NSLOOKUP 中使用/不使用递归的 DNS 查找

tag-icon tag-icon networking domain-name-system nslookup
NSLOOKUP 中使用/不使用递归的 DNS 查找

我正在尝试使用 NSLOOKUP 来了解递归 DNS 查找。我正在查找一个虚假的主机名,无论我启用还是禁用递归,我似乎都会得到相同的结果。

使用递归:

nslookup
Default Server:  UnKnown
Address:  ::1

> set recurse
> set debug
> nytimes
Server:  UnKnown
Address:  ::1

------------
Got answer:
HEADER:
    opcode = QUERY, id = 2, rcode = NXDOMAIN
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = A, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 3, rcode = NXDOMAIN
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 4, rcode = NOERROR
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 1,  authority records = 0,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = A, class = IN
ANSWERS:
->  nytimes.contoso.com
    internet address = 74.125.226.195
    ttl = 1800 (30 mins)

------------
Non-authoritative answer:
------------
Got answer:
HEADER:
    opcode = QUERY, id = 5, rcode = NOERROR
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  contoso.com
    ttl = 900 (15 mins)
    primary name server = dns01.gpn.register.com
    responsible mail addr = partnersupport.register.com
    serial  = 2002050701
    refresh = 10800 (3 hours)
    retry   = 3600 (1 hour)
    expire  = 604800 (7 days)
    default TTL = 3600 (1 hour)

------------
Name:    nytimes.contoso.com
Address:  74.125.226.195

>

没有递归:

nslookup
Default Server:  UnKnown
Address:  ::1

> set norecurse
> set debug
> nytimes
Server:  UnKnown
Address:  ::1

------------
Got answer:
HEADER:
    opcode = QUERY, id = 2, rcode = NXDOMAIN
    header flags:  response, auth. answer, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = A, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 3, rcode = NXDOMAIN
    header flags:  response, auth. answer, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 4, rcode = NOERROR
    header flags:  response, recursion avail.
    questions = 1,  answers = 1,  authority records = 0,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = A, class = IN
ANSWERS:
->  nytimes.contoso.com
    internet address = 74.125.226.195
    ttl = 1526 (25 mins 26 secs)

------------
Non-authoritative answer:
------------
Got answer:
HEADER:
    opcode = QUERY, id = 5, rcode = NOERROR
    header flags:  response, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  contoso.com
    ttl = 626 (10 mins 26 secs)
    primary name server = dns01.gpn.register.com
    responsible mail addr = partnersupport.register.com
    serial  = 2002050701
    refresh = 10800 (3 hours)
    retry   = 3600 (1 hour)
    expire  = 604800 (7 days)
    default TTL = 3600 (1 hour)

------------
Name:    nytimes.contoso.com
Address:  74.125.226.195

>

即使我将其设置为关闭,它似乎也在使用递归。有趣的是,如果我查找指定 4.2.2.2 作为 DNS 服务器的虚假主机名,则递归设置确实会生效。有人知道为什么会发生这种情况吗?

顺便说一下,我清理了主机名

答案1

当您设置后,服务器会返回该域的权威响应norecurse,并且愿意为您执行递归。无论是否设置了递归标志都无关紧要。

得到答案:HEADER:标头标志: 回复授权答案递归有用。

相关内容