为什么自定义名称服务器不会委托?

tag-icon tag-icon linux networking dns
为什么自定义名称服务器不会委托?

在被告知“浏览 google.com”之前,我需要说明我有一个有效的设置,我已经解决了所有“常见”问题,并且我已经研究这个问题超过六个月了,但毫无进展。我还与 Name.com 支持人员进行了交谈,他们告诉我私人/自定义/虚荣名称服务器不是他们的问题,公平地说,使用他们的名称服务器可以工作,但无法宣传我通过他们的控制面板添加的任何 A 或 AAAA 记录。

正如标题所述,问题是我的名称服务器不会委派。 - 我在 Linux 端使用 IPTables(mod_sec 和 mod_evasive),可以确认路由器端的防火墙不是问题(允许 IPv6 路由数据包,并且无论开启、关闭还是开启严格规则都没有区别)。

通过 IPv4 端的路由子网访问 Web 服务器,并使用来自我的 IPv6 子网的地址通过 PPP 连接建立 IPv6 连接,因此 IPv6 连接无需额外配置即可工作(已验证),而我的 /29 IPv4 使用第一个地址作为路由子网的网关,其余地址连接到 Linux 以太网适配器。这也可以工作,虽然这是为了绕过 NAT,但我仍然可以在剩余的(非网关)IPv4 地址上为 DNS 地址配置端口,并打开端口 53 和 80,以确保 DNS 和 HTTPD 在两个方向(TCP 和 UDP)的连接。

我的命名配置文件(删除 rndc 键),命名运行, 和命名的叛乱者信息(清晰格式,我的服务器上的版本 DNSSEC 格式)文件如下所示。如果需要进一步的详细信息或说明,请告诉我。

命名的.conf:

options {
    listen-on { any; };
    allow-query { any; };
    listen-on-v6 { any; };

    directory           "/var/named";
    dump-file           "/var/named/data/cache_dump.db";
    statistics-file     "/var/named/data/named_stats.txt";
    memstatistics-file  "/var/named/data/named_mem_stats.txt";

    recursion yes;
    // edns-udp-size 1432;
    // allow-new-zones yes;
    allow-transfer { none; };

    dnssec-enable yes;
    dnssec-validation yes;
    managed-keys-directory "/var/named/dynamic";

    version "Damned If I Know";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "insurgent.info" IN {
    type master;
    file "named.insurgent.info";
    auto-dnssec maintain;
    key-directory "/var/named/dynamic";
    update-policy local;
};

zone "46.102.204.in-addr.arpa" IN {
    type master;
    file "named.PTR4.insurgent";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa" IN {
    type master;
    file "named.PTR6.insurgent";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

named.insurgent.info:

$TTL 1D
@                       IN  SOA    ns1.insurgent.info.    hostmaster.insurgent.info. (
                        110     ; serial
                        21600   ; refresh after 6 hours
                        3600    ; retry after 1 hour
                        604800  ; expire after 1 week
                        86400 ) ; minimum TTL of 1 day
;
                        IN  NS  ns1.insurgent.info.
                        IN  NS  ns2.insurgent.info.
;
                        IN  A       46.102.204.226
ns1                     IN  AAAA    2A00:B900:10A4:1::2
                        IN  A       46.102.204.227
ns2                     IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  A       46.102.204.227
insurgent.info.         IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  TXT     protonmail-verification=
;
www                     IN  A       46.102.204.227
www                     IN  AAAA    2A00:B900:10A4:1::4

命名.运行:

zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 04:09:01.695
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 05:09:01.695
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 06:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 07:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 08:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 09:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 10:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 11:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 12:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 13:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 14:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 15:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 16:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 17:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 18:09:01.698
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 182.254.49.112#53
FORMERR resolving 'ns-tel1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-cmn1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 223.167.83.104#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 19:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 20:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 21:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 22:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 23:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 00:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 01:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 02:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 03:09:01.700
_default: sending trust-anchor-telemetry query '_ta-4a5c-4f66/NULL'
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 04:09:01.700
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 05:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 06:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 07:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 08:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 09:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 10:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 11:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 12:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 13:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 14:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 15:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 16:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 17:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 18:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 19:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 20:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 21:09:01.704
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:09:01.704
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:23.537
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: journal file is out of date: removing journal file
managed-keys-zone: loaded serial 24
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
all zones loaded
running
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:53.608
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
reloading configuration succeeded
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:07.578
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: loaded serial 26
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
addnode: NSEC node already exists
zone localhost.localdomain/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
all zones loaded
running
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:09.955
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 23:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 00:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 01:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 02:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 03:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 04:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 05:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 06:12:09.956
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 07:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 08:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 09:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 10:12:09.957
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 183.2.186.153#53
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 183.2.186.153#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 11:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 12:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 13:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 14:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 15:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 16:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 17:12:09.959
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 18:12:09.959

答案1

正如标题所述,问题是我的名称服务器不会委托。

“不会委托”可以有两种理解:

  1. 名称服务器info不会委托insurgent.info给您的名称服务器。
  2. 您的名称服务器不会委托<something>.insurgent.info给其他人的名称服务器。

第二种解释不太可能,只是因为您已经表明您的区域没有任何 3 级委派(NS 记录)。

第一种解释是最有可能的,但可以通过检查info名称服务器上的 NS 记录来证明它是错误的,所有记录都包含正确的信息:

$ dnstracer -r1 -t1 -s.insurgent.info
通过 A.ROOT-SERVERS.NET 追踪到 insurgent.info[a],最多重试 1 次
A.ROOT-SERVERS.NET [.] (2001:0503:ba3e:0000:0000:0000:0002:0030)
 |\___ a0.info.afilias-nst.info [信息] (2001:0500:0019:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) 获得权威答案
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) 获得权威答案
 |\___ a0.info.afilias-nst.info [信息] (199.254.31.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ b2.info.afilias-nst.org [信息] (2001:0500:0049:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 |\___ b2.info.afilias-nst.org [信息] (199.249.121.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ c0.info.afilias-nst.info [信息] (2001:0500:001b:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 |\___ c0.info.afilias-nst.info [信息] (199.254.49.1)
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ d0.info.afilias-nst.org [信息] (2001:0500:001c:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 |\___ d0.info.afilias-nst.org [信息] (199.254.50.1)
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ b0.info.afilias-nst.org [信息] (2001:0500:001a:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 |\___ b0.info.afilias-nst.org [信息] (199.254.48.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ a2.info.afilias-nst.info [信息] (2001:0500:0041:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
  ____ a2.info.afilias-nst.info [信息] (199.249.113.1)
       |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (已缓存)
       |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
       |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (已缓存)
        \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *

通过检查单个服务器dig显示相同的内容:

$ dig +nocmd +nostats insurgent.info.NS@a0.info.afilias-nst.info
;; 得到答案:
;; ->>HEADER<<- 操作码:QUERY,状态:NOERROR,id:56401
;; 标志:qr rd;查询:1,答案:0,权限:2,附加:5
;; 警告:请求递归但不可用

;; OPT 伪节:
;EDNS:版本:0,标志:;udp:4096
;; 问题部分:
;insurgent.info。IN NS

;; 权威部分:
insurgent.info。86400 IN NS ns2.insurgent.info。
insurgent.info。86400 IN NS ns1.insurgent.info。

;; 附加部分:
ns1.insurgent.info.86400 IN AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info.86400 IN AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info.86400 IN A 46.102.204.226
ns2.insurgent.info.86400 IN A 46.102.204.227

$ dig +nocmd +nostats insurgent.info.DS@a0.info.afilias-nst.info
;; 得到答案:
;; ->>HEADER<<- 操作码:QUERY,状态:NOERROR,id:28823
;; 标志:qr aa rd;查询:1,答案:1,权限:0,附加:1
;; 警告:请求递归但不可用

;; OPT 伪节:
;EDNS:版本:0,标志:;udp:4096
;; 问题部分:
;insurgent.info。在 DS

;; 答案部分:
insurgent.info。86400 IN DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

如您所见,委派(NS 记录、粘合 A/AAAA 记录,甚至 DNSSEC DS 记录)是正确的 - 它与您在自己的区域中提供的 IP 地址完全匹配。

查询域已委派的各个服务器显示它们都返回带有“权威”标志的答案,因此委托有效:

$ dig +nocmd +nostats insurgent.info.SOA @2a00:b900:10a4:1::2
;; 得到答案:
;; ->>HEADER<<- 操作码:QUERY,状态:NOERROR,id:50734
;; 标志:qr aa rd ra;查询:1,答案:1,权威:2,附加:4

;; OPT 伪节:
;EDNS:版本:0,标志:;udp:4096
;COOKIE:cc7cec751344643dd263565e5b7c5d3f1915af129394589c(好)
;; 问题部分:
;insurgent.info。在 SOA

;; 答案部分:
insurgent.info。86400 IN SOA ns1.insurgent.info。hostmaster.insurgent.info。113 21600 3600 604800 86400

;; 权威部分:
insurgent.info。86400 IN NS ns2.insurgent.info。
insurgent.info。86400 IN NS ns1.insurgent.info。

;; 附加部分:
ns1.insurgent.info.86400 IN AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info.86400 IN AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info.86400 IN A 46.102.204.227

$ dig +nocmd +nostats insurgent.info.DS @2a00:b900:10a4:1::4
;; 得到答案:
;; ->>HEADER<<- 操作码:QUERY,状态:NOERROR,id:1061
;; 标志:qr rd ra ad;查询:1,答案:1,权限:0,附加:1

;; OPT 伪节:
;EDNS:版本:0,标志:;udp:4096
;COOKIE:ffdb2d48b46554e4a6017bda5b7c5d0e3a07a163aa55d6d5(好)
;; 问题部分:
;insurgent.info。在 DS

;; 答案部分:
insurgent.info。86255 IN DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

然而:

$ dig +nocmd +nostats insurgent.info。 SOA @46.102.204.227
;;连接超时;无法访问服务器

在上面的日志中你可以看到你的名称服务器不响应 DNS 查询通过 UDP/IPv4,仅接受 TCP/IPv4、UDP/IPv6 和 TCP/IPv6。

虽然这与“标题中概述”的问题无关,但在尝试实际解析域名时确实会导致问题(因为 UDP(而不是 TCP)是默认的 DNS 传输,并且缺乏 UDP 响应将不会导致 TCP 回退)。

相关内容