利用bind实现内网域名解析走内网默认dns，其他域名解析走公网公共dns或自建dns

如果是自己配置AD，实现内网域名解析转发太容易了

直接一句命令搞定

dnscmd <YourDNSServer> /ZoneAdd tencentyun.com /Forwarder 183.60.82.98 183.60.83.19
例如：
dnscmd localhost /zoneadd tencentyun.com /forwarder 183.60.82.98 183.60.83.19

如果是非AD要用别的DNS，但又不想云平台的内网域名解析不了，那就添加内网域名解析到hosts或者参考如下方法配置。

添加内网域名解析到hosts，如下代码存储为.bat文件执行

set datemine=%date:~0,4%%date:~5,2%%date:~8,2%
echo;%time:~0,1%|find " "&&(set timehour=0%time:~1,1%) || (set timehour=%time:~0,2%)
set timeother=%time:~3,2%%time:~6,2%
set filename=%datemine%%timehour%%timeother%
copy c:\windows\system32\drivers\etc\hosts c:\windows\system32\drivers\etc\%filename%_hosts

echo.>c:\windows\system32\drivers\etc\hosts

echo 169.254.0.3  mirrors.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.15  update2.agent.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.4  receiver.barad.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.5  custom.message.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.10.10  metadata.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.23  metadata.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.19  kms.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.54  kms1.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.26  windowsupdate.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.2  ntpupdate.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.79  time1.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.80  time2.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.81  time3.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.82  time4.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.83  time5.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts

echo 169.254.0.138 notify.tat-tc.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 invoke.tat-tc.tencentyun.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 invoke.tat-tc.tencent.cn>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 invoke.tat-tc.tencent.com.cn>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 invoke.tat.tencent-cloud.com>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 notify.tat-tc.tencent.cn>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 notify.tat-tc.tencent.com.cn>>  c:\windows\system32\drivers\etc\hosts
echo 169.254.0.138 notify.tat.tencent-cloud.com>>  c:\windows\system32\drivers\etc\hosts

利用bind实现内网域名解析走内网默认dns，其他域名解析走公网公共dns或自建dns

云平台不允许私搭公网dns，得确保自己搞了dns服务后，公网不能访问53端口才行，因此有必要一开始就在安全组限制公网53端口，只放行内网53端口，安全组参考下图

1、下载BIND（内含dig命令）

https://www.isc.org/download/

请下载9.11.23这个版本（试了9.16版本的不行），9.11版本的链接如下

https://downloads.isc.org/isc/bind9/9.11.23/BIND9.11.23.x64.zip

2、安装BIND

解压后双击其中的

，保持界面默认选择，填写2遍密码（要符合操作系统密码规则，随便填个复杂密码就行）

如果没安装过这个VC库，会出现如下界面提醒你安装，如果已安装过VC库，会是修复VC库的界面，不修复关闭即可，然后进行下面的操作

3、配置环境变量

把C:\Program Files\ISC BIND 9\bin;加到Path开头

也可以通过命令行设置环境变量：https://cloud.tencent.com/developer/article/1938509

后面都是在C:\Program Files\ISC BIND 9\etc目录操作

cd "C:\Program Files\ISC BIND 9\etc"

cd "C:\Program Files\ISC BIND 9\etc"

cd "C:\Program Files\ISC BIND 9\etc"

4、下载root.zone和named.root

https://www.internic.net/zones/root.zone

https://www.internic.net/zones/named.root

下载到C:\Program Files\ISC BIND 9\etc目录

5、新建localhost.zone和localhost.rev

localhost.zone内容如下

$TTL 1D

@ IN SOA localhost. root.localhost. (

1900010101 ; Serial

30800 ; Refresh

7200 ; Retry

604800 ; Expire

300 ) ; Minimum

IN NS localhost.

localhost. IN A 127.0.0.1

localhost.rev内容如下

$TTL 1D

@ IN SOA localhost. root.localhost. (

1900010101 ; Serial

30800 ; Refresh

7200 ; Retry

604800 ; Expire

300 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

6、新建配置文件named.conf

named.conf内容如下

options {

// zone文件的位置

directory "C:\Program Files\ISC BIND 9\etc";

// 在下面的IP地址位置上填写ISP的DNS地址

forwarders {

180.76.76.76;

119.29.29.29;

114.114.114.114;

9.9.9.9;

8.8.8.8;

};

allow-query {

any;

};

};

// 根DNS

zone "." {

type hint;

file "root.zone";

};

// localhost

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

// localhost的反向解析

zone "0.0.127.in-addr.arpa" {

type master;

file "localhost.rev";

};

zone "tencentyun.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "yd.qcloud.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "qcloud.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "tencentcs.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "woa.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "tencent-cloud.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "tencent.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

zone "myqcloud.com" {

type forward;

forwarders { 183.60.83.19; 183.60.82.98; };

};

上面黑体的内网DNS地址以这里为准

https://cloud.tencent.com/document/product/213/5225

现在大多数CVM都是VPC机器，VPC的默认内网DNS

183.60.83.19

183.60.82.98

修改默认内网DNS会导致内网域名解析出问题，影响云监控和云安全组件正常工作，还会影响Windows激活等涉及内网域名的服务。named.conf此配置文件旨在实现*.tencentyun.com和*.yd.qcloud.com走内网DNS解析，其他域名走公网公共DNS解析，这样就兼容了想修改默认DNS的用户需求。

https://cloud.tencent.com/document/product/296/12236

7、打开cmd命令行运行rndc-confgen -a会在etc目录生成rndc.key

如上图6个文件准备好后就可以启动ISC BIND服务了

8、运行services.msc找到ISC BIND，启动此服务

如果报错1067，把登录方式改成“本地系统账户”再启动

9、运行ncpa.cpl打开本地连接，修改默认DNS为127.0.0.1或者服务器的内网IP

10、在cmd命令行用dig验证效果

dig mirrors.tencentyun.com

dig l.yd.qcloud.com

dig mail.163.com

dig google.com

dig qq.com

dig baidu.com

dig sohu.com

dig localhost

dig -x 127.0.0.1