为什么 dnsmasq 转发已解析的地址?

tag-icon tag-icon linux networking ubuntu dns dnsmasq
为什么 dnsmasq 转发已解析的地址?

我可以 ping 通主机:

dig registry.mynet

DNS 服务器将执行预期的操作:

dnsmasq[1]: 895 127.0.0.1/44580 query[A] registry.mynet from 127.0.0.1
dnsmasq[1]: 895 127.0.0.1/44580 /etc/hosts registry.mynet is 42.42.42.42

但如果我尝试更复杂的请求,则需要很长时间:

» time http -h http://registry.mynet/v2/_catalog?n=100
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 97
Content-Type: application/json; charset=utf-8
Date: Fri, 23 Mar 2018 10:42:13 GMT
Docker-Distribution-Api-Version: registry/2.0
Server: nginx/1.13.9
X-Content-Type-Options: nosniff

real    0m15.297s
user    0m0.252s
sys     0m0.028s

这与服务无关(服务响应非常快)。这是因为 DNS 服务器做了一些奇怪的事情:

dnsmasq[1]: 887 127.0.0.1/53345 query[A] registry.mynet from 127.0.0.1
dnsmasq[1]: 887 127.0.0.1/53345 /etc/hosts registry.mynet is 42.42.42.42
dnsmasq[1]: 888 127.0.0.1/53345 query[AAAA] registry.mynet from 127.0.0.1
dnsmasq[1]: 888 127.0.0.1/53345 forwarded registry.mynet to 208.67.220.220
dnsmasq[1]: 888 127.0.0.1/53345 forwarded registry.mynet to 8.8.4.4
dnsmasq[1]: 888 127.0.0.1/53345 forwarded registry.mynet to 8.8.8.8
dnsmasq[1]: 888 127.0.0.1/53345 forwarded registry.mynet to 8.8.8.8

dnsmasq[1]: 889 127.0.0.1/53345 query[A] registry.mynet from 127.0.0.1
dnsmasq[1]: 889 127.0.0.1/53345 /etc/hosts registry.mynet is 42.42.42.42
dnsmasq[1]: 890 127.0.0.1/53345 query[AAAA] registry.mynet from 127.0.0.1
dnsmasq[1]: 890 127.0.0.1/53345 forwarded registry.mynet to 208.67.220.220
dnsmasq[1]: 890 127.0.0.1/53345 forwarded registry.mynet to 8.8.4.4
dnsmasq[1]: 890 127.0.0.1/53345 forwarded registry.mynet to 8.8.8.8
dnsmasq[1]: 890 127.0.0.1/53345 forwarded registry.mynet to 8.8.8.8

dnsmasq[1]: 891 127.0.0.1/41484 query[A] registry.mynet from 127.0.0.1
dnsmasq[1]: 891 127.0.0.1/41484 /etc/hosts registry.mynet is 42.42.42.42
dnsmasq[1]: 892 127.0.0.1/58752 query[AAAA] registry.mynet from 127.0.0.1
dnsmasq[1]: 892 127.0.0.1/58752 forwarded registry.mynet to 208.67.220.220
dnsmasq[1]: 892 127.0.0.1/58752 forwarded registry.mynet to 8.8.4.4
dnsmasq[1]: 892 127.0.0.1/58752 forwarded registry.mynet to 8.8.8.8
dnsmasq[1]: 892 127.0.0.1/58752 forwarded registry.mynet to 8.8.8.8

我有两个问题:

  • DNS 服务器确实找到了正确答案(/etc/hosts registry.mynet is 42.42.42.42):为什么处理继续?
  • “转发”条目是什么意思?

答案1

首先:

dig registry.mynet

仅执行 IPv4 查询([A]查询)。您dnsmasq可以很好地回复这些查询。您可以通过执行以下操作强制dig执行查询:AAAA

dig registry.mynet AAAA

从日志中,您可以看到它http正在发送 IPv4 和 IPv6 查询([AAAA]查询)。您dnsmasq回复了前者,但没有回复后者,这可能是因为您没有为主机配置 IPv6 地址。

您可以通过确保dnsmasq不转发网络中主机的请求来避免这种情况:

local=/mynet/

相关内容