domain-name-system – 尝试理解DNS解析不一致

前端之家收集整理的这篇文章主要介绍了domain-name-system – 尝试理解DNS解析不一致前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在使用DNS问题,以帮助我更好地理解DNS解析.我似乎无法弄清楚我在解析www.fandompost.com时遇到的不一致.在我的查询列表的顶部是OpenDNS.查询时,他们将返回适当的IP.列表中的下一个是我们的内部DNS服务器.它确实返回有用的信息,但不是可用的IP.最后是我查询权威的NS.但是,与OpenDNS相反,最终结果是没有可用的IP.我/我们在内部DNS服务器上做错了什么导致我们的服务器在OpenDNS成功的地方失败了?
> www.fandompost.com.
Server:  [208.67.222.222]
Address:  208.67.222.222

------------
SendRequest(),len 36
    HEADER:
        opcode = QUERY,id = 45,rcode = NOERROR
        header flags:  query
        questions = 1,answers = 0,authority records = 0,additional = 0

    QUESTIONS:
        www.fandompost.com,type = A,class = IN

------------
------------
Got answer (119 bytes):
    HEADER:
        opcode = QUERY,rcode = NOERROR
        header flags:  response,recursion avail.
        questions = 1,answers = 3,class = IN
    ANSWERS:
    ->  www.fandompost.com
        type = CNAME,class = IN,dlen = 39
        canonical name = www.fandompost.com.cdn.cloudflare.net
        ttl = 0 (0 secs)
    ->  www.fandompost.com.cdn.cloudflare.net
        type = A,dlen = 4
        internet address = 108.162.206.239
        ttl = 0 (0 secs)
    ->  www.fandompost.com.cdn.cloudflare.net
        type = A,dlen = 4
        internet address = 108.162.205.239
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
------------
SendRequest(),id = 46,type = AAAA,class = IN

------------
------------
Got answer (36 bytes):
    HEADER:
        opcode = QUERY,rcode = SERVFAIL
        header flags:  response,class = IN

------------
Name:    www.fandompost.com.cdn.cloudflare.net
Addresses:  108.162.206.239
          108.162.205.239
Aliases:  www.fandompost.com
> www.fandompost.com.
Server:  [192.168.1.101]
Address:  192.168.1.101

------------
SendRequest(),id = 48,class = IN

------------
------------
Got answer (162 bytes):
    HEADER:
        opcode = QUERY,authority records = 3,additional = 3

    QUESTIONS:
        www.fandompost.com,class = IN
    AUTHORITY RECORDS:
    ->  fandompost.com
        type = NS,dlen = 16
        nameserver = ns1.dreamhost.com
        ttl = 84200 (23 hours 23 mins 20 secs)
    ->  fandompost.com
        type = NS,dlen = 6
        nameserver = ns2.dreamhost.com
        ttl = 84200 (23 hours 23 mins 20 secs)
    ->  fandompost.com
        type = NS,dlen = 6
        nameserver = ns3.dreamhost.com
        ttl = 84200 (23 hours 23 mins 20 secs)
    ADDITIONAL RECORDS:
    ->  ns1.dreamhost.com
        type = A,dlen = 4
        internet address = 66.33.206.206
        ttl = 84581 (23 hours 29 mins 41 secs)
    ->  ns2.dreamhost.com
        type = A,dlen = 4
        internet address = 208.97.182.10
        ttl = 84581 (23 hours 29 mins 41 secs)
    ->  ns3.dreamhost.com
        type = A,dlen = 4
        internet address = 66.33.216.216
        ttl = 84581 (23 hours 29 mins 41 secs)

------------
------------
SendRequest(),id = 49,dlen = 16
        nameserver = ns2.dreamhost.com
        ttl = 84200 (23 hours 23 mins 20 secs)
    ->  fandompost.com
        type = NS,dlen = 6
        nameserver = ns3.dreamhost.com
        ttl = 84200 (23 hours 23 mins 20 secs)
    ->  fandompost.com
        type = NS,dlen = 6
        nameserver = ns1.dreamhost.com
        ttl = 84200 (23 hours 23 mins 20 secs)
    ADDITIONAL RECORDS:
    ->  ns2.dreamhost.com
        type = A,dlen = 4
        internet address = 66.33.216.216
        ttl = 84581 (23 hours 29 mins 41 secs)
    ->  ns1.dreamhost.com
        type = A,dlen = 4
        internet address = 66.33.206.206
        ttl = 84581 (23 hours 29 mins 41 secs)

------------
Name:    www.fandompost.com
Served by:
- ns1.dreamhost.com
          66.33.206.206
          fandompost.com
- ns2.dreamhost.com
          208.97.182.10
          fandompost.com
- ns3.dreamhost.com
          66.33.216.216
          fandompost.com
> www.fandompost.com.
Server:  [66.33.206.206]
Address:  66.33.206.206

------------
SendRequest(),id = 51,class = IN

------------
------------
Got answer (148 bytes):
    HEADER:
        opcode = QUERY,rcode = NXDOMAIN
        header flags:  response,auth. answer
        questions = 1,answers = 1,authority records = 1,dlen = 39
        canonical name = www.fandompost.com.cdn.cloudflare.net
        ttl = 300 (5 mins)
    AUTHORITY RECORDS:
    ->  cloudflare.net
        type = SOA,dlen = 49
        ttl = 14400 (4 hours)
        primary name server = ns1.dreamhost.com
        responsible mail addr = hostmaster.dreamhost.com
        serial  = 2014071000
        refresh = 14908 (4 hours 8 mins 28 secs)
        retry   = 1800 (30 mins)
        expire  = 1814400 (21 days)
        default TTL = 14400 (4 hours)

------------
------------
SendRequest(),id = 52,dlen = 49
        ttl = 14400 (4 hours)
        primary name server = ns1.dreamhost.com
        responsible mail addr = hostmaster.dreamhost.com
        serial  = 2014071000
        refresh = 14908 (4 hours 8 mins 28 secs)
        retry   = 1800 (30 mins)
        expire  = 1814400 (21 days)
        default TTL = 14400 (4 hours)

------------
*** [66.33.206.206] can't find www.fandompost.com.: Non-existent domain


------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

> www.fandompost.com.cdn.cloudflare.net.
Server:  [66.33.206.206]
Address:  66.33.206.206

------------
SendRequest(),len 55
    HEADER:
        opcode = QUERY,id = 55,rcode = NOERROR
        header flags:  query,want recursion
        questions = 1,additional = 0

    QUESTIONS:
        www.fandompost.com.cdn.cloudflare.net,auth. answer,class = IN
    AUTHORITY RECORDS:
    ->  cloudflare.net
        type = SOA,dlen = 52
        ttl = 14400 (4 hours)
        primary name server = ns1.dreamhost.com
        responsible mail addr = hostmaster.dreamhost.com
        serial  = 2014071000
        refresh = 14908 (4 hours 8 mins 28 secs)
        retry   = 1800 (30 mins)
        expire  = 1814400 (21 days)
        default TTL = 14400 (4 hours)

------------
------------
SendRequest(),id = 56,dlen = 52
        ttl = 14400 (4 hours)
        primary name server = ns1.dreamhost.com
        responsible mail addr = hostmaster.dreamhost.com
        serial  = 2014071000
        refresh = 14908 (4 hours 8 mins 28 secs)
        retry   = 1800 (30 mins)
        expire  = 1814400 (21 days)
        default TTL = 14400 (4 hours)

------------
*** [66.33.206.206] can't find www.fandompost.com.cdn.cloudflare.net.: Non-exist
ent domain

解决方法

首先,让我们比较三个响应案例.

>第一种情况(resolver1.opendns.com/208.67.222.222):NOERROR的响应代码.看起来不错:一个非权威的答案.
>第二种情况(192.168.1.101):NOERROR的响应代码.零回答.存在权限部分,这表明与上游DNS服务器通信没有问题. (不是防火墙问题)
>第三种情况(ns1.dreamhost.com/66.33.206.206):NXDOMAIN的响应代码. “auth answer”(AA)标志集的一个答案:www.fandompost.com.cdn.cloudflare.net.

第三个很有趣.返回权威答案,一个记录在ANSWER部分,但响应代码是NXDOMAIN.通常情况下,您希望在这种情况下看到NOERROR的响应代码:权威名称服务器通常不会尝试以递归方式为您解析CNAME.

再看一下该答案的权限部分:

ANSWERS:
->  www.fandompost.com
    type = CNAME,dlen = 39
    canonical name = www.fandompost.com.cdn.cloudflare.net
    ttl = 300 (5 mins)
AUTHORITY RECORDS:
->  cloudflare.net
    type = SOA,dlen = 49
    ttl = 14400 (4 hours)
    primary name server = ns1.dreamhost.com

请参阅“主名称服务器”?这个cloudflare.net区域显然是从ns1.dreamhost.com提供的.我自己的快速扫描证实了这一点:

$dig @ns1.dreamhost.com +norecurse fandompost.com cloudflare.net SOA | grep -E 'HEADER|flags'
;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 11600
;; flags: qr aa rd; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0
;; ->>HEADER<<- opcode: QUERY,id: 32367
;; flags: qr aa rd; QUERY: 1,ADDITIONAL: 0

两个SOA查询都存在aa标志.您从ns1.dreamhost.com获得NXDOMAIN响应的原因是因为该名称服务器正在尝试解析www.fandompost.com.cdn.cloudflare.net.因为它认为自己对该域具有权威性,并且记录似乎缺失.为什么Dreamhost有一个cloudflare.net.区?问Dreamhost.对于大多数递归解析器来说,这个NXDOMAIN rcode似乎没有出现问题.我有一段时间没有盯着RFC,但我最好的猜测是他们忽略了响应代码并使用了返回的答案.

这最终将我们带到您的问题:您的DNS服务器有问题吗?如果不知道你正在使用的软件,很难说.我可以说BIND和Windows DNS对此配置没有任何问题,并且您的软件可能与这两种实现不同地处理NXDOMAIN.

猜你在找的HTML相关文章