大家好。我遇到了一个简单的问题,但我无法解决。我有一个 DC,其域名为 sub.domain.com。我还有一个公共域,其网站为 domain.com,托管在另一台服务器和另一个 DNS 上。当我尝试从域 PC 请求 fb.com(如何举例)时。它请求 fb.com.sub.domain.com,并从我的 DC DNS 获得答案,然后 PC 请求根域 fb.com.domain.com(不带“sub”),服务器没有答案(因为没有本地记录)我如何禁止对 domain.com 的请求,并将其解析到互联网 ps 抱歉我的英语不好
查找日志
PS C:\Windows\system32> nslookup -d2 fb.com
------------
SendRequest(), len 40
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (63 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.0.0.127.in-addr.arpa
type = PTR, class = IN, dlen = 11
name = localhost
ttl = 3600 (1 hour)
------------
Server: localhost
Address: 127.0.0.1
------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = A, class = IN
------------
------------
Got answer (110 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = A, class = IN
AUTHORITY RECORDS:
-> sub.domain.com
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = dc2.sub.domain.com
responsible mail addr = hostmaster.sub.domain.com
serial = 57017
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600 (1 hour)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = AAAA, class = IN
------------
------------
Got answer (110 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> sub.domain.com
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = dc2.sub.domain.com
responsible mail addr = hostmaster.sub.domain.com
serial = 57017
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600 (1 hour)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.domain.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.domain.com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to localhost timed-out
答案1
我不知道您到底在问什么,但您描述的行为是正确的,也是预期的。您对 fb.com 的查询不完全合格,因为它缺少尾随的点。因此,nslookup 会将客户端的主 DNS 后缀附加到查询中,并迭代地将查询转移到根域。
您实际上想要完成什么?您是否希望查询仅查询 fb.com DNS 服务器?如果是这样,则使用尾随点完全限定查询,如下所示:
nslookup -d2 fb.com.