 10353512
#
WeChat : shenlan-qianlan
#
Blog : http://www.cnblogs.com/Mahavairocana/
#
Description : You are welcome to reprint, or hyperlinks to indicate the
#
source of the article, as well as author
information.
###############################################################################
一、域名解析过程
1.在浏览器中输入www.qq.com域名,操作系统会先检查自己本地的hosts文件是否有这个网址映射关系,如果有,就先调用这个IP地址映射,完成域名解析。
2.如果hosts里没有这个域名的映射,则查找本地DNS解析器缓存,是否有这个网址映射关系,如果有,直接返回,完成域名解析。
3.如果hosts与本地DNS解析器缓存都没有相应的网址映射关系,首先会找TCP/IP参数中设置的首选DNS服务器,在此我们叫它本地DNS服务器,此服务器收到查询时,如果要查询的域名,包含在本地配置区域资源中,则返回解析结果给客户机,完成域名解析,此解析具有权威性。
4.如果要查询的域名,不由本地DNS服务器区域解析,但该服务器已缓存了此网址映射关系,则调用这个IP地址映射,完成域名解析,此解析不具有权威性。
5.如果本地DNS服务器本地区域文件与缓存解析都失效,则根据本地DNS服务器的设置(是否设置转发器)进行查询,如果未用转发模式,本地DNS就把请求发至 “根DNS服务器”,“根DNS服务器”收到请求后会判断这个域名(.com)是谁来授权管理,并会返回一个负责该顶级域名服务器的一个IP。本地DNS服务器收到IP信息后,将会联系负责.com域的这台服务器。这台负责.com域的服务器收到请求后,如果自己无法解析,它就会找一个管理.com域的下一级DNS服务器地址(qq.com)给本地DNS服务器。当本地DNS服务器收到这个地址后,就会找qq.com域服务器,重复上面的动作,进行查询,直至找到www.qq.com主机。
6.如果用的是转发模式,此DNS服务器就会把请求转发至上一级DNS服务器,由上一级服务器进行解析,上一级服务器如果不能解析,或找根DNS或把转请求转至上上级,以此循环。不管是本地DNS服务器用是是转发,还是根提示,最后都是把结果返回给本地DNS服务器,由此DNS服务器再返回给客户机。
二、术语详解
1、递归查询与迭代查询
1.1 主机向本地域名服务器的查询一般都是采用递归查询。
所谓递归查询就是:如果主机所询问的本地域名服务器不知道被查询的域名的IP地址,那么本地域名服务器就以DNS客户的身份,
向其它根域名服务器继续发出查询请求报文(即替主机继续查询),而不是让主机自己进行下一步查询。
因此,递归查询返回的查询结果或者是所要查询的IP地址,或者是报错,表示无法查询到所需的IP地址。
1.2 本地域名服务器向根域名服务器的查询的迭代查询。
迭代查询的特点:当根域名服务器收到本地域名服务器发出的迭代查询请求报文时,要么给出所要查询的IP地址,要么告诉本地服务器:“你下一步应当向哪一个域名服务器进行查询”。
然后让本地服务器进行后续的查询。根域名服务器通常是把自己知道的顶级域名服务器的IP地址告诉本地域名服务器,让本地域名服务器再向顶级域名服务器查询。
顶级域名服务器在收到本地域名服务器的查询请求后,要么给出所要查询的IP地址,要么告诉本地服务器下一步应当向哪一个权限域名服务器进行查询。
最后,知道了所要解析的IP地址或报错,然后把这个结果返回给发起查询的主机
总结: 1、客户端-本地dns服务端:这部分属于递归查询。
2、本地dns服务端---外网:这部分属于迭代查询。
3、递归查询时,返回的结果只有两种:查询成功或查询失败.
4、迭代查询,又称作重指引,返回的是最佳的查询点或者主机地址.
2、解析类型
正向解析:域名到IP
反向解析:IP到域名
3、主-辅DNS服务器:
主DNS服务器:维护所负责解析的域数据库的那台服务器;读写操作均可进行;
从DNS服务器:从主DNS服务器那里或其它的从DNS服务器那里“复制”一份解析库;但只能进行读操作;
三、配置详解
主配置文件:
1、 /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; // 监听53号端口 listen-on port 53 { any; }; // 监听所有的53号端口,此处可以根据需要设置需要监听的IP listen-on-v6 port 53 { ::1; }; // 监听IPv6 directory "/var/named"; //默认配置文件目录 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; forwarders {202.38.64.1;202.39.64.7;}; // 设置转发(如果本DNS服务器无法解析,就转发其他DNS服务器) allow-query { localhost; }; // 只允许本地的查询 allow-query { any; }; // 允许所有的查询 recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; // 根DNS服务器的列表 }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
四、场景测试
1、缓存dns 配置
[root@master ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.37.130;}; //本机地址 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; //是否允许做递归查询 recursion yes; //dnssec-enable yes; //dnssec-validation yes; /* Path to ISC DLV key */ //bindkeys-file "/etc/named.iscdlv.key"; //managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
2、主DNS 名称服务器配置(加zone);
/etc/named.rfc1912.zones zone "Mahavairocana.com" IN { type master; file "Mahavairocana.com.zone"; }; [root@master ~]# cat /var/named/Mahavairocana.com.zone #取决于主配置文件named.conf directory "/var/named" $TTL 1D @ IN SOA @ Mahavairocana.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 www IN A 8.8.8.8 ftp IN CNAME WWW
3、配置反向解析
vim /etc/named.rfc1912.zones zone "37.168.192.in-addr.arpa" IN { type master; file "192.168.37.zone"; }; [root@master named]# cat /var/named/192.168.37.zone $TTL 1D @ IN SOA ns1.mahavairocana.com. admin.mahavairocana.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.mahavairocana.com. 11 IN PTR xxx.mahavairocana.com. 12 IN PTR xx.mahavairocana.com. 13 IN PTR x.mahavairocana.com. named-checkconf service named restart rndc status ##查看number of zones:是否增加 查看解析 [root@work ~]# host -t PTR 192.168.37.11 192.168.37.130 Using domain server: Name: 192.168.37.130 Address: 192.168.37.130#53 Aliases: Host 11.37.168.192.in-addr.arpa not found: 2(SERVFAIL) [root@work ~]# host -t PTR 192.168.37.11 192.168.37.130 Using domain server: Name: 192.168.37.130 Address: 192.168.37.130#53 Aliases: 11.37.168.192.in-addr.arpa domain name pointer xxx.mahavairocana.com.
4、配置主从(需要注意,一定要创建跟从服务器对于的ns记录,否则无法完成同步 任何时候都不要编辑从服务器的文件,主dns修改内容会立即同步到从服务器,单必须将序列号+1)
1、编辑主配置文件,同master一致; 2、在/etc/named.rfc1912.zones 添加如下内容 zone "Mahavairocana.com" IN { type slave; //状态 masters {192.168.37.130;}; //从哪台服务器同步 file "slaves/Mahavairocana.com.zone"; //同步后的文件存放到哪里,(注意权限) }; zone "37.168.192.in-addr.arpa" IN { type slave; masters {192.168.37.130;}; file "slaves/192.168.37.zone"; }; 3、重启即可在slaves下看到相关配置文件; [root@work ~]# ls -l /var/named/slaves/ total 8 -rw-r--r--. 1 named named 428 Jan 2 03:44 192.168.37.zone -rw-r--r--. 1 named named 419 Jan 2 03:44 Mahavairocana.com.zone
4、查看传输记录
[root@work ~]# tail /var/log/messages
Jan 2 03:44:05 work named[2180]: transfer of '37.168.192.in-addr.arpa/IN' from 192.168.37.130#53: connected using 192.168.37.131#45116
Jan 2 03:44:05 work named[2180]: zone 37.168.192.in-addr.arpa/IN: transferred serial 0
Jan 2 03:44:05 work named[2180]: transfer of '37.168.192.in-addr.arpa/IN' from 192.168.37.130#53: Transfer completed: 1 messages, 6 records, 214 bytes, 0.001 secs (214000 bytes/sec)
Jan 2 03:44:05 work named[2180]: zone Mahavairocana.com/IN: Transfer started.
Jan 2 03:44:05 work named[2180]: transfer of 'Mahavairocana.com/IN' from 192.168.37.130#53: connected using 192.168.37.131#34310
Jan 2 03:44:05 work named[2180]: zone Mahavairocana.com/IN: transferred serial 0
Jan 2 03:44:05 work named[2180]: transfer of 'Mahavairocana.com/IN' from 192.168.37.130#53: Transfer completed: 1 messages, 9 records, 236 bytes, 0.001 secs (236000 bytes/sec)
5、主从复制注意事项
1、应该为一台独立的名称服务器;
2、主服务器的区域解析库文件必须有一条NS记录指向从服务器;
3、从服务器只需要定义区域,而无需提供解析库文件,解析库文件应该放置于/var/named/slaves/目录
4、主服务器得允许从服务器作区域传送;
5、主从服务器时间应该同步,可以通过ntp进行;
6、bind程序的版本应该保持一直,否则,应该从高,主低;
5、配置dns全局转发;
[root@work ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { any; }; recursion yes; forward first; forwarders {192.168.37.131;}; //转发到该地址 // dnssec-enable yes; // dnssec-validation yes; /* Path to ISC DLV key */ ///bindkeys-file "/etc/named.iscdlv.key"; //managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
6、区域转发;
zone "shenlanqianlan.com" IN { type forward; forward only; forwarders {192.168.37.131;}; };
转发的时候,dnssec不能开启,除非获取互联网认真的dns密钥才可以;
7、安全相关
bind中基础的安全相关的配置: acl: 把一个或多个地址归并为一个集合,并通过一个统一的名称调用; acl acl_name { ip; ip; net/prelen; }; 示例: acl mynet { 172.16.0.0/16; } bind有四个内置的acl: none: 没有一个主机; any: 任意主机; local: 本机; localnet: 本机的IP同掩码运算后得到的网络地址; 注意:只能先定义,后使用;因此,其一般定义在配置文件中options的前面; 访问控制的指令: allow-query {}: 允许查询的主机;白名单; allow-transfer {}:允许区域传送的主机;白名单; allow-recursion {}: 允许递归的主机; allow-update {}: 允许更新区域数据库中的内容;
8、智能DNS
智能DNS的原理很简单:在用户解析一个域名的时候,判断一下用户的IP,然后跟DNS服务器内部的IP表匹配一下,看看用户是电信还是网通用户,然后给用户返回对应的IP地址。 目前智能DNS的实现主要有两种方式,一种是使用F5公司的BIG-IP GTM,另一种是使用bind自带的view来实现。bind是一款开源程序,利用其自带的view可轻松实现智能DNS功能,
其功能、性能都很好,一台普通配置的服务器,可每秒可处理2-4千查询请求。1.生成ACL文件 根据http://ispip.clangcn.com/提供的运营商IP地址段我们分别生成如下格式的ACL文件: acl "chinanet" { 1.0.1.0/24; 1.0.2.0/23; 1.0.8.0/21; ...... 223.240.0.0/13; 223.255.252.0/23; }; #EOF 生成如下几份ACL文件: 中国电信 /etc/acl/chinanet 中国联通 /etc/acl/unicom 中国移动 /etc/acl/cmcc 中国铁通 /etc/acl/crtc 中国教育网 /etc/acl/cernet 以上包含常见运营商的IP地址段,但当如果用户的IP不在这些地址段里面,如何解析了?所以还需要一个默认的ACL,以上都不匹配的情况下走这个ACL: 默认 /etc/acl/default acl "default" { any; }; #EOF ACL处理完了,下面生成TSIG共享秘钥。 2.TSIG共享秘钥 Transaction signatures (TSIG) 通常是一种确保DNS消息安全,并提供安全的服务器与服务器之间通讯(通常是在主从服务器之间)的机制,T可以保护以下类型的DNS服务器:Zone转换,Notify,动态升级更新,递归查询邮件。我们可以通过TSIG来判断view以更新zone数据库。 使用如下命令来生成密钥: /home/slim/bind/sbin/dnssec-keygen -a HMAC-MD5 -b 256 -n HOST testkey dnssec-keygen:用来生成更新密钥。 -a HMAC-MD5:采用HMAC-MD5加密算法。 -b 128:生成的密钥长度为128位。 -n USER testkey:密钥的用户名为testkey,testkey我们制定为view名称,如:chinanet,unicom 例如:/home/slim/bind/sbin/dnssec-keygen -a HMAC-MD5 -b 256 -n HOST chinanet 生成Kchinanet.+157+35249.key和Kchinanet.+157+35249.private cat Kchinanet.+157+35249.private [plain] view plain copy Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Key: CY6utSC4XLxG/agUSL5jJcmSH+s5jDNi/uTanl4AJXY= Bits: AAA= Created: 20150421131828 Publish: 20150421131828 Activate: 20150421131828 取出里面的Key生成如下TSIG文件:/etc/key/chinanet [plain] view plain copy key "chinanet" { algorithm hmac-md5; secret "gbfozgBJ38KJomvaTrYaXuCldA7pYM0Hw3XVZM1tR3s="; }; 按照如上方式创建其他viewTSIG文件。 3.配置文件 1)view配置 vi /etc/view.conf [plain] view plain copy include "/etc/acl/unicom"; include "/etc/acl/chinanet"; include "/etc/acl/cmcc"; include "/etc/acl/crtc"; include "/etc/acl/cernet"; include "/etc/acl/default"; view unicom { match-clients { key unicom; unicom; }; include "/etc/key/unicom"; allow-transfer { permit_transfer; }; include "/etc/base.conf"; }; view chinanet { match-clients { key chinanet; chinanet; }; include "/etc/key/chinanet"; allow-transfer { permit_transfer; }; include "/etc/base.conf"; }; view cmcc { match-clients { key cmcc; cmcc; }; include "/etc/key/cmcc"; allow-transfer { permit_transfer; }; include "/etc/base.conf"; }; view crtc { match-clients { key crtc; crtc; }; include "/etc/key/crtc"; allow-transfer { permit_transfer; }; include "/etc/base.conf"; }; view cernet { match-clients { key cernet; cernet; }; include "/etc/key/cernet"; allow-transfer { permit_transfer; }; include "/etc/base.conf"; }; view default { match-clients { key default; default; }; include "/etc/key/default"; allow-transfer { permit_transfer; }; include "/etc/base.conf"; }; 配置说明: * acl过滤至上而下,所以default需要放在最后 * match-clients指定匹配的TSIG key,以及ACL,里面的参数是OR的关系 * allow-transfer 主辅通过限制,其中值为在named.conf 配置的ACL:permit_transfer * 最后引入根、localhost的zone配置 其中引入的/etc/base.conf配置: [plain] view plain copy zone "." IN { type hint; file "/var/named/root.zone"; }; zone "localhost" IN { type master; file "/var/named/localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "/var/named/localhost.rev"; }; 2)主配置named.conf [plain] view plain copy key "rndc-key" { algorithm hmac-md5; secret "etMaaS+O06WFFUHxKAaTXA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options{ listen-on port 53{ any; }; version "slimsmart-dns v1.0"; directory "/var/named"; pid-file "/var/run/named.pid"; session-keyfile "/var/run/session.key"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion yes; allow-new-zones yes; allow-query{ any; }; allow-query-cache{ any; }; }; logging { channel default_syslog { syslog daemon; severity info; }; channel default_log { file "/var/named/data/named.run"; severity dynamic; }; category default { default_syslog; default_log; }; channel query_log { file "/var/named/log/query.log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category queries { query_log; }; channel general_log { file "/var/named/log/general_log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category general { general_log; }; channel notify_log { file "/var/named/log/notify.log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category notify { notify_log; }; channel xfer_in_log { file "/var/named/log/xfer_in.log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category xfer-in { xfer_in_log; }; channel xfer_out_log { file "/var/named/log/xfer_out.log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category xfer-out { xfer_out_log; }; channel update_log { file "/var/named/log/update.log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update_log; }; channel unmatched_log { file "/var/named/log/unmatched.log" versions 1 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category unmatched { unmatched_log; }; }; acl permit_transfer { none; }; acl permit_allow_update { any; }; include "/etc/view.conf"; 配置已经完毕。我们可以通过rndc添加、删除zone和nsupdate添加删除解析记录。
子区域授权
主域:192.168.37.130 名字:Mahavairocana.com 子域:192.168.37.131 名字:xxx.Mahavairocana.com 两个都是虚拟机,桥接; 主域和子域主机/etc/named.conf均为: options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no; // dnssec-lookaside auto; /* Path to ISC DLV key */ // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 主域/etc/named.rfc1912.zones: zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "Mahavairocana.com" IN { type master; file "Mahavairocana.com.zone"; }; 主域/var/named/ Mahavairocana.com.zone文件: $TTL 1D $ORIGIN Mahavairocana.com. @ IN SOA ns1.Mahavairocana.com. admin.Mahavairocana.com. ( 2015020201 1H 5M 3D 1D) IN NS ns1 ns1 IN A 192.168.37.130 * IN A 192.168.37.130 xxx IN NS ns1.xxx ns1.xxx IN A 192.168.37.131 子域/etc/named.rfc1912.zones: zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "xxx.Mahavairocana.com" IN { type master; file "xxx.Mahavairocana.com.zone"; }; zone "Mahavairocana.com" IN { type forward; forward only; forwarders { 192.168.37.130; }; }; 子域/var/named/xxx.Mahavairocana.com.zone: @ IN SOA ns1.xxx.Mahavairocana.com. admin.xxx.Mahavairocana.com. ( 2016020201 1H 5M 3D 1D ) IN NS ns1 ns1 IN A 192.168.37.131 * IN A 192.168.146.28 www IN A 192.168.146.28 在主域主机上 dig -t A www.xxx.Mahavairocana.com @192.168.37.130 可以解析成功; 在子域主机上 dig -t A www.Mahavairocana.com @192.168.37.131的结果为: 复制代码 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t A www.Mahavairocana.com @192.168.37.131 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53180 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.Mahavairocana.com. IN A ;; Query time: 2 msec ;; SERVER: 192.168.37.131#53(192.168.37.131) ;; WHEN: Mon Feb 8 13:22:40 2016 ;; MSG SIZE rcvd: 31 复制代码
小技巧:
1、使用named-checkconf检查bind语法是否正确;
1.检查主配置文件:直接执行named-checkconf
2、检查区域配置文件:执行named-checkzone "Mahavairocana.com" /var/named/Mahavairocana.com.zone
2、使用dig 查看解析过程
[root@master ~]# dig -t A baidu.com +trace ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A baidu.com +trace ;; global options: +cmd 1、找根 . 150906 IN NS l.root-servers.net. . 150906 IN NS h.root-servers.net. . 150906 IN NS a.root-servers.net. . 150906 IN NS i.root-servers.net. . 150906 IN NS k.root-servers.net. . 150906 IN NS f.root-servers.net. . 150906 IN NS c.root-servers.net. . 150906 IN NS d.root-servers.net. . 150906 IN NS m.root-servers.net. . 150906 IN NS g.root-servers.net. . 150906 IN NS e.root-servers.net. . 150906 IN NS j.root-servers.net. . 150906 IN NS b.root-servers.net. ;; Received 228 bytes from 114.114.114.114#53(114.114.114.114) in 307 ms 2、找com com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 487 bytes from 199.7.83.42#53(199.7.83.42) in 295 ms 3、找百度 baidu.com. 172800 IN NS dns.baidu.com. baidu.com. 172800 IN NS ns2.baidu.com. baidu.com. 172800 IN NS ns3.baidu.com. baidu.com. 172800 IN NS ns4.baidu.com. baidu.com. 172800 IN NS ns7.baidu.com. ;; Received 197 bytes from 192.55.83.30#53(192.55.83.30) in 334 ms 4、得到结果 baidu.com. 600 IN A 111.13.101.208 baidu.com. 600 IN A 123.125.114.144 baidu.com. 600 IN A 220.181.57.217 baidu.com. 86400 IN NS ns7.baidu.com. baidu.com. 86400 IN NS ns4.baidu.com. baidu.com. 86400 IN NS ns2.baidu.com. baidu.com. 86400 IN NS ns3.baidu.com. baidu.com. 86400 IN NS dns.baidu.com. ;; Received 245 bytes from 202.108.22.220#53(202.108.22.220) in 6 ms
3、DNS压力测试
1. 测试环境准备 为保准测试结果准确性,建议分别使用独立节点作为测试方与被测试方。 测试前,从测试节点向被测节点发送DNS请求,保证DNS请求可达。 2. 测试数据准备 从以加载的 RecordSets 中选取一定数据的记录作为被测试数据。 选取目标数据的 RecordSets 2项属性: NAME TYPE 例如: 通过手工创建文本文件,按照以上格式生成测试数据文件, www.baidu.com A 3. 执行测试 (1) 拷贝测试程序 dnsperf 至测试节点,并增加文件可执行权限 (2) 拷贝测试数据集文件至测试节点(例如 querydb),并增加文件读权限 (3) 执行测试 $ dnsperf -d querydb -s ${DNS_SERVER_IP} -n 10 参数说明: -s 目标 DNS SERVER IP 地址 -n 测试数据集执行次数
posted on 2018-01-01 21:39 Mahavairocana 阅读(715) 评论(0) 编辑 收藏 举报
