dig returns 错误的记录类型
dig returns wrong record type
这似乎是我遗漏了一些明显的东西,或者之前已经有人问过了。当我使用 -t 参数查询 dig 以指定 DNS 记录类型时,结果似乎包含答案,即使返回的记录是不同的记录类型。这是一个例子:
$ dig -t A -q polestar.databaseguy.com.
; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> -t A polestar.databaseguy.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33130
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; ANSWER SECTION:
polestar.databaseguy.com. 3600 IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 60 IN A 173.19.127.251
;; Query time: 30 msec
;; SERVER: 10.0.10.1#53(10.0.10.1)
;; WHEN: Mon Dec 10 14:41:50 STD 2018
;; MSG SIZE rcvd: 103
ANSWER SECTION中列出的CNAME和A记录是正确的。但是,CNAME 用于 polestar.databaseguy.com.,而 A 用于 databaseguy.ddns.net.。 polestar.databaseguy.com. 没有 A 记录,这是我查询的,所以我预计没有结果。
我非常有信心这是正确的行为,但我不理解它,也没有在 man dig 页面中看到任何解释。我也无法在本网站或其他地方找到其他在线讨论。有人可以帮我理解吗?
这是预期的行为,它减少了所需的交换量,并且特定于 CNAME 记录。
它包含在 DNS 的核心文档中:RFC1034,第 3.6.2 节
看到这个:
CNAME RRs cause special action in DNS software. When a name server
fails to find a desired RR in the resource set associated with the
domain name, it checks to see if the resource set consists of a CNAME
record with a matching class. If so, the name server includes the
CNAME record in the response and restarts the query at the domain name
specified in the data field of the CNAME record. The one exception to
this rule is that queries which match the CNAME type are not
restarted.
与您的情况完全匹配的清晰示例:
For example, suppose a name server was processing a query with for
USC-ISIC.ARPA, asking for type A information, and had the following
resource records:
USC-ISIC.ARPA IN CNAME C.ISI.EDU
C.ISI.EDU IN A 10.0.0.52
Both of these RRs would be returned in the response to the type A
query, while a type CNAME or * query should return just the CNAME.
其他要点见5.2.2节。
第 6.2.7 和 6.2.8 节也给出了示例。
这也取决于您查询的是递归名称服务器还是权威名称服务器。
databaseguy.com 有名称服务器:
pdns01.domaincontrol.com.
pdns02.domaincontrol.com.
如果查询其中之一:
$ dig A polestar.databaseguy.com. @pdns01.domaincontrol.com.
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @pdns01.domaincontrol.com.
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64115
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45ebc418c94c90a
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; QUERY SIZE: 65
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64115
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; ANSWER SECTION:
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
您只获得 CNAME 值,因为此权威名称服务器只知道这一点,并且对 ddns.net 没有权威。
但是,如果您询问任何 递归 名称服务器,它会执行递归并给您“完整”答复的工作:
$ for ns in 1.1.1.1 8.8.8.8 9.9.9.9 80.80.80.80 ; do dig A polestar.databaseguy.com. @$ns +noall +ans ; done
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @1.1.1.1 +noall +ans
;; global options: +cmd
;; connection timed out; no servers could be reached
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @8.8.8.8 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 59m59s IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 59s IN A 173.19.127.251
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @9.9.9.9 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 1m IN A 173.19.127.251
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @80.80.80.80 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 1m IN A 173.19.127.251
(1.1.1.1 没有回复我的查询,但这与此问题无关)
所以关于“没有A记录forpolestar.databaseguy.com.,这是我查询的,所以我预计没有结果。”这是错误的一半,因为该名称有一个 CNAME,这意味着另一个规范名称并且这个规范名称有一个 A 记录所以在一天结束时它就像起始名称有一个 A 记录一样.任何在本地向 OS 请求该主机 IP 地址的应用程序都将获得 A 记录,因为 OS 将处理完整的递归解析并“取消引用”CNAME。
这似乎是我遗漏了一些明显的东西,或者之前已经有人问过了。当我使用 -t 参数查询 dig 以指定 DNS 记录类型时,结果似乎包含答案,即使返回的记录是不同的记录类型。这是一个例子:
$ dig -t A -q polestar.databaseguy.com.
; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> -t A polestar.databaseguy.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33130
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; ANSWER SECTION:
polestar.databaseguy.com. 3600 IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 60 IN A 173.19.127.251
;; Query time: 30 msec
;; SERVER: 10.0.10.1#53(10.0.10.1)
;; WHEN: Mon Dec 10 14:41:50 STD 2018
;; MSG SIZE rcvd: 103
ANSWER SECTION中列出的CNAME和A记录是正确的。但是,CNAME 用于 polestar.databaseguy.com.,而 A 用于 databaseguy.ddns.net.。 polestar.databaseguy.com. 没有 A 记录,这是我查询的,所以我预计没有结果。
我非常有信心这是正确的行为,但我不理解它,也没有在 man dig 页面中看到任何解释。我也无法在本网站或其他地方找到其他在线讨论。有人可以帮我理解吗?
这是预期的行为,它减少了所需的交换量,并且特定于 CNAME 记录。
它包含在 DNS 的核心文档中:RFC1034,第 3.6.2 节
看到这个:
CNAME RRs cause special action in DNS software. When a name server fails to find a desired RR in the resource set associated with the domain name, it checks to see if the resource set consists of a CNAME record with a matching class. If so, the name server includes the CNAME record in the response and restarts the query at the domain name specified in the data field of the CNAME record. The one exception to this rule is that queries which match the CNAME type are not restarted.
与您的情况完全匹配的清晰示例:
For example, suppose a name server was processing a query with for USC-ISIC.ARPA, asking for type A information, and had the following resource records:
USC-ISIC.ARPA IN CNAME C.ISI.EDU C.ISI.EDU IN A 10.0.0.52Both of these RRs would be returned in the response to the type A query, while a type CNAME or * query should return just the CNAME.
其他要点见5.2.2节。 第 6.2.7 和 6.2.8 节也给出了示例。
这也取决于您查询的是递归名称服务器还是权威名称服务器。
databaseguy.com 有名称服务器:
pdns01.domaincontrol.com.
pdns02.domaincontrol.com.
如果查询其中之一:
$ dig A polestar.databaseguy.com. @pdns01.domaincontrol.com.
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @pdns01.domaincontrol.com.
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64115
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45ebc418c94c90a
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; QUERY SIZE: 65
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64115
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; ANSWER SECTION:
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
您只获得 CNAME 值,因为此权威名称服务器只知道这一点,并且对 ddns.net 没有权威。
但是,如果您询问任何 递归 名称服务器,它会执行递归并给您“完整”答复的工作:
$ for ns in 1.1.1.1 8.8.8.8 9.9.9.9 80.80.80.80 ; do dig A polestar.databaseguy.com. @$ns +noall +ans ; done
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @1.1.1.1 +noall +ans
;; global options: +cmd
;; connection timed out; no servers could be reached
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @8.8.8.8 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 59m59s IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 59s IN A 173.19.127.251
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @9.9.9.9 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 1m IN A 173.19.127.251
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. @80.80.80.80 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 1m IN A 173.19.127.251
(1.1.1.1 没有回复我的查询,但这与此问题无关)
所以关于“没有A记录forpolestar.databaseguy.com.,这是我查询的,所以我预计没有结果。”这是错误的一半,因为该名称有一个 CNAME,这意味着另一个规范名称并且这个规范名称有一个 A 记录所以在一天结束时它就像起始名称有一个 A 记录一样.任何在本地向 OS 请求该主机 IP 地址的应用程序都将获得 A 记录,因为 OS 将处理完整的递归解析并“取消引用”CNAME。