Bind9 无法解析一个域名

Bind9 无法解析一个域名

我在 bind 9.9.4 (RHEL7) 上有 3 个 dns 服务器,配置为 1 个主服务器和 2 个从服务器。今天我发现请求域名“desktop.telegram.org”会导致所有这些服务器都出现 SERVFAIL。请求其他域名仍然有效。

# dig @127.0.0.1 desktop.telegram.org +trace

工作正常。

下面是一些调试输出:

# rndc trace 9
# grep '127.0.0.1' /var/named/data/named.run
31-May-2017 15:41:25.683 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:25.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:25.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:25.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:25.684 client 127.0.0.1#56542: query
31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:30.684 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:30.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:30.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:30.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:30.684 client 127.0.0.1#56542: query
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
31-May-2017 15:41:35.684 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:35.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:35.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:35.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:35.684 client 127.0.0.1#56542: query
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query failed (SERVFAIL) for desktop.telegram.org/IN/A at query.c:7003
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): error
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): send
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): sendto
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): senddone
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest

命名的.conf:

options {
listen-on port 53 { any; };
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
version         "none";
allow-recursion{ 127.0.0.1; my.internal.dns.server.ip1; my.internal.dns.server.ip2; };
dnssec-enable yes;
dnssec-validation auto;
notify no;
allow-transfer { none; };
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
                print-time yes;
        };
};
include "/etc/rndc.key";
controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
zone "." IN {
        type hint;
        file "/var/named/named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "mydomain.com" {
        type slave;
        file "mydomain.com";
        masters { master.server.ip; };
        };

zone ... (my domains)

UPD:守护进程重启后,问题消失。我没有在其中一个服务器上重启守护进程,以便在必要时重现该问题。

相关内容