有些 IP 地址nslookup
无法解析(在 Windows 和 Linux 上)。
问题:
我可以找到主机名的 IP,但是反向查找失败。
PS C:\> nslookup.exe somehost2
Server: corpdns.mydomain.com
Address: 10.248.2.1
Name: somehost2.corp.mydomain.com
Address: 10.185.140.22
# Reverse lookup of the same IP fails:
PS C:\> nslookup.exe 10.185.140.22
Server: corpdns.mydomain.com
Address: 10.248.2.1
*** corpdns.mydomain.com can't find 10.185.140.22: Non-existent domain
但是,Resolve-DnsName
PowerShell 命令返回反向查找的主机名。
PS C:\> Resolve-DnsName 10.185.140.22
Name Type TTL Section NameHost
---- ---- --- ------- --------
22.140.185.10.in-addr.arpa. PTR 1200 Question somehost2
我在这里观察到两件不寻常的事情:
- 它来自于问题部分
- 它返回不带 DNS 域的主机名。
使用其他 IP 地址(可以nslookup
解析),我们发现它来自回答部分并带有 DNS 域。
PS C:\> Resolve-DnsName 10.210.0.127
Name Type TTL Section NameHost
---- ---- --- ------- --------
127.0.210.10.in-addr.arpa PTR 1200 Answer somehost1.corp.mydomain.com
顺便说一句,ping
使用该/a
标志也可以成功解析 Windows 上的名称:
PS C:\> ping /a 10.185.140.22
Pinging somehost2 [10.185.140.22] with 32 bytes of data:
Reply from 10.185.140.22: bytes=32 time=6ms TTL=127
Reply from 10.185.140.22: bytes=32 time=12ms TTL=127
但是我在 Linux 中找不到等效的标志ping
。
我的问题:
Resolve-DnsName
和 的ping
做法有何不同nslookup
?
我的主要问题是当我尝试在 Linux 中解析 IP 时。我尝试了几个命令nslookup
,但dig
都无济于事。LinuxResolve-DnsName
中是否有等效的命令?
澄清:
大多数 IP 地址nslookup
也可以通过 来解析,问题仅出在我们的环境中的特定主机子集上。
更新:nslookup
处于调试模式
PS C:\> nslookup.exe -d 10.185.140.22
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
1.2.248.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.2.248.10.in-addr.arpa
name = corpdns.mydomain.com
ttl = 1200 (20 mins)
------------
Server: corpdns.mydomain.com
Address: 10.248.2.1
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
22.140.185.10.in-addr.arpa, type = PTR, class = IN
AUTHORITY RECORDS:
-> 185.10.in-addr.arpa
ttl = 900 (15 mins)
primary name server = gdns602.corp.mydomain.com
responsible mail addr = hostmaster.mydomain.com
serial = 35869652
refresh = 300 (5 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 900 (15 mins)
------------
*** corpdns.mydomain.com can't find 10.185.140.22: Non-existent domain
更新 #2
Resolve-DnsName
当使用不同的标志(例如:-DnsOnly
,,-NoHostsFile
)时,这些系统会失败-LlmnrNetbiosOnly
(但对于可以解析的其他 IP 地址有效nslookup
)。
PS C:\> Resolve-DnsName 10.185.140.22 -DnsOnly
Resolve-DnsName : 22.140.185.10.in-addr.arpa : DNS name does not exist
At line:1 char:1
+ Resolve-DnsName 10.185.140.22 -DnsOnly
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (22.140.185.10.in-addr.arpa:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : DNS_ERROR_RCODE_NAME_ERROR,Microsoft.DnsClient.Commands.ResolveDnsName
PS C:\> Resolve-DnsName 10.185.140.22 -NoHostsFile
Resolve-DnsName : 22.140.185.10.in-addr.arpa : DNS name does not exist
At line:1 char:1
+ Resolve-DnsName 10.185.140.22 -NoHostsFile
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (22.140.185.10.in-addr.arpa:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : DNS_ERROR_RCODE_NAME_ERROR,Microsoft.DnsClient.Commands.ResolveDnsName
PS C:\> Resolve-DnsName 10.185.140.22 -LlmnrNetbiosOnly
Resolve-DnsName : 22.140.185.10.in-addr.arpa : DNS record does not exist
At line:1 char:1
+ Resolve-DnsName 10.185.140.22 -LlmnrNetbiosOnly
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (22.140.185.10.in-addr.arpa:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : RECORD_DOES_NOT_EXIST,Microsoft.DnsClient.Commands.ResolveDnsName
答案1
检查后wireshark
,我发现这些 IP 确实在 DNS 中不可用:
Standard query response 0xb20a No such name PTR 22.140.185.10.in-addr.arpa
但答案来自于(NetBIOS 名称服务)协议NBSTAT
中的查询。NBNS
原因是这些主机没有静态 IP - 它们通过 DHCP 获取动态 IP,因此它们未在 DNS 名称服务器中注册。
我能够使用以下nmblookup
命令在 Linux 中获取预期答案:
$ nmblookup -A 10.185.140.22
Looking up status of 10.185.140.22
SOMEHOST2 <00> - M <ACTIVE>
XXX <00> - <GROUP> M <ACTIVE>
SOMEHOST2 <20> - M <ACTIVE>