利用bind实现内网域名解析走内网默认dns,其他域名解析走公网公共dns或自建dns

2023-06-07 12:20:51 浏览数 (2)

如果是自己配置AD,实现内网域名解析转发太容易了

直接一句命令搞定

代码语言:javascript复制
dnscmd <YourDNSServer> /ZoneAdd tencentyun.com /Forwarder 183.60.82.98 183.60.83.19
例如:
dnscmd localhost /zoneadd tencentyun.com /forwarder 183.60.82.98 183.60.83.19

如果是非AD要用别的DNS,但又不想云平台的内网域名解析不了,那就添加内网域名解析到hosts或者参考如下方法配置。

添加内网域名解析到hosts,如下代码存储为.bat文件执行

代码语言:javascript复制
set datemine=�te:~0,4%�te:~5,2%�te:~8,2%
echo;%time:~0,1%|find " "&&(set timehour=0%time:~1,1%) || (set timehour=%time:~0,2%)
set timeother=%time:~3,2%%time:~6,2%
set filename=�temine%%timehour%%timeother%
copy c:windowssystem32driversetchosts c:windowssystem32driversetc%filename%_hosts

echo.>c:windowssystem32driversetchosts

echo 169.254.0.3  mirrors.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.15  update2.agent.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.4  receiver.barad.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.5  custom.message.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.10.10  metadata.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.23  metadata.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.19  kms.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.54  kms1.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.26  windowsupdate.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.2  ntpupdate.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.79  time1.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.80  time2.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.81  time3.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.82  time4.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.83  time5.tencentyun.com>>  c:windowssystem32driversetchosts

echo 169.254.0.138 notify.tat-tc.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat-tc.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat-tc.tencent.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat-tc.tencent.com.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat.tencent-cloud.com>>  c:windowssystem32driversetchosts
echo 169.254.0.138 notify.tat-tc.tencent.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 notify.tat-tc.tencent.com.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 notify.tat.tencent-cloud.com>>  c:windowssystem32driversetchosts

利用bind实现内网域名解析走内网默认dns,其他域名解析走公网公共dns或自建dns

云平台不允许私搭公网dns,得确保自己搞了dns服务后,公网不能访问53端口才行,因此有必要一开始就在安全组限制公网53端口,只放行内网53端口,安全组参考下图

1、下载BIND(内含dig命令)

https://www.isc.org/download/

请下载9.11.23这个版本(试了9.16版本的不行),9.11版本的链接如下

https://downloads.isc.org/isc/bind9/9.11.23/BIND9.11.23.x64.zip

2、安装BIND

解压后双击其中的

,保持界面默认选择,填写2遍密码(要符合操作系统密码规则,随便填个复杂密码就行)

如果没安装过这个VC库,会出现如下界面提醒你安装,如果已安装过VC库,会是修复VC库的界面,不修复关闭即可,然后进行下面的操作

3、配置环境变量

把C:Program FilesISC BIND 9bin;加到Path开头

也可以通过命令行设置环境变量:https://cloud.tencent.com/developer/article/1938509

后面都是在C:Program FilesISC BIND 9etc目录操作

cd "C:Program FilesISC BIND 9etc"

cd "C:Program FilesISC BIND 9etc"

cd "C:Program FilesISC BIND 9etc"

4、下载root.zone和named.root

https://www.internic.net/zones/root.zone

https://www.internic.net/zones/named.root

下载到C:Program FilesISC BIND 9etc目录

5、新建localhost.zone和localhost.rev

localhost.zone内容如下

$TTL 1D

@ IN SOA localhost. root.localhost. (

1900010101 ; Serial

30800 ; Refresh

7200 ; Retry

604800 ; Expire

300 ) ; Minimum

IN NS localhost.

localhost. IN A 127.0.0.1

localhost.rev内容如下

$TTL 1D

@ IN SOA localhost. root.localhost. (

1900010101 ; Serial

30800 ; Refresh

7200 ; Retry

604800 ; Expire

300 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

6、新建配置文件named.conf

named.conf内容如下

options {

// zone文件的位置

directory "C:Program FilesISC BIND 9etc";

// 在下面的IP地址位置上填写ISP的DNS地址

forwarders {

180.76.76.76;

119.29.29.29;

114.114.114.114;

9.9.9.9;

8.8.8.8;

};

allow-query {

any;

};

};

// 根DNS

zone "." {

type hint;

file "root.zone";

};

// localhost

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

// localhost的反向解析

zone "0.0.127.in-addr.arpa" {

type master;

file "localhost.rev";

};

zone "tencentyun.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "yd.zijiebao.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "zijiebao.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "tencentcs.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "woa.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "tencent-cloud.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "tencent.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "myzijiebao.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

上面黑体的内网DNS地址以这里为准

https://cloud.tencent.com/document/product/213/5225

现在大多数CVM都是VPC机器,VPC的默认内网DNS

183.60.83.19

183.60.82.98

修改默认内网DNS会导致内网域名解析出问题,影响云监控和云安全组件正常工作,还会影响Windows激活等涉及内网域名的服务。named.conf此配置文件旨在实现*.tencentyun.com和*.yd.zijiebao.com走内网DNS解析,其他域名走公网公共DNS解析,这样就兼容了想修改默认DNS的用户需求。

https://cloud.tencent.com/document/product/296/12236

7、打开cmd命令行运行rndc-confgen -a会在etc目录生成rndc.key

如上图6个文件准备好后就可以启动ISC BIND服务了

8、运行services.msc找到ISC BIND,启动此服务

如果报错1067,把登录方式改成“本地系统账户”再启动

9、运行ncpa.cpl打开本地连接,修改默认DNS为127.0.0.1或者服务器的内网IP

10、在cmd命令行用dig验证效果

dig mirrors.tencentyun.com

dig l.yd.zijiebao.com

dig mail.163.com

dig google.com

dig qq.com

dig baidu.com

dig sohu.com

dig localhost

dig -x 127.0.0.1

0 人点赞