DNS 服务器(MS)返回 NXDOMAIN,原始返回 NOERROR

DNS 服务器(MS)返回 NXDOMAIN,原始返回 NOERROR

我的 ISP 最近对他们自己的 DNS 服务器配置做了“小改动”。可能巧合的是,这大约和我遇到本地 DNS 问题的时间相同(谁知道呢,它可能与 WinUpdate 补丁无关,大约在同一时间)

当我查询本地(Win2003)DNS服务器和查询ISP的DNS服务器时,我似乎收到不同的结果。

我不知道发生了什么变化(或者配置错误了)

1 - mail.wilmot.me.uk has a CNAME to wilmot.me.uk.mail.aaisp.net.uk  
    (as per [ISP Support page](http://aa.nu/kb-broadband-email.html/))
1b - wilmot.me.uk.mail.aaisp.net.uk resolves to 81.187.30.14, 81.187.30.19

2 - mail2.wilmot.me.uk (quick workaround added earlier)
    CNAME to mail.aaisp.net.uk
    Resolves to 81.187.30.14, 81.187.30.19

问题是:

针对本地服务器(10.0.0.2)...(Win2003 系统)

  • 当我查找 mail.wilmot.me.uk 时,我得到了一个 NXDOMAIN。
  • 当我查找 mail2.wilmot.me.uk 时,我得到了预期的 IP 地址。

但是,如果我切换到 ISP 的解析器(217.169.20.20)

  • 当我查找 mail.wilmot.me.uk 时,我得到了预期的 IP 地址。
  • 当我查找 mail2.wilmot.me.uk 时,我得到了预期的 IP 地址。

那么,为什么本地 DNS 服务器对 mail 和 mail2 的处理不同,而 ISP 的服务器却能按预期响应


结果(过滤如下).. 原始复制/粘贴错误后进行了编辑

从 10.0.0.2

C:\>nslookup -debug mail.wilmot.me.uk. 10.0.0.2
-----------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer
        questions = 1,  answers = 1,  authority records = 1,  additional = 0

    QUESTIONS:
        mail.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail.wilmot.me.uk
        canonical name = wilmot.me.uk.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        ttl = 600 (10 mins)
        primary name server = auth.primary-dns.co.uk
        responsible mail addr = a.k.gg
        serial  = 2010021105
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 600 (10 mins)
------------
*** box2.data-utilities.co.uk can't find mail.wilmot.me.uk.: Non-existent domain

和:(mail2.wilmot.me.uk)

C:\>nslookup -debug mail2.wilmot.me.uk. 10.0.0.2
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        mail2.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail2.wilmot.me.uk
        canonical name = c.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  c.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 656 (10 mins 56 secs)
    ->  c.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 656 (10 mins 56 secs)
------------
Non-authoritative answer:
Name:    c.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

但是,当直接访问 ISP 的服务器时,结果显示正常

C:\>nslookup -debug mail.wilmot.me.uk. 217.169.20.20
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 1,  additional = 0

    QUESTIONS:
        mail.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail.wilmot.me.uk
        canonical name = wilmot.me.uk.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  wilmot.me.uk.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 3600 (1 hour)
    ->  wilmot.me.uk.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        ttl = 3600 (1 hour)
        primary name server = auth.primary-dns.co.uk
        responsible mail addr = support.aaisp.net.uk
        serial  = 1266576116
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 600 (10 mins)
------------
Non-authoritative answer:
Name:    wilmot.me.uk.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail.wilmot.me.uk

并且 mail2.wilmot.me.uk 也有效。

C:\>nslookup -debug mail2.wilmot.me.uk. 217.169.20.20
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 2,  additional = 0

    QUESTIONS:
        mail2.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail2.wilmot.me.uk
        canonical name = C.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  C.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 614 (10 mins 14 secs)
    ->  C.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 614 (10 mins 14 secs)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        nameserver = auth.primary-dns.co.uk
        ttl = 614 (10 mins 14 secs)
    ->  mail.aaisp.net.uk
        nameserver = auth.secondary-dns.co.uk
        ttl = 614 (10 mins 14 secs)
------------
Non-authoritative answer:
Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.19, 81.187.30.14
Aliases:  mail2.wilmot.me.uk

--

非常感谢您对这些差异的任何见解。

我知道我可以坚持使用解决方法,但我更想知道问题的原因,而不仅仅是如何“让它消失”

谢谢

答案1

您的 wilmot.me.uk 名称服务器在 Nominet 上列出primary-dns.co.uk如下secondary-dns.co.uk

> set type=NS
> wilmot.me.uk
Server:  hi-dc1.hadleygroup.co.uk
Address:  10.1.0.16

Non-authoritative answer:
wilmot.me.uk    nameserver = primary-dns.co.uk
wilmot.me.uk    nameserver = secondary-dns.co.uk

在这些服务器上搜索 mail.wilmot.me.uk 会得到 NXDOMAIN:

> server primary-dns.co.uk
Default Server:  primary-dns.co.uk
Address:  81.187.30.41

> set type=A
> mail.wilmot.me.uk
Server:  primary-dns.co.uk
Address:  81.187.30.41

*** primary-dns.co.uk can't find mail.wilmot.me.uk: Non-existent domain

> server secondary-dns.co.uk
Default Server:  secondary-dns.co.uk
Address:  81.187.81.32

> set type=A
> mail.wilmot.me.uk
Server:  secondary-dns.co.uk
Address:  81.187.81.32

*** secondary-dns.co.uk can't find mail.wilmot.me.uk: Non-existent domain

但他们可以找到 mail2.wilmot.me.uk:

> server primary-dns.co.uk
Default Server:  primary-dns.co.uk
Address:  81.187.30.41

> set type=A
> mail2.wilmot.me.uk
Server:  primary-dns.co.uk
Address:  81.187.30.41

Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

> server secondary-dns.co.uk
Default Server:  secondary-dns.co.uk
Address:  81.187.81.32

> set type=A
> mail2.wilmot.me.uk
Server:  secondary-dns.co.uk
Address:  81.187.81.32

Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

看起来好像他们在“更新”期间删除了您的一条记录。您使用的解析器 (217...) 可能缓存了删除前的记录。

答案2

您的 似乎有些奇怪nslookup -d2 mail2.wilmot.me.uk. 10.0.0.2,因为它说问题是: 。因此,我将根据您要求的而不是 来mail.wilmot.me.uk, type = A, class = IN回答。mailmail2

第一个,说NOERROR,它还说:response, want recursion, recursion avail,这意味着你要求用递归来做某事,并且有递归,所以,它给你CNAMEA记录CNAME指向的点,它可能不知道,但它正在进行递归。

第二个说NXDOMAIN,它还说 :response, auth. answer,这意味着你问了一些问题,但它没有进行任何递归。你要求一个A记录,(参见问题部分)它只知道答案是CNAME,但它没有A那个特定的 的记录CNAME,NXDOMAIN 的意思是“我没有答案A给你”,因为这是你要求的,它确实给了你 虽然CNAME,所以可以完成递归。

答案3

我花了更多时间深入研究这个问题,发现了更多结果(我将其发布在下面,以防对浏览此网站的其他人有帮助)


我一直使用 217.169.20.20 进行查询,
这似乎是 ISP 的内部可见解析器(面向宽带客户)

但是,如果我查找域名“wilmot.me.uk”,名称服务器实际上是

  primary-dns.co.uk       internet address = 81.187.30.41  
  secondary-dns.co.uk     internet address = 81.187.81.32

我正在与 ISP 的技术支持人员一起解决这个问题,但看起来“Win2003 Server”很可能是一个完全的烟幕弹,而且这是一个(希望)ISP 的内部和外部解析器之间的更简单的问题。

答案4

最终答案似乎与 CNAME 本身的细节有关

mail.wilmot.me.ux 解析为 wilmot.me.uk.mail.aaisp.net.uk.,但目前没有返回 NS 记录。

C:\BIND>dig wilmot.me.uk.mail.aaisp.net.uk. +nocomments

; <<>> DiG 9.5.0-P2 <<>> wilmot.me.uk.mail.aaisp.net.uk. +nocomments
;; global options:  printcmd
;wilmot.me.uk.mail.aaisp.net.uk.        IN      A
wilmot.me.uk.mail.aaisp.net.uk. 1176 IN A       81.187.30.14
wilmot.me.uk.mail.aaisp.net.uk. 1176 IN A       81.187.30.19
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Feb 19 15:48:49 2010
;; MSG SIZE  rcvd: 80

无论如何,这足以为我指明正确的方向。

相关内容