为什么 nslookup 或 dig 没有返回某些域的名称服务器?
例子:
dig @8.8.8.8 NS zzy.pl
; <<>> DiG 9.9.5-9+deb8u10-Raspbian <<>> @8.8.8.8 NS zzy.pl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9801
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;zzy.pl. IN NS
;; AUTHORITY SECTION:
pl. 1724 IN SOA ns1.dropped.net.pl. kontakt.dropped.pl. 2008121404 3600 1800 1209600 3600
;; Query time: 101 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 30 19:15:36 UTC 2017
;; MSG SIZE rcvd: 103
。
nslookup -type=ANY -timeout=10 zzy.pl 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: zzy.pl
Address: 212.91.7.33
Name: zzy.pl
Address: 212.91.6.58
Authoritative answers can be found from:
来自 whois:
DOMAIN NAME:
zzy.pl
registrant type:
organization
nameservers:
ns1.aftermarket.pl.
ns2.aftermarket.pl.
(...)
答案1
TL;WR,主要的是,当有人设置不正确时,你会得到奇怪的结果。
该zzy.pl域名已委托给
ns1.aftermarket.pl.
ns2.aftermarket.pl.
这些名称服务器配置错误,它们没有拥有 (预期) 的区域,而是zzy.pl拥有 (不正确) 的区域pl。
因此,当您向这些名称服务器询问 时zzy.pl IN NS,它们没有NS记录(这是上述配置错误的直接结果),并使用其区域版本的记录进行NODATA响应(意味着请求的名称存在,但没有请求类型的记录)。 任何区域都应至少具有和,因此在这方面存在问题。SOAplSOANSzzy.pl
以供参考:
从 TLD 名称服务器授权(正常)pl:
$ dig @a-dns.pl zzy.pl NS +norec
; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @a-dns.pl zzy.pl NS +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51524
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zzy.pl. IN NS
;; AUTHORITY SECTION:
zzy.pl. 86400 IN NS ns2.aftermarket.pl.
zzy.pl. 86400 IN NS ns1.aftermarket.pl.
;; Query time: 25 msec
;; SERVER: 2001:a10:121:1::156#53(2001:a10:121:1::156)
;; WHEN: Thu Nov 30 20:29:50 UTC 2017
;; MSG SIZE rcvd: 83
$
权威响应(预计与上面的响应相符,但看起来NODATA 好像响应来自pl区域,我们刚刚在上一步中进行了该区域):
$ dig @ns1.aftermarket.pl. zzy.pl NS +norec
; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @ns1.aftermarket.pl. zzy.pl NS +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20464
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zzy.pl. IN NS
;; AUTHORITY SECTION:
pl. 3600 IN SOA ns1.dropped.net.pl. kontakt.dropped.pl. 2008121404 3600 1800 1209600 3600
;; Query time: 23 msec
;; SERVER: 212.91.6.36#53(212.91.6.36)
;; WHEN: Thu Nov 30 20:24:23 UTC 2017
;; MSG SIZE rcvd: 103
$
向他们询问pl确认了这一点:
$ dig @ns1.aftermarket.pl. pl NS +norec
; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @ns1.aftermarket.pl. pl NS +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63021
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pl. IN NS
;; ANSWER SECTION:
pl. 3600 IN NS ns2.dropped.net.pl.
pl. 3600 IN NS ns1.dropped.net.pl.
;; ADDITIONAL SECTION:
ns1.dropped.net.pl. 86400 IN A 212.91.6.36
ns2.dropped.net.pl. 86400 IN A 212.91.7.38
;; Query time: 23 msec
;; SERVER: 212.91.6.36#53(212.91.6.36)
;; WHEN: Thu Nov 30 20:24:29 UTC 2017
;; MSG SIZE rcvd: 111
$