18.04 服务器 - systemd-resolve 返回缓存的 cname NODATA 以供查找

18.04 服务器 - systemd-resolve 返回缓存的 cname NODATA 以供查找

摘要:由于缓存的 CNAME NODATA 查找,DNS A 记录查找无法解析。

详细信息:邮件日志报告 DNS 查找错误:

 Host or domain name not found. Name service error for name=google.com type=A: Host found but no data record of requested type

启用解析调试后,我发现 DNS 查找首先查询域的 CNAME 记录。这通常是没有 CNAME 的根域,并且查找正确返回 NODATA。

但是,当执行后续 A 查找时,将从缓存中返回 CNAME 查找的 NODATA 结果,而不是执行 A 查找。

我可以通过发出以下命令来一致地重新创建它:

~$ dig google.com CNAME
~$ dig google.com A

以下是调试日志的结果:

Aug 08 11:09:04 leopard systemd-resolved[555]: Transaction 17304 for <domain.com IN CNAME> scope dns on eth0/*.
Aug 08 11:09:04 leopard systemd-resolved[555]: Using feature level UDP+EDNS0 for transaction 17304.
Aug 08 11:09:04 leopard systemd-resolved[555]: Using DNS server 8.8.8.8 for transaction 17304.
Aug 08 11:09:04 leopard systemd-resolved[555]: Sending query packet with id 17304.
Aug 08 11:09:04 leopard systemd-resolved[555]: Processing query...
Aug 08 11:09:04 leopard systemd-resolved[555]: Processing incoming packet on transaction 17304. (rcode=SUCCESS)
Aug 08 11:09:04 leopard systemd-resolved[555]: Added NODATA cache entry for google.com IN CNAME 1799s
Aug 08 11:09:04 leopard systemd-resolved[555]: Transaction 17304 for <google.com IN CNAME> on scope dns on eth0/* now complete with <success> from network (unsigned).
Aug 08 11:09:04 leopard systemd-resolved[555]: Sending response packet with id 22860 on interface 1/AF_INET.
Aug 08 11:09:04 leopard systemd-resolved[555]: Freeing transaction 17304.

A记录查找的结果:

Aug 08 11:09:37 leopard systemd-resolved[555]: Processing query...
Aug 08 11:09:51 leopard systemd-resolved[555]: Got DNS stub UDP query packet for id 3119
Aug 08 11:09:51 leopard systemd-resolved[555]: Looking up RR for google.com IN A.
Aug 08 11:09:51 leopard systemd-resolved[555]: NODATA cache hit for google.com IN A
Aug 08 11:09:51 leopard systemd-resolved[555]: Transaction 45189 for <google.com IN A> on scope dns on eth0/* now complete with <success> from cache (unsigned).
Aug 08 11:09:51 leopard systemd-resolved[555]: Freeing transaction 45189.
Aug 08 11:09:51 leopard systemd-resolved[555]: Sending response packet with id 3119 on interface 1/AF_INET.

更多信息:服务器正在运行 LEMP 堆栈。看来 nginx 在每次请求之前都会进行 DNS 查找,它从 CNAME 查找开始,然后是 A 查找,然后是 AAAA 查找。这会导致 CNAME NODATA 被缓存。随后,当邮件服务器尝试发送邮件时,它会从 resolve 获取缓存的 NODATA 记录,从而导致上述错误。

问题:这是预期的行为吗(CNAME 返回 A 查找)?我可以更改一些配置来阻止缓存的 CNAME 查找返回 A 查找吗?

诊断信息:

~$ ip route
default via 85.159.215.1 dev eth0 proto static 
85.159.215.0/24 dev eth0 proto kernel scope link src 85.159.215.159 


~$ sudo systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 2 (eth0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 8.8.8.8
                      8.8.4.4


~$ cat /etc/resolv.conf
nameserver 127.0.0.53

答案1

这似乎是目前 Ubuntu 18.04 使用的 systemd 版本的一个真正问题。https://github.com/systemd/systemd/issues/9833以及启动板上https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1818527

但不确定 Ubuntu 是否会升级 systemd 版本。

相关内容