我有一台用于本地域的 Microsoft DNS 服务器,运行 Windows Server 2016STD。这台计算机也是域控制器。它配置为转发到快速公共 DNS 服务器。
从网络中的任何计算机直接在本地配置这些相同的公共 DNS 服务器,即可快速响应 DNS 查询,无论是在本地网络中的服务器还是客户端。但是,使用本地服务器会使 DNS 请求耗时过长,服务器和客户端经常会超时(超过 20 秒的情况并不罕见)。
该时间似乎与缓存无关;也就是说,缓存的站点仍然需要很长时间才能加载。通过执行 DNS 查找,然后在运行 Windows 10 的客户端计算机上清除本地 DNS 缓存,测试证实了这一点。
nslookup
> www.google.com
> quit
ipconfig /flushdns
nslookup
> www.google.com
> quit
输出为(两种情况下):
Server: <myserver>.<mydomain>
Address: 192.168.1.7
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to <myserver>.<mydomain> timed-out
即使是机器本身(例如要求dns服务器自行解析)也会花费很长时间。
大多数命令行诊断工具都无济于事——因为它们可以诊断 DNS 请求——这显然会失败。任务管理器未显示任何严重的资源使用情况;CPU 接近 0%,内存使用率较低。对潜在原因有什么想法吗?DNS 服务器软件或设置组合中的错误可能导致这种情况?
使用 GRC 的 [DNS 基准测试工具][1]。
192.168. 1. 7 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
+ Uncached Name | 0.008 | 1.065 | 6.349 | 2.240 | 77.6 |
+ DotCom Lookup | 0.013 | 0.352 | 5.952 | 1.354 | 94.7 |
我得到的一些结果似乎比用户体验更好。但是,请注意,可靠性只有 77.6%,很可能经常使用的网站查询(例如 WHOIS google.com)是(大部分)22.4% 的测试地址的一部分。
为了检查这不是网络连接问题,我交叉引用了 DNS 服务器上的日志。看来服务器正在接收请求,但直到很晚才响应。与某个网站的一个请求(例如,在其中一个客户端的浏览器栏中输入该请求)相关的所有条目的示例日志文件如下:
DNS Server log file creation at 1/27/2017 3:03:03 PM
Log file wrap at 1/27/2017 3:03:03 PM
Message logging key (for packets - other items use a subset of these fields):
Field # Information Values
------- ----------- ------
1 Date
2 Time
3 Thread ID
4 Context
5 Internal packet identifier
6 UDP/TCP indicator
7 Send/Receive indicator
8 Remote IP
9 Xid (hex)
10 Query/Response R = Response
blank = Query
11 Opcode Q = Standard Query
N = Notify
U = Update
? = Unknown
12 [ Flags (hex)
13 Flags (char codes) A = Authoritative Answer
T = Truncated Response
D = Recursion Desired
R = Recursion Available
14 ResponseCode ]
15 Question Type
16 Question Name
1/27/2017 3:03:03 PM 4F0C PACKET 0000025F7C1C6D10 UDP Rcv 192.168.1.55 b36c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:04 PM 4F0C PACKET 0000025F74BD10C0 UDP Rcv 192.168.1.55 68ef Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:04 PM 4F0C PACKET 0000025F0C61B910 UDP Rcv 192.168.1.55 b36c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:05 PM 21CC PACKET 0000025F7DE7AC80 UDP Rcv 192.168.1.55 68ef Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:06 PM 21CC PACKET 0000025F0A4E74E0 UDP Rcv 192.168.1.55 b36c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:07 PM 21CC PACKET 0000025F068FBCD0 UDP Rcv 192.168.1.55 68ef Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:09 PM 4F0C PACKET 0000025F7E99E9E0 UDP Snd 192.168.1.55 68ef R Q [8081 DR NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:10 PM 21CC PACKET 0000025F2C106520 UDP Rcv 192.168.1.55 b36c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:15 PM 21CC PACKET 0000025F071F99A0 UDP Rcv 192.168.1.55 7d62 Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:15 PM 46AC PACKET 0000025F0A0F6070 UDP Snd 192.168.1.55 7d62 R Q [8081 DR NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:15 PM 46AC PACKET 0000025F0A0F6070 UDP Snd 192.168.1.55 b36c R Q [8081 DR NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:20 PM 21CC PACKET 0000025F0E3614F0 UDP Rcv 192.168.1.55 b82c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:21 PM 21CC PACKET 0000025F02AB6080 UDP Rcv 192.168.1.55 b82c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:22 PM 21CC PACKET 0000025F7C1C6D10 UDP Rcv 192.168.1.55 b82c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:24 PM 21CC PACKET 0000025F0AD0BDD0 UDP Rcv 192.168.1.55 b82c Q [0001 D NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:26 PM 21CC PACKET 0000025F0E3614F0 UDP Snd 192.168.1.55 b82c R Q [8081 DR NOERROR] A (3)www(2)nu(2)nl(0)
1/27/2017 3:03:27 PM 21CC PACKET 0000025F74BD10C0 UDP Rcv 192.168.1.55 4855 Q [0001 D NOERROR] A (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:28 PM 21CC PACKET 0000025F002419A0 UDP Rcv 192.168.1.55 c0f3 Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:28 PM 21CC PACKET 0000025F027C4960 UDP Rcv 192.168.1.55 4855 Q [0001 D NOERROR] A (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:29 PM 21CC PACKET 0000025F0A0F6070 UDP Rcv 192.168.1.55 c0f3 Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:29 PM 21CC PACKET 0000025F7E01CD00 UDP Rcv 192.168.1.55 4855 Q [0001 D NOERROR] A (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:30 PM 21CC PACKET 0000025F7ACFD890 UDP Rcv 192.168.1.55 c0f3 Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:31 PM 21CC PACKET 0000025F7C1C6D10 UDP Rcv 192.168.1.55 4855 Q [0001 D NOERROR] A (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:32 PM 21CC PACKET 0000025F0E4ED4F0 UDP Rcv 192.168.1.55 c0f3 Q [0001 D NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:32 PM 21CC PACKET 0000025F002419A0 UDP Snd 192.168.1.55 c0f3 R Q [8081 DR NOERROR] A (5)media(2)nu(2)nl(0)
1/27/2017 3:03:32 PM 4F0C PACKET 0000025F74BD10C0 UDP Snd 192.168.1.55 4855 R Q [8081 DR NOERROR] A (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:33 PM 4F0C PACKET 0000025F0A0F6070 UDP Rcv 192.168.1.55 e0f1 Q [0001 D NOERROR] A (3)www(6)nuwerk(2)nl(0)
1/27/2017 3:03:33 PM 4F0C PACKET 0000025F71CCE520 UDP Rcv 192.168.1.55 417b Q [0001 D NOERROR] A (7)meedoen(2)nu(2)nl(0)
1/27/2017 3:03:34 PM 4F0C PACKET 0000025F76483550 UDP Rcv 192.168.1.55 e0f1 Q [0001 D NOERROR] A (3)www(6)nuwerk(2)nl(0)
1/27/2017 3:03:34 PM 4F0C PACKET 0000025F0967A180 UDP Rcv 192.168.1.55 417b Q [0001 D NOERROR] A (7)meedoen(2)nu(2)nl(0)
1/27/2017 3:03:35 PM 4F0C PACKET 0000025F7DE7AC80 UDP Rcv 192.168.1.55 e0f1 Q [0001 D NOERROR] A (3)www(6)nuwerk(2)nl(0)