DNS 錯誤並且沒有返回任何正確的響應
我有一個新伺服器,我添加了一個
dns1.checkersinc.net, dns2.checkersinc.net
to69.64.33.255, 69.64.35.255
,當我 在dnswatch.infodns1.checkersinc.net
上測試和dns2.checkersinc.net
域時,我得到了成功的結果。但問題是,當我將一個新帳戶域(例如其中一個) 指向具有這些名稱伺服器的伺服器時,它不會以 DNS 錯誤打開!(tamamsouq.com)
當我將intoDNS.com用於 NSLOOKUP 時,出現以下錯誤:
Error Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records. Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 69.64.33.255 69.64.35.255 Error Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. Error Missing nameservers reported by your nameservers You should already know that your NS records at your nameservers are missing, so here it is again: dns2.checkersinc.net. dns1.checkersinc.net. Error SOA record No valid SOA record came back! MX Error MX Records Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers! WWW Error WWW A Record ERROR: I could not get any A records for www.tamamsouq.com!
當我執行 dig 命令時,我得到了這個結果:
server:~# dig @dns1.checkersinc.net tamamsouq.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @dns1.checkersinc.net tamamsouq.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached server:~# dig @dns2.checkersinc.net tamamsouq.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @dns2.checkersinc.net tamamsouq.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached
server:~# dig @dns1.checkersinc.net tamamsouq.com +answer +nocmd ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @dns1.checkersinc.net tamamsouq.com +answer +nocmd ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached server:~# dig @dns2.checkersinc.net tamamsouq.com +answer +nocmd ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @dns2.checkersinc.net tamamsouq.com +answer +nocmd ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached
請注意,我有一個 Centos 7 作為帶有 WHM/cPanel 的作業系統請盡快幫助,我現在遇到了一個大問題,在此先感謝
你的域
tamamsouq.com
有一個與 DNSSEC 相關的問題,如果你去http://dnsviz.net/d/tamamsouq.com/dnssec/可以看到 這是第一個要解決的問題。總之,您將 DS 記錄放在父區域,但您的名稱伺服器不發布任何相關的 DNSKEY 記錄。
這將使您的域對於任何檢查 DNSSEC 的遞歸名稱伺服器都失敗。
如果您對前面的所有內容一無所知:
- 轉到您的註冊商,即“PDR Ltd. d/b/a PublicDomainRegistry.com”,基於 whois
- 在那裡找到刪除 DS 記錄的位置
- 等一下
- 您的域現在將再次適用於任何遞歸名稱伺服器。
檢查/複製的簡單方法:
- 使用檢查 DNSSEC 的遞歸名稱伺服器:
$ dig @9.9.9.9 tamamsouq.com NS ; <<>> DiG 9.12.0 <<>> @9.9.9.9 tamamsouq.com NS ; (1 server found) ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65308 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ... ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65308
注意 SERVFAIL
- 執行相同的查詢但明確跳過 DNSSEC 檢查:
$ dig @9.9.9.9 tamamsouq.com NS +cd ; <<>> DiG 9.12.0 <<>> @9.9.9.9 tamamsouq.com NS +cd ; (1 server found) ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39591 ;; flags: rd ad cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ... ;; QUERY SIZE: 54 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39591
而且您仍然會收到 SERVFAIL,這意味著即使除了 DNSSEC 之外,您還有另一個問題。
讓我們手動解決。
系統資料庫說什麼
$ dig @a.gtld-servers.net tamamsouq.com NS ; <<>> DiG 9.12.0 <<>> @a.gtld-servers.net tamamsouq.com NS ; (1 server found) ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44900 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ... ;; QUERY SIZE: 54 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44900 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;tamamsouq.com. IN NS ;; AUTHORITY SECTION: tamamsouq.com. 2d IN NS dns1.checkersinc.net. tamamsouq.com. 2d IN NS dns2.checkersinc.net.
直接查詢您的域名伺服器
dig @dns1.checkersinc.net. tamamsouq.com NS ; <<>> DiG 9.12.0 <<>> @dns1.checkersinc.net. tamamsouq.com NS ; (1 server found) ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38704 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ... ;; QUERY SIZE: 54 ;; connection timed out; no servers could be reached
對
dns2
. 使用+tcp
強制 TCP 不會改變任何東西。因此,您的伺服器根本不回复 DNS 查詢。
它們似乎位於 IP 地址
69.64.35.255
和69.64.33.255
.您需要解決他們的連接問題,tcptraceroute 的最後步驟是:
8 * * * 9 ae5.cr-rigel.stl1.core.heg.com (4.35.182.58) 92.607 ms 92.283 ms 94.301 ms 10 207.38.95.10 94.115 ms 93.379 ms 93.532 ms 11 207.38.80.34 93.459 ms 94.508 ms 99.711 ms 12 static-ip-209-239-125-3.inaddr.ip-pool.com (209.239.125.3) 91.946 ms * * 13 * * * 14 * * * 15 * * *
所以你可能有一個防火牆在他們面前吃掉所有的 DNS 流量。
在 UDP 級別相同。
而且由於我們無法與他們聯繫,因此我們無法知道屆時是否有正確發布的 DNSKEY(應該是 key tag
2371
),但是如果您對自己的 DNSSEC 體驗有疑問並且基於上述內容,我擔心您不會具有正確的 DNSKEY 記錄,因此上述在系統資料庫中刪除 DS 記錄的建議仍然有效。