lost and found ( for me ? )

dnsperf : DNS Dynamic Update ( DDNS )

dnsperf ってツールで DDNS の負荷もかけられるみたい。

- dnsperf

http://www.nominum.com/resources/measurement-tools

dnsperfって、queryperf の派生なのかなー。
queryperf で DDNSの負荷はかけられないみたい。

まずはDDNSの設定。TSIGなしのちょーシンプル設定

# named -v
BIND 9.7.1-P2

zone "example.com." {
       type master;
       file "example.com.zone";
       allow-update { 0.0.0.0/0; };
};

# less /var/named/example.com.zone
$ORIGIN .
$TTL 3600       ; 1 hour
example.com             IN SOA  ns1.example.com. admin.example.com. (
                               2010090204 ; serial
                               3600       ; refresh (1 hour)
                               3600       ; retry (1 hour)
                               3600       ; expire (1 hour)
                               3600       ; minimum (1 hour)
                               )
                       NS      ns1.example.com.
                       NS      ns2.example.com.
$ORIGIN example.com.
host1                   A       192.168.1.1
host10                  A       192.168.1.10
host2                   A       192.168.1.2
host3                   A       192.168.1.3
host4                   A       192.168.1.4
host5                   A       192.168.1.5
host6                   A       192.168.1.6
host7                   A       192.168.1.7
host8                   A       192.168.1.8
host9                   A       192.168.1.9
ns1                     A       10.0.0.1
ns2                     A       10.0.0.2

[ nsupdate で DDNSできるかチェック。]

# nsupdate
> server 127.1
> update add aa.example.com. 300 a 2.2.2.2
> send
> quit

アップデートできた。

hat2 named[4039]: client 127.0.0.1#48578: updating zone 'example.com/IN': adding an RR at 'aa.example.com' A
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090205)

# dig @127.1 aa.example.com

; <<>> DiG 9.7.1-P2 <<>> @127.1 aa.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11219
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;aa.example.com.                        IN      A

;; ANSWER SECTION:
aa.example.com.         300     IN      A       2.2.2.2

[ dnsperf を使ってDDNS ]

# man dnsperf に、書式の説明がある。

-- man dnsperf 抜粋

 CONSTRUCTING A DYNAMIC UPDATE INPUT FILE
      To test dynamic update performance, dnsperf is run with the -u option, and
      the input file is constructed of blocks of lines describing dynamic update
      messages.  The first line in a block contains the zone name:

                      example.com

      Subsequent  lines  contain prerequisites, if there are any.  Prerequisites
      can specify that a name may or may not exist, an  rrset  may  or  may  not
      exist,  or  an  rrset exists and its rdata matches all specified rdata for
      that name and type. The keywords "require" and "prohibit" are followed  by
      the appropriate information. All relative names are considered to be rela-
      tive to the zone name. The following lines show the 5 types  of  prerequi-
      sites.

                      require a
                      require a A
                      require a A 1.2.3.4
                      prohibit x
                      prohibit x A

      Subsequent  lines  contain  records  to  be  added, records to be deleted,
      rrsets to be deleted, or names  to  be  deleted.  The  keywords  "add"  or
      "delete"  are  followed by the appropriate information. All relative names
      are considered to be relative to the zone name. The following  lines  show
      the 4 types of updates.

                      add x 3600 A 10.1.2.3
                      delete y A 10.1.2.3
                      delete z A
                      delete w

      Each update message is terminated by a line containing the command:

                      send

--

これにならって、下記の簡単なファイルを用意

# cat ddns.txt
example.com
add x 3600 a 10.1.2.3
send

x.example.com を追加

エラーが。。。

# dnsperf -s 127.1 -d ddns.txt

DNS Performance Testing Tool

Nominum Version 1.0.1.0

[Status] Processing input data
Invalid query input format: example.com
Invalid query type: x 3600 a 10.1.2.3
Invalid query input format: send
Input file contains no queries.

-u オプションが必要みたい。

     -u     Instructs dnsperf to send DNS dynamic update messages, rather  than
             queries.  The  format  of the input file is different in this case;
             see the "Constructing a dynamic update input file" section for more
             details.

again

できた。

# dnsperf -s 127.1 -d ddns.txt -u

DNS Performance Testing Tool

Nominum Version 1.0.1.0

[Status] Processing input data
[Status] Sending updates (to 127.0.0.1)
[Status] Testing complete

Statistics:

 Parse input file:     once
 Ended due to:         reaching end of file

 Updates sent:         1 updates
 Updates completed:    1 updates
 Updates lost:         0 updates

 Avg request size:     47 bytes
 Avg response size:    12 bytes

 Percentage completed: 100.00%
 Percentage lost:        0.00%

hat2 named[4039]: client 127.0.0.1#58373: updating zone 'example.com/IN': adding an RR at 'x.example.com' A
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090206)

# dig @127.1 x.example.com

; <<>> DiG 9.7.1-P2 <<>> @127.1 x.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64389
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.example.com.                 IN      A

;; ANSWER SECTION:
x.example.com.          3600    IN      A       10.1.2.3

delete もできる。

# cat ddns_delete.txt
example.com
delete x
send

# dnsperf -s 127.1 -d ddns_delete.txt -u

hat2 named[4039]: client 127.0.0.1#58980: updating zone 'example.com/IN': delete all rrsets from name 'x.example.com'
hat2 named[4039]: zone example.com/IN: sending notifies (serial 2010090207)

[ TSIG でのアップデートもテストできるのかな?? ]

TSIGの設定

# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST example.com
Kexample.com.+157+03859

# ls Kexample.com.+157+03859.*
Kexample.com.+157+03859.key  Kexample.com.+157+03859.private

HMAC-MD5 を使用しているので鍵フレーズは *.key も *.private も同じ。
どっちを使ってもOK

# cat Kexample.com.+157+03859.* | grep -i key
example.com. IN KEY 512 3 157 MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==
Private-key-format: v1.3
Key: MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==

- named.conf

key "example.com" {
       algorithm hmac-md5;
       secret "MRdMjVnB9H4P1iMiUVlm9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw==";
};

zone "example.com." {
       type master;
       file "example.com.zone";
       allow-update { key example.com; };
};

nsupdate で動作チェック ( OK )

# nsupdate -k Kexample.com.+157+03859.key
> server 127.1
> update add hello.example.com. 300 a 1.1.1.1
> send
> quit

hat2 named[4261]: client 127.0.0.1#44715: updating zone 'example.com/IN': adding an RR at 'hello.example.com' A
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090208)

# dig @127.1 hello.example.com

; <<>> DiG 9.7.1-P2 <<>> @127.1 hello.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62949
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;hello.example.com.             IN      A

;; ANSWER SECTION:
hello.example.com.      300     IN      A       1.1.1.1

dnsperf でもできたー

# cat ddns.txt
example.com
add x 3600 a 10.1.2.3
send

# dnsperf -s 127.1 -d ddns.txt -u -y "example.com:MRdMjVnB9H4P1iMiUVlm9TpAyHI
TXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw=="

DNS Performance Testing Tool

Nominum Version 1.0.1.0

[Status] Processing input data
[Status] Sending updates (to 127.0.0.1)
[Status] Testing complete

Statistics:

 Parse input file:     once
 Ended due to:         reaching end of file

 Updates sent:         1 updates
 Updates completed:    1 updates
 Updates lost:         0 updates

hat2 named[4261]: client 127.0.0.1#33122: updating zone 'example.com/IN': adding an RR at 'x.example.com' A
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090210)

# dig @127.1 x.example.com

; <<>> DiG 9.7.1-P2 <<>> @127.1 x.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.example.com.                 IN      A

;; ANSWER SECTION:
x.example.com.          3600    IN      A       10.1.2.3

deleteもできた

# cat ddns_delete.txt
example.com
delete x
send

hat2 named[4261]: client 127.0.0.1#34341: updating zone 'example.com/IN': delete all rrsets from name 'x.example.com'
hat2 named[4261]: zone example.com/IN: sending notifies (serial 2010090211)

# dnsperf -s 127.1 -d ddns_delete.txt -u -y "example.com:MRdMjVnB9H4P1iMiUVlm
9TpAyHITXHfZWeB96I+Lff4CX+ENsm75wYs5 JXrAqix7G+ok3HW1Kf/y+7+eUm7MEw=="

これでDDNSの負荷試験ができそう。

DDNSでアップデートした情報はすぐにゾーンファイルには反映されず、ジャーナルファイルに記録される。

# ls example.com.zone*
example.com.zone  example.com.zone.jnl

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.