ubuntu – Linux DNS query sequence with resolv.conf – Server Fault

Почему корневые серверы днс не хотят со мной разговаривать?

xaker1@xaker1:~ > dig -t ns f.root-servers.net. ru.

; <<>> DiG 9.9.2-P1 <<>> -t ns f.root-servers.net. ru.
;; global options: cmd
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 55260
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;f.root-servers.net. IN NS

;; AUTHORITY SECTION:
root-servers.net. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022010300 14400 7200 1209600 3600000

;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Aug 1 17:21:15 2022
;; MSG SIZE rcvd: 96

;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 11972
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ru. IN NS

;; ANSWER SECTION:
ru. 84996 IN NS f.dns.ripn.net.
ru. 84996 IN NS e.dns.ripn.net.
ru. 84996 IN NS a.dns.ripn.net.
ru. 84996 IN NS d.dns.ripn.net.
ru. 84996 IN NS b.dns.ripn.net.

;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Aug 1 17:21:15 2022
;; MSG SIZE rcvd: 112

xaker1@xaker1:~ > dig -t a habr.ru. trace all

; <<>> DiG 9.9.2-P1 <<>> -t a habr.ru. trace all
;; global options: cmd
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 9020
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 516394 IN NS d.root-servers.net.
. 516394 IN NS m.root-servers.net.
. 516394 IN NS l.root-servers.net.
. 516394 IN NS f.root-servers.net.
. 516394 IN NS a.root-servers.net.
. 516394 IN NS i.root-servers.net.
. 516394 IN NS c.root-servers.net.
. 516394 IN NS g.root-servers.net.
. 516394 IN NS j.root-servers.net.
. 516394 IN NS b.root-servers.net.
. 516394 IN NS k.root-servers.net.
. 516394 IN NS e.root-servers.net.
. 516394 IN NS h.root-servers.net.

;; Query time: 508 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Aug 1 17:09:13 2022
;; MSG SIZE rcvd: 239

;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 13022
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 11

:/>  Как настроить маршрутизацию в Windows 7 на ПК с двумя локальными сетями? — Хабр Q&A

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;habr.ru. IN A

;; AUTHORITY SECTION:
ru. 172800 IN NS a.dns.ripn.net.
ru. 172800 IN NS e.dns.ripn.net.
ru. 172800 IN NS f.dns.ripn.net.
ru. 172800 IN NS b.dns.ripn.net.
ru. 172800 IN NS d.dns.ripn.net.
ru. 86400 IN DS 14072 8 2 DFFBFE59FBBD3289D0C3819F05F94610A1E03B556D64540A2CC5F8C4 158A00E7
ru. 86400 IN RRSIG DS 8 1 86400 20220807000000 20220730230000 49656. kO5UkU BBko5 QDOkU6jkerC6WzsEqMHxc RVfE y3e8PPWI HKHBj6Z e6/x4Ddn4BpUBM732dWbz88n00PqFhD3Q 00RM 7YwPnEDmDk1eZJrJT 33opWG5L8hn 5DYoHRPuSGJBcRhyIQHwHWwvhtiX7IsPj2GmskUssBLG 6ro=

;; ADDITIONAL SECTION:
a.dns.ripn.net. 172800 IN A 193.232.128.6
b.dns.ripn.net. 172800 IN A 194.85.252.62
d.dns.ripn.net. 172800 IN A 194.190.124.17
e.dns.ripn.net. 172800 IN A 193.232.142.17
f.dns.ripn.net. 172800 IN A 193.232.156.17
a.dns.ripn.net. 172800 IN AAAA 2001:678:17:0:193:232:128:6
b.dns.ripn.net. 172800 IN AAAA 2001:678:16:0:194:85:252:62
d.dns.ripn.net. 172800 IN AAAA 2001:678:18:0:194:190:124:17
e.dns.ripn.net. 172800 IN AAAA 2001:678:15:0:193:232:142:17
f.dns.ripn.net. 172800 IN AAAA 2001:678:14:0:193:232:156:17

;; Query time: 243 msec
;; SERVER: 199.7.91.13#53(199.7.91.13)
;; WHEN: Thu Aug 1 17:09:13 2022
;; MSG SIZE rcvd: 555

;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 22022
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;habr.ru. IN A

;; AUTHORITY SECTION:
habr.ru. 345600 IN NS ns2.habradns.net.
habr.ru. 345600 IN NS ns1.habradns.net.
TDUI9D4JKUDS8B9T86GJ39PGFLCNLGM5.ru. 3600 IN NSEC3 1 1 3 00FF TEFG7J6PMM47P5H81JFQ4VC5FIS9TDOL NS SOA RRSIG DNSKEY NSEC3PARAM
TDUI9D4JKUDS8B9T86GJ39PGFLCNLGM5.ru. 3600 IN RRSIG NSEC3 8 2 3600 20220818050420 20220711212102 9879 ru. uHu S8E4WHqaTPtZhxOWcvOFvfGyPg3gmZb4COgF W pXrx9HIZbT0UP Bidi9p94FwfpxRrV9oz1QXooF9Q9oLU/1l0Hc/2r6HyY7RTpZDeRQlnt Fy6LHVboDazKHBm50XAU15IidiIgzG9cZV69ITT0kqMqxUR0zVXwFc6J 8zg=
BELG7FO0P653NH4HS77LQ0E5E0MV4JIF.ru. 3600 IN NSEC3 1 1 3 00FF BMP1PHBL4O1LE1IPTV9I1AM84T3N48KJ NS DS RRSIG
BELG7FO0P653NH4HS77LQ0E5E0MV4JIF.ru. 3600 IN RRSIG NSEC3 8 2 3600 20220901075644 20220719092154 9879 ru. UdZCtFE/kLSoCBiEGGd9woNFy7kCxWWxr/5zkqpEads3ev AX1qWjDgg iNrLv4HqzNvaCezTEJNa6UVoPxQxtoq97Z 1EoaMBjuepzbWfYs77GH4 nzCAJX5/DoFNjlIScfY/ghdCEYTqQMQItt4coLTFdsgS 9vp8BVRLEWm Sdc=

;; Query time: 128 msec
;; SERVER: 193.232.142.17#53(193.232.142.17)
;; WHEN: Thu Aug 1 17:09:15 2022
;; MSG SIZE rcvd: 571

;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 11959
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;habr.ru. IN A

:/>  Windows не может найти printmanagement.msc в Windows 10 - Okzu

;; ANSWER SECTION:
habr.ru. 900 IN A 178.63.117.149

;; AUTHORITY SECTION:
habr.ru. 900 IN NS ns2.habradns.net.
habr.ru. 900 IN NS ns1.habradns.net.

;; Query time: 79 msec
;; SERVER: 78.46.61.175#53(78.46.61.175)
;; WHEN: Thu Aug 1 17:09:15 2022
;; MSG SIZE rcvd: 100

Linux dns query sequence with resolv.conf

I have a encountered a DNS resolution issue. Could someone pls give me some tips on this issue, thanks in advance~

uname -a

Linux 152a580f-e3c2-405f-acde-eac4d928af22 4.4.0-111-generic #134~14.04.1-Ubuntu SMP Mon Jan 15 15:39:56 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/resolv.conf

nameserver 127.0.0.1
nameserver 10.104.64.25
nameserver 10.104.65.25
options timeout:5 attempts:4 rotate

I have 3 name servers used in my resolve file, and the 127.0.0.1 is listened by a local CONSUL dns, which would able to resolve hostnames under domain ‘cf.internal.’

And another 2 nameservers are my local dns servers, which would resolve my internal domain: dummysite.com, as well as recursive queries to public dns names.

The issue is:
There’s an application, wants to resolve ‘bbs.service.cf.internal.’, but I can see some fails in logs, like:

{"timestamp":"1542522679.406200409","source":"rep","message":"rep.running-bulker.sync.batch-operations.do-request.failed-doing-request","log_level":2,"data":{"error":"Post http://bbs.service.cf.internal:8889/v1/actual_lrp_groups/list: dial tcp: lookup bbs.service.cf.internal: no such host","session":"13.1.1.3"}}

But, after a while, the application would finally able to get to the right DNS entry and application works.

So far what I expected is:
As I have ‘rotate’ in my options, so the dns query would be like this:

first query would try: nameserver 10.104.64.25, and then try second nameserver 10.104.65.25, and then try another nameserver 127.0.0.1, and bingo, find it ‘bbs.service.cf.internal’.

But I used tcpdump, the process is not the same as my thoughts.
From the log, I find it’s process like this:

QUERY1: 10.104.64.25 => QUERY2: 10.104.65.25 => QUERY3: 10.104.64.25 => QUERY4: 10.104.65.25 => QUERY5: 127.0.0.1 (got it)

Why the DNS query in such a sequence?

The tcpdump logs as a reference:

10.104.148.102.48457 > cn1c6ocvcu01.dummysite.net.domain: [udp sum ok] 26743  A? bbs.service.cf.internal. (41)
10.104.148.102.48457 > cn1c6ocvcu01.dummysite.net.domain: [udp sum ok] 5283  AAAA? bbs.service.cf.internal. (41)
cn1c6ocvcu01.dummysite.net.domain > 10.104.148.102.48457: [udp sum ok] 26743 NXDomain q: A? bbs.service.cf.internal. 0/1/0 ns: . [1h56m16s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)
cn1c6ocvcu01.dummysite.net.domain > 10.104.148.102.48457: [udp sum ok] 5283 NXDomain q: AAAA? bbs.service.cf.internal. 0/1/0 ns: . [1h56m16s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)

10.104.148.102.54378 > cn1c6ocvcu02.dummysite.net.domain: [udp sum ok] 51897  A? bbs.service.cf.internal. (41)
10.104.148.102.54378 > cn1c6ocvcu02.dummysite.net.domain: [udp sum ok] 32472  AAAA? bbs.service.cf.internal. (41)
cn1c6ocvcu02.dummysite.net.domain > 10.104.148.102.54378: [udp sum ok] 32472 NXDomain q: AAAA? bbs.service.cf.internal. 0/1/0 ns: . [1h56m43s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)
cn1c6ocvcu02.dummysite.net.domain > 10.104.148.102.54378: [udp sum ok] 51897 NXDomain q: A? bbs.service.cf.internal. 0/1/0 ns: . [1h56m43s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)

10.104.148.102.47650 > cn1c6ocvcu01.dummysite.net.domain: [udp sum ok] 23809  A? bbs.service.cf.internal. (41)
10.104.148.102.47650 > cn1c6ocvcu01.dummysite.net.domain: [udp sum ok] 4790  AAAA? bbs.service.cf.internal. (41)
cn1c6ocvcu01.dummysite.net.domain > 10.104.148.102.47650: [udp sum ok] 23809 NXDomain q: A? bbs.service.cf.internal. 0/1/0 ns: . [1h56m15s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)
cn1c6ocvcu01.dummysite.net.domain > 10.104.148.102.47650: [udp sum ok] 4790 NXDomain q: AAAA? bbs.service.cf.internal. 0/1/0 ns: . [1h56m15s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)

10.104.148.102.42652 > cn1c6ocvcu02.dummysite.net.domain: [udp sum ok] 60294  A? bbs.service.cf.internal. (41)
10.104.148.102.42652 > cn1c6ocvcu02.dummysite.net.domain: [udp sum ok] 24929  AAAA? bbs.service.cf.internal. (41)
cn1c6ocvcu02.dummysite.net.domain > 10.104.148.102.42652: [udp sum ok] 60294 NXDomain q: A? bbs.service.cf.internal. 0/1/0 ns: . [1h56m42s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)
cn1c6ocvcu02.dummysite.net.domain > 10.104.148.102.42652: [udp sum ok] 24929 NXDomain q: AAAA? bbs.service.cf.internal. 0/1/0 ns: . [1h56m42s] SOA a.root-servers.net. nstld.verisign-grs.com. 2022111800 1800 900 604800 86400 (116)

localhost.46454 > localhost.domain: [bad udp cksum 0xfe44 -> 0xde60!] 41944  A? bbs.service.cf.internal. (41)
localhost.46454 > localhost.domain: [bad udp cksum 0xfe44 -> 0x924b!] 54509  AAAA? bbs.service.cf.internal. (41)
localhost.domain > localhost.46454: [bad udp cksum 0xfe76 -> 0x5e62!] 54509* q: AAAA? bbs.service.cf.internal. 0/1/0 ns: cf.internal. [0s] SOA ns.cf.internal. postmaster.cf.internal. 1542524177 3600 600 86400 0 (91)
localhost.domain > localhost.46454: [bad udp cksum 0xfe54 -> 0xff5e!] 41944* q: A? bbs.service.cf.internal. 1/0/0 bbs.service.cf.internal. [0s] A 10.104.149.223 (57)

Оставьте комментарий

Adblock
detector