我的网站对我来说瘫痪了。tracert虽然它报告了不同的域名(并且 23 个跳数似乎相当长),但还是找到了服务器。ping有效,引用与 tracert 相同的 IP。nslookup也报告了相同的 IP。
Web 浏览器、ssh 和 sftp 都报告“连接已超时”。
我在多台计算机上看到了同样的问题(但都在同一个本地网络上;Windows 7 和 10)。
我可以连接到我的主机 (DreamHost) 的控制面板并访问所有常用功能。那里没有任何问题。
我可以使用 Lynx 从我可以访问的另一个国家的服务器上的 shell 控制台浏览该网站。Web 服务包括isup.me和尼布勒报告连接站点没有问题。
在过去的几个月里,这种情况发生过几次。大约半天后,它又恢复正常了。我该如何缩小实际问题的范围?
该网站是www.yukongis.ca
Tracert 和 ping 结果(通过 WinMTR):
|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| gateway.mkcd - 0 | 823 | 823 | 0 | 0 | 0 | 0 |
| 10.131.127.254 - 1 | 819 | 818 | 5 | 29 | 502 | 6 |
| 10.11.64.25 - 0 | 822 | 822 | 5 | 23 | 522 | 9 |
| 10.1.2.113 - 1 | 815 | 813 | 31 | 36 | 312 | 33 |
| 64.230.219.141 - 1 | 819 | 818 | 31 | 36 | 310 | 33 |
|tcore4-edmonton_bundle-ether1.net.bell.ca - 1 | 819 | 818 | 48 | 55 | 334 | 52 |
|tcore3-vancouver_tengige0-15-0-5.net.bell.ca - 0 | 822 | 822 | 50 | 55 | 351 | 51 |
|tcore3-seattle_hundredgige0-5-0-0.net.bell.ca - 1 | 819 | 818 | 49 | 53 | 330 | 52 |
| bx4-seattle_ae2.net.bell.ca - 0 | 822 | 822 | 49 | 59 | 540 | 51 |
| 206.111.7.17.ptr.us.xo.net - 1 | 819 | 818 | 49 | 53 | 415 | 53 |
| vb2000d1.rar3.seattle-wa.us.xo.net - 0 | 822 | 822 | 109 | 114 | 409 | 113 |
| ae0.rcb1.saltlake2-ut.us.xo.net - 0 | 822 | 822 | 108 | 112 | 406 | 110 |
| 207.88.12.144.ptr.us.xo.net - 0 | 822 | 822 | 112 | 116 | 408 | 113 |
| 207.88.12.190.ptr.us.xo.net - 1 | 819 | 818 | 111 | 120 | 591 | 116 |
| te0-12-0-0.rar3.sanjose-ca.us.xo.net - 1 | 819 | 818 | 112 | 115 | 417 | 113 |
| 207.88.12.164.ptr.us.xo.net - 0 | 822 | 822 | 111 | 116 | 416 | 114 |
| 207.88.12.213.ptr.us.xo.net - 1 | 819 | 818 | 109 | 118 | 388 | 110 |
| 207.88.12.214.ptr.us.xo.net - 0 | 822 | 822 | 108 | 122 | 406 | 110 |
| 207.88.14.181.ptr.us.xo.net - 0 | 822 | 822 | 110 | 115 | 417 | 113 |
| 209.48.43.58 - 1 | 819 | 818 | 113 | 116 | 392 | 114 |
| ip-208-113-156-4.dreamhost.com - 1 | 819 | 818 | 112 | 115 | 393 | 114 |
| ip-208-113-156-14.dreamhost.com - 0 | 822 | 822 | 111 | 116 | 409 | 113 |
|apache2-argon.thomas-lynch-jr.dreamhost.com - 0 | 822 | 822 | 113 | 116 | 410 | 115 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
输出nslookup -d2:
------------
SendRequest(), len 42
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
1.1.168.192.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (68 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
1.1.168.192.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.1.168.192.in-addr.arpa
type = PTR, class = IN, dlen = 14
name = gateway.mkcd
ttl = 0 (0 secs)
------------
Server: gateway.mkcd
Address: 192.168.1.1
------------
SendRequest(), len 38
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.yukongis.ca.mkcd, type = A, class = IN
------------
------------
Got answer (38 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.yukongis.ca.mkcd, type = A, class = IN
------------
------------
SendRequest(), len 38
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.yukongis.ca.mkcd, type = AAAA, class = IN
------------
------------
Got answer (113 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yukongis.ca.mkcd, type = AAAA, class = IN
AUTHORITY RECORDS:
-> (root)
type = SOA, class = IN, dlen = 64
ttl = 569 (9 mins 29 secs)
primary name server = a.root-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 2017052801
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
------------
SendRequest(), len 33
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.yukongis.ca, type = A, class = IN
------------
------------
Got answer (49 bytes):
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
www.yukongis.ca, type = A, class = IN
ANSWERS:
-> www.yukongis.ca
type = A, class = IN, dlen = 4
internet address = 208.113.218.229
ttl = 12817 (3 hours 33 mins 37 secs)
------------
------------
SendRequest(), len 33
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.yukongis.ca, type = AAAA, class = IN
------------
------------
Got answer (97 bytes):
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yukongis.ca, type = AAAA, class = IN
AUTHORITY RECORDS:
-> yukongis.ca
type = SOA, class = IN, dlen = 52
ttl = 445 (7 mins 25 secs)
primary name server = ns1.dreamhost.com
responsible mail addr = hostmaster.dreamhost.com
serial = 2017042704
refresh = 19223 (5 hours 20 mins 23 secs)
retry = 1800 (30 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
------------
Name: www.yukongis.ca
Address: 208.113.218.229
答案1
您的服务器上是否使用了类似 fail2ban 的东西?
至少你的问题看起来像一个反滥用对策,即如果一个 IP 试图快速连接到服务器,它将被阻止一段时间。
这也解释了为什么过了一段时间后才能再次连接。
也许您的提供商已经提供了类似的东西。那么您必须寻求他们的支持。
答案2
除了 DNS 问题之外,还可能存在其他问题:
防火墙相关:返回路径问题(响应来自站点的另一个页面,返回时未通过防火墙 - 可使用浏览器监视器/跟踪器进行跟踪)。这是站点设计中的错误,通常由所有者纠正。
路由:您有影响目标 IP 的路由(如 EIGRP 隧道),并且流量通过隧道路由,而不是直接通过 ISP 退出(可以通过在路由器配置中显示 IP 路由来检查)。这可以通过在路由器中添加静态路由来解决(如果您的公司、ISP 等)。
答案3
听起来你遇到了本地 DNS 问题。我假设你的意思是除了你之外的所有人(你的网络之外)都可以访问该网站。然后它指向本地的某个东西。一个快速检查方法是强制更改你的 DNS,因此不要使用本地 DNS,而是使用 8.8.8.8
我假设此问题的另一个原因是它会在一天后解决,大多数 DNS 在午夜更新,因此问题会在第二天得到解决。