间歇性访问网站

tag-icon tag-icon domain-name-system active-directory
间歇性访问网站

环境:

  • 具有单个域控制器(Windows Server 2003 R2 Standard x64 Edition - Service Pack 2)的 Active Directory 域,该域控制器也是 DNS

  • Windows XP Service Pack 3 客户端。客户端计算机仅将我们的内部 DNS 服务器作为其 DNS 地址。

我们的用户报告说他们偶尔无法访问西南航空网站 www.southwest.com。

经过几天的尝试,我们能够在测试用户登录时重现该问题。

当尝试在 Firefox 中访问该网站时,状态栏显示“正在查找 www.southwest.com”,片刻之后 Firefox 显示:

未找到地址

Firefox 无法找到 www.southwest.com 上的服务器

Internet Explorer 中出现类似结果

我们尝试重启浏览器和电脑,但仍然无法访问该网站。我们测试的其他网站均正常运行。

我们尝试从另一台计算机访问该网站并得到了相同的结果。

nslookup 显示以下内容:

C:\Documents and Settings\TestQ>nslookup www.teamdesk.net
Server:  server.domain.local
Address:  172.21.31.206

Name:    www.teamdesk.net
Address:  208.100.33.78


C:\Documents and Settings\TestQ>nslookup www.southwest.com
Server:  server.domain.local
Address:  172.21.31.206

DNS request timed out.
    timeout was 2 seconds.
*** Request to server.domain.local timed-out


C:\Documents and Settings\TestQ>nslookup
Default Server:  server.domain.local
Address:  172.21.31.206

> www.southwest.com
Server:  server.domain.local
Address:  172.21.31.206

DNS request timed out.
    timeout was 2 seconds.
*** Request to server.domain.local timed-out

> set d2
> www.southwest.com
Server:  server.domain.local
Address:  172.21.31.206

------------
SendRequest(), len 51
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.southwest.com.domain.local, type = A, class = IN

------------
------------
Got answer (119 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.southwest.com.domain.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  domain.local
        type = SOA, class = IN, dlen = 41
        ttl = 3600 (1 hour)
        primary name server = server.domain.local
        responsible mail addr = hostmaster
        serial  = 2064
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.southwest.com, type = A, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to server.domain.local timed-out


> www.google.com
Server:  server.domain.local
Address:  172.21.31.206

------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com.domain.local, type = A, class = IN

------------
------------
Got answer (116 bytes):
    HEADER:
        opcode = QUERY, id = 6, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.domain.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  domain.local
        type = SOA, class = IN, dlen = 41
        ttl = 3600 (1 hour)
        primary name server = server.domain.local
        responsible mail addr = hostmaster
        serial  = 2064
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 32
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN

------------
------------
Got answer (132 bytes):
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 6,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN
    ANSWERS:
    ->  www.google.com
        type = CNAME, class = IN, dlen = 8
        canonical name = www.l.google.com
        ttl = 69859 (19 hours 24 mins 19 secs)
    ->  www.l.google.com
        type = A, class = IN, dlen = 4
        internet address = 74.125.239.19
        ttl = 300 (5 mins)
    ->  www.l.google.com
        type = A, class = IN, dlen = 4
        internet address = 74.125.239.20
        ttl = 300 (5 mins)
    ->  www.l.google.com
        type = A, class = IN, dlen = 4
        internet address = 74.125.239.18
        ttl = 300 (5 mins)
    ->  www.l.google.com
        type = A, class = IN, dlen = 4
        internet address = 74.125.239.17
        ttl = 300 (5 mins)
    ->  www.l.google.com
        type = A, class = IN, dlen = 4
        internet address = 74.125.239.16
        ttl = 300 (5 mins)

------------
Non-authoritative answer:
Name:    www.l.google.com
Addresses:  74.125.239.19, 74.125.239.20, 74.125.239.18, 74.125.239.17
            74.125.239.16
Aliases:  www.google.com

我们如何进一步诊断和解决这个问题?

编辑

我和布拉德一起工作。谢谢你迄今为止的帮助。

1) DNS 服务器充当解析器。除了通过根提示查找根服务器外,没有其他正向查找。

2) 在错误状态下(即,当 southwest.com 查找超时时),nslookup southwest.com ns-1.southwest.com查找 ns-1.southwest.com 服务器超时。ns-2.southwest.com 也是如此。

3)在错误状态下,nslookup southwest.com 12.5.136.190nslookup southwest.com 63.169.44.190(即针对 ns-1 和 ns-2.southwest.com 的 IP 地址)均有效,返回 southwest.com 的 IP 地址。

4) 在错误状态下,缓存与正常工作时没有变化。也就是说,dnsmgmt\cached lookups.(root)\com\southwest 始终显示以下内容(包括 ns-2 的 A 记录,该记录失败(参见上面的 #2))。

Name                        Type                Data
----                        ----                ----
(same as parent folder)     Name Server (NS)    ns-1.southwest.com
(same as parent folder)     Name Server (NS)    ns-2.southwest.com
(same as parent folder)     Host (A)            208.94.152.100
(same as parent folder)     Host (A)            208.94.153.100
ns-2                        Host (A)            63.169.44.190

我怀疑我们忽略了一些显而易见的事情......

编辑

(抱歉回复晚了。我 8 个多小时前就发布了这个消息,但它一直没有出现。)

在错误状态下,

5) nslookup southwest.com 针对所有 *.gtld-servers.net 服务器成功

... QUESTIONS:
    southwest.com, type = A, class = IN
AUTHORITY RECORDS:
->  southwest.com
    type = NS, class = IN, dlen = 7
    nameserver = ns-1.southwest.com
    ttl = 172800 (2 days)
->  southwest.com
    type = NS, class = IN, dlen = 7
    nameserver = ns-2.southwest.com
    ttl = 172800 (2 days)
ADDITIONAL RECORDS:
->  ns-1.southwest.com
    type = A, class = IN, dlen = 4
    internet address = 12.5.136.190
    ttl = 172800 (2 days)
->  ns-2.southwest.com
    type = A, class = IN, dlen = 4
    internet address = 63.169.44.190
    ttl = 172800 (2 days)

------------
Name:    southwest.com
Served by:
- ns-1.southwest.com
          12.5.136.190
          southwest.com
- ns-2.southwest.com
          63.169.44.190
          southwest.com

6)nslookup southwest.com 208.67.222.222(OpenDNS)成功

7)清除缓存解决了该问题,但稍后又会再次出现。

8) 清除缓存并执行 nslookup southwest.com(成功)后,缓存现在有 ns-1 的 A 记录(在错误状态下没有,请参阅上面的#4)

Name                        Type                Data
----                        ----                ----
(same as parent folder)     Name Server (NS)    ns-1.southwest.com
(same as parent folder)     Name Server (NS)    ns-2.southwest.com
(same as parent folder)     Host (A)            208.94.153.100
(same as parent folder)     Host (A)            208.94.152.100
ns-1                        Host (A)            12.5.136.190
ns-2                        Host (A)            63.169.44.190

9) 请注意,DNS 服务器仅转发到根服务器。您能想到导致此问题的原因吗?

答案1

如果您将 DNS 转发到您的 ISP,请尝试执行 nslookup 并指定他们的服务器,看看问题是否出在他们那边。如果您使用根提示,请确保L根服务器根提示正在使用正确的 IP。我发现这会导致较旧的 AD 安装出现一些问题。

相关内容