DNS域名解析投诉方面的处理案例201102.docx-淘文阁

资源描述

《DNS域名解析投诉方面的处理案例201102.docx》由会员分享，可在线阅读，更多相关《DNS域名解析投诉方面的处理案例201102.docx（20页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、几个域名解析投诉处理过程鉴于dig工具在DNS解析过程的良好的能力，请大家使用dig。1、域名无法解析的投诉的处理过程：1) 在省网、集团、google的DNS上进行解析测试。-此步骤是初步判断是我省DNS问题还是共性问题。省网DNS(211.140.13.188)C:Documents and SettingsAdministratordig 211.140.13.188 ; DiG 9.3.2 211.140.13.188 ; (1 server found); global options: printcmd; Got answer:; -HEADERdig 211.136.17.10

2、7 ; DiG 9.3.2 211.136.17.107 ; (1 server found); global options: printcmd; Got answer:; -HEADERdig 8.8.8.8 ; DiG 9.3.2 8.8.8.8 ; (1 server found); global options: printcmd; Got answer:; -HEADERdig 211.140.13.188 +trace-跟踪域名解析过程的命令，该命令送出后，会返回域名解析的整个过程。; DiG 9.3.2 211.140.13.188 +trace; (1 server foun

3、d); global options: printcmd. 3600000 IN NS D.ROOT-SERVERS. 3600000 IN NS J.ROOT-SERVERS. 3600000 IN NS E.ROOT-SERVERS. 3600000 IN NS B.ROOT-SERVERS. 3600000 IN NS K.ROOT-SERVERS. 3600000 IN NS H.ROOT-SERVERS. 3600000 IN NS G.ROOT-SERVERS. 3600000 IN NS A.ROOT-SERVERS. 3600000 IN NS I.ROOT-SERVERS.

4、3600000 IN NS F.ROOT-SERVERS. 3600000 IN NS L.ROOT-SERVERS. 3600000 IN NS M.ROOT-SERVERS. 3600000 IN NS C.ROOT-SERVERS.; Received 244 bytes from 211.140.13.188#53(211.140.13.188) in 15 ms-以上返回为根服务器（即dot），任何一个域名的查询均从根开始。cn. 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS . 17

5、2800 IN NS d.dns.; Received 296 bytes from 192.58.128.30#53(J.ROOT-SERVERS) in 78 ms-以上返回cn.的NS记录cn. 21600 IN SOA a.dns. rootnic. 2019492332 7200 3600 2419200 21600-以上为cn.的SOA参数。; Received 86 bytes from 203.119.27.1#53(c.dns) in 46 ms-结束。大家可以查看一个任何正常的域名，如果存在，则下一步必然然后域，而此时没有返回，基本可以断定不存在该域名。在跟踪域名的解析过

6、程中，在递归查询中，有如下提示; Received 296 bytes from 198.41.0.4#53(a.root-servers) in 281 mscn. 21600 IN SOA a.dns. rootnic. 2019492286 7200 3600 2419200 21600; Received 86 bytes from 203.119.28.1#53(d.dns) in 125 ms从这个反馈的信息看，递归解析中仅找到cn.而没有找到eglihtom.，可以判断该域不存在；2），在随便哪个域名注册网页（比如）对该域名进行查询，提示可以注册，说明在当前的注册数据库中，根本不

7、存在域名，故无法解析。-该步骤为核实。2、 ksoa.tec域名无法解析处理说明。1）一般性情况确认。省网DNS情况确认C:Documents and SettingsAdministratordig 211.140.13.188 ksoa.tec; DiG 9.3.2 211.140.13.188 ksoa.tec; (1 server found); global options: printcmd; Got answer:; -HEADERdig 211.136.17.107 ksoa.tec; DiG 9.3.2 211.136.17.107 ksoa.tec; (1 server

8、found); global options: printcmd; Got answer:; -HEADERdig 8.8.8.8 ksoa.tec; DiG 9.3.2 8.8.8.8 ksoa.tec; (1 server found); global options: printcmd; Got answer:; -HEADERdig 211.140.13.188 ksoa.tec +trace; DiG 9.3.2 211.140.13.188 ksoa.tec +trace; (1 server found); global options: printcmd. 3600000 IN

9、 NS D.ROOT-SERVERS. 3600000 IN NS G.ROOT-SERVERS. 3600000 IN NS K.ROOT-SERVERS. 3600000 IN NS I.ROOT-SERVERS. 3600000 IN NS L.ROOT-SERVERS. 3600000 IN NS A.ROOT-SERVERS. 3600000 IN NS H.ROOT-SERVERS. 3600000 IN NS J.ROOT-SERVERS. 3600000 IN NS C.ROOT-SERVERS. 3600000 IN NS B.ROOT-SERVERS. 3600000 IN

10、 NS F.ROOT-SERVERS. 3600000 IN NS E.ROOT-SERVERS. 3600000 IN NS M.ROOT-SERVERS.; Received 228 bytes from 211.140.13.188#53(211.140.13.188) in 31 mscn. 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS c.dns.; Received 296 bytes from 128.8.10.90#53(D.ROOT-SERVERS

11、) in 250 mstec. 21600 IN NS ns1.dns-diy.tec. 21600 IN NS ns2.dns-diy.-可以看到tec.的NS记录为ns1.dns-diy,ns2.dns-diy，即tec域的授权DNS为ns1.dns-diy和ns2.dns-diy; Received 80 bytes from 203.119.29.1#53(e.dns) in 46 mstec. 3600 IN SOA . hostmaster.nameserver. 44 28800 7200 604800 5; Received 89 bytes from 218.85.139.3

12、3#53(ns1.dns-diy) in 93 ms以上过程可以看到，我们省网DNS已经找到了tec的授权DNS，但是授权DNS返回NXDOMAIN信息给我们。那么基本可以断定是授权DNS配置出问题。3）核实C:Documents and SettingsAdministratordig 211.140.13.188 ns1.dns-diy; DiG 9.3.2 211.140.13.188 ns1.dns-diy; (1 server found); global options: printcmd; Got answer:; -HEADERdig 211.140.13.188 ns2.d

13、ns-diy; DiG 9.3.2 211.140.13.188 ns2.dns-diy; (1 server found); global options: printcmd; Got answer:; -HEADERdig 211.140.13.188 ns2.dns-diy +trace; DiG 9.3.2 211.140.13.188 ns2.dns-diy +trace; (1 server found); global options: printcmd. 3600000 IN NS D.ROOT-SERVERS. 3600000 IN NS G.ROOT-SERVERS. 36

14、00000 IN NS K.ROOT-SERVERS. 3600000 IN NS I.ROOT-SERVERS. 3600000 IN NS L.ROOT-SERVERS. 3600000 IN NS A.ROOT-SERVERS. 3600000 IN NS H.ROOT-SERVERS. 3600000 IN NS J.ROOT-SERVERS. 3600000 IN NS C.ROOT-SERVERS. 3600000 IN NS B.ROOT-SERVERS. 3600000 IN NS F.ROOT-SERVERS. 3600000 IN NS E.ROOT-SERVERS. 36

15、00000 IN NS M.ROOT-SERVERS.; Received 228 bytes from 211.140.13.188#53(211.140.13.188) in 31 mscn. 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS . 172800 IN NS e.dns.; Received 295 bytes from 128.8.10.90#53(D.ROOT-SERVERS) in 265 msdns-diy. 21600 IN NS ns2.dns-diy.dns-diy.

16、 21600 IN NS ns1.dns-diy.; Received 79 bytes from 203.119.25.1#53(a.dns) in 140 msdns-diy. 3600 IN SOA . hostmaster.nameserver. 5 28800 7200 604800 5; Received 88 bytes from 218.107.207.23#53(ns2.dns-diy) in 78 ms-解析ns1.dns-diyC:Documents and SettingsAdministratordig 211.140.13.188 ns2.dns-diy; DiG

17、9.3.2 211.140.13.188 ns2.dns-diy; (1 server found); global options: printcmd; Got answer:; -HEADERdig 218.107.207.23 ns2.dns-diy -这个IP就是上一步解析得到的IP; DiG 9.3.2 218.107.207.23 ns2.dns-diy; (1 server found); global options: printcmd; Got answer:; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 112; flags:

18、 qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0-好吧，现在可以确定是授权域直接给出NXDOMAIN的问题，那么可以确定是授权域配置问题了。; QUESTION SECTION:;ns2.dns-diy. IN A; AUTHORITY SECTION:dns-diy. 3600 IN SOA . hostmaster.nameserver. 5 28800 7200 604800 5; Query time: 109 msec; SERVER: 218.107.207.23#53(218.107.207.23); WHEN: Fri Feb 18 13:50:49 2019; MSG SIZE rcvd: 88第 20 页

展开阅读全文