更新 1
我更改了名称服务器/etc/resolv.conf,解决了问题,但这会导致内部名称解析出现问题。那么这意味着什么?查询相同 NS 的 dig 会获取所有 7 条记录,而查询相同 NS 的应用程序会失败,但如果 NS 是 8.8.8.8,则可以正常工作。
原来的
现在我遇到了非常奇怪的 DNS 行为。EKS 集群中 pod 上所有应用程序(curl、wget、python)对特定域的 DNS 解析均失败。同时 dig 和 nslookup 运行正常。此外,其他名称(如 google.com)、内部域、aws 域和其他外部域均运行正常。失败的域是areocrapi.cognitiveservices.azure.com。内容/etc/resolv.conf如下。我还在下面添加了 tcpdump 和 dig 结果。
平台信息
$ uname -a
Linux areocr-98da57763-vrefw 4.14.203-156.332.amzn2.x86_64 #1 SMP Fri Oct 30 19:19:33 UTC 2020 x86_64 GNU/Linux
Kubernetes Version: 1.18
Docker image: debian:stable-slim
/etc/resolv.conf
nameserver 172.20.0.10
search default.svc.cluster.local svc.cluster.local cluster.local ap-south-1.compute.internal
options ndots:1
挖掘结果
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> areocrapi.cognitiveservices.azure.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12136
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 542f9837d8a4f664 (echoed)
;; QUESTION SECTION:
;areocrapi.cognitiveservices.azure.com. IN A
;; ANSWER SECTION:
areocrapi.cognitiveservices.azure.com. 10 IN CNAME centralindia.api.cognitive.microsoft.com.
centralindia.api.cognitive.microsoft.com. 10 IN CNAME cognitiveincprod.trafficmanager.net.
cognitiveincprod.trafficmanager.net. 10 IN CNAME cognitiveincprod.azure-api.net.
cognitiveincprod.azure-api.net. 10 IN CNAME apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net.
apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net. 10 IN CNAME cognitiveincprod-centralindia-01.regional.azure-api.net.
cognitiveincprod-centralindia-01.regional.azure-api.net. 10 IN CNAME apimgmthsgqucefft6mdmwwycilgdkzacce38eazszdtwrksob.cloudapp.net.
apimgmthsgqucefft6mdmwwycilgdkzacce38eazszdtwrksob.cloudapp.net. 10 IN A 104.211.88.173
;; Query time: 205 msec
;; SERVER: 172.20.0.10#53(172.20.0.10)
;; WHEN: Thu Jan 28 18:50:33 UTC 2021
;; MSG SIZE rcvd: 799
现在有 6 个 CNAME + 1 个 A 记录的链。当我尝试解析centralindia.api.cognitive.microsoft.com删除了哪个 CNAME 查询时,curl 命令有效。
$ curl https://centralindia.api.cognitive.microsoft.com/
{"error":{"code":"404","message": "Resource not found"}}
curl/wget/python 的结果(失败)
$ curl https://areocrapi.cognitiveservices.azure.com/
curl: (6) Could not resolve host: areocrapi.cognitiveservices.azure.com
$ wget -4 https://areocrapi.cognitiveservices.azure.com/
--2021-01-28 18:55:23-- https://areocrapi.cognitiveservices.azure.com/
Resolving areocrapi.cognitiveservices.azure.com (areocrapi.cognitiveservices.azure.com)... failed: Name or service not known.
wget: unable to resolve host address ‘areocrapi.cognitiveservices.azure.com
$ python3
Python 3.8.6 (default, Nov 18 2020, 13:49:49)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.gethostbyname('areocrapi.cognitiveservices.azure.com')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
socket.gaierror: [Errno -2] Name or service not known
发出 curl 命令时对整个域进行 tcpdump(失败)
curl https://areocrapi.cognitiveservices.azure.com/
IP (tos 0x0, ttl 255, id 52638, offset 0, flags [DF], proto UDP (17), length 83)
10.2.73.136.43389 > 172.20.0.10.53: 36572+ A? areocrapi.cognitiveservices.azure.com. (55)
IP (tos 0x0, ttl 255, id 52639, offset 0, flags [DF], proto UDP (17), length 83)
10.2.73.136.43389 > 172.20.0.10.53: 41700+ AAAA? areocrapi.cognitiveservices.azure.com. (55)
IP (tos 0x0, ttl 253, id 1066, offset 0, flags [DF], proto UDP (17), length 345)
172.20.0.10.53 > 10.2.73.136.43389: 41700 5/0/0 areocrapi.cognitiveservices.azure.com. CNAME centralindia.api.cognitive.microsoft.com., centralindia.api.cognitive.microsoft.com. CNAME cognitiveincprod.trafficmanager.net., cognitiveincprod.trafficmanager.net. CNAME cognitiveincprod.azure-api.net., cognitiveincprod.azure-api.net. CNAME apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net., apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net. CNAME cognitiveincprod-centralindia-01.regional.azure-api.net. (317)
IP (tos 0x0, ttl 253, id 1067, offset 0, flags [DF], proto UDP (17), length 345)
172.20.0.10.53 > 10.2.73.136.43389: 36572 5/0/0 areocrapi.cognitiveservices.azure.com. CNAME centralindia.api.cognitive.microsoft.com., centralindia.api.cognitive.microsoft.com. CNAME cognitiveincprod.trafficmanager.net., cognitiveincprod.trafficmanager.net. CNAME cognitiveincprod.azure-api.net., cognitiveincprod.azure-api.net. CNAME apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net., apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net. CNAME cognitiveincprod-centralindia-01.regional.azure-api.net. (317)
发出 curl 命令时删除 1 CNAME 的 tcpdump(成功)
curl https://centralindia.api.cognitive.microsoft.com/
IP (tos 0x0, ttl 255, id 24853, offset 0, flags [DF], proto UDP (17), length 86)
10.2.73.136.59453 > 172.20.0.10.53: 7813+ A? centralindia.api.cognitive.microsoft.com. (58)
IP (tos 0x0, ttl 255, id 24854, offset 0, flags [DF], proto UDP (17), length 86)
10.2.73.136.59453 > 172.20.0.10.53: 24205+ AAAA? centralindia.api.cognitive.microsoft.com. (58)
IP (tos 0x0, ttl 253, id 60238, offset 0, flags [DF], proto UDP (17), length 387)
172.20.0.10.53 > 10.2.73.136.59453: 7813 6/0/0 centralindia.api.cognitive.microsoft.com. CNAME cognitiveincprod.trafficmanager.net., cognitiveincprod.trafficmanager.net. CNAME cognitiveincprod.azure-api.net., cognitiveincprod.azure-api.net. CNAME apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net., apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net. CNAME cognitiveincprod-centralindia-01.regional.azure-api.net., cognitiveincprod-centralindia-01.regional.azure-api.net. CNAME apimgmthsgqucefft6mdmwwycilgdkzacce38eazszdtwrksob.cloudapp.net., apimgmthsgqucefft6mdmwwycilgdkzacce38eazszdtwrksob.cloudapp.net. A 104.211.88.173 (359)
IP (tos 0x0, ttl 253, id 60241, offset 0, flags [DF], proto UDP (17), length 371)
172.20.0.10.53 > 10.2.73.136.59453: 24205 5/0/0 centralindia.api.cognitive.microsoft.com. CNAME cognitiveincprod.trafficmanager.net., cognitiveincprod.trafficmanager.net. CNAME cognitiveincprod.azure-api.net., cognitiveincprod.azure-api.net. CNAME apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net., apimgmttmzgruajuggsac8wjzmihugs4vsxibebwe3uiy0mylw.trafficmanager.net. CNAME cognitiveincprod-centralindia-01.regional.azure-api.net., cognitiveincprod-centralindia-01.regional.azure-api.net. CNAME apimgmthsgqucefft6mdmwwycilgdkzacce38eazszdtwrksob.cloudapp.net. (343)