登录
当前位置: 首页 > 工具软件 > Knot DNS > 使用案例 >

knot DNS 01 Tips

章远航
2023-12-01

https://www.knot-dns.cz
Knot DNS 是一个高性能的开源权威 DNS 服务器,支持所有 DNS 系统的关键特性, 号称第3个支持完全RFC标准的DNS服务器(另外2个为: BIND & NSD), 并已运行在顶级域名.cz服务器提供服务.

注: knot 3.0 支持 XDP (AF_XDP) 高性能模式, 但是需升级内核到 4.18.x(推荐使用 5.x 内核).

CentOS/RPM packages install

#CentOS-7
wget https://copr.fedorainfracloud.org/coprs/g/cznic/knot-dns-latest/repo/epel-7/group_cznic-knot-dns-latest-epel-7.repo -O /etc/yum.repos.d/knot.repo
#CentOS-8
dnf install epel-release -y
dnf update "kernel*" -y
wget  https://copr.fedorainfracloud.org/coprs/g/cznic/knot-dns-latest/repo/epel-8/group_cznic-knot-dns-latest-epel-8.repo  -O /etc/yum.repos.d/knot.repo
dnf install -y userspace-rcu gnutls lmdb libnghttp2  fstrm protobuf-c libmaxminddb libidn2 libidn lmdb-libs
dnf install -y knot knot-utils

Source code install

Knot 利用 userspace-rcu 库(Linux Kernel Read-Copy-Update (RCU) 用户空间实现版本) 技术消耗更多的内存来加速DNS响应:

userspace-rcu

git clone git://git.liburcu.org/userspace-rcu.git
cd userspace-rcu
./bootstrap
./configure --prefix=/opt/knot
make -j31 install

compile

dnf install -y gnutls-devel  userspace-rcu  lmdb-devel  libnghttp2-devel   protobuf-c-compiler  fstrm-devel   protobuf-c-devel  libmaxminddb-devel
wget https://secure.nic.cz/files/knot-dns/knot-3.0.0.tar.xz
tar -Jxvf knot-3.0.0
cd knot-3.0.0
./autogen.sh
./configure --prefix=/opt/knot --enable-xdp=yes --enable-dnstap
make -j31 install

Configure knot.conf

RPM 安装默认配置路径: /etc/knot/knot.conf
Source code 安装配置路径(–prefix=/opt/knot): /opt/knot/etc/knot.conf

listen:
配置DNS IPv4 & IPv6 监控地址&端口, 默认监听端口53, 监听地址IPv4 127.0.0. IPv6 ::1, 修改为监听任意地址:

listen: [ 0.0.0.1@53, ::@53 ]

log:
配置日志记录方式, 默认为输出syslog, 这里修改为stdout并启用调试(debug).

log:
  - target: stdout
    any: debug

template:
配置域名zone存储路径, 支持bind zone配置文件, 默认为${prefix}/var/lib/knot:

template:
  - id: default
    storage: "/var/lib/knot"
    file: "%s.zone"

zone:
配置域名.

zone:
  - domain: example.com

zone example.com:

$ORIGIN example.com.
$TTL 3600

@	SOA	dns1.example.com. hostmaster.example.com. (
		2010111213	; serial
		6h		; refresh
		1h		; retry
		1w		; expire
		1d )		; minimum

	NS	dns1
	NS	dns2
	MX	10 mail

dns1	A	192.0.2.1
	AAAA	2001:DB8::1

dns2	A	192.0.2.2
	AAAA	2001:DB8::2

mail	A	192.0.2.3
	AAAA	2001:DB8::3

knot.conf完整配置:

# This is a sample of a minimal configuration file for Knot DNS.
# See knot.conf(5) or refer to the server documentation.

server:
    rundir: "/var/run/knot"
    user: knot:knot
    listen: [ 0.0.0.1@53, ::@53 ]

log:
  - target: stdout
    any: debug

database:
    storage: "/var/lib/knot"

remote:
#  - id: slave
#    address: 192.168.1.1@53
#
#  - id: master
#    address: 192.168.2.1@53

acl:
#  - id: acl_slave
#    address: 192.168.1.1
#    action: transfer

#  - id: acl_master
#    address: 192.168.2.1
#    action: notify

template:
  - id: default
    storage: "/var/lib/knot"
    file: "%s.zone"

zone:
#    # Master zone
  - domain: example.com.
#    notify: slave
#    acl: acl_slave

#    # Slave zone
#  - domain: example.net
#    master: master
#    acl: acl_master

Start service

RPM install with systectl:

systemctl restart knot
journalctl -xe
...
-- Unit knot.service has begun starting up.
Sep 26 20:58:25 centos8-43 knotc[2996]: Configuration is valid
Sep 26 20:58:36 centos8-43 knotd[2998]: info: Knot DNS 3.0.0 starting
Sep 26 20:58:36 centos8-43 knotd[2998]: info: loaded configuration file '/etc/knot/knot.conf'
Sep 26 20:58:36 centos8-43 knotd[2998]: info: using reuseport for UDP
Sep 26 20:58:36 centos8-43 knotd[2998]: error: failed to increase RLIMIT_MEMLOCK (Operation not permitted)
Sep 26 20:58:36 centos8-43 knotd[2998]: error: failed to configure server sockets (system error)
Sep 26 20:58:36 centos8-43 knotd[2998]: info: loading 1 zones
Sep 26 20:58:36 centos8-43 knotd[2998]: info: [example.com.] zone will be loaded
Sep 26 20:58:36 centos8-43 knotd[2998]: info: starting server
Sep 26 20:58:36 centos8-43 knotd[2998]: info: [example.com.] zone file parsed, serial 2010111213
Sep 26 20:58:36 centos8-43 knotd[2998]: info: [example.com.] loaded, serial none -> 2010111213, 438 bytes
Sep 26 20:58:36 centos8-43 knotd[2998]: info: server started in the foreground, PID 2998
Sep 26 20:58:36 centos8-43 knotd[2998]: info: control, binding to '/var/run/knot/knot.sock'
Sep 26 20:58:36 centos8-43 systemd[1]: Started Knot DNS server.
-- Subject: Unit knot.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit knot.service has finished starting up.
...

source code install with knotd :

# /opt/knot/sbin/knotd  -v
2020-09-26T20:57:58-0400 debug: module 'mod-cookies', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-dnsproxy', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-geoip', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-noudp', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-onlinesign', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-queryacl', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-rrl', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-stats', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-synthrecord', loaded static
2020-09-26T20:57:58-0400 debug: module 'mod-whoami', loaded static
2020-09-26T20:57:58-0400 info: Knot DNS 3.1.dev starting
2020-09-26T20:57:58-0400 info: loaded configuration file '/opt/knot/etc/knot/knot.conf'
2020-09-26T20:57:58-0400 info: using reuseport for UDP
2020-09-26T20:57:58-0400 info: binding to interface /opt/knot/var/run/knot/0.0.0.0.1@53
2020-09-26T20:57:58-0400 warning: cannot ensure optimal CPU locality for UDP
2020-09-26T20:57:58-0400 info: binding to interface ::@53
2020-09-26T20:57:58-0400 info: changing GID to 985
2020-09-26T20:57:58-0400 info: changing UID to 989
2020-09-26T20:57:58-0400 info: loading 1 zones
2020-09-26T20:57:58-0400 info: [example.com.] zone will be loaded
2020-09-26T20:57:58-0400 info: starting server
2020-09-26T20:57:58-0400 info: [example.com.] zone file parsed, serial 2010111213
2020-09-26T20:57:58-0400 info: [example.com.] loaded, serial none -> 2010111213, 438 bytes
2020-09-26T20:57:58-0400 info: server started in the foreground, PID 2923
2020-09-26T20:57:58-0400 info: control, binding to '/opt/knot/var/run/knot/knot.sock'

Test

[root@centos8-43 ~]# kdig @127.0.0.1 dns1.example.com
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 50048
;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; dns1.example.com.   		IN	A

;; ANSWER SECTION:
dns1.example.com.   	3600	IN	A	192.0.2.1

;; Received 50 B
;; Time 2020-09-26 20:56:20 EDT
;; From 127.0.0.1@53(UDP) in 0.2 ms
[root@centos8-43 ~]# kdig @127.0.0.1 mail.example.com
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 3077
;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; mail.example.com.   		IN	A

;; ANSWER SECTION:
mail.example.com.   	3600	IN	A	192.0.2.3

;; Received 50 B
;; Time 2020-09-26 20:56:28 EDT
;; From 127.0.0.1@53(UDP) in 0.1 ms

Reference

https://lwn.net/Articles/573424/

Knot DNS: A high-performance, authoritative DNS server

Knot DNS official site

 类似资料:

相关阅读

相关文章

相关问答

快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.