环境:
具有单个域控制器(Windows Server 2003 R2 Standard x64 Edition - Service Pack 2)的 Active Directory 域,该域控制器也是 DNS
Windows XP Service Pack 3 客户端。客户端计算机仅将我们的内部 DNS 服务器作为其 DNS 地址。
我们的用户报告说他们偶尔无法访问西南航空网站 www.southwest.com。
经过几天的尝试,我们能够在测试用户登录时重现该问题。
当尝试在 Firefox 中访问该网站时,状态栏显示“正在查找 www.southwest.com”,片刻之后 Firefox 显示:
未找到地址
Firefox 无法找到 www.southwest.com 上的服务器
Internet Explorer 中出现类似结果
我们尝试重启浏览器和电脑,但仍然无法访问该网站。我们测试的其他网站均正常运行。
我们尝试从另一台计算机访问该网站并得到了相同的结果。
nslookup 显示以下内容:
C:\Documents and Settings\TestQ>nslookup www.teamdesk.net
Server: server.domain.local
Address: 172.21.31.206
Name: www.teamdesk.net
Address: 208.100.33.78
C:\Documents and Settings\TestQ>nslookup www.southwest.com
Server: server.domain.local
Address: 172.21.31.206
DNS request timed out.
timeout was 2 seconds.
*** Request to server.domain.local timed-out
C:\Documents and Settings\TestQ>nslookup
Default Server: server.domain.local
Address: 172.21.31.206
> www.southwest.com
Server: server.domain.local
Address: 172.21.31.206
DNS request timed out.
timeout was 2 seconds.
*** Request to server.domain.local timed-out
> set d2
> www.southwest.com
Server: server.domain.local
Address: 172.21.31.206
------------
SendRequest(), len 51
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.southwest.com.domain.local, type = A, class = IN
------------
------------
Got answer (119 bytes):
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.southwest.com.domain.local, type = A, class = IN
AUTHORITY RECORDS:
-> domain.local
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = server.domain.local
responsible mail addr = hostmaster
serial = 2064
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 35
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.southwest.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to server.domain.local timed-out
> www.google.com
Server: server.domain.local
Address: 172.21.31.206
------------
SendRequest(), len 48
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.google.com.domain.local, type = A, class = IN
------------
------------
Got answer (116 bytes):
HEADER:
opcode = QUERY, id = 6, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.google.com.domain.local, type = A, class = IN
AUTHORITY RECORDS:
-> domain.local
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = server.domain.local
responsible mail addr = hostmaster
serial = 2064
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 32
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.google.com, type = A, class = IN
------------
------------
Got answer (132 bytes):
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 6, authority records = 0, additional = 0
QUESTIONS:
www.google.com, type = A, class = IN
ANSWERS:
-> www.google.com
type = CNAME, class = IN, dlen = 8
canonical name = www.l.google.com
ttl = 69859 (19 hours 24 mins 19 secs)
-> www.l.google.com
type = A, class = IN, dlen = 4
internet address = 74.125.239.19
ttl = 300 (5 mins)
-> www.l.google.com
type = A, class = IN, dlen = 4
internet address = 74.125.239.20
ttl = 300 (5 mins)
-> www.l.google.com
type = A, class = IN, dlen = 4
internet address = 74.125.239.18
ttl = 300 (5 mins)
-> www.l.google.com
type = A, class = IN, dlen = 4
internet address = 74.125.239.17
ttl = 300 (5 mins)
-> www.l.google.com
type = A, class = IN, dlen = 4
internet address = 74.125.239.16
ttl = 300 (5 mins)
------------
Non-authoritative answer:
Name: www.l.google.com
Addresses: 74.125.239.19, 74.125.239.20, 74.125.239.18, 74.125.239.17
74.125.239.16
Aliases: www.google.com
我们如何进一步诊断和解决这个问题?
编辑
我和布拉德一起工作。谢谢你迄今为止的帮助。
1) DNS 服务器充当解析器。除了通过根提示查找根服务器外,没有其他正向查找。
2) 在错误状态下(即,当 southwest.com 查找超时时),nslookup southwest.com ns-1.southwest.com
查找 ns-1.southwest.com 服务器超时。ns-2.southwest.com 也是如此。
3)在错误状态下,nslookup southwest.com 12.5.136.190
和nslookup southwest.com 63.169.44.190
(即针对 ns-1 和 ns-2.southwest.com 的 IP 地址)均有效,返回 southwest.com 的 IP 地址。
4) 在错误状态下,缓存与正常工作时没有变化。也就是说,dnsmgmt\cached lookups.(root)\com\southwest 始终显示以下内容(包括 ns-2 的 A 记录,该记录失败(参见上面的 #2))。
Name Type Data
---- ---- ----
(same as parent folder) Name Server (NS) ns-1.southwest.com
(same as parent folder) Name Server (NS) ns-2.southwest.com
(same as parent folder) Host (A) 208.94.152.100
(same as parent folder) Host (A) 208.94.153.100
ns-2 Host (A) 63.169.44.190
我怀疑我们忽略了一些显而易见的事情......
编辑
(抱歉回复晚了。我 8 个多小时前就发布了这个消息,但它一直没有出现。)
在错误状态下,
5) nslookup southwest.com 针对所有 *.gtld-servers.net 服务器成功
... QUESTIONS:
southwest.com, type = A, class = IN
AUTHORITY RECORDS:
-> southwest.com
type = NS, class = IN, dlen = 7
nameserver = ns-1.southwest.com
ttl = 172800 (2 days)
-> southwest.com
type = NS, class = IN, dlen = 7
nameserver = ns-2.southwest.com
ttl = 172800 (2 days)
ADDITIONAL RECORDS:
-> ns-1.southwest.com
type = A, class = IN, dlen = 4
internet address = 12.5.136.190
ttl = 172800 (2 days)
-> ns-2.southwest.com
type = A, class = IN, dlen = 4
internet address = 63.169.44.190
ttl = 172800 (2 days)
------------
Name: southwest.com
Served by:
- ns-1.southwest.com
12.5.136.190
southwest.com
- ns-2.southwest.com
63.169.44.190
southwest.com
6)nslookup southwest.com 208.67.222.222(OpenDNS)成功
7)清除缓存解决了该问题,但稍后又会再次出现。
8) 清除缓存并执行 nslookup southwest.com(成功)后,缓存现在有 ns-1 的 A 记录(在错误状态下没有,请参阅上面的#4)
Name Type Data
---- ---- ----
(same as parent folder) Name Server (NS) ns-1.southwest.com
(same as parent folder) Name Server (NS) ns-2.southwest.com
(same as parent folder) Host (A) 208.94.153.100
(same as parent folder) Host (A) 208.94.152.100
ns-1 Host (A) 12.5.136.190
ns-2 Host (A) 63.169.44.190
9) 请注意,DNS 服务器仅转发到根服务器。您能想到导致此问题的原因吗?
答案1
如果您将 DNS 转发到您的 ISP,请尝试执行 nslookup 并指定他们的服务器,看看问题是否出在他们那边。如果您使用根提示,请确保L根服务器根提示正在使用正确的 IP。我发现这会导致较旧的 AD 安装出现一些问题。