AWS域名解析器模型: ==================================================================================== 外网域名 /| | | AWS DNS 172.31.0.2 //通过cat /etc/resolv.conf 可以查看到 /| | | bind9 /| | | 内网EC2实例(通过dhpc指向bind9域名解析服务器) ==================================================================================== //安装bind9 sudo apt-get install bind9 //新建配置 /etc/bind/zone-internal-sa/db.dns /etc/bind/zone-internal-sa/db.reverse-dns //修改bind9配置文件 sudo vi /etc/bind/named.conf.local //针对内网DNS域名解析 ==================================================================================== // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "internal-sa" { type master; file "/etc/bind/zone-internal-sa/db.dns"; //正向 }; zone "172.in-addr.arpa" { type master; notify no; file "/etc/bind/zone-internal-sa/db.reverse-dns"; //反向 }; sudo vi /etc/bind/named.conf.options //针对外网DNS解析 ==================================================================================== options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 172.31.0.2; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; //重启bind9服务 sudo service bind9 restart //DHCP(Dynamic Host Configuration Protocol)配置(用bind9做DNS域名解析) sudo vi /etc/dhcp/dhclient.conf ==================================================================================== # Configuration file for /sbin/dhclient, which is included in Debian's # dhcp3-client package. # # This is a sample configuration file for dhclient. See dhclient.conf's # man page for more information about the syntax of this file # and a more comprehensive list of the parameters understood by # dhclient. # # Normally, if the DHCP server provides reasonable information and does # not leave anything out (like the domain name, for example), then # few changes must be made to this file, if any. # option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; #send host-name "andare.fugue.com"; send host-name = gethostname(); #send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; #send dhcp-lease-time 3600; #supersede domain-name "fugue.com home.vix.com"; #prepend domain-name-servers 127.0.0.1; prepend domain-name-servers 172.31.17.29; prepend domain-name "internal-sa "; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers, dhcp6.fqdn, dhcp6.sntp-servers; #require subnet-mask, domain-name-servers; #timeout 60; #retry 60; #reboot 10; ==================================================================================== 查看bind9的状态: netstat -ltnp ==================================================================================== tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -