我有一台连接到 LAN 和 Internet 的服务器,但无法使用其 FQDN 进行连接。假设 FQDN 是server.com。
无论出于什么原因,我一直无法弄清楚,server.com在我的开发机器上(本地 LAN)的解析总是导致::1。
运行结果如下host -v server.com:
Trying "server.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39898
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;server.com. IN A
;; ANSWER SECTION:
server.com. 6826 IN A 192.168.0.2
Received 47 bytes from 127.0.0.53#53 in 0 ms
Trying "server.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16204
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;server.com. IN AAAA
;; ANSWER SECTION:
server.com. 6826 IN AAAA ::1
Received 59 bytes from 127.0.0.53#53 in 0 ms
Trying "server.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48845
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;server.com. IN MX
Received 31 bytes from 127.0.0.53#53 in 0 ms
注意上面第二个问题的答案。
systemd-resolve确实给出了正确答案:
$ systemd-resolve server.com
server.com: 192.168.0.2
-- Information acquired via protocol DNS in 3.3ms.
-- Data is authenticated: no
systemd-resolved我也尝试过重新启动,--flush-caches但无济于事。
/etc/resolv.conf包含以下内容:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search server.com
DNS 解析如下(解析由 提供server.com):$ nmcli device show enp0s31f6 | grep -n2 IP4.DNS 10-IP4.GATEWAY: 192.168.0.1 11-IP4.ROUTE[1]: dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000 12:IP4.DNS[1]: 192.168.0.2 13-IP4.DOMAIN[1]: server.com 14-IP6.ADDRESS[1]: fe80::9e5c:8eff:fe86:f30b/64
最后systemd-resolve --status产生以下内容:
Global
DNS Domain: server.com
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 2 (enp0s31f6)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.2
DNS Domain: server.com
我可能应该提到服务器上以下服务处于活动状态(server.com):DHCP、DNS(bind9,IIRC)、SSH、HTTP(s);它充当 LAN 上所有机器的 DNS 解析器。最后,我知道我可以简单地添加一个条目/etc/hosts并完成它,但我真的很想了解问题所在,因为这可能是更严重问题的征兆。
我该如何诊断发生了什么?
答案1
我通过查询服务器的 DNS 记录解决了这个问题,结果如下:
$ host server.com
server.com has address 192.168.0.2
server.com has IPv6 address ::1
db.server.com检查 bind9 的配置文件内容发现了一个隐蔽的 IPv6 条目:
@ IN AAAA ::1
禁用上述操作并重新启动 bind9,即可解决问题。
感谢 Thomas Ward 的评论,它使我能够以不同的方式处理这个问题并最终修复它。