dig 从 bind9 获得答案,但 host、nslookup 和 postfix 没有

tag-icon tag-icon bind nslookup dig ubuntu-16.04
dig 从 bind9 获得答案,但 host、nslookup 和 postfix 没有

我刚刚将我的电子邮件服务器从 Ubuntu 14.04 升级到 16.04,这导致了很多问题。我无法解决的问题之一是:我运行了一个具有相当标准配置的缓存 bind9 DNS:

命名的.conf.选项:

acl goodclients {
  10.12.0.0/24;
  localhost;
  localnets;
};
options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  recursion yes;
  allow-query { goodclients; };
  auth-nxdomain no;    # conform to RFC1035
  listen-on-v6 { any; };
};

正常查询适用于所有客户端。(全部在本地主机上)

但是,如果我尝试解决 ie lux.smtp-out.eu-west-1.amazonses.com,我会从 dig 中获得正确的答案:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> lux.smtp-out.eu-west-1.amazonses.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27309
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 8, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lux.smtp-out.eu-west-1.amazonses.com. IN A

;; ANSWER SECTION:
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.143
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.142
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.139
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.200
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.136
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.201
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.203
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.205
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.202
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.138
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.137
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.141
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.206
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.204
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.140
lux.smtp-out.eu-west-1.amazonses.com. 900 IN A  176.32.127.207

;; AUTHORITY SECTION:
amazonses.com.      171390  IN  NS  pdns4.ultradns.org.
amazonses.com.      171390  IN  NS  pdns5.ultradns.info.
amazonses.com.      171390  IN  NS  pdns1.ultradns.net.
amazonses.com.      171390  IN  NS  pdns6.ultradns.co.uk.
amazonses.com.      171390  IN  NS  ns1.p31.dynect.net.
amazonses.com.      171390  IN  NS  ns2.p31.dynect.net.
amazonses.com.      171390  IN  NS  pdns2.ultradns.net.
amazonses.com.      171390  IN  NS  pdns3.ultradns.org.

;; Query time: 21 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 23 10:21:22 CET 2016
;; MSG SIZE  rcvd: 539

然而,从 nslookup 我得到

;; Truncated, retrying in TCP mode.
Server:     127.0.0.1
Address:    127.0.0.1#53

** server can't find lux.smtp-out.eu-west-1.amazonses.com: REFUSED#

以及来自主持人

Host lux.smtp-out.eu-west-1.amazonses.com not found: 5(REFUSED)

更重要的是,postfix 会从该地址退回电子邮件,因为它无法解析主机名。

以下是 bind9 查询日志:

client 127.0.0.1#39803 (lux.smtp-out.eu-west-1.amazonses.com): query: lux.smtp-out.eu-west-1.amazonses.com IN A +E (127.0.0.1)
client 127.0.0.1#40264 (lux.smtp-out.eu-west-1.amazonses.com): query: lux.smtp-out.eu-west-1.amazonses.com IN A + (127.0.0.1)

第一个条目来自 dig 查询,第二个条目来自 nslookup(其他客户端也一样)。唯一的区别是 edns0 的 E 标志。

我已经尝试过的:

  • 清除并重新安装 bind9,我只编辑了上面显示的 named.conf.options
  • 禁用防火墙,结果相同

现在,我很困惑...

答案1

好吧,这很尴尬:

我在 bind 旁边安装了 dnsmasq(它已被停用),显然在升级到 16.04 后它又启动了。

删除 dnsmasq 后,一切恢复正常。

抱歉浪费了大家的时间...

相关内容