我最近将我拥有的域名从Cloudflare迁移到Netlify DNS,因此我不得不更新我的域名服务器.当我运行绕过DNS缓存的递归DNS查找时,似乎所有内容都设置正确:
$dig howtogit.net +trace (output truncated) howtogit.net. 20 IN A 159.65.199.87 ;; Received 57 bytes from 198.51.44.1#53(dns1.p01.nsone.net) in 18 ms
但是,常规DNS查找失败:
$nslookup howtogit.net Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find howtogit.net: SERVFAIL
我假设如果缓存有问题,Cloudflare仍会解析它没有的查找.查询8.8.8.8(Google的DNS)也失败了:
$dig @8.8.8.8 howtogit.net ; <<>> DiG 9.10.6 <<>> @8.8.8.8 howtogit.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: SERVFAIL,id: 63809 ;; flags: qr rd ra; QUERY: 1,ANSWER: 0,AUTHORITY: 0,ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0,flags:; udp: 512 ;; QUESTION SECTION: ;howtogit.net. IN A ;; Query time: 43 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Sep 23 13:05:50 CEST 2018 ;; MSG SIZE rcvd: 41
由于缓存了DNS记录,我还为我的NS和A记录尝试了flushing Google’s DNS cache.尽管10小时前发生了变化,但我仍然得到了相同的结果.
我的配置不正确吗?如何确保我的DNS可以再次正确解析?
解决方法
似乎howtogit.net区域用于他签名,并且在切换名称服务器之后它不再签名.
但是,您已将旧DS记录保留在原位,表示该区域必须使用某个特定键进行签名.
删除DS记录或再次签署区域并根据需要更新DS记录(DS记录通过注册商管理).
如果你查看相关挖掘跟踪输出的尾端,实际上很明显这必须是这种情况(DS作为引用的一部分但在权威端没有DNSKEY,或者如果你查询其他类型则没有签名):
$dig +trace +all howtogit.net DNSKEY ... ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 63298 ;; flags: qr; QUERY: 1,AUTHORITY: 6,ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0,flags: do; udp: 4096 ;; QUESTION SECTION: ;howtogit.net. IN DNSKEY ;; AUTHORITY SECTION: howtogit.net. 172800 IN NS dns1.p01.nsone.net. howtogit.net. 172800 IN NS dns2.p01.nsone.net. howtogit.net. 172800 IN NS dns3.p01.nsone.net. howtogit.net. 172800 IN NS dns4.p01.nsone.net. howtogit.net. 86400 IN DS 2371 13 2 F7822E035739507BFB9ED504B65FFE7A95698E58C069EF1DE754EED0 55E6799F howtogit.net. 86400 IN RRSIG DS 8 2 86400 20180927051931 20180920040931 7934 net. POLNdGPgCCeF6ClG4ro1mkUI5DpqUuuLLeR4WCly1L5GbOTgPnzg02Nx 2Sse2dYDLJLB1EQYotZkvVm8GNFS5iE8UQlmp4GA3yxTgUeifw5PX6Eh kiJSip37/CyGCTy6OMPoVeMgQjLnrxt1aAOsnO5BszeGY7gD6ee/XHMO zc4= ;; ADDITIONAL SECTION: dns1.p01.nsone.net. 172800 IN A 198.51.44.1 dns2.p01.nsone.net. 172800 IN A 198.51.45.1 dns3.p01.nsone.net. 172800 IN A 198.51.44.65 dns4.p01.nsone.net. 172800 IN A 198.51.45.65 ;; Query time: 159 msec ;; SERVER: 2001:503:231d::2:30#53(2001:503:231d::2:30) ;; WHEN: Sun Sep 23 11:35:52 UTC 2018 ;; MSG SIZE rcvd: 402 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,id: 53062 ;; flags: qr aa; QUERY: 1,AUTHORITY: 1,flags: do; udp: 4096 ;; QUESTION SECTION: ;howtogit.net. IN DNSKEY ;; AUTHORITY SECTION: howtogit.net. 3600 IN SOA dns1.p01.nsone.net. hostmaster.nsone.net. 1537613509 43200 7200 1209600 3600 ;; Query time: 1 msec ;; SERVER: 198.51.45.65#53(198.51.45.65) ;; WHEN: Sun Sep 23 11:35:52 UTC 2018 ;; MSG SIZE rcvd: 103 $
