问题:
最近我注意到我的台式机上的 Chrome 在加载新网站时会卡住,提示正在解析域名。最终它解析成功了,但感觉 DNS 请求最多需要 5 秒钟才能成功,这不对。
设置:
Windows Server 2012 R2 Active Directory 域控制器。
- IPv4 地址:172.16.1.10(名称
server.my.ad.domain:) - Windows DNS 服务器配置为仅使用 Google 的 8.8.8.8 和 8.8.4.4 作为唯一的转发器。
- 它还配置为在没有转发器可用时使用根提示。
dcdiag通过所有测试。
- IPv4 地址:172.16.1.10(名称
Windows 10 台式电脑,域成员。
- 姓名:
desktop.my.ad.domain - 网络设置:
- 蓝牙 PAN:已禁用(“未连接”)
- 以太网:已连接(域网络配置文件)
- DHCP 已启用。
- 仅使用 172.16.1.10 作为其 DNS 服务器。
- 姓名:
nslookup输出:
我从我的桌面运行了这个程序——我很惊讶地看到超时错误,但为了解决名称问题最终无需第二次调用nslookup:
C:\>nslookup stackoverflow.com
Server: server.my.ad.domain
Address: 172.16.1.10
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: stackoverflow.com
Addresses: 151.101.65.69
151.101.1.69
151.101.129.69
151.101.193.69
我似乎无法可靠地重现该问题 - 即使ipconfig /flushdns在我的桌面和服务器上运行,并从 Windows DNS 服务器的缓存中删除缓存项目。
我刚才用nslookup 和再次尝试set debug,得到了以下结果:
> openra.net
Server: server.my.ad.domain
Address: 172.16.1.10
------------
Got answer:
HEADER:
opcode = QUERY, id = 16, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.my.ad.domain, type = A, class = IN
AUTHORITY RECORDS:
-> my.ad.domain
ttl = 3600 (1 hour)
primary name server = server.my.ad.domain
responsible mail addr = hostmaster.my.ad.domain
serial = 8384
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 17, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.my.ad.domain, type = AAAA, class = IN
AUTHORITY RECORDS:
-> my.ad.domain
ttl = 3600 (1 hour)
primary name server = server.my.ad.domain
responsible mail addr = hostmaster.my.ad.domain
serial = 8384
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 18, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.ad.domain, type = A, class = IN
AUTHORITY RECORDS:
-> ad.domain
ttl = 298 (4 mins 58 secs)
primary name server = ns1.bdm.microsoftonline.com
responsible mail addr = azuredns-hostmaster.microsoft.com
serial = 1
refresh = 3600 (1 hour)
retry = 300 (5 mins)
expire = 2419200 (28 days)
default TTL = 300 (5 mins)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 19, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.ad.domain, type = AAAA, class = IN
AUTHORITY RECORDS:
-> ad.domain
ttl = 298 (4 mins 58 secs)
primary name server = ns1.bdm.microsoftonline.com
responsible mail addr = azuredns-hostmaster.microsoft.com
serial = 1
refresh = 3600 (1 hour)
retry = 300 (5 mins)
expire = 2419200 (28 days)
default TTL = 300 (5 mins)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 20, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
openra.net, type = A, class = IN
ANSWERS:
-> openra.net
internet address = 194.63.248.52
ttl = 3599 (59 mins 59 secs)
------------
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
Name: openra.net
Address: 194.63.248.52
>
不幸的是它仍然没有告诉我确切地什么超时了...
答案1
您的本地 DNS 服务器正在解析递归 DNS 查询,没有任何问题,但它比预期花费的时间要多一点。这将有很多原因需要检查
从桌面到本地 DNS 服务器的网络连接。从桌面到本地 DNS 服务器的 ping 时间很可能应该大于 2 毫秒
检查从本地 DNS 服务器到互联网的网络连接,或者检查从本地 DNS 服务器到 DNS 转发器 IP 的网络连接(无论服务器上配置的是哪个)。
检查上述连接时,如果发现网络有任何延迟,请尝试优化连接问题。