为什么 nslookup 或 dig 没有返回某些域的名称服务器?

为什么 nslookup 或 dig 没有返回某些域的名称服务器?

为什么 nslookup 或 dig 没有返回某些域的名称服务器?

例子:

dig @8.8.8.8 NS zzy.pl

; <<>> DiG 9.9.5-9+deb8u10-Raspbian <<>> @8.8.8.8 NS zzy.pl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9801
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;zzy.pl.                                IN      NS

;; AUTHORITY SECTION:
pl.                     1724    IN      SOA     ns1.dropped.net.pl. kontakt.dropped.pl. 2008121404 3600 1800 1209600 3600

;; Query time: 101 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 30 19:15:36 UTC 2017
;; MSG SIZE  rcvd: 103

nslookup -type=ANY -timeout=10 zzy.pl 8.8.8.8

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   zzy.pl
Address: 212.91.7.33
Name:   zzy.pl
Address: 212.91.6.58

Authoritative answers can be found from:

来自 whois:

DOMAIN NAME:    
zzy.pl

registrant type:    
organization

nameservers:    
ns1.aftermarket.pl.    
ns2.aftermarket.pl.

(...)

答案1

TL;WR,主要的是,当有人设置不正确时,你会得到奇怪的结果。


zzy.pl域名已委托给

ns1.aftermarket.pl.
ns2.aftermarket.pl.

这些名称服务器配置错误,它们没有拥有 (预期) 的区域,而是zzy.pl拥有 (不正确) 的区域pl

因此,当您向这些名称服务器询问 时zzy.pl IN NS,它们没有NS记录(这是上述配置错误的直接结果),并使用其区域版本的记录进行NODATA响应(意味着请求的名称存在,但没有请求类型的记录)。 任何区域都应至少具有和,因此在这方面存在问题。SOApl
SOANSzzy.pl

以供参考:

从 TLD 名称服务器授权(正常)pl

$ dig @a-dns.pl zzy.pl NS +norec

; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @a-dns.pl zzy.pl NS +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51524
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zzy.pl.                                IN      NS

;; AUTHORITY SECTION:
zzy.pl.                 86400   IN      NS      ns2.aftermarket.pl.
zzy.pl.                 86400   IN      NS      ns1.aftermarket.pl.

;; Query time: 25 msec
;; SERVER: 2001:a10:121:1::156#53(2001:a10:121:1::156)
;; WHEN: Thu Nov 30 20:29:50 UTC 2017
;; MSG SIZE  rcvd: 83
$

权威响应(预计与上面的响应相符,但看起来NODATA 好像响应来自pl区域,我们刚刚在上一步中进行了该区域):

$ dig @ns1.aftermarket.pl. zzy.pl NS +norec

; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @ns1.aftermarket.pl. zzy.pl NS +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20464
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zzy.pl.                                IN      NS

;; AUTHORITY SECTION:
pl.                     3600    IN      SOA     ns1.dropped.net.pl. kontakt.dropped.pl. 2008121404 3600 1800 1209600 3600

;; Query time: 23 msec
;; SERVER: 212.91.6.36#53(212.91.6.36)
;; WHEN: Thu Nov 30 20:24:23 UTC 2017
;; MSG SIZE  rcvd: 103

$

向他们询问pl确认了这一点:

$ dig @ns1.aftermarket.pl. pl NS +norec

; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @ns1.aftermarket.pl. pl NS +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63021
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pl.                            IN      NS

;; ANSWER SECTION:
pl.                     3600    IN      NS      ns2.dropped.net.pl.
pl.                     3600    IN      NS      ns1.dropped.net.pl.

;; ADDITIONAL SECTION:
ns1.dropped.net.pl.     86400   IN      A       212.91.6.36
ns2.dropped.net.pl.     86400   IN      A       212.91.7.38

;; Query time: 23 msec
;; SERVER: 212.91.6.36#53(212.91.6.36)
;; WHEN: Thu Nov 30 20:24:29 UTC 2017
;; MSG SIZE  rcvd: 111

$

相关内容