安装Bind9以及dnsutils测试工具

sudo apt-get install bind9
sudo apt-get install dnsutils

比如打算给我们的内网域名xxx.com解析到192.168.1.20

cd /etc/bind
sudo nano named.conf.local

首先编辑named.conf.local设置文件加入xxx.com域和反向解析域1.168.192.in-addr.arpa，并告诉bind9对应解释文件

zone "xxx.com" {
        type master;
        file "/etc/bind/db.xxx.com";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.1.168.192";
};

建立解释文件db.xxx.com

sudo nano db.xxx.com

输入下列内容

;     
; BIND data file for local loopback interface
;
$TTL    604800
@   IN  SOA xxx.com. root.xxx.com. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@       IN      NS      xxx.com.
@       IN      A       192.168.1.20
www     A       192.168.1.20

建立反向解释文件db.1.168.192

sudo nano db.1.168.192

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@   IN  SOA xxx.com. root.xxx.com. (
                  1     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@       IN      NS      xxx.com.
@       A       192.168.1.20
20      IN      PTR     www.xxx.com.

检测解析文件是否有问题

named-checkzone "xxx.com" "/etc/bind/db.xxx.com"
正确结果：
zone xxx.com/IN: loaded serial 2
OK

named-checkzone "1.168.192.in-addr.arpa" "/etc/bind/db.1.168.192"
正确结果：
zone 1.168.192.in-addr.arpa/IN: loaded serial 1
OK

设置DNS服务器设定

sudo nano /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                10.10.10.10;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-enable no;          #关闭DNS安全扩展
        dnssec-validation no;    #关闭DNS验证
        auth-nxdomain no;
        listen-on-v6 { any; };
};
#关闭安全扩展和验证是为了在本地局域网用你所喜欢的任何域名，因为自定义域名很可能在广域网早被人注册了，这样我们自定义域名严格来说属于DNS劫持

重启bind9服务

sudo service bind9 restart

检测是否解析到你想要的IP地址

dig @'DNS服务器所在IP地址' xxx.com

正常结果看起来是这样的：

; <<>> DiG 9.16.27-Debian <<>> @192.168.1.1 xxx.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28326
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ****************************************** (good)
;; QUESTION SECTION:
;213.com.           IN  A

;; ANSWER SECTION:
xxx.com.        604800  IN  A   192.168.1.20

;; Query time: 7 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 02 14:20:11 CST 2022
;; MSG SIZE  rcvd: 80