顯示具有 DNS 標籤的文章。 顯示所有文章
顯示具有 DNS 標籤的文章。 顯示所有文章

How to dump DNS cache file of BIND9?

之前我們在"如何在 Linux server 上 turn on DNS (BIND) 的 Query logging"的文章中提過 rndc 這個好用的指令,這次也要用到這個小工具來 dump DNS 的 RR cache 資料。

基本上用法很簡單,依據 rndc 的使用說明可以看到如下:
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
所以我們直接敲入 "rndc dumpdb -cache" 就行了,不過產生的 Cache db 檔並不像說明所列的 named_dump.db 而是 cache_dump.db,下面就是範例:
[root@ns1 named]# ls -alrt /var/named/chroot/var/named/data/
total 24
drwxr-x--- 4 named named 12288 Mar 31 12:23 ..
drwxrwx--- 2 named named 4096 Apr 8 13:24 .
[root@ns1 named]#
[root@ns1 named]# rndc dumpdb -cache
[root@ns1 named]# ls -alrt /var/named/chroot/var/named/data/
total 1376
drwxr-x--- 4 named named 12288 Mar 31 12:23 ..
-rw-r--r-- 1 named named 1379904 Apr 8 13:25 cache_dump.db
drwxrwx--- 2 named named 4096 Apr 8 13:25 .
[root@ns1 named]#
以下是 /var/named/chroot/var/named/data/cache_dump.db 檔案開頭的一小部分,僅供參考:
[root@ns1 named]# less /var/named/chroot/var/named/data/cache_dump.db
;
; Start view _default
;
;
; Cache dump of view '_default'
;
$DATE 20100408052518
; glue
ac. 19164 IN NS A.NIC.ac.
19164 IN NS A.NS13.NET.
19164 IN NS B.NIC.ac.
19164 IN NS B.NIC.IO.
19164 IN NS B.NS13.NET.
19164 IN NS NS1.COMMUNITYDNS.NET.
19164 IN NS NS3.ICB.CO.UK.
; glue
A.nic.ac. 19164 A 64.251.31.177
; glue
b.nic.ac. 15120 A 78.104.145.37
; glue
ae. 42322 NS NS1.AEDNS.ae.
42322 NS NS2.AEDNS.ae.
42322 NS SEC3.APNIC.NET.
42322 NS NS-AE.RIPE.NET.
42322 NS SNS-PB.ISC.ORG.
42322 NS NSEXT-PCH.AEDNS.ae.
; glue
NS1.AEDNS.ae. 42322 A 79.98.120.73
; glue
NS2.AEDNS.ae. 42322 A 79.98.121.73
; glue
NSEXT-PCH.AEDNS.ae. 42322 A 199.4.137.1
; glue
42322 AAAA 2001:500:7d::1
; answer
www.google.ae. 25355 CNAME www.google.com.
; authauthority
bittorrent.am. 32399 NS ns1.everydns.net.
32399 NS ns2.everydns.net.
32399 NS ns3.everydns.net.
32399 NS ns4.everydns.net.
; additional
y.am. 28607 NS ns1.mdnsservice.com.
28607 NS ns2.mdnsservice.com.
28607 NS ns3.mdnsservice.com.
; answer
curinfo.an. 40356 MX 0 wabi.curinfo.an.
; glue
AQ. 120558 NS NS1.DNS.AQ.
120558 NS FLAG.EP.NET.
報告完畢。
(詳全文...)

DNS Query Performance Testing Tool -- "queryperf"

這兩天為了測試 DNS server 的 System capacity, 才發現原來還有 "queryperf" 這個小工具,這是 Bind9 內帶的工具,不過我找了一下,雖然我在一開始裝機時就將 Bind9 的相關 package 都安裝了,不過似乎還是沒找到 "queryperf" 的 command...不過沒關係,找不到就直接裝吧...

首先看一下今天的測試環境,這裡有兩台 DNS server,中間都是 2G channel bonding 的網路:
Master DNS server : RHEL 5.2 (bind-9.3.4-6.P1)
Slave DNS server : RHEL 5.1 (bind-9.3.3-7)

首先我們先到 ISC -- Internet Systems Consortium 的 ftp 站 http://ftp.isc.org/isc/bind9/ 去抓 Bind9 Tarbal file : (找自己需要的版本就好)
[root@ns1 opt]# wget http://ftp.isc.org/isc/bind9/9.3.4-P1/bind-9.3.4-P1.tar.gz
--16:58:53-- http://ftp.isc.org/isc/bind9/9.3.4-P1/bind-9.3.4-P1.tar.gz
Resolving ftp.isc.org... 204.152.184.110, 2001:4f8:0:2::18
Connecting to ftp.isc.org|204.152.184.110|:80...

[root@ns2 opt]# wget http://ftp.isc.org/isc/bind9/9.3.3/bind-9.3.3.tar.gz
--16:56:54-- http://ftp.isc.org/isc/bind9/9.3.3/bind-9.3.3.tar.gz
Resolving ftp.isc.org... 204.152.184.110, 2001:4f8:0:2::18
Connecting to ftp.isc.org|204.152.184.110|:80...
抓回來之後,這裡我們擺在 /opt 底下,然後解壓縮 :
[root@ns1 opt]# tar -zxvf bind-9.3.4-P1.tar.gz
[root@ns2 opt]# tar -zxvf bind-9.3.3.tar.gz
接著我們到 /opt/bind-9.3.4-P1/contrib/queryperf/ 目錄下,這裡就是放 queryperf 的位置。
[root@ns1 opt]# cd bind-9.3.4-P1/contrib/queryperf/
再來是 "sh configure" 以及 "make" 來編譯我們要的 queryperf 指令:
[root@ns1 queryperf]# sh configure
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for library containing res_mkquery... -lresolv
checking for socket in -lsocket... no
checking for inet_ntoa in -lnsl... yes
checking for gethostbyname2... yes
checking for getaddrinfo... yes
checking for getnameinfo... yes
checking for socklen_t... yes
checking for sa_len... no
configure: creating ./config.status
config.status: creating Makefile
[root@ns1 queryperf]# make
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_LIBNSL=1 -DHAVE_GETHOSTBYNAME2=1 -DHAVE_GETADDRINFO=1 -DHAVE_GETNAMEINFO=1 -c queryperf.c
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_LIBNSL=1 -DHAVE_GETHOSTBYNAME2=1 -DHAVE_GETADDRINFO=1 -DHAVE_GETNAMEINFO=1 queryperf.o -lnsl -lresolv -lm -o queryperf
[root@ns1 queryperf]#
接著就可以看到產生了一個新的檔案 "queryperf",這就是我們等一下要用到的指令了。
[root@ns1 queryperf]# ls -alrt
total 292
-rw-rw-r-- 1 10132 wheel 2981 Jul 12 2001 README
-rw-rw-r-- 1 10132 wheel 1831 May 13 2004 configure.in
-rwxrwxr-x 1 10132 wheel 97865 May 13 2004 configure
-rw-rw-r-- 1 10132 wheel 603 Jul 20 2004 Makefile.in
-rw-rw-r-- 1 10132 wheel 50279 Jan 5 2006 queryperf.c
drwxrwxr-x 2 10132 wheel 4096 Jun 28 2007 utils
drwxrwxr-x 2 10132 wheel 4096 Mar 30 17:29 missing
drwxrwxr-x 2 10132 wheel 4096 Mar 30 17:29 input
drwxrwxr-x 11 10132 wheel 4096 Mar 30 17:29 ..
-rw-r--r-- 1 root root 791 Mar 30 17:30 Makefile
-rwxr-xr-x 1 root root 19302 Mar 30 17:30 config.status
-rw-r--r-- 1 root root 8188 Mar 30 17:30 config.log
-rw-r--r-- 1 root root 34692 Mar 30 17:30 queryperf.o
-rwxr-xr-x 1 root root 34059 Mar 30 17:30 queryperf
drwxrwxr-x 5 10132 wheel 4096 Mar 30 17:30 .
README 檔案裡面有簡介如何使用,當然也可以用 -h 來秀一下 useage:
[root@ns1 queryperf]# /opt/bind-9.3.4-P1/contrib/queryperf/queryperf -h

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.1.1.2.2.5.4.4 2006/01/05 02:06:09 marka Exp $


Usage: queryperf [-d datafile] [-s server_addr] [-p port] [-q num_queries]
[-b bufsize] [-t timeout] [-n] [-l limit] [-f family] [-1]
[-i interval] [-r arraysize] [-u unit] [-H histfile]
[-T qps] [-e] [-D] [-c] [-v] [-h]
-d specifies the input data file (default: stdin)
-s sets the server to query (default: 127.0.0.1)
-p sets the port on which to query the server (default: 53)
-q specifies the maximum number of queries outstanding (default: 20)
-t specifies the timeout for query completion in seconds (default: 5)
-n causes configuration changes to be ignored
-l specifies how a limit for how long to run tests in seconds (no default)
-1 run through input only once (default: multiple iff limit given)
-b set input/output buffer size in kilobytes (default: 32 k)
-i specifies interval of intermediate outputs in seconds (default: 0=none)
-f specify address family of DNS transport, inet or inet6 (default: any)
-r set RTT statistics array size (default: 50000)
-u set RTT statistics time unit in usec (default: 100)
-H specifies RTT histogram data file (default: none)
-T specify the target qps (default: 0=unspecified)
-e enable EDNS 0
-D set the DNSSEC OK bit (implies EDNS)
-c print the number of packets with each rcode
-v verbose: report the RCODE of each response on stdout
-h print this usage
使用上主要有兩個步驟,第一就是先建立一個 RR 測試檔案,裡面的格式也很簡單,就是:
aaa.com NS
bbb.com MX
ccc.com A
這裡我先建兩個含我內部所有 RR record 的測試檔案:
/opt/querytest_list.txt >> 裡面有 1032 筆 record
/opt/querytest_list2.txt >> 裡面有 519120 筆 record

至於指令的用法也很簡單,就是 "./queryperf -s hostname -d test_file",其中 hostname 是被測試的 DNS server IP address 或 hostname,至於 test_file 就是剛剛編輯的 RR file 囉。

建議是直接裝在 Slave 的機器上,去測試 Master 的機器比較不影響效能,雖然我試完發現差異不太大。這裡我直接示範在 Master server 上跑 queryperf 的結果:

先測試 query 1000 筆 record 的結果:
[root@ns1 named]# /opt/bind-9.3.4-P1/contrib/queryperf/queryperf -s localhost -d /opt/querytest_list.txt

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.1.1.2.2.5.4.4 2006/01/05 02:06:09 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 1030 queries
Queries completed: 1030 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries

RTT max: 0.001296 sec
RTT min: 0.000073 sec
RTT average: 0.000344 sec
RTT std deviation: 0.000116 sec
RTT out of range: 0 queries

Percentage completed: 100.00%
Percentage lost: 0.00%

Started at: Wed Mar 30 20:35:04 2010
Finished at: Wed Mar 30 20:35:04 2010
Ran for: 0.020277 seconds

Queries per second: 50796.468906 qps

[root@ns1 named]#
再先測試 query 519120 筆 record 的結果:
[root@ns1 named]# /opt/bind-9.3.4-P1/contrib/queryperf/queryperf -s localhost -d /opt/querytest_list2.txt

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.1.1.2.2.5.4.4 2006/01/05 02:06:09 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 127.0.0.1)
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 519120 queries
Queries completed: 519120 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries

RTT max: 0.002820 sec
RTT min: 0.000042 sec
RTT average: 0.000382 sec
RTT std deviation: 0.000085 sec
RTT out of range: 0 queries

Percentage completed: 100.00%
Percentage lost: 0.00%

Started at: Wed Mar 30 20:36:31 2010
Finished at: Wed Mar 30 20:36:41 2010
Ran for: 10.158483 seconds

Queries per second: 51102.118299 qps

[root@ns1 named]#
最後是在 Slave server 上跑 queryperf 去測試 Master server,先測試 query 1000 筆 record 的結果:
[root@ns2 slaves]# /opt/bind-9.3.3/contrib/queryperf/queryperf -s ns1 -d /opt/querytest_list.txt

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.1.1.2.2.5.4.4 2006/01/05 02:06:09 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with xx.xx.xx.1)
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 1030 queries
Queries completed: 1030 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries

RTT max: 0.000572 sec
RTT min: 0.000128 sec
RTT average: 0.000339 sec
RTT std deviation: 0.000049 sec
RTT out of range: 0 queries

Percentage completed: 100.00%
Percentage lost: 0.00%

Started at: Wed Mar 30 20:42:17 2010
Finished at: Wed Mar 3 20:42:17 2010
Ran for: 0.018820 seconds

Queries per second: 54729.011690 qps

[root@ns2 slaves]#
再先測試 query 519120 筆 record 的結果:
[root@ns2 slaves]# /opt/bind-9.3.3/contrib/queryperf/queryperf -s ns1 -d /opt/querytest_list2.txt

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.1.1.2.2.5.4.4 2006/01/05 02:06:09 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with xx.xx.xx.1)
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 519120 queries
Queries completed: 519120 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries

RTT max: 0.000818 sec
RTT min: 0.000059 sec
RTT average: 0.000330 sec
RTT std deviation: 0.000044 sec
RTT out of range: 0 queries

Percentage completed: 100.00%
Percentage lost: 0.00%

Started at: Wed Mar 30 20:42:51 2010
Finished at: Wed Mar 30 20:43:00 2010
Ran for: 9.113103 seconds

Queries per second: 56964.131756 qps

[root@ns2 slaves]#
這裡我將 Master DNS server 的 IP 馬賽克起來了...由上面的結果可以看的出來,在這一台機器上的每秒最大查詢數量大約在 5萬6千筆左右,以上,報告完畢。

------------------------------------------------------------------------------------
2010/03/31 補充資料:

再查了一下資料發現其實 Bind9 內建的小工具應該是 dnsperf/resperf 才對,用法跟 queryperf 幾乎一樣,有興趣可以參考一下下面的網頁:

Linux Certif - Man dnsperf(1)
Linux Certif - Man resperf(1)

這裡附上一個測試結果以供比較:
[root@ns2 slaves]# /usr/local/nom/bin/dnsperf -s ns1 -d /opt/querytest_list2.txt

DNS Performance Testing Tool

Nominum Version 1.0.1.0

[Status] Processing input data
[Status] Sending queries (to 113.21.80.1)
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 519120 queries
Queries completed: 519120 queries
Queries lost: 0 queries

Avg request size: 52 bytes
Avg response size: 136 bytes

Percentage completed: 100.00%
Percentage lost: 0.00%

Started at: Wed Mar 31 14:59:03 2010
Finished at: Wed Mar 31 14:59:13 2010
Ran for: 9.362073 seconds

Queries per second: 55449.257873 qps

[root@ns2 slaves]#
補充完畢~
(詳全文...)

如何在 Linux server 上 turn on DNS (BIND) 的 Query logging?

在 Linux server 上開 BIND DNS service 後,發現似乎在系統的 LOG 檔案 /var/log/messages 裡面只看的到 named service 的啟動/停止訊息,卻看不到一些 Client 端 Query 的 Log,這對初期的 named 設定上來說實在是有些困擾,幸好 BIND 的 utility 中包含一個好用的工具,那就是 rndc,他有很多好用的功能可以用來細部控制 BIND,不過這裡我們只測試一下它 Turn on query logging 的功能:

首先,這裡我們的環境是 RHEL5.2 + BIND 9.3.4:
接著,我們看一下 rndc 有哪些 option 可用:
接下來就簡單了,想要 Turn on query logging 的功能,就使用下面的指令吧:
[root@ns1 named]# rndc querylog
我們來看一下系統的紀錄檔吧:
現在已經開始產生 Client query 的紀錄了。

接下來,再下一次剛剛的指令就可以 Turn off query logging 的功能了:
[root@ns1 named]# rndc querylog
我們再看一次系統的紀錄檔吧:
果然已經停止記錄了~
(詳全文...)

要怎麼在 RHEL 5 上面架 DNS server 啊?

最近裝的幾台機器都是 RHEL5 的,而 RHEL5 跟之前用的 RHEL4 在架設 DNS Server 的時候,差異還真是不小啊,預設的 Zone files 和 Configuration file 呢?阿怎麼都找不到啊?該不是還要我自己一個檔一個檔的產生吧?當然不會啦,原來是一般安裝沒有裝到 system-config-bind, bind 及 bind-chroot 套件罷了,好吧,那就一步一步來吧~

步驟1. 先安裝一下相關的套件囉:
1-1. 安裝 system-config-bind 套件來產生 named.conf 範例檔:
[root@KHCDNSS02 ~]# yum install system-config-bind
1-2. 安裝 bind 及 bind-chroot 套件
[root@KHCDNSS02 ~]# yum groupinstall "DNS Name Server"

步驟2. 再來就是複製相關的檔案到 Bind Chroot 目錄 /var/named/chroot/ 下:
2-1. 先複製 named.conf 範例檔:
[root@KHCDNSS02 ~]# cp -p /usr/share/system-config-bind/profiles/default/named.conf /var/named/chroot/etc/
2-2. 複製相關 zone files 範例檔至 bind chroot 目錄下:
[root@KHCDNSS02 ~]# cp -p /usr/share/system-config-bind/profiles/default/named/* /var/named/chroot/var/named/
2-3. 複製 bind root 檔至 bind chroot 目錄下:
[root@KHCDNSS02 ~]# cp -p /usr/share/doc/bind-9.3.3/sample/var/named/named.root /var/named/chroot/var/named/
2-4. 把 owner 更改為 named:
[root@KHCDNSS02 ~]# chown -R named /var/named/chroot
2-5. 最後再把 named.conf 建立連結到 /etc 下:
[root@KHCDNSS02 ~]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
步驟3. 再來就是開始編輯 named.conf 檔的內容了:
[root@KHCDNSS02 ~]#vi /var/named/chroot/etc/named.conf
步驟4. 最後是新增需要用的網域正反解的 zone files 囉~

當然,如果也可以用圖形化的介面來配置 DNS 啦,點擊面版上的 System > Administration > Server Settings > Domain Name System 如下圖所示:進去之後便可以看到圖形化的配置畫面囉,剩下的就是慢慢設定了:
註解一下:為了不要每次切換到 zone files 所在的區域時都要敲一大串字,所以決定偷懶設定個 alias 如下:1. 編輯一下 ~/.bashrc 檔:
[root@KHCDNSS02 chroot]# vi ~/.bashrc
2. 加入下面這一行:
alias cdn='cd /var/named/chroot/var/named/; echo -n "Current PATH : ";pwd'
3. 登出再登入一次,測試一下 cdn 這個指令:
[root@KHCDNSS02 chroot]# cdn
Current PATH : /var/named/chroot/var/named
[root@KHCDNSS02 named]# ls -al
total 64
drwxr-x--- 4 named named 4096 Mar 4 22:20 .
drwxr-x--- 6 named named 4096 Feb 19 05:20 ..
drwxrwx--- 2 named named 4096 Aug 26 2004 data
-rw-r--r-- 1 named root 208 Mar 4 22:20 localdomain.zone
-rw-r--r-- 1 named root 195 Mar 4 22:20 localhost.zone
-rw-r--r-- 1 named root 427 Mar 4 22:20 named.broadcast
-rw-r--r-- 1 named root 1266 Mar 4 22:20 named.conf
-rw-r--r-- 1 named root 424 Mar 4 22:20 named.ip6.local
-rw-r--r-- 1 named root 426 Mar 4 22:20 named.local
-rw-r--r-- 1 named root 1892 Mar 4 22:13 named.root
-rw-r--r-- 1 named root 427 Mar 4 22:20 named.zero
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
[root@KHCDNSS02 named]#
這樣很方便吧~
(詳全文...)