摘要:由于缓存的 CNAME NODATA 查找,DNS A 记录查找无法解析。
详细信息:邮件日志报告 DNS 查找错误:
Host or domain name not found. Name service error for name=google.com type=A: Host found but no data record of requested type
启用解析调试后,我发现 DNS 查找首先查询域的 CNAME 记录。这通常是没有 CNAME 的根域,并且查找正确返回 NODATA。
但是,当执行后续 A 查找时,将从缓存中返回 CNAME 查找的 NODATA 结果,而不是执行 A 查找。
我可以通过发出以下命令来一致地重新创建它:
~$ dig google.com CNAME
~$ dig google.com A
以下是调试日志的结果:
Aug 08 11:09:04 leopard systemd-resolved[555]: Transaction 17304 for <domain.com IN CNAME> scope dns on eth0/*.
Aug 08 11:09:04 leopard systemd-resolved[555]: Using feature level UDP+EDNS0 for transaction 17304.
Aug 08 11:09:04 leopard systemd-resolved[555]: Using DNS server 8.8.8.8 for transaction 17304.
Aug 08 11:09:04 leopard systemd-resolved[555]: Sending query packet with id 17304.
Aug 08 11:09:04 leopard systemd-resolved[555]: Processing query...
Aug 08 11:09:04 leopard systemd-resolved[555]: Processing incoming packet on transaction 17304. (rcode=SUCCESS)
Aug 08 11:09:04 leopard systemd-resolved[555]: Added NODATA cache entry for google.com IN CNAME 1799s
Aug 08 11:09:04 leopard systemd-resolved[555]: Transaction 17304 for <google.com IN CNAME> on scope dns on eth0/* now complete with <success> from network (unsigned).
Aug 08 11:09:04 leopard systemd-resolved[555]: Sending response packet with id 22860 on interface 1/AF_INET.
Aug 08 11:09:04 leopard systemd-resolved[555]: Freeing transaction 17304.
A记录查找的结果:
Aug 08 11:09:37 leopard systemd-resolved[555]: Processing query...
Aug 08 11:09:51 leopard systemd-resolved[555]: Got DNS stub UDP query packet for id 3119
Aug 08 11:09:51 leopard systemd-resolved[555]: Looking up RR for google.com IN A.
Aug 08 11:09:51 leopard systemd-resolved[555]: NODATA cache hit for google.com IN A
Aug 08 11:09:51 leopard systemd-resolved[555]: Transaction 45189 for <google.com IN A> on scope dns on eth0/* now complete with <success> from cache (unsigned).
Aug 08 11:09:51 leopard systemd-resolved[555]: Freeing transaction 45189.
Aug 08 11:09:51 leopard systemd-resolved[555]: Sending response packet with id 3119 on interface 1/AF_INET.
更多信息:服务器正在运行 LEMP 堆栈。看来 nginx 在每次请求之前都会进行 DNS 查找,它从 CNAME 查找开始,然后是 A 查找,然后是 AAAA 查找。这会导致 CNAME NODATA 被缓存。随后,当邮件服务器尝试发送邮件时,它会从 resolve 获取缓存的 NODATA 记录,从而导致上述错误。
问题:这是预期的行为吗(CNAME 返回 A 查找)?我可以更改一些配置来阻止缓存的 CNAME 查找返回 A 查找吗?
诊断信息:
~$ ip route
default via 85.159.215.1 dev eth0 proto static
85.159.215.0/24 dev eth0 proto kernel scope link src 85.159.215.159
~$ sudo systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 2 (eth0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 8.8.8.8
8.8.4.4
~$ cat /etc/resolv.conf
nameserver 127.0.0.53
答案1
这似乎是目前 Ubuntu 18.04 使用的 systemd 版本的一个真正问题。https://github.com/systemd/systemd/issues/9833以及启动板上https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1818527
但不确定 Ubuntu 是否会升级 systemd 版本。