dnsperf ってツールで DDNS の負荷もかけられるみたい。
- dnsperf
http://www.nominum.com/resources/measurement-tools
dnsperfって、queryperf の派生なのかなー。
queryperf で DDNSの負荷はかけられないみたい。
まずはDDNSの設定。TSIGなしのちょーシンプル設定
# named -v
BIND 9.7.1-P2
zone "example.com." {
type master;
file "example.com.zone";
allow-update { 0.0.0.0/0; };
};
# less /var/named/example.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
example.com IN SOA ns1.example.com. admin.example.com. (
2010090204 ; serial
3600 ; refresh (1 hour)
3600 ; retry (1 hour)
3600 ; expire (1 hour)
3600 ; minimum (1 hour)
)
NS ns1.example.com.
NS ns2.example.com.
$ORIGIN example.com.
host1 A 192.168.1.1
host10 A 192.168.1.10
host2 A 192.168.1.2
host3 A 192.168.1.3
host4 A 192.168.1.4
host5 A 192.168.1.5
host6 A 192.168.1.6
host7 A 192.168.1.7
host8 A 192.168.1.8
host9 A 192.168.1.9
ns1 A 10.0.0.1
ns2 A 10.0.0.2
[ nsupdate で DDNSできるかチェック。]
# nsupdate
> server 127.1
> update add aa.example.com. 300 a 2.2.2.2
> send
> quit
アップデートできた。
hat2 named[4039]: client 127.0.0.1#48578: updating zone 'example.com/IN': adding an RR at 'aa.example.com' A
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090205)
# dig @127.1 aa.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 aa.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11219
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;aa.example.com. IN A
;; ANSWER SECTION:
aa.example.com. 300 IN A 2.2.2.2
[ dnsperf を使ってDDNS ]
# man dnsperf に、書式の説明がある。
-- man dnsperf 抜粋
CONSTRUCTING A DYNAMIC UPDATE INPUT FILE
To test dynamic update performance, dnsperf is run with the -u option, and
the input file is constructed of blocks of lines describing dynamic update
messages. The first line in a block contains the zone name:
example.com
Subsequent lines contain prerequisites, if there are any. Prerequisites
can specify that a name may or may not exist, an rrset may or may not
exist, or an rrset exists and its rdata matches all specified rdata for
that name and type. The keywords "require" and "prohibit" are followed by
the appropriate information. All relative names are considered to be rela-
tive to the zone name. The following lines show the 5 types of prerequi-
sites.
require a
require a A
require a A 1.2.3.4
prohibit x
prohibit x A
Subsequent lines contain records to be added, records to be deleted,
rrsets to be deleted, or names to be deleted. The keywords "add" or
"delete" are followed by the appropriate information. All relative names
are considered to be relative to the zone name. The following lines show
the 4 types of updates.
add x 3600 A 10.1.2.3
delete y A 10.1.2.3
delete z A
delete w
Each update message is terminated by a line containing the command:
send
--
これにならって、下記の簡単なファイルを用意
# cat ddns.txt
example.com
add x 3600 a 10.1.2.3
send
x.example.com を追加
エラーが。。。
# dnsperf -s 127.1 -d ddns.txt
DNS Performance Testing Tool
Nominum Version 1.0.1.0
[Status] Processing input data
Invalid query input format: example.com
Invalid query type: x 3600 a 10.1.2.3
Invalid query input format: send
Input file contains no queries.
-u オプションが必要みたい。
-u Instructs dnsperf to send DNS dynamic update messages, rather than
queries. The format of the input file is different in this case;
see the "Constructing a dynamic update input file" section for more
details.
again
できた。
# dnsperf -s 127.1 -d ddns.txt -u
DNS Performance Testing Tool
Nominum Version 1.0.1.0
[Status] Processing input data
[Status] Sending updates (to 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Updates sent: 1 updates
Updates completed: 1 updates
Updates lost: 0 updates
Avg request size: 47 bytes
Avg response size: 12 bytes
Percentage completed: 100.00%
Percentage lost: 0.00%
hat2 named[4039]: client 127.0.0.1#58373: updating zone 'example.com/IN': adding an RR at 'x.example.com' A
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090206)
# dig @127.1 x.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 x.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64389
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;x.example.com. IN A
;; ANSWER SECTION:
x.example.com. 3600 IN A 10.1.2.3
delete もできる。
# cat ddns_delete.txt
example.com
delete x
send
# dnsperf -s 127.1 -d ddns_delete.txt -u
hat2 named[4039]: client 127.0.0.1#58980: updating zone 'example.com/IN': delete all rrsets from name 'x.example.com'
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090207)
[ TSIG でのアップデートもテストできるのかな?? ]
TSIGの設定
# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST example.com
Kexample.com.+157+03859
# ls Kexample.com.+157+03859.*
Kexample.com.+157+03859.key Kexample.com.+157+03859.private
HMAC-MD5 を使用しているので鍵フレーズは *.key も *.private も同じ。
どっちを使ってもOK
# cat Kexample.com.+157+03859.* | grep -i key
example.com. IN KEY 512 3 157 MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==
Private-key-format: v1.3
Key: MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==
- named.conf
key "example.com" {
algorithm hmac-md5;
secret "MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==";
};
zone "example.com." {
type master;
file "example.com.zone";
allow-update { key example.com; };
};
nsupdate で動作チェック ( OK )
# nsupdate -k Kexample.com.+157+03859.key
> server 127.1
> update add hello.example.com. 300 a 1.1.1.1
> send
> quit
hat2 named[4261]: client 127.0.0.1#44715: updating zone 'example.com/IN': adding an RR at 'hello.example.com' A
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090208)
# dig @127.1 hello.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 hello.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62949
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;hello.example.com. IN A
;; ANSWER SECTION:
hello.example.com. 300 IN A 1.1.1.1
dnsperf でもできたー
# cat ddns.txt
example.com
add x 3600 a 10.1.2.3
send
# dnsperf -s 127.1 -d ddns.txt -u -y "example.com:MRdMjVnB9H4P1iMiUVlm9TpAyHI
TXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw=="
DNS Performance Testing Tool
Nominum Version 1.0.1.0
[Status] Processing input data
[Status] Sending updates (to 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Updates sent: 1 updates
Updates completed: 1 updates
Updates lost: 0 updates
hat2 named[4261]: client 127.0.0.1#33122: updating zone 'example.com/IN': adding an RR at 'x.example.com' A
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090210)
# dig @127.1 x.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 x.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;x.example.com. IN A
;; ANSWER SECTION:
x.example.com. 3600 IN A 10.1.2.3
deleteもできた
# cat ddns_delete.txt
example.com
delete x
send
hat2 named[4261]: client 127.0.0.1#34341: updating zone 'example.com/IN': delete all rrsets from name 'x.example.com'
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090211)
# dnsperf -s 127.1 -d ddns_delete.txt -u -y "example.com:MRdMjVnB9H4P1iMiUVlm
9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw=="
これでDDNSの負荷試験ができそう。
DDNSでアップデートした情報はすぐにゾーンファイルには反映されず、ジャーナルファイルに記録される。
# ls example.com.zone*
example.com.zone example.com.zone.jnl
- dnsperf
http://www.nominum.com/resources/measurement-tools
dnsperfって、queryperf の派生なのかなー。
queryperf で DDNSの負荷はかけられないみたい。
まずはDDNSの設定。TSIGなしのちょーシンプル設定
# named -v
BIND 9.7.1-P2
zone "example.com." {
type master;
file "example.com.zone";
allow-update { 0.0.0.0/0; };
};
# less /var/named/example.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
example.com IN SOA ns1.example.com. admin.example.com. (
2010090204 ; serial
3600 ; refresh (1 hour)
3600 ; retry (1 hour)
3600 ; expire (1 hour)
3600 ; minimum (1 hour)
)
NS ns1.example.com.
NS ns2.example.com.
$ORIGIN example.com.
host1 A 192.168.1.1
host10 A 192.168.1.10
host2 A 192.168.1.2
host3 A 192.168.1.3
host4 A 192.168.1.4
host5 A 192.168.1.5
host6 A 192.168.1.6
host7 A 192.168.1.7
host8 A 192.168.1.8
host9 A 192.168.1.9
ns1 A 10.0.0.1
ns2 A 10.0.0.2
[ nsupdate で DDNSできるかチェック。]
# nsupdate
> server 127.1
> update add aa.example.com. 300 a 2.2.2.2
> send
> quit
アップデートできた。
hat2 named[4039]: client 127.0.0.1#48578: updating zone 'example.com/IN': adding an RR at 'aa.example.com' A
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090205)
# dig @127.1 aa.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 aa.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11219
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;aa.example.com. IN A
;; ANSWER SECTION:
aa.example.com. 300 IN A 2.2.2.2
[ dnsperf を使ってDDNS ]
# man dnsperf に、書式の説明がある。
-- man dnsperf 抜粋
CONSTRUCTING A DYNAMIC UPDATE INPUT FILE
To test dynamic update performance, dnsperf is run with the -u option, and
the input file is constructed of blocks of lines describing dynamic update
messages. The first line in a block contains the zone name:
example.com
Subsequent lines contain prerequisites, if there are any. Prerequisites
can specify that a name may or may not exist, an rrset may or may not
exist, or an rrset exists and its rdata matches all specified rdata for
that name and type. The keywords "require" and "prohibit" are followed by
the appropriate information. All relative names are considered to be rela-
tive to the zone name. The following lines show the 5 types of prerequi-
sites.
require a
require a A
require a A 1.2.3.4
prohibit x
prohibit x A
Subsequent lines contain records to be added, records to be deleted,
rrsets to be deleted, or names to be deleted. The keywords "add" or
"delete" are followed by the appropriate information. All relative names
are considered to be relative to the zone name. The following lines show
the 4 types of updates.
add x 3600 A 10.1.2.3
delete y A 10.1.2.3
delete z A
delete w
Each update message is terminated by a line containing the command:
send
--
これにならって、下記の簡単なファイルを用意
# cat ddns.txt
example.com
add x 3600 a 10.1.2.3
send
x.example.com を追加
エラーが。。。
# dnsperf -s 127.1 -d ddns.txt
DNS Performance Testing Tool
Nominum Version 1.0.1.0
[Status] Processing input data
Invalid query input format: example.com
Invalid query type: x 3600 a 10.1.2.3
Invalid query input format: send
Input file contains no queries.
-u オプションが必要みたい。
-u Instructs dnsperf to send DNS dynamic update messages, rather than
queries. The format of the input file is different in this case;
see the "Constructing a dynamic update input file" section for more
details.
again
できた。
# dnsperf -s 127.1 -d ddns.txt -u
DNS Performance Testing Tool
Nominum Version 1.0.1.0
[Status] Processing input data
[Status] Sending updates (to 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Updates sent: 1 updates
Updates completed: 1 updates
Updates lost: 0 updates
Avg request size: 47 bytes
Avg response size: 12 bytes
Percentage completed: 100.00%
Percentage lost: 0.00%
hat2 named[4039]: client 127.0.0.1#58373: updating zone 'example.com/IN': adding an RR at 'x.example.com' A
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090206)
# dig @127.1 x.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 x.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64389
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;x.example.com. IN A
;; ANSWER SECTION:
x.example.com. 3600 IN A 10.1.2.3
delete もできる。
# cat ddns_delete.txt
example.com
delete x
send
# dnsperf -s 127.1 -d ddns_delete.txt -u
hat2 named[4039]: client 127.0.0.1#58980: updating zone 'example.com/IN': delete all rrsets from name 'x.example.com'
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090207)
[ TSIG でのアップデートもテストできるのかな?? ]
TSIGの設定
# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST example.com
Kexample.com.+157+03859
# ls Kexample.com.+157+03859.*
Kexample.com.+157+03859.key Kexample.com.+157+03859.private
HMAC-MD5 を使用しているので鍵フレーズは *.key も *.private も同じ。
どっちを使ってもOK
# cat Kexample.com.+157+03859.* | grep -i key
example.com. IN KEY 512 3 157 MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==
Private-key-format: v1.3
Key: MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==
- named.conf
key "example.com" {
algorithm hmac-md5;
secret "MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==";
};
zone "example.com." {
type master;
file "example.com.zone";
allow-update { key example.com; };
};
nsupdate で動作チェック ( OK )
# nsupdate -k Kexample.com.+157+03859.key
> server 127.1
> update add hello.example.com. 300 a 1.1.1.1
> send
> quit
hat2 named[4261]: client 127.0.0.1#44715: updating zone 'example.com/IN': adding an RR at 'hello.example.com' A
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090208)
# dig @127.1 hello.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 hello.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62949
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;hello.example.com. IN A
;; ANSWER SECTION:
hello.example.com. 300 IN A 1.1.1.1
dnsperf でもできたー
# cat ddns.txt
example.com
add x 3600 a 10.1.2.3
send
# dnsperf -s 127.1 -d ddns.txt -u -y "example.com:MRdMjVnB9H4P1iMiUVlm9TpAyHI
TXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw=="
DNS Performance Testing Tool
Nominum Version 1.0.1.0
[Status] Processing input data
[Status] Sending updates (to 127.0.0.1)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Updates sent: 1 updates
Updates completed: 1 updates
Updates lost: 0 updates
hat2 named[4261]: client 127.0.0.1#33122: updating zone 'example.com/IN': adding an RR at 'x.example.com' A
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090210)
# dig @127.1 x.example.com
; <<>> DiG 9.7.1-P2 <<>> @127.1 x.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;x.example.com. IN A
;; ANSWER SECTION:
x.example.com. 3600 IN A 10.1.2.3
deleteもできた
# cat ddns_delete.txt
example.com
delete x
send
hat2 named[4261]: client 127.0.0.1#34341: updating zone 'example.com/IN': delete all rrsets from name 'x.example.com'
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090211)
# dnsperf -s 127.1 -d ddns_delete.txt -u -y "example.com:MRdMjVnB9H4P1iMiUVlm
9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw=="
これでDDNSの負荷試験ができそう。
DDNSでアップデートした情報はすぐにゾーンファイルには反映されず、ジャーナルファイルに記録される。
# ls example.com.zone*
example.com.zone example.com.zone.jnl
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.