我正在使用DNS问题,以帮助我更好地理解DNS解析.我似乎无法弄清楚我在解析www.fandompost.com时遇到的不一致.在我的查询列表的顶部是OpenDNS.查询时,他们将返回适当的IP.列表中的下一个是我们的内部DNS服务器.它确实返回有用的信息,但不是可用的IP.最后是我查询权威的NS.但是,与OpenDNS相反,最终结果是没有可用的IP.我/我们在内部DNS服务器上做错了什么导致我们的服务器在OpenDNS成功的地方失败了?
> www.fandompost.com.
Server: [208.67.222.222]
Address: 208.67.222.222
------------
SendRequest(),len 36
HEADER:
opcode = QUERY,id = 45,rcode = NOERROR
header flags: query
questions = 1,answers = 0,authority records = 0,additional = 0
QUESTIONS:
www.fandompost.com,type = A,class = IN
------------
------------
Got answer (119 bytes):
HEADER:
opcode = QUERY,rcode = NOERROR
header flags: response,recursion avail.
questions = 1,answers = 3,class = IN
ANSWERS:
-> www.fandompost.com
type = CNAME,class = IN,dlen = 39
canonical name = www.fandompost.com.cdn.cloudflare.net
ttl = 0 (0 secs)
-> www.fandompost.com.cdn.cloudflare.net
type = A,dlen = 4
internet address = 108.162.206.239
ttl = 0 (0 secs)
-> www.fandompost.com.cdn.cloudflare.net
type = A,dlen = 4
internet address = 108.162.205.239
ttl = 0 (0 secs)
------------
Non-authoritative answer:
------------
SendRequest(),id = 46,type = AAAA,class = IN
------------
------------
Got answer (36 bytes):
HEADER:
opcode = QUERY,rcode = SERVFAIL
header flags: response,class = IN
------------
Name: www.fandompost.com.cdn.cloudflare.net
Addresses: 108.162.206.239
108.162.205.239
Aliases: www.fandompost.com
> www.fandompost.com.
Server: [192.168.1.101]
Address: 192.168.1.101
------------
SendRequest(),id = 48,class = IN
------------
------------
Got answer (162 bytes):
HEADER:
opcode = QUERY,authority records = 3,additional = 3
QUESTIONS:
www.fandompost.com,class = IN
AUTHORITY RECORDS:
-> fandompost.com
type = NS,dlen = 16
nameserver = ns1.dreamhost.com
ttl = 84200 (23 hours 23 mins 20 secs)
-> fandompost.com
type = NS,dlen = 6
nameserver = ns2.dreamhost.com
ttl = 84200 (23 hours 23 mins 20 secs)
-> fandompost.com
type = NS,dlen = 6
nameserver = ns3.dreamhost.com
ttl = 84200 (23 hours 23 mins 20 secs)
ADDITIONAL RECORDS:
-> ns1.dreamhost.com
type = A,dlen = 4
internet address = 66.33.206.206
ttl = 84581 (23 hours 29 mins 41 secs)
-> ns2.dreamhost.com
type = A,dlen = 4
internet address = 208.97.182.10
ttl = 84581 (23 hours 29 mins 41 secs)
-> ns3.dreamhost.com
type = A,dlen = 4
internet address = 66.33.216.216
ttl = 84581 (23 hours 29 mins 41 secs)
------------
------------
SendRequest(),id = 49,dlen = 16
nameserver = ns2.dreamhost.com
ttl = 84200 (23 hours 23 mins 20 secs)
-> fandompost.com
type = NS,dlen = 6
nameserver = ns3.dreamhost.com
ttl = 84200 (23 hours 23 mins 20 secs)
-> fandompost.com
type = NS,dlen = 6
nameserver = ns1.dreamhost.com
ttl = 84200 (23 hours 23 mins 20 secs)
ADDITIONAL RECORDS:
-> ns2.dreamhost.com
type = A,dlen = 4
internet address = 66.33.216.216
ttl = 84581 (23 hours 29 mins 41 secs)
-> ns1.dreamhost.com
type = A,dlen = 4
internet address = 66.33.206.206
ttl = 84581 (23 hours 29 mins 41 secs)
------------
Name: www.fandompost.com
Served by:
- ns1.dreamhost.com
66.33.206.206
fandompost.com
- ns2.dreamhost.com
208.97.182.10
fandompost.com
- ns3.dreamhost.com
66.33.216.216
fandompost.com
> www.fandompost.com.
Server: [66.33.206.206]
Address: 66.33.206.206
------------
SendRequest(),id = 51,class = IN
------------
------------
Got answer (148 bytes):
HEADER:
opcode = QUERY,rcode = NXDOMAIN
header flags: response,auth. answer
questions = 1,answers = 1,authority records = 1,dlen = 39
canonical name = www.fandompost.com.cdn.cloudflare.net
ttl = 300 (5 mins)
AUTHORITY RECORDS:
-> cloudflare.net
type = SOA,dlen = 49
ttl = 14400 (4 hours)
primary name server = ns1.dreamhost.com
responsible mail addr = hostmaster.dreamhost.com
serial = 2014071000
refresh = 14908 (4 hours 8 mins 28 secs)
retry = 1800 (30 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
------------
------------
SendRequest(),id = 52,dlen = 49
ttl = 14400 (4 hours)
primary name server = ns1.dreamhost.com
responsible mail addr = hostmaster.dreamhost.com
serial = 2014071000
refresh = 14908 (4 hours 8 mins 28 secs)
retry = 1800 (30 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
------------
*** [66.33.206.206] can't find www.fandompost.com.: Non-existent domain
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
> www.fandompost.com.cdn.cloudflare.net.
Server: [66.33.206.206]
Address: 66.33.206.206
------------
SendRequest(),len 55
HEADER:
opcode = QUERY,id = 55,rcode = NOERROR
header flags: query,want recursion
questions = 1,additional = 0
QUESTIONS:
www.fandompost.com.cdn.cloudflare.net,auth. answer,class = IN
AUTHORITY RECORDS:
-> cloudflare.net
type = SOA,dlen = 52
ttl = 14400 (4 hours)
primary name server = ns1.dreamhost.com
responsible mail addr = hostmaster.dreamhost.com
serial = 2014071000
refresh = 14908 (4 hours 8 mins 28 secs)
retry = 1800 (30 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
------------
------------
SendRequest(),id = 56,dlen = 52
ttl = 14400 (4 hours)
primary name server = ns1.dreamhost.com
responsible mail addr = hostmaster.dreamhost.com
serial = 2014071000
refresh = 14908 (4 hours 8 mins 28 secs)
retry = 1800 (30 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
------------
*** [66.33.206.206] can't find www.fandompost.com.cdn.cloudflare.net.: Non-exist
ent domain
解决方法
首先,让我们比较三个响应案例.
>第一种情况(resolver1.opendns.com/208.67.222.222):NOERROR的响应代码.看起来不错:一个非权威的答案.
>第二种情况(192.168.1.101):NOERROR的响应代码.零回答.存在权限部分,这表明与上游DNS服务器通信没有问题. (不是防火墙问题)
>第三种情况(ns1.dreamhost.com/66.33.206.206):NXDOMAIN的响应代码. “auth answer”(AA)标志集的一个答案:www.fandompost.com.cdn.cloudflare.net.
第三个很有趣.返回权威答案,一个记录在ANSWER部分,但响应代码是NXDOMAIN.通常情况下,您希望在这种情况下看到NOERROR的响应代码:权威名称服务器通常不会尝试以递归方式为您解析CNAME.
再看一下该答案的权限部分:
ANSWERS:
-> www.fandompost.com
type = CNAME,dlen = 39
canonical name = www.fandompost.com.cdn.cloudflare.net
ttl = 300 (5 mins)
AUTHORITY RECORDS:
-> cloudflare.net
type = SOA,dlen = 49
ttl = 14400 (4 hours)
primary name server = ns1.dreamhost.com
请参阅“主名称服务器”?这个cloudflare.net区域显然是从ns1.dreamhost.com提供的.我自己的快速扫描证实了这一点:
$dig @ns1.dreamhost.com +norecurse fandompost.com cloudflare.net SOA | grep -E 'HEADER|flags' ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 11600 ;; flags: qr aa rd; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0 ;; ->>HEADER<<- opcode: QUERY,id: 32367 ;; flags: qr aa rd; QUERY: 1,ADDITIONAL: 0
两个SOA查询都存在aa标志.您从ns1.dreamhost.com获得NXDOMAIN响应的原因是因为该名称服务器正在尝试解析www.fandompost.com.cdn.cloudflare.net.因为它认为自己对该域具有权威性,并且记录似乎缺失.为什么Dreamhost有一个cloudflare.net.区?问Dreamhost.对于大多数递归解析器来说,这个NXDOMAIN rcode似乎没有出现问题.我有一段时间没有盯着RFC,但我最好的猜测是他们忽略了响应代码并使用了返回的答案.
这最终将我们带到您的问题:您的DNS服务器有问题吗?如果不知道你正在使用的软件,很难说.我可以说BIND和Windows DNS对此配置没有任何问题,并且您的软件可能与这两种实现不同地处理NXDOMAIN.
