CentOS 7.8 上 nslookups 的 DNSMasq 问题。我得不到 AAAA 记录的任何答案,而且总是被拒绝
DNSMasq issue with nslookups on CentOS 7.8. I am getting no ANSWERS for AAAA records and always getting REFUSED
我是 运行 CentOS 7.8。这是一个 local/closed 网络,由几个虚拟机组成,在第三个虚拟机上使用 dnsmasq 的 DNS 服务器都无法访问互联网。
我已经禁用了 libvertd 和虚拟接口,它实现的 dnsmasq 等。我们不使用 NetworkManager,所以它被禁用了。我们不使用本地防火墙。
这是我的 dnsmasq vm 服务器配置配置:
DEVICE=eth0
ONBOOT=yes
HWADDR=00:50:56:xx:xx:44
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.005.97
NETMASK=255.255.255.0
#DNS1=192.168.005.10
#DNS2=192.168.005.24
DNS1=192.168.005.97
# cat /etc/sysconfig/network
GATEWAY=192.168.005.1
DNS1=192.168.005.97
# cat /etc/resolv.conf
search abc.net
nameserver 192.168.005.97
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.005.97 mydns.abc.net mydns mydns-adm.abc.net mydns-adm
192.168.005.80 myipa.abc.net myipa myipa-adm.abc.net myipa-adm
192.168.005.81 vm1.abc.net vm1 vm1-adm.abc.net vm1-adm
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.005.97 netmask 255.255.255.0 broadcast 192.168.005.255
inet6 fe80::250:56ff:fexx:xx44 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:xx:xx:44 txqueuelen 1000 (Ethernet)
RX packets 719 bytes 65867 (64.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 72879 (71.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# netstat -untlp | grep -w 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3666/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 3666/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 3666/dnsmasq
udp6 0 0 :::53 :::* 3666/dnsmasq
这是我得到的结果
# nslookup -debug mydns
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
When I use the fully qualified domain name, the domain name is repeated.
nslookup -debug mydns.abc.net
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
------------
QUESTIONS:
mydns.abc.net.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net.abc.net: REFUSED
# dig mydns
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> mydns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydns. IN A
;; ANSWER SECTION:
mydns. 0 IN A 192.168.005.97
;; Query time: 0 msec
;; SERVER: 192.168.005.97#53(192.168.005.97)
;; WHEN: Tue Apr 20 15:36:52 UTC 2021
;; MSG SIZE rcvd: 51
我在这里错过了什么?
根据 Redhat 的说法,nslookup 命令有一个错误,已在 RHEL 7.7 版本中修复。 nslookup 的新默认行为现在将同时查询 IPV4 和 IPV6 记录。
过去 nslookup 对 IPV4 记录的唯一查询,是 IPV6 记录的查询在我的 RHEL 7.8 环境中导致拒绝响应。
post 7.6 系统的正确用法是使用 -query=A 参数进行 nslookup 搜索。
例如
# nslookup -query=A mydns
我是 运行 CentOS 7.8。这是一个 local/closed 网络,由几个虚拟机组成,在第三个虚拟机上使用 dnsmasq 的 DNS 服务器都无法访问互联网。
我已经禁用了 libvertd 和虚拟接口,它实现的 dnsmasq 等。我们不使用 NetworkManager,所以它被禁用了。我们不使用本地防火墙。
这是我的 dnsmasq vm 服务器配置配置:
DEVICE=eth0
ONBOOT=yes
HWADDR=00:50:56:xx:xx:44
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.005.97
NETMASK=255.255.255.0
#DNS1=192.168.005.10
#DNS2=192.168.005.24
DNS1=192.168.005.97
# cat /etc/sysconfig/network
GATEWAY=192.168.005.1
DNS1=192.168.005.97
# cat /etc/resolv.conf
search abc.net
nameserver 192.168.005.97
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.005.97 mydns.abc.net mydns mydns-adm.abc.net mydns-adm
192.168.005.80 myipa.abc.net myipa myipa-adm.abc.net myipa-adm
192.168.005.81 vm1.abc.net vm1 vm1-adm.abc.net vm1-adm
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.005.97 netmask 255.255.255.0 broadcast 192.168.005.255
inet6 fe80::250:56ff:fexx:xx44 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:xx:xx:44 txqueuelen 1000 (Ethernet)
RX packets 719 bytes 65867 (64.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 72879 (71.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# netstat -untlp | grep -w 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3666/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 3666/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 3666/dnsmasq
udp6 0 0 :::53 :::* 3666/dnsmasq
这是我得到的结果
# nslookup -debug mydns
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
When I use the fully qualified domain name, the domain name is repeated.
nslookup -debug mydns.abc.net
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
------------
QUESTIONS:
mydns.abc.net.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net.abc.net: REFUSED
# dig mydns
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> mydns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydns. IN A
;; ANSWER SECTION:
mydns. 0 IN A 192.168.005.97
;; Query time: 0 msec
;; SERVER: 192.168.005.97#53(192.168.005.97)
;; WHEN: Tue Apr 20 15:36:52 UTC 2021
;; MSG SIZE rcvd: 51
我在这里错过了什么?
根据 Redhat 的说法,nslookup 命令有一个错误,已在 RHEL 7.7 版本中修复。 nslookup 的新默认行为现在将同时查询 IPV4 和 IPV6 记录。
过去 nslookup 对 IPV4 记录的唯一查询,是 IPV6 记录的查询在我的 RHEL 7.8 环境中导致拒绝响应。
post 7.6 系统的正确用法是使用 -query=A 参数进行 nslookup 搜索。
例如
# nslookup -query=A mydns