情况:
- 在 Azure 中运行的 Linux 计算机
- 寻找返回 112 个结果的公共域
- 数据包响应大小为 1905 字节
情况1:
- 询问 google DNS 8.8.8.8 - 它返回未截断的响应。一切都好。
案例2:
- 询问 Azure DNS 168.63.129.16 - 它返回截断的响应并尝试切换到 TCP,但失败,并出现错误“无法连接到服务器地址”。但是,如果我用“sudo”运行审讯,它的效果会非常好。
该问题可以一直重现:
没有须藤:
$ dig aerserv-bc-us-east.bidswitch.net @8.8.8.8 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> aerserv-bc-us-east.bidswitch.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49847 ;; flags: qr rd ra; QUERY: 1, ANSWER: 112, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;aerserv-bc-us-east.bidswitch.net. IN A ;; ANSWER SECTION: aerserv-bc-us-east.bidswitch.net. 119 IN CNAME bidcast-bcserver-gce-sc.bidswitch.net. bidcast-bcserver-gce-sc.bidswitch.net. 119 IN CNAME bidcast-bcserver-gce-sc-multifo.bidswitch.net. bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.189.137 bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.205.98 -------- bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.28.65 bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.213.32 ;; Query time: 12 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 03 22:28:09 EEST 2019 ;; MSG SIZE rcvd: 1905 [azureuser@testserver~]$ dig aerserv-bc-us-east.bidswitch.net ;; Truncated, retrying in TCP mode. ;; Connection to 168.63.129.16#53(168.63.129.16) for aerserv-bc-us-east.bidswitc h.net failed: timed out. ;; Connection to 168.63.129.16#53(168.63.129.16) for aerserv-bc-us-east.bidswitch.net failed: timed out. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> aerserv-bc-us-east.bidswitch.net ;; global options: +cmd ;; connection timed out; no servers could be reached ;; Connection to 168.63.129.16#53(168.63.129.16) for aerserv-bc-us-east.bidswitch.net failed: timed out.使用须藤:
[root@testserver ~]# dig aerserv-bc-us-east.bidswitch.net ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> aerserv-bc-us-east.bidswitch.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8941 ;; flags: qr rd ra; QUERY: 1, ANSWER: 112, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;aerserv-bc-us-east.bidswitch.net. IN A ;; ANSWER SECTION: aerserv-bc-us-east.bidswitch.net. 120 IN CNAME bidcast-bcserver-gce-sc.bidswitch.net. bidcast-bcserver-gce-sc.bidswitch.net. 120 IN CNAME bidcast-bcserver-gce-sc-multifo.bidswitch.net. bidcast-bcserver-gce-sc-multifo.bidswitch.net. 60 IN A 35.211.56.153 ....... bidcast-bcserver-gce-sc-multifo.bidswitch.net. 60 IN A 35.207.61.237 bidcast-bcserver-gce-sc-multifo.bidswitch.net. 60 IN A 35.207.23.245 ;; Query time: 125 msec ;; SERVER: 168.63.129.16#53(168.63.129.16) ;; WHEN: Thu Oct 03 22:17:18 EEST 2019 ;; MSG SIZE rcvd: 1905
我检查了我在互联网上找到的所有内容,我没有看到任何解释,为什么只有在从 root 帐户运行或使用 sudo 权限运行时,如果响应包大小太大并且响应被截断,这会按预期工作,从而迫使 DNS 查询从 UDP 切换到 TCP。
将“options edns0”或“options use-vc”或“options edns0 use-vc”添加到 /etc/resolv.conf 也没有帮助。
CentOS 7.x、Ubuntu 16.04 和 18.04 中的行为相同
更新:使用curl和telnet进行测试,行为是相同的。使用 sudo 或从 root 帐户运行,如果没有 sudo 或从标准帐户运行则失败。
谁能提供一些关于为什么从 UDP 切换到 TCP 时需要超级用户权限的见解,并帮助提供一些解决方案(如果有)?
更新:
- 我知道这篇文章很长,但请在回答之前阅读全部内容。
- 防火墙设置为允许任何到任何。
- 在我拥有的所有测试环境中,TCP 和 UDP 端口 53 都是开放的。
- SELinux/AppArmor 已禁用。
更新2:
Debian9(内核 4.19.0-0.bpo.5-cloud-amd64 )无需 sudo 即可正常工作。 RHEL8(内核 4.18.0-80.11.1.el8_0.x86_64)可以正常工作,但在没有 sudo 的情况下会出现巨大的延迟(最多 30 秒)。
Update3:我能够测试但不起作用的发行版列表:
- RHEL 7.6,内核 3.10.0-957.21.3.el7.x86_64
- CentOS 7.6,内核3.10.0-862.11.6.el7.x86_64
- Oracle7.6,内核4.14.35-1902.3.2.el7uek.x86_64
- Ubuntu14.04,内核3.10.0-1062.1.1.el7.x86_64
- Ubuntu16.04,内核4.15.0-1057-azure
- Ubuntu18.04,内核5.0.0-1018-azure
- Ubuntu19.04,内核5.0.0-1014-azure
- SLES12-SP4,内核 4.12.14-6.23-azure
- SLES15,内核 4.12.14-5.30-azure
所以,基本上我测试过的唯一没有问题的发行版是 Debian 9。由于 RHEL 8 有巨大的延迟,这可能会触发超时,所以我不能认为它完全正常工作。
到目前为止,Debian 9 和我测试的其他发行版之间最大的区别是 systemd(Debian 9 上缺少)...不知道如何检查这是否是原因。
谢谢你!
答案1
”任何人都可以提供一些关于为什么会这样工作的见解并帮助提供一些解决方案(如果有)吗?”
简短回答:
创建的默认 Azure VM 的 DNS 已损坏:systemd-resolved需要进一步配置。sudo systemctl status systemd-resolved将很快确认这一点。/etc/resolv.conf指向127.0.0.53- 本地未配置的存根解析器。
本地存根解析器systemd-resolved未配置。它没有设置转发器,因此在命中后127.0.0.53没有其他人可以询问。啊。跳到最后查看如何为 Ubuntu 18.04 配置它。
如果您关心如何得出该结论,请阅读长答案。
长答案:
为什么 DNS 响应被截断超过 512 字节:
TCP [RFC793] 始终用于全区域传输(使用 AXFR),并且通常用于大小超过 DNS 协议原始 512 字节限制的消息。
来源:https://www.rfc-editor.org/rfc/rfc7766
分析:
这比我想象的要棘手。因此,我在 Azure 中启动了一个 Ubuntu 18.04 VM,这样我就可以从 OP 的有利位置进行测试:
我的出发点是验证没有任何东西阻碍 DNS 查询:
sudo iptables -nvx -L
sudo apparmor_status
中的所有连锁店iptables他们的默认策略设置为接受虽然阿帕莫尔被设置为“执行“,它与 DNS 无关。因此,此时在主机上没有观察到连接或权限问题。
接下来我需要建立如何DNS 查询在齿轮中蜿蜒前行。
cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search ns3yb2bs2fketavxxx3qaprsna.zx.internal.cloudapp.net
因此resolv.conf,系统需要一个名为 的本地存根解析器systemd-resolved。检查状态systemd 解析根据上面给出的提示,我们看到它是错误:
sudo systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-10-08 12:41:38 UTC; 1h 5min ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 871 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 441)
CGroup: /system.slice/systemd-resolved.service
└─871 /lib/systemd/systemd-resolved
Oct 08 12:42:14 test systemd-resolved[871]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
<Snipped repeated error entries>
/etc/nsswitch.conf设置用于解析 DNS 查询的源的顺序源。这告诉我们什么?:
hosts: files dns
嗯,DNS 查询永远不会到达本地systemd-resolved存根解析器,因为它没有在/etc/nsswitch.conf.
转发器是否为systemd-resolved存根解析器设置了?!?!?让我们回顾一下该配置/etc/systemd/resolved.conf
[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
#DNSStubListener=yes
否:systemd-resolved没有设置转发器来询问是否未找到本地 ip:name 映射。
所有这一切的最终结果是:
/etc/nsswitch.conf 如果本地没有,则发送 DNS 查询到 DNSIP:名称映射发现于
/etc/hosts要查询的 DNS 服务器是
127.0.0.53,我们刚刚通过查看其配置文件发现该服务器尚未配置/etc/systemd/resolved.conf。如果此处未指定转发器,我们将无法成功解决任何问题。
测试:
127.0.0.53我尝试通过直接指定 168.63.129.16来覆盖存根解析器。这失败了:
dig aerserv-bc-us-east.bidswitch.net 168.63.129.16
; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> aerserv-bc-us-east.bidswitch.net 168.63.129.16
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24224
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;168.63.129.16. IN A
;; Query time: 13 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 08 13:26:07 UTC 2019
;; MSG SIZE rcvd: 42
不:;; SERVER: 127.0.0.53#53(127.0.0.53)从输出中看到,我们没有覆盖它,并且仍在使用本地未配置的存根解析器。
但是,使用以下任一命令会覆盖默认127.0.0.53存根解析器,因此成功返回NOERROR结果:
sudo dig aerserv-bc-us-east.bidswitch.net @168.63.129.16
或者
dig +trace aerserv-bc-us-east.bidswitch.net @168.63.129.16
systemd-resolved因此,在配置存根解析器之前,任何依赖于存根解析器的查询都注定会失败。
解决方案:
我的最初——不正确- 信念是TCP/53被封锁:整个“截断512”有点转移注意力。存根解析器未配置。我做了假设 - 我知道,我知道,“永远不要假设;-) - DNS 已以其他方式配置。
如何配置systemd-resolved:
乌班图18.04
编辑如下hosts指令,将其设置为 DNS 解析的第一个源:/etc/nsswitch.confresolvesystemd-resolved
hosts: resolve files dns
编辑DNS指令(至少)以/etc/systemd/resolved.conf指定所需的转发器,在本例中为:
[Resolve]
DNS=168.63.129.16
重新开始systemd-resolved:
sudo systemctl restart systemd-resolved
RHEL 8:
红帽几乎为您完成了有关设置systemd-resolved存根解析器的所有事情,只是他们没有告诉系统使用它!
编辑如下hosts指令,将其设置为 DNS 解析的第一个源:/etc/nsswitch.confresolvesystemd-resolved
hosts: resolve files dns
然后重新启动systemd-resolved:
sudo systemctl restart systemd-resolved
来源:https://www.linkedin.com/pulse/config-rhel8-local-dns-caching-terrence-houlahan/
结论:
一旦systemd-resolved配置完成,我的测试虚拟机的 DNS 就会按照预期的方式运行。我认为大约是这样......
答案2
如果有人看到此线程并且在运行 Linux 的 Azure VM 上遇到相同的问题,则您看到的错误很可能与 Azure WAlinuxAgent 在本地强制执行/设置的固件规则有关。
这些规则限制仅向 root 用户发送出口 TCP 数据包到端口 53 上的上游 azure DNS 服务器 (168.63.129.16)。 (是的,这太疯狂了......)
sudo iptables -L -t security
链输出(策略接受)
| 目标 | 蛋白质 | 选择 | 来源 | 目的地 | |
|---|---|---|---|---|---|
| 接受 | 传输控制协议 | -- | 任何地方 | 168.63.129.16 | 所有者 UID 与根匹配 |
| 降低 | 传输控制协议 | -- | 任何地方 | 168.63.129.16 | ctstate 无效,新 |
答案3
第一个奇怪的事情:当从两个不同的网络连接(公司网络和个人专用服务器)请求时,我无法重现答案的截断:
$ dig +ignore aerserv-bc-us-east.bidswitch.net|more
; <<>> DiG 9.10.3-P4-Debian <<>> +ignore aerserv-bc-us-east.bidswitch.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53582
;; flags: qr rd ra; QUERY: 1, ANSWER: 112, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;aerserv-bc-us-east.bidswitch.net. IN A
;; ANSWER SECTION:
aerserv-bc-us-east.bidswitch.net. 119 IN CNAME bidcast-bcserver-gce-sc.bidswitch.
net.
bidcast-bcserver-gce-sc.bidswitch.net. 119 IN CNAME bidcast-bcserver-gce-sc-multif
o.bidswitch.net.
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.198.80
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.28.65
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.21.156
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.55.252
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.212.159
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.70.114
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.143.99
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.0.44
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.205.98
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.50.47
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.40.174
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.7.162
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.118.20
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.190.79
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.54.244
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.54.230
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.60.30
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.5.194
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.97.53
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.192.26
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.80.22
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.37.223
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.38.49
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.61.237
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.70.45
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.56.153
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.196.219
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.12.175
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.131.33
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.117.99
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.23.245
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.21.191
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.155.238
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.166.124
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.225.231
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.82.120
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.13.126
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.46.230
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.29.109
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.201.160
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.52.158
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.239.215
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.247.128
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.180.252
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.160.123
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.73.85
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.3.121
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.166.205
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.163.92
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.241.92
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.150.67
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.49.200
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.148.225
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.165.199
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.190.56
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.177.221
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.130.95
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.18.234
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.59.8
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.190.86
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.212.197
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.124.105
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.249.122
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.166.163
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.255.194
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.69.212
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.51.91
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.97.73
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.119.122
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.214.84
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.75.175
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.60.160
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.51.125
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.175.225
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.78.105
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.123.219
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.230.248
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.119.133
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.241.216
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.145.178
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.182.35
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.87.230
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.236.194
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.236.230
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.189.137
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.52.29
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.139.113
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.225.15
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.230.178
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.123.196
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.154.229
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.175.142
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.17.175
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.155.208
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.213.32
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.109.194
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.25.234
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.130.94
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.248.106
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.210.111
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.223.18
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.125.62
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.204.171
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.180.174
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.29.9
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.45.75
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.172.232
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.207.31.235
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.137.11
bidcast-bcserver-gce-sc-multifo.bidswitch.net. 59 IN A 35.211.193.229
;; Query time: 833 msec
;; SERVER: 10.132.1.40#53(10.132.1.40)
;; WHEN: Fri Oct 04 10:58:11 CEST 2019
;; MSG SIZE rcvd: 1905
即使请求 Google 的 DNS ( dig @8.8.8.8),我也无法重现您得到的行为。所以,我猜截断是由于您使用的名称服务器造成的(@ 168.63.129.16)
事实上,当回退到 TCP 时,请求在普通用户下失败,但不是 root 用户,看起来更像是本地问题。您确定您没有禁止普通用户使用 53/TCP 的防火墙规则吗?
你能用 做测试吗dig @8.8.8.8?