没有 NS 记录的情况下,有可能有有效的 A 记录(有效的网站)吗?
mylinux:~# dig example.com NS
; <<>> DiG 9.3.4-P1.2 <<>> example.com NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18501
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; AUTHORITY SECTION:
example.com. 336 IN SOA NS1.1MORENAME.com. hostmaster.example.com. 5 28800 7200 604800 86400
;; Query time: 1 msec
;; SERVER: 194.126.115.18#53(194.126.115.18)
;; WHEN: Mon Feb 28 12:17:56 2011
;; MSG SIZE rcvd: 90
mylinux:~# telnet example.com 80
Trying 50.22.26.210...
Connected to example.com.
Escape character is '^]'.
GET /
<tml>
<head>
<title></title>
<meta name="description" content=" information from ekodomains.com. Find the best sites on the web." >
<meta name="keywords" content="" >
[....]
答案1
尝试dig +trace example.com A或dig +trace example.com NS查看引用情况。.com 名称服务器必须具有 NS 记录才能成为 .com 区域的一部分,但它引用的名称服务器可能没有为该区域配置 NS 记录。
通常 BIND 拒绝加载没有 NS 记录的区域,但其他 DNS 软件可能更宽松。
在搜索了具有相同名称服务器的其他域名后,发现它们的行为方式似乎并不罕见:
; <<>> DiG 9.7.0-P1 <<>> @ns1.1morename.com keyzweb.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16653
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;keyzweb.com. IN NS
;; AUTHORITY SECTION:
keyzweb.com. 86400 IN SOA NS1.1MORENAME.com. hostmaster.keyzweb.com. 1 28800 7200 604800 86400
;; Query time: 123 msec
;; SERVER: 173.236.119.110#53(173.236.119.110)
;; WHEN: Sat Mar 5 11:06:05 2011
;; MSG SIZE rcvd: 90
以下是一条跟踪信息,表明委托点的 NS 记录(在本例中为 .com 名称服务器返回的 NS 记录)不具有权威性。这就是它们未显示为答案的原因:它们不存在于权威名称服务器中。
; <<>> DiG 9.7.0-P1 <<>> +trace keyzweb.com ns
;; global options: +cmd
. 22664 IN NS l.root-servers.net.
. 22664 IN NS f.root-servers.net.
. 22664 IN NS h.root-servers.net.
. 22664 IN NS a.root-servers.net.
. 22664 IN NS g.root-servers.net.
. 22664 IN NS m.root-servers.net.
. 22664 IN NS i.root-servers.net.
. 22664 IN NS d.root-servers.net.
. 22664 IN NS c.root-servers.net.
. 22664 IN NS k.root-servers.net.
. 22664 IN NS j.root-servers.net.
. 22664 IN NS e.root-servers.net.
. 22664 IN NS b.root-servers.net.
;; Received 509 bytes from 10.19.12.20#53(10.19.12.20) in 0 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 492 bytes from 193.0.14.129#53(k.root-servers.net) in 22 ms
keyzweb.com. 172800 IN NS ns1.1morename.com.
keyzweb.com. 172800 IN NS ns2.1morename.com.
;; Received 107 bytes from 192.26.92.30#53(c.gtld-servers.net) in 102 ms
keyzweb.com. 86400 IN SOA NS1.1MORENAME.com. hostmaster.keyzweb.com. 1 28800 7200 604800 86400
;; Received 90 bytes from 173.236.119.110#53(ns2.1morename.com) in 124 ms
答案2
有几件事:
1) 根据 RFC 2606,“example.com”是保留域名。由于此最佳实践,它在 GTLD 区域中具有特殊地位。保留它主要是为了让编写文档、书籍等的人有一个可以使用/参考的“示例”域名,而不会让读者感到困惑(或吸引不必要的流量)。
2) 上面的发帖人是正确的:example.com 列出了两个名称服务器,均位于 iana-servers.net。验证这一点的最佳方法是像解析器一样遍历树。
-> dig @f.gtld-servers.net example.com ns -> nslookup -type=a example.com. f.gtld-servers.net. ( 'type' 可以是 'any'、'a'/'aaaa'、'mx'、txt' 等中的任意一个 ) -> host example.com f.gtld-servers.net
不过,从您最初的帖子来看,我很怀疑。SOA 不匹配。“1morename”不是 example.com 的正确 SOA。这是您的 ISP 吗?如果是,我想知道他们是否在为自己的利益捏造 DNS。(如果不是他们,也许是您使用的 Linux 发行版?)
答案3
尝试从根 TLD 根服务器请求 NS:
$ dig com. NS
; <<>> DiG 9.7.0-P1 <<>> com. NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18638
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;com. IN NS
;; ANSWER SECTION:
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
$ dig example.com NS @c.gtld-servers.net
; <<>> DiG 9.7.0-P1 <<>> example.com NS @c.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28957
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.com. IN NS
;; AUTHORITY SECTION:
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
然后向TLD根服务器查询A记录:
$ dig example.com A @c.gtld-servers.net
; <<>> DiG 9.7.0-P1 <<>> example.com A @c.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18291
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.com. IN A
;; AUTHORITY SECTION:
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
;; ADDITIONAL SECTION:
a.iana-servers.net. 172800 IN A 199.43.132.53
a.iana-servers.net. 172800 IN AAAA 2001:500:8c::53
可能是,A 记录来自 TLD 服务器。