我无法理解为什么 dig 在客户端回答我的查询时会有所不同。我在 DNS 中配置了以下区域文件
$ORIGIN mail.lab.example.com.
$TTL 0
@ IN SOA colombo root.mail.lab.example.com. (
2003022720 ; Serial
56800 ; Refresh
14400 ; Retry
3600000 ; Expire
2h ) ; Min
@ IN NS mail.lab.example.com.
@ IN A 198.51.100.157
;NAPTR Records
pcr20718 IN NAPTR 10 34 "s" "SIP+D2U" "" _sip._udp.pcr20718
;SRV Records
_sip._udp.pcr20718 IN SRV 9 17 15103 pcr20718
;A Records
pcr20718 IN A 10.54.80.7
pcr20718 IN AAAA fd00:10:6b50:4500::9b
$ORIGIN webmail.mail.lab.example.com.
@ IN NS ns1.webmail.mail.lab.example.com.
ns1 IN A 198.51.100.156
@ IN NS ns2.webmail.mail.lab.example.com.
ns2 IN A 198.51.100.155
@ IN NS ns3.webmail.mail.lab.example.com.
ns3 IN A 198.51.100.154
@ IN NS ns4.webmail.mail.lab.example.com.
ns4 IN A 198.51.100.153
@ IN NS ns5.webmail.mail.lab.example.com.
ns5 IN A 198.51.100.152
@ IN NS ns6.webmail.mail.lab.example.com.
ns6 IN A 198.51.100.151
@ IN NS ns7.webmail.mail.lab.example.com.
ns7 IN A 198.51.100.150
@ IN NS ns8.webmail.mail.lab.example.com.
ns8 IN A 198.51.100.147
@ IN NS ns9.webmail.mail.lab.example.com.
ns9 IN A 198.51.100.146
@ IN NS ns10.webmail.mail.lab.example.com.
ns10 IN A 198.51.100.145
@ IN NS ns11.webmail.mail.lab.example.com.
ns11 IN A 198.51.100.144
@ IN NS ns12.webmail.mail.lab.example.com.
ns12 IN A 198.51.100.143
@ IN NS ns13.webmail.mail.lab.example.com.
ns13 IN A 198.51.100.142
@ IN NS ns14.webmail.mail.lab.example.com.
ns14 IN A 198.51.100.141
@ IN NS ns15.webmail.mail.lab.example.com.
ns15 IN A 198.51.100.140
@ IN NS ns16.webmail.mail.lab.example.com.
ns16 IN A 198.51.100.148
@ IN NS ns17.webmail.mail.lab.example.com.
ns17 IN A 198.51.100.149
@ IN NS ns18.webmail.mail.lab.example.com.
ns18 IN A 198.51.100.157
当我在 DNS 服务器上运行 dig 时,我得到了正确的响应
colombodns2:/var/lib/named # dig webmail.mail.lab.example.com. NAPTR
; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> webmail.mail.lab.example.com. NAPTR
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20175
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 18, ADDITIONAL: 19
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;webmail.mail.lab.example.com. IN NAPTR
;; AUTHORITY SECTION:
webmail.mail.lab.example.com. 0 IN NS ns9.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns18.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns11.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns2.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns4.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns8.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns10.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns17.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns12.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns3.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns6.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns14.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns16.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns15.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns7.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns1.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns5.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns13.webmail.mail.lab.example.com.
;; ADDITIONAL SECTION:
ns1.webmail.mail.lab.example.com. 0 IN A 198.51.100.156
ns2.webmail.mail.lab.example.com. 0 IN A 198.51.100.155
ns3.webmail.mail.lab.example.com. 0 IN A 198.51.100.154
ns4.webmail.mail.lab.example.com. 0 IN A 198.51.100.153
ns5.webmail.mail.lab.example.com. 0 IN A 198.51.100.152
ns6.webmail.mail.lab.example.com. 0 IN A 198.51.100.151
ns7.webmail.mail.lab.example.com. 0 IN A 198.51.100.150
ns8.webmail.mail.lab.example.com. 0 IN A 198.51.100.147
ns9.webmail.mail.lab.example.com. 0 IN A 198.51.100.146
ns10.webmail.mail.lab.example.com. 0 IN A 198.51.100.145
ns11.webmail.mail.lab.example.com. 0 IN A 198.51.100.144
ns12.webmail.mail.lab.example.com. 0 IN A 198.51.100.143
ns13.webmail.mail.lab.example.com. 0 IN A 198.51.100.142
ns14.webmail.mail.lab.example.com. 0 IN A 198.51.100.141
ns15.webmail.mail.lab.example.com. 0 IN A 198.51.100.140
ns16.webmail.mail.lab.example.com. 0 IN A 198.51.100.148
ns17.webmail.mail.lab.example.com. 0 IN A 198.51.100.149
ns18.webmail.mail.lab.example.com. 0 IN A 198.51.100.157
;; Query time: 27 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 17 11:02:49 IST 2017
;; MSG SIZE rcvd: 678
当我从客户端运行时,我无法看到查询中设置的 tc(截断位)。截断对 NS 查询有效吗?
dig @203.0.113.1 webmail.mail.lab.example.com. NAPTR +edns=0 +bufsize=512
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> @203.0.113.1 webmail.mail.lab.example.com. NAPTR +edns=0 +bufsize=512
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20571
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 18, ADDITIONAL: 8
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;webmail.mail.lab.example.com. IN NAPTR
;; AUTHORITY SECTION:
webmail.mail.lab.example.com. 0 IN NS ns8.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns12.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns13.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns14.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns1.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns16.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns9.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns3.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns10.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns18.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns5.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns11.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns2.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns6.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns7.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns17.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns15.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN NS ns4.webmail.mail.lab.example.com.
;; ADDITIONAL SECTION:
ns1.webmail.mail.lab.example.com. 0 IN A 198.51.100.156
ns2.webmail.mail.lab.example.com. 0 IN A 198.51.100.155
ns3.webmail.mail.lab.example.com. 0 IN A 198.51.100.154
ns4.webmail.mail.lab.example.com. 0 IN A 198.51.100.153
ns5.webmail.mail.lab.example.com. 0 IN A 198.51.100.152
ns6.webmail.mail.lab.example.com. 0 IN A 198.51.100.151
ns7.webmail.mail.lab.example.com. 0 IN A 198.51.100.150
;; Query time: 1 msec
;; SERVER: 203.0.113.1#53(203.0.113.1)
;; WHEN: Tue Oct 17 11:40:31 2017
;; MSG SIZE rcvd: 502
这是否与我的 DNS 服务器无法设置截断位有关?我希望看到截断位被设置并在 TCP 上执行回退。但这似乎失败了
我可能做错了什么?
答案1
响应不够大,无法被截断。
TC位未设置时额外的部分不完全适合 –RFC 2181:
仅当需要 RRSet 作为响应的一部分但不能将其全部包含在内时,才应在响应中设置 TC 位。 不应仅仅因为本来可以包含一些额外信息但空间不足就设置 TC 位。这包括附加部分处理的结果。 在这种情况下,响应中放不下的整个 RRSet 应该被省略,回复按原样发送,同时清除 TC 位。如果回复的接收者需要省略的数据,它可以为该数据构建查询并单独发送。
除此之外,挖客户端支持 EDNS0 并协商更大的数据包大小 – 它可以接收最多 4 kB 的数据包,而不是 512 字节。