我知道这听起来可能是个坏主意,但是......
当在具有 bind9 的网关中使用非常不可靠的上游链接时。是否可以配置 bind9 以在仅转发模式下积极重试其对上游转发器的查询?这会导致避免“servfail”,直到非常“长”的时间,例如 2 分钟,而不是在请求失败时立即获取它。
这意味着即使转发器关闭或无法访问,我也必须强制绑定以持续发送其查询。
下面是对 www.google.com 的获取示例,该示例立即收到 servfail,但我想推迟该操作:
28-Feb-2019 11:20:37.148 client @0x7fa92059d9e0: udprecv
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: UDP request
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: using view 'clients'
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: request is not signed
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: recursion available
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: query
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: query (cache) 'www.google.se/A/IN' approved
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: replace
28-Feb-2019 11:20:40.457 clientmgr @0x7fa91f240760: createclients
28-Feb-2019 11:20:40.457 clientmgr @0x7fa91f240760: create new
28-Feb-2019 11:20:40.458 client @0x7fa9205d6230: create
28-Feb-2019 11:20:40.458 createfetch: www.google.se A
28-Feb-2019 11:20:40.458 client @0x7fa9205d6230: udprecv
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): create
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): join
28-Feb-2019 11:20:40.458 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): created
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): start
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.458 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.459 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.8.8#53
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.459 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.4.4#53
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): no addresses
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): done
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): sendevents
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: query failed (SERVFAIL) for www.google.se/IN/A at query.c:7002
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: error
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: send
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: sendto
28-Feb-2019 11:20:40.460 client 10.7.64.100#24254: view clients: senddone
28-Feb-2019 11:20:40.460 client 10.7.64.100#24254: view clients: next
28-Feb-2019 11:20:40.460 client 10.7.64.100#24254: view clients: endrequest
28-Feb-2019 11:20:40.460 fetch completed at resolver.c:3098 for www.google.se/A in 0.001312: failure/success [domain:.,referral:0,restart:2,qrysent:2,timeout:0,lame:0,neterr:2,badresp:0,adberr:0,findfail:0,valfail:0]
28-Feb-2019 11:20:40.460 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): destroyfetch
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): shutdown
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): doshutdown
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): unlink
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): destroy
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: UDP request
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: using view 'clients'
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: request is not signed
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: recursion available
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: query
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: query (cache) 'www.google.se/A/IN' approved
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: replace
28-Feb-2019 11:20:40.462 clientmgr @0x7fa91f240760: createclients
28-Feb-2019 11:20:40.462 clientmgr @0x7fa91f240760: recycle
28-Feb-2019 11:20:40.462 createfetch: www.google.se A
28-Feb-2019 11:20:40.462 fctx 0x7fa91821e010(www.google.se/A'): create
28-Feb-2019 11:20:40.462 client @0x7fa9207667c0: udprecv
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): join
28-Feb-2019 11:20:40.463 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): created
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): start
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.463 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.8.8#53
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.464 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.464 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.464 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.464 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.4.4#53
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): no addresses
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): done
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): sendevents
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: query failed (SERVFAIL) for www.google.se/IN/A at query.c:7002
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: error
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: send
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: sendto
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: senddone
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: next
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: endrequest
28-Feb-2019 11:20:40.464 fetch completed at resolver.c:3098 for www.google.se/A in 0.001510: failure/success [domain:.,referral:0,restart:2,qrysent:2,timeout:0,lame:0,neterr:2,badresp:0,adberr:0,findfail:0,valfail:0]
28-Feb-2019 11:20:40.464 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): destroyfetch
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): shutdown
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): doshutdown
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): unlink
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): destroy
28-Feb-2019 11:20:41.124 client 127.0.0.1#45092: UDP request
28-Feb-2019 11:20:41.124 client 127.0.0.1#45092: no matching view in class 'IN'
28-Feb-2019 11:20:41.124 client 127.0.0.1#45092: no matching view in class
答案1
啊,这是一个测试问题。我在运行 bind9 的同一台服务器上使用 iptable“-p udp --dport 53 -j DROP”规则测试了“丢弃”dns。这似乎以某种方式干扰了测试。当我在路由路径到互联网丢弃消息中实际做了一些事情时,我得到了适当的等待 :) 尽管我不太明白这里发生了什么,但我的问题已经解决了,因此将其标记为已回答。