domain-name-system – 尝试理解DNS解析不一致
我正在使用DNS问题,以帮助我更好地理解DNS解析.我似乎无法弄清楚我在解析www.fandompost.com时遇到的不一致.在我的查询列表的顶部是OpenDNS.查询时,他们将返回适当的IP.列表中的下一个是我们的内部DNS服务器.它确实返回有用的信息,但不是可用的IP.最后是我查询权威的NS.但是,与OpenDNS相反,最终结果是没有可用的IP.我/我们在内部DNS服务器上做错了什么导致我们的服务器在OpenDNS成功的地方失败了?
> www.fandompost.com. Server: [208.67.222.222] Address: 208.67.222.222 ------------ SendRequest(),len 36 HEADER: opcode = QUERY,id = 45,rcode = NOERROR header flags: query questions = 1,answers = 0,authority records = 0,additional = 0 QUESTIONS: www.fandompost.com,type = A,class = IN ------------ ------------ Got answer (119 bytes): HEADER: opcode = QUERY,rcode = NOERROR header flags: response,recursion avail. questions = 1,answers = 3,class = IN ANSWERS: -> www.fandompost.com type = CNAME,class = IN,dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 0 (0 secs) -> www.fandompost.com.cdn.cloudflare.net type = A,dlen = 4 internet address = 108.162.206.239 ttl = 0 (0 secs) -> www.fandompost.com.cdn.cloudflare.net type = A,dlen = 4 internet address = 108.162.205.239 ttl = 0 (0 secs) ------------ Non-authoritative answer: ------------ SendRequest(),id = 46,type = AAAA,class = IN ------------ ------------ Got answer (36 bytes): HEADER: opcode = QUERY,rcode = SERVFAIL header flags: response,class = IN ------------ Name: www.fandompost.com.cdn.cloudflare.net Addresses: 108.162.206.239 108.162.205.239 Aliases: www.fandompost.com > www.fandompost.com. Server: [192.168.1.101] Address: 192.168.1.101 ------------ SendRequest(),id = 48,class = IN ------------ ------------ Got answer (162 bytes): HEADER: opcode = QUERY,authority records = 3,additional = 3 QUESTIONS: www.fandompost.com,class = IN AUTHORITY RECORDS: -> fandompost.com type = NS,dlen = 16 nameserver = ns1.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS,dlen = 6 nameserver = ns2.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS,dlen = 6 nameserver = ns3.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) ADDITIONAL RECORDS: -> ns1.dreamhost.com type = A,dlen = 4 internet address = 66.33.206.206 ttl = 84581 (23 hours 29 mins 41 secs) -> ns2.dreamhost.com type = A,dlen = 4 internet address = 208.97.182.10 ttl = 84581 (23 hours 29 mins 41 secs) -> ns3.dreamhost.com type = A,dlen = 4 internet address = 66.33.216.216 ttl = 84581 (23 hours 29 mins 41 secs) ------------ ------------ SendRequest(),id = 49,dlen = 16 nameserver = ns2.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS,dlen = 6 nameserver = ns3.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS,dlen = 6 nameserver = ns1.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) ADDITIONAL RECORDS: -> ns2.dreamhost.com type = A,dlen = 4 internet address = 66.33.216.216 ttl = 84581 (23 hours 29 mins 41 secs) -> ns1.dreamhost.com type = A,dlen = 4 internet address = 66.33.206.206 ttl = 84581 (23 hours 29 mins 41 secs) ------------ Name: www.fandompost.com Served by: - ns1.dreamhost.com 66.33.206.206 fandompost.com - ns2.dreamhost.com 208.97.182.10 fandompost.com - ns3.dreamhost.com 66.33.216.216 fandompost.com > www.fandompost.com. Server: [66.33.206.206] Address: 66.33.206.206 ------------ SendRequest(),id = 51,class = IN ------------ ------------ Got answer (148 bytes): HEADER: opcode = QUERY,rcode = NXDOMAIN header flags: response,auth. answer questions = 1,answers = 1,authority records = 1,dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 300 (5 mins) AUTHORITY RECORDS: -> cloudflare.net type = SOA,dlen = 49 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ ------------ SendRequest(),id = 52,dlen = 49 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ *** [66.33.206.206] can't find www.fandompost.com.: Non-existent domain ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ > www.fandompost.com.cdn.cloudflare.net. Server: [66.33.206.206] Address: 66.33.206.206 ------------ SendRequest(),len 55 HEADER: opcode = QUERY,id = 55,rcode = NOERROR header flags: query,want recursion questions = 1,additional = 0 QUESTIONS: www.fandompost.com.cdn.cloudflare.net,auth. answer,class = IN AUTHORITY RECORDS: -> cloudflare.net type = SOA,dlen = 52 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ ------------ SendRequest(),id = 56,dlen = 52 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ *** [66.33.206.206] can't find www.fandompost.com.cdn.cloudflare.net.: Non-exist ent domain 解决方法
首先,让我们比较三个响应案例.
>第一种情况(resolver1.opendns.com/208.67.222.222):NOERROR的响应代码.看起来不错:一个非权威的答案. 第三个很有趣.返回权威答案,一个记录在ANSWER部分,但响应代码是NXDOMAIN.通常情况下,您希望在这种情况下看到NOERROR的响应代码:权威名称服务器通常不会尝试以递归方式为您解析CNAME. 再看一下该答案的权限部分: ANSWERS: -> www.fandompost.com type = CNAME,dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 300 (5 mins) AUTHORITY RECORDS: -> cloudflare.net type = SOA,dlen = 49 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com 请参阅“主名称服务器”?这个cloudflare.net区域显然是从ns1.dreamhost.com提供的.我自己的快速扫描证实了这一点: $dig @ns1.dreamhost.com +norecurse fandompost.com cloudflare.net SOA | grep -E 'HEADER|flags' ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 11600 ;; flags: qr aa rd; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0 ;; ->>HEADER<<- opcode: QUERY,id: 32367 ;; flags: qr aa rd; QUERY: 1,ADDITIONAL: 0 两个SOA查询都存在aa标志.您从ns1.dreamhost.com获得NXDOMAIN响应的原因是因为该名称服务器正在尝试解析www.fandompost.com.cdn.cloudflare.net.因为它认为自己对该域具有权威性,并且记录似乎缺失.为什么Dreamhost有一个cloudflare.net.区?问Dreamhost.对于大多数递归解析器来说,这个NXDOMAIN rcode似乎没有出现问题.我有一段时间没有盯着RFC,但我最好的猜测是他们忽略了响应代码并使用了返回的答案. 这最终将我们带到您的问题:您的DNS服务器有问题吗?如果不知道你正在使用的软件,很难说.我可以说BIND和Windows DNS对此配置没有任何问题,并且您的软件可能与这两种实现不同地处理NXDOMAIN. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |