我正在运行 BIND 9.10.3-P4-Ubuntu 作为我自己的域的权威服务器,并为我的网络中的机器提供 DNS 服务。
我的问题:我无法解析 www.cnn.com。
所有其他域名似乎运行良好。
我知道有解决方法,但我正在努力学习和理解。这个问题让我很困惑。
我尝试过
dig www.cnn.com
导致 SERVFAIL(完整结果如下)但是...
dig www.cnn.com +trace
给出了答案(完整结果如下)
我已经打开了调试日志记录(结果如下)但不确定如何读取结果。
named-checkconf 返回了干净的结果并且我的系统日志也是干净的。
rndc reload
没有帮助。
service bind9 restart
没有帮助。
root.hints 是最新的
我的配置
命名配置文件
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
include "/etc/bind/named.conf.bogus-nets";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
命名的.conf.bogus-nets
// BIND CONFIG FILE INCLUDE
acl bogus-nets {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
5.0.0.0/8;
<为简洁起见已删除>
223.0.0.0/8;
224.0.0.0/3;
};
命名的.conf.选项
acl my-nets {
192.168.1.0/24;
192.168.0.0/24;
127.0.0.1;
};
options {
directory "/var/cache/bind";
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 {none;};
allow-query {my-nets;};
allow-recursion {my-nets;};
allow-query-cache {my-nets;};
blackhole {bogus-nets;};
allow-transfer {none;};
empty-zones-enable yes;
version "Version Redacted";
};
logging {
channel information {
file "/var/log/named/info.log" versions 3 size 500K;
severity debug 10;
print-time yes;
print-severity yes;
print-category yes;
};
category default {information;};
};
controls {
inet 127.0.0.1 allow {localhost;} keys {rndc-key;};
};
命名的.conf.本地
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
view "internal" {
match-clients {my-nets;};
zone "." IN {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" IN {
type master;
file "/etc/bind/zones/localhost.zone";
allow-update {none;};
allow-query {my-nets;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/0.0.127.in-addr.arpa.zone";
allow-update {none;};
allow-query {my-nets;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/1.168.192.in-addr.arpa.zone";
allow-update {none;};
allow-query {my-nets;};
};
zone "mindmelter.org" IN {
type master;
file "/etc/bind/zones/mindmelter.org.internal.zone";
allow-update {none;};
allow-query {my-nets;};
check-names ignore;
};
};
view "external" {
match-clients {any;};
zone "." IN {
type hint;
file "/etc/bind/db.root";
};
zone "mindmelter.org" IN {
type master;
file "/etc/bind/zones/mindmelter.org.external.zone";
allow-update {none;};
allow-query {any;};
check-names ignore;
};
};
文件权限
ls -l /etc/bind/db.root
-rw-r--r-- 1 bind bind 3170 Jul 9 17:26 /etc/bind/db.root
ls -l /etc/bind/zones/
-rw-r--r-- 1 bind bind 534 Jul 19 2014 0.0.127.in-addr.arpa.zone
-rw-r--r-- 1 bind bind 1666 Jul 19 2014 1.168.192.in-addr.arpa.zone
-rw-r--r-- 1 bind bind 466 Jul 19 2014 localhost.zone
-rw-r--r-- 1 bind bind 1104 Nov 29 2015 mindmelter.org.external.zone
-rw-r--r-- 1 bind bind 1224 Jul 10 13:14 mindmelter.org.internal.zone
ls -l /var/cache/bind
total 72020
-rw-r--r-- 1 bind bind 821 Jul 10 13:49 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys
-rw-r--r-- 1 bind bind 512 Jul 10 13:49 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys.jnl
-rw-r--r-- 1 bind bind 821 Jul 10 13:49 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys
-rw-r--r-- 1 bind bind 512 Jul 10 13:49 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys.jnl
-rw------- 1 bind bind 73723904 Sep 3 2015 core
-rw-r--r-- 1 bind bind 720 Jul 19 2014 managed-keys.bind
-rw-r--r-- 1 bind bind 512 Jul 19 2014 managed-keys.bind.jnl
根提示(/etc/bind/db.root)
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: March 23, 2016
; related version of root zone: 2016032301
;
; formerly NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file
命令输出
访问 www.cnn.com
dig www.cnn.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24330
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cnn.com. IN A
;; Query time: 260 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Sun Jul 10 14:00:11 CDT 2016
;; MSG SIZE rcvd: 40
挖掘www.cnn.com +trace
dig www.cnn.com +trace
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.cnn.com +trace
;; global options: +cmd
. 470071 IN NS k.root-servers.net.
. 470071 IN NS c.root-servers.net.
. 470071 IN NS d.root-servers.net.
. 470071 IN NS e.root-servers.net.
. 470071 IN NS g.root-servers.net.
. 470071 IN NS l.root-servers.net.
. 470071 IN NS f.root-servers.net.
. 470071 IN NS m.root-servers.net.
. 470071 IN NS a.root-servers.net.
. 470071 IN NS h.root-servers.net.
. 470071 IN NS j.root-servers.net.
. 470071 IN NS i.root-servers.net.
. 470071 IN NS b.root-servers.net.
. 514339 IN RRSIG NS 8 0 518400 20160720170000 20160710160000 46551 . ZrHKtz6uJX2ljRgkPEmXUHDuuskMmqNQTqndwpQvKimBvng8B4qCK5Mt hg6tBfmJM7Wk53NnDYoJRk1Q++OKoYYZf+njKhcPbrGa2D+rDuPOyOJz 4ussO1AZdg+H4JsZ9/OR3TfUYS4lfG8Ov6u4lc2R1y2tWqTKFif20WMC 8TM=
;; Received 955 bytes from 192.168.1.2#53(192.168.1.2) in 1 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20160720170000 20160710160000 46551 . TtxKBdFbscgs26hOkVaP5DV5bvrczgFJ91Vq79iRhvRu5PveAjT8af8G yF0+JZMUAXyMbU7uxhgs0Rpec7ldBu/palvN9edTXZTUmmRCHiCoJwSX 46nzphAUeWh6+BB8FRZl6FpRMaSfZ02Vd3f3pxabNzLYtHzsizMXAOBv 8go=
;; Received 735 bytes from 192.5.5.241#53(f.root-servers.net) in 102 ms
cnn.com. 172800 IN NS ns1.timewarner.net.
cnn.com. 172800 IN NS ns3.timewarner.net.
cnn.com. 172800 IN NS ns1.p42.dynect.net.
cnn.com. 172800 IN NS ns2.p42.dynect.net.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20160717050355 20160710035355 34745 com. FRl3kWjrLQDbv3KST9JdLeQN0FgGqik8Pau80HDFSwQV9ON0D9L9CnyT 3qLHbgsh8MMt9ma0AnxjnfZx00YoRySt+0vwQfzk0/7Z6pTeyXEZCBQU 9we3XmqWg56sIDVDK3KKyTaPE2mJUZjweRpuvv3RsfjQ7qHeDeFR/spT eNk=
FVT71LMDJ71M5N4BBJG7S42QT4H2K0VS.com. 86400 IN NSEC3 1 1 0 - FVT8070RVMMN14H33TU31073GPDT89UQ NS DS RRSIG
FVT71LMDJ71M5N4BBJG7S42QT4H2K0VS.com. 86400 IN RRSIG NSEC3 8 2 86400 20160717050135 20160710035135 34745 com. XdoDYW/ILABlYX21xe4D5WJRQBBMR2Gk8Bqx//x/IgjyqgmXEmsVqhty DMBS3+Sra4lsqdXHewRekfcTVCuawRp/2tA1qNZRKsOw/uQLT5RAgBqC uCNr6wnJi41B8tnbZIeqikajlao1ie0MvjwIqQC3TLknGiz1gFDMYSNi LKg=
;; Received 686 bytes from 192.43.172.30#53(i.gtld-servers.net) in 100 ms
www.cnn.com. 300 IN CNAME turner.map.fastly.net.
;; Received 75 bytes from 204.74.108.238#53(ns1.timewarner.net) in 56 ms
挖掘 turner.map.fastly.net +trace
dig turner.map.fastly.net +trace
; <<>> DiG 9.10.3-P4-Ubuntu <<>> turner.map.fastly.net +trace
;; global options: +cmd
. 470021 IN NS e.root-servers.net.
. 470021 IN NS m.root-servers.net.
. 470021 IN NS c.root-servers.net.
. 470021 IN NS i.root-servers.net.
. 470021 IN NS h.root-servers.net.
. 470021 IN NS j.root-servers.net.
. 470021 IN NS k.root-servers.net.
. 470021 IN NS g.root-servers.net.
. 470021 IN NS d.root-servers.net.
. 470021 IN NS b.root-servers.net.
. 470021 IN NS l.root-servers.net.
. 470021 IN NS f.root-servers.net.
. 470021 IN NS a.root-servers.net.
. 514289 IN RRSIG NS 8 0 518400 20160720170000 20160710160000 46551 . ZrHKtz6uJX2ljRgkP hg6tBfmJM7Wk53NnDYoJRk1Q++OKoYYZf+njKhcPbrGa2D+rDuPOyOJz 4ussO1AZdg+H4JsZ9/OR3TfUYS4lfG8Ov6u4lc2R1y2tWqTKFif20WMC 8T
;; Received 955 bytes from 192.168.1.2#53(192.168.1.2) in 2 ms
net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8B
net. 86400 IN RRSIG DS 8 1 86400 20160720170000 20160710160000 46551 . TVBcfHmkbx7KPHEMYGQ8ryWqxNk9WC1ETGLShz4Bau52UwyQbv2sZsejbpQMKnvOaJ7TPBOMDL cHcFhOD/3KMHZiora4vx97BY5E4mnvh8YgYK3mFzXXLolRjCpO66oALk E9I
;; Received 742 bytes from 199.7.83.42#53(l.root-servers.net) in 74 ms
fastly.net. 172800 IN NS ns1.p04.dynect.net.
fastly.net. 172800 IN NS ns3.p04.dynect.net.
fastly.net. 172800 IN NS ns2.p04.dynect.net.
fastly.net. 172800 IN NS ns4.p04.dynect.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSE
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20160717053023 20160710042023 50762 net. LfZBm/4vXKsi/ANaS s76lSOHLdUOF08JNpzq0uBuyTEjBS6GQFUg1ruUu2C/npgwBRxQPdMAX 6A3h+3vx9rju2frD00lI41G4IH/q83pdlAVsY6IUD02CwWuo8
AP1UQVEE3B7Q9OKM1F1UC6DRCTSUHETP.net. 86400 IN NSEC3 1 1 0 - AP2M7NDEO91A3DEM6A6I602B2AEO284F NS DS RRSIG
AP1UQVEE3B7Q9OKM1F1UC6DRCTSUHETP.net. 86400 IN RRSIG NSEC3 8 2 86400 20160717052608 20160710041608 50762 net. uFfWQLYJvssA3GHA0 HgkMVRpBvzE2lZTrwUHT8wkpIF7PrLJZ1/EC07JekoFQlgkI7C4O4HqS v9KiS4fwakyuCvMvqHunnVx3bFjaZHzJZRJRwIrkS270H6vMb
;; Received 682 bytes from 192.42.93.30#53(g.gtld-servers.net) in 84 ms
turner.map.fastly.net. 30 IN CNAME prod.turner.map.fastlylb.net.
;; Received 89 bytes from 204.13.251.4#53(ns4.p04.dynect.net) in 55 ms
挖掘 prod.turner.map.fastlylb.net +trace
dig prod.turner.map.fastlylb.net +trace
; <<>> DiG 9.10.3-P4-Ubuntu <<>> prod.turner.map.fastlylb.net +trace
;; global options: +cmd
. 469985 IN NS k.root-servers.net.
. 469985 IN NS l.root-servers.net.
. 469985 IN NS f.root-servers.net.
. 469985 IN NS d.root-servers.net.
. 469985 IN NS c.root-servers.net.
. 469985 IN NS a.root-servers.net.
. 469985 IN NS j.root-servers.net.
. 469985 IN NS m.root-servers.net.
. 469985 IN NS g.root-servers.net.
. 469985 IN NS b.root-servers.net.
. 469985 IN NS e.root-servers.net.
. 469985 IN NS h.root-servers.net.
. 469985 IN NS i.root-servers.net.
. 514253 IN RRSIG NS 8 0 518400 20160720170000 20160710160000 46551 . ZrHKtz6uJX2ljRgkPEmXUHDuuskMmqNQTqndwpQvKimBvng8B4qCK5Mt hg6tBfmJM7Wk53NnDYoJRk1Q++OKoYYZf+njKhcPbrGa2D+rDuPOyOJz 4ussO1AZdg+H4JsZ9/OR3TfUYS4lfG8Ov6u4lc2R1y2tWqTKFif20WMC 8TM=
;; Received 955 bytes from 192.168.1.2#53(192.168.1.2) in 1 ms
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
net. 86400 IN RRSIG DS 8 1 86400 20160720170000 20160710160000 46551 . TVBcfHmkbx7KPHEMYGhoh/YVWuae16dznm2kScbPP6W7sLknlF4hnxcD Q8ryWqxNk9WC1ETGLShz4Bau52UwyQbv2sZsejbpQMKnvOaJ7TPBOMDL cHcFhOD/3KMHZiora4vx97BY5E4mnvh8YgYK3mFzXXLolRjCpO66oALk E9I=
;; Received 749 bytes from 198.41.0.4#53(a.root-servers.net) in 79 ms
fastlylb.net. 172800 IN NS ns1.fastlylb.net.
fastlylb.net. 172800 IN NS ns2.fastlylb.net.
fastlylb.net. 172800 IN NS ns3.fastlylb.net.
fastlylb.net. 172800 IN NS ns4.fastlylb.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20160717053023 20160710042023 50762 net. LfZBm/4j+WvVDIDZZn3fBMV4nSM1bW1Ea7ptxthzgdvR6dvXKsi/ANaS s76lSOHLdUOF08JNpzq0uBuyTEjBS6GQFUg1ruUu2C/npgwBRxQPdMAX 6A3h+3vx9rju2frD00lI41G4IH/q83pdlAVsY6IUD02CwWuo8TLuglyB tMo=
IVGF9TD77VU6QETUUOLS7T84VMH1S5E7.net. 86400 IN NSEC3 1 1 0 - IVGV4AU40DKCA1FI0Q6UIFCTE1CUIIAP NS DS RRSIG
IVGF9TD77VU6QETUUOLS7T84VMH1S5E7.net. 86400 IN RRSIG NSEC3 8 2 86400 20160714052000 20160707041000 50762 net. KxuPdbkmroRr/KSmGBQd27iZaWb1rMzcotXAt8g3PXm9jH6JeQu5HtmD VqzGw/uuwfxrcEZ5HMfttThAqU43FD9ZD0miwIckVUQz8rbLpFSKTYK7 ai/hdsTh+obZpEiDY0hSV1NNsUae7e7xtXctxjvQufKECa65HCqgzGTw r4k=
;; Received 678 bytes from 192.41.162.30#53(l.gtld-servers.net) in 80 ms
prod.turner.map.fastlylb.net. 30 IN A 151.101.44.73
;; Received 73 bytes from 104.156.84.32#53(ns4.fastlylb.net) in 55 ms
BIND 日志文件 /var/log/named/info.log
这是来自 www.cnn.com 的 SERVFAIL 显示。
10-Jul-2016 14:01:35.208 client: debug 3: client 192.168.1.2#45833: UDP request
10-Jul-2016 14:01:35.208 client: debug 5: client 192.168.1.2#45833: view internal: using view 'internal'
10-Jul-2016 14:01:35.208 security: debug 3: client 192.168.1.2#45833: view internal: request is not signed
10-Jul-2016 14:01:35.208 security: debug 3: client 192.168.1.2#45833: view internal: recursion available
10-Jul-2016 14:01:35.208 client: debug 3: client 192.168.1.2#45833: view internal: query
10-Jul-2016 14:01:35.208 client: debug 10: client 192.168.1.2#45833 (www.cnn.com): view internal: ns_client_attach: ref = 1
10-Jul-2016 14:01:35.209 security: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: query (cache) 'www.cnn.com/A/IN' approved
10-Jul-2016 14:01:35.209 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: replace
10-Jul-2016 14:01:35.209 general: debug 3: clientmgr @0x7f71ff5e8458: get client
10-Jul-2016 14:01:35.209 general: debug 3: clientmgr @0x7f71ff5e8458: recycle
10-Jul-2016 14:01:35.209 resolver: debug 1: fetch: turner.map.fastly.net/A
10-Jul-2016 14:01:35.209 client: debug 3: client @0x7f71e0000f60: udprecv
10-Jul-2016 14:01:35.209 resolver: debug 10: log_ns_ttl: fctx 0x7f71e80ca040: fctx_create: turner.map.fastly.net (in 'fastly.NET'?): 1 125746
10-Jul-2016 14:01:35.265 resolver: debug 10: received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23686
;; flags: qr aa; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;turner.map.fastly.net. IN A
;; ANSWER SECTION:
;turner.map.fastly.net. 30 IN CNAME prod.turner.map.fastlylb.net.
10-Jul-2016 14:01:35.265 dnssec: debug 3: validating turner.map.fastly.net/CNAME: starting
10-Jul-2016 14:01:35.265 dnssec: debug 3: validating turner.map.fastly.net/CNAME: attempting insecurity proof
10-Jul-2016 14:01:35.265 dnssec: debug 3: validating turner.map.fastly.net/CNAME: checking existence of DS at 'net'
10-Jul-2016 14:01:35.265 dnssec: debug 3: validating turner.map.fastly.net/CNAME: checking existence of DS at 'fastly.net'
10-Jul-2016 14:01:35.265 dnssec: debug 3: validating turner.map.fastly.net/CNAME: marking as answer (proveunsecure (4))
10-Jul-2016 14:01:35.265 dnssec: debug 4: validator @0x7f71e8048c70: dns_validator_destroy
10-Jul-2016 14:01:35.265 database: debug 5: dns_adb_destroyfind on find 0x7f71e03f52c0
10-Jul-2016 14:01:35.265 database: debug 5: dns_adb_destroyfind on find 0x7f71e08fa220
10-Jul-2016 14:01:35.265 database: debug 5: dns_adb_destroyfind on find 0x7f71e03d92c0
10-Jul-2016 14:01:35.265 database: debug 5: dns_adb_destroyfind on find 0x7f71e08ffa90
10-Jul-2016 14:01:35.265 resolver: debug 1: fetch: prod.turner.map.fastlylb.net/A
10-Jul-2016 14:01:35.265 resolver: debug 10: log_ns_ttl: fctx 0x7f71f04ba858: fctx_create: prod.turner.map.fastlylb.net (in 'fastlylb.NET'?): 1 125747
10-Jul-2016 14:01:35.265 database: debug 5: expiring v4 for name 0x7f71e08f1bb0
10-Jul-2016 14:01:35.265 database: debug 5: dns_adb_createfind: found A for name ns1.fastlylb.net (0x7f71e08f1bb0) in db
10-Jul-2016 14:01:35.265 database: debug 5: expiring v4 for name 0x7f71e08f1a80
10-Jul-2016 14:01:35.265 database: debug 5: dns_adb_createfind: found A for name ns2.fastlylb.net (0x7f71e08f1a80) in db
10-Jul-2016 14:01:35.266 database: debug 5: expiring v4 for name 0x7f71e08f1950
10-Jul-2016 14:01:35.266 database: debug 5: dns_adb_createfind: found A for name ns3.fastlylb.net (0x7f71e08f1950) in db
10-Jul-2016 14:01:35.266 database: debug 5: expiring v4 for name 0x7f71e08f5fd0
10-Jul-2016 14:01:35.266 database: debug 5: dns_adb_createfind: found A for name ns4.fastlylb.net (0x7f71e08f5fd0) in db
10-Jul-2016 14:01:35.266 database: debug 5: dns_adb_destroyfind on find 0x7f71e03f52c0
10-Jul-2016 14:01:35.266 database: debug 5: dns_adb_destroyfind on find 0x7f71e08ffa90
10-Jul-2016 14:01:35.266 database: debug 5: dns_adb_destroyfind on find 0x7f71e08fa220
10-Jul-2016 14:01:35.266 database: debug 5: dns_adb_destroyfind on find 0x7f71e03d92c0
10-Jul-2016 14:01:35.266 query-errors: debug 1: client 192.168.1.2#45833 (www.cnn.com): view internal: query failed (SERVFAIL) for www.cnn.com/IN/A at ../../../bin/named/query.c:7769
10-Jul-2016 14:01:35.266 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: error
10-Jul-2016 14:01:35.266 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: send
10-Jul-2016 14:01:35.266 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: sendto
10-Jul-2016 14:01:35.266 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: senddone
10-Jul-2016 14:01:35.266 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: next
10-Jul-2016 14:01:35.266 client: debug 10: client 192.168.1.2#45833 (www.cnn.com): view internal: ns_client_detach: ref = 0
10-Jul-2016 14:01:35.266 client: debug 3: client 192.168.1.2#45833 (www.cnn.com): view internal: endrequest
10-Jul-2016 14:01:35.266 query-errors: debug 2: fetch completed at ../../../lib/dns/resolver.c:3660 for prod.turner.map.fastlylb.net/A in 0.000632: SERVFAIL/success [domain:fastlylb.NET,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
答案1
如果不转储您的缓存状态,就无法(现在)找出导致 SERVFAIL 情况的原因,因为它现在大部分工作正常,尽管速度较慢。有几层名称服务器集和几个查找(和查询重新启动)域可能是罪魁祸首(cnn.com 本身不太可能),即从您在网络的角度来看,timewarner.com、fastly.net 或 dynect.net 可能存在问题。
下次发生这种情况时,请使用此站点进行自上而下的分析: http://dnsviz.net/
如果您现在尝试访问 www.cnn.com,会出现由于协商的有效负载大小(通常是由防火墙配置错误导致)而导致委派不匹配和 UDP 传送失败的警告。
编辑:您bogus-net
正在使用这些 IP 中的任何一个吗?
$ checksoa fastly.net
Serial # RTT(ms) Version fastly.net nameservers (name -- IP -- SOA MNAME)
2016071503 91 9.10.2+Dyn-ETM-13892 ns1.p04.dynect.net 208.78.70.4 SOA: ns1.p04.dynect.net
2016071503 145 9.10.2+Dyn-ETM-13892 ns3.p04.dynect.net 208.78.71.4 SOA: ns1.p04.dynect.net
2016071503 133 9.10.2+Dyn-ETM-13892 ns1.p04.dynect.net 2001:500:90:1:0:0:0:4 SOA: ns1.p04.dynect.net
2016071503 113 9.10.2+Dyn-ETM-13892 ns4.p04.dynect.net 204.13.251.4 SOA: ns1.p04.dynect.net
2016071503 110 9.10.2+Dyn-ETM-13892 ns2.p04.dynect.net 204.13.250.4 SOA: ns1.p04.dynect.net
2016071503 103 9.10.2+Dyn-ETM-13892 ns3.p04.dynect.net 2001:500:94:1:0:0:0:4 SOA: ns1.p04.dynect.net
$ checksoa dynect.net
Serial # RTT(ms) Version dynect.net nameservers (name -- IP -- SOA MNAME)
2016070500 61 9.10.2+Dyn-ETM-13892 ns1.dynamicnetworkservices.net 208.78.70.136 SOA: ns0.dynamicnetworkservices.net
2016070500 64 myriad_pdns:1.0.0 ns6.dynamicnetworkservices.net 162.88.61.21 SOA: ns0.dynamicnetworkservices.net
2016070500 65 myriad_pdns:1.0.0 ns5.dynamicnetworkservices.net 162.88.60.21 SOA: ns0.dynamicnetworkservices.net
2016070500 62 9.10.2+Dyn-ETM-13892 ns3.dynamicnetworkservices.net 208.78.71.136 SOA: ns0.dynamicnetworkservices.net
2016070500 70 9.10.2+Dyn-ETM-13892 ns2.dynamicnetworkservices.net 204.13.250.136 SOA: ns0.dynamicnetworkservices.net
2016070500 70 9.10.2+Dyn-ETM-13892 ns4.dynamicnetworkservices.net 204.13.251.136 SOA: ns0.dynamicnetworkservices.net
2016070500 81 myriad_pdns:1.0.0 ns6.dynamicnetworkservices.net 2600:2000:1001:0:0:0:0:21 SOA: ns0.dynamicnetworkservices.net
2016070500 79 9.10.2+Dyn-ETM-13892 ns1.dynamicnetworkservices.net 2001:500:90:1:0:0:0:136 SOA: ns0.dynamicnetworkservices.net
2016070500 81 vertex_bind:2.0.2 ns7.dynamicnetworkservices.net 108.59.165.1 SOA: ns0.dynamicnetworkservices.net
2016070500 81 9.10.2+Dyn-ETM-13892 ns3.dynamicnetworkservices.net 2001:500:94:1:0:0:0:136 SOA: ns0.dynamicnetworkservices.net
2016070500 82 myriad_pdns:1.0.0 ns5.dynamicnetworkservices.net 2600:2000:1000:0:0:0:0:21 SOA: ns0.dynamicnetworkservices.net
2016070500 86 vertex_bind:2.0.2 ns7.dynamicnetworkservices.net 2a02:e180:8:0:0:0:0:1 SOA: ns0.dynamicnetworkservices.net
$ checksoa dynamicnetworkservices.net
Serial # RTT(ms) Version dynamicnetworkservices.net nameservers (name -- IP -- SOA MNAME)
2016051600 62 9.10.2+Dyn-ETM-13892 ns3.dynamicnetworkservices.net 208.78.71.136 SOA: ns0.dynamicnetworkservices.net
2016051600 64 myriad_pdns:1.0.0 ns6.dynamicnetworkservices.net 162.88.61.21 SOA: ns0.dynamicnetworkservices.net
2016051600 64 9.10.2+Dyn-ETM-13892 ns1.dynamicnetworkservices.net 208.78.70.136 SOA: ns0.dynamicnetworkservices.net
2016051600 64 myriad_pdns:1.0.0 ns5.dynamicnetworkservices.net 162.88.60.21 SOA: ns0.dynamicnetworkservices.net
2016051600 72 9.10.2+Dyn-ETM-13892 ns2.dynamicnetworkservices.net 204.13.250.136 SOA: ns0.dynamicnetworkservices.net
2016051600 75 9.10.2+Dyn-ETM-13892 ns4.dynamicnetworkservices.net 204.13.251.136 SOA: ns0.dynamicnetworkservices.net
2016051600 81 vertex_bind:2.0.2 ns7.dynamicnetworkservices.net 108.59.165.1 SOA: ns0.dynamicnetworkservices.net
2016051600 81 9.10.2+Dyn-ETM-13892 ns3.dynamicnetworkservices.net 2001:500:94:1:0:0:0:136 SOA: ns0.dynamicnetworkservices.net
2016051600 85 myriad_pdns:1.0.0 ns6.dynamicnetworkservices.net 2600:2000:1001:0:0:0:0:21 SOA: ns0.dynamicnetworkservices.net
2016051600 88 vertex_bind:2.0.2 ns7.dynamicnetworkservices.net 2a02:e180:8:0:0:0:0:1 SOA: ns0.dynamicnetworkservices.net
2016051600 83 9.10.2+Dyn-ETM-13892 ns1.dynamicnetworkservices.net 2001:500:90:1:0:0:0:136 SOA: ns0.dynamicnetworkservices.net
2016051600 85 myriad_pdns:1.0.0 ns5.dynamicnetworkservices.net 2600:2000:1000:0:0:0:0:21 SOA: ns0.dynamicnetworkservices.net