为什么dig可以正常工作,但直接挖掘我的 NetGear 路由器却不行(虽然首先也转到它,因为它是我的 DNS,NetGear 本身已8.8.8.8设置为主 DNS)。我的 NetGear 在 LAN 上有 IP 。我在这里附上了完整的场景。我对帧的分析表明,在我看来,两个请求都是通过 UDP端口192.168.1.1到达路由器 NetGear 的。在其他方面没有区别,还是有区别?请帮忙。192.168.1.153
除了不同的帧数和其他明显的差异之外,我唯一能观察到的区别是
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
出现在 OK 帧中,但在失败的数据包中缺少它(失败 - 我的意思是 192.168.1.1 根本没有响应)
dig cf16.eu
; <<>> DiG 9.9.2-P2 <<>> cf16.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24482
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;cf16.eu. IN A
;; ANSWER SECTION:
cf16.eu. 3600 IN A 89.75.41.50
;; Query time: 10 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed May 8 17:47:05 2013
;; MSG SIZE rcvd: 52
但:
dig @192.168.1.1 cf16.eu
; <<>> DiG 9.9.2-P2 <<>> @192.168.1.1 cf16.eu
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Wireshark 数据包:dig cf16.eu [OK]
No. Time Source Destination Protocol Length Info
340 4.775113000 192.168.1.3 192.168.1.1 DNS 78 Standard query 0x5fa2 A cf16.eu
Frame 340: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: May 8, 2013 17:47:04.131360000 CEST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1368028024.131360000 seconds
[Time delta from previous captured frame: 0.005265000 seconds]
[Time delta from previous displayed frame: 0.005265000 seconds]
[Time since reference or first frame: 4.775113000 seconds]
Frame Number: 340
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Micro-St_4b:47:dc (d4:3d:7e:4b:47:dc), Dst: Netgear_bb:b7:2c (00:1b:2f:bb:b7:2c)
Destination: Netgear_bb:b7:2c (00:1b:2f:bb:b7:2c)
Address: Netgear_bb:b7:2c (00:1b:2f:bb:b7:2c)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Micro-St_4b:47:dc (d4:3d:7e:4b:47:dc)
Address: Micro-St_4b:47:dc (d4:3d:7e:4b:47:dc)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.1 (192.168.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 64
Identification: 0xf650 (63056)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x0108 [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.3 (192.168.1.3)
Destination: 192.168.1.1 (192.168.1.1)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 47841 (47841), Dst Port: domain (53)
Source port: 47841 (47841)
Destination port: domain (53)
Length: 44
Checksum: 0x4831 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
Transaction ID: 0x5fa2
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
[Expert Info (Warn/Security): AD bit set in DNS Query]
[Message: AD bit set in DNS Query]
[Severity level: Warn]
[Group: Security]
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
cf16.eu: type A, class IN
Name: cf16.eu
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
挖掘 192.168.1.1 cf16.eu [失败]
No. Time Source Destination Protocol Length Info
603 7.972662000 192.168.1.3 192.168.1.1 DNS 78 Standard query 0xc755 A cf16.eu
Frame 603: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: May 8, 2013 17:49:36.816366000 CEST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1368028176.816366000 seconds
[Time delta from previous captured frame: 0.402535000 seconds]
[Time delta from previous displayed frame: 0.402535000 seconds]
[Time since reference or first frame: 7.972662000 seconds]
Frame Number: 603
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:dns]
Ethernet II, Src: Micro-St_4b:47:dc (d4:3d:7e:4b:47:dc), Dst: Netgear_bb:b7:2c (00:1b:2f:bb:b7:2c)
Destination: Netgear_bb:b7:2c (00:1b:2f:bb:b7:2c)
Address: Netgear_bb:b7:2c (00:1b:2f:bb:b7:2c)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Micro-St_4b:47:dc (d4:3d:7e:4b:47:dc)
Address: Micro-St_4b:47:dc (d4:3d:7e:4b:47:dc)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.1 (192.168.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 64
Identification: 0xf651 (63057)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x0107 [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.3 (192.168.1.3)
Destination: 192.168.1.1 (192.168.1.1)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 37226 (37226), Dst Port: domain (53)
Source port: 37226 (37226)
Destination port: domain (53)
Length: 44
Checksum: 0x09f5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
Transaction ID: 0xc755
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
[Expert Info (Warn/Security): AD bit set in DNS Query]
[Message: AD bit set in DNS Query]
[Severity level: Warn]
[Group: Security]
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
cf16.eu: type A, class IN
Name: cf16.eu
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
答案1
在这种情况下,您的路由器充当本地请求的 DNS 服务器并充当未知地址的转发器,在 8.8.8.8 服务器上进行查询,处理响应,然后发回指示结果的数据包。如果您使用没有服务器引用的 dig,它会使用根区域进行解析,并且您的路由器会将查找转发到根服务器进行解析。
当您在 dig 中指定服务器时,您通常会尝试确定您刚刚创建/导入的区域是否在此服务器上正常运行,因此不能允许转发,否则会隐藏您专门尝试测试的服务器上的潜在故障。您不是说“给我关于这个域的信息”,而是“给我这个特定服务器关于这个域的信息”。
由于所讨论的域不位于路由器上实际存在的区域中,因此您不会收到任何响应。
更多信息请见此处: http://en.wikipedia.org/wiki/Dig_%28command%29
当命令调用中未指定特定名称服务器时,它将使用操作系统默认解析器(通常通过 resolv.conf 文件配置)。它无需任何参数即可查询 DNS 根区域。