自建DNS服务器使用二级域名转发内网服务器

1.1,安装DNS服务

[[email protected] ~]# yum install bind bind-bind-libs

1.2,修改/etc/named.conf配置文件

[[email protected] ~]#vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

//      listen-on port 53 { 127.0.0.1; };//开启监听端口53，接受任意IP连接

//      listen-on-v6 port 53 { ::1; };//支持IP V6

directory       "/var/named";//所有的正向反向区域文件都在这个目录下创建

dump-file       "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

//      allow-query     { localhost; };//允许IP查询

/*

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

*/

recursion yes;

dnssec-enable no;

dnssec-validation no;

/* Path to ISC DLV key */

//      bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";

//      pid-file "/run/named/named.pid";

//      session-keyfile "/run/named/session.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

注：注释掉以上信息

启动DNS服务

[[email protected] ~]#systemctl start named.service

查看端口是否启用

[[email protected] ~]#ss -tunl | grep :53

1.3，编辑/etc/named.rfc1912.zones配置文件，在文件尾部添加以下行

[[email protected] ~]#vim /etc/named.rfc1912.zones

zone ".yaok.com" IN {

type master;

file "local.yaok.com.zone";

};

重读配置文件

[[email protected] ~]#rndc reload

查看DNS状态

[[email protected] ~]#rndc status

2.4编辑/var/named/local.yaok.com.zone 配置文件

[[email protected] ~]# vim /var/named/yaok.com.zone

$ORIGIN .

$TTL 3600 ; 1 hour

yaok.com IN SOA yaok.com. root.yaok.com. (

2008010101 ; serial

300        ; refresh (5 minutes)

7200       ; retry (2 hours)

2419200    ; expire (4 weeks)

2592000    ; minimum (4 weeks 2 days)

)

NS ns1.yaok.com.

A 182.92.188.24

MX 10 yaok.com.

$ORIGIN yaok.com.

* CNAME yaok.com.

ns1 A 192.1.68.0.49

git A 192.168.0.49

maven A    192.168.0.49

jenkins A 192.168.0.49

保存退出，以上的三级域名就可以正常访问了

注意：需要到路由器把主DNS服务器填写成DNS服务器地址
特别感谢SAM大哥对我无私的帮助，解决了我很多工作难题！