Domain-Name-System
為什麼 ping FQDN 失敗,但 dig 成功?
當我嘗試 ping 某個 FQDN 時,我失敗了:
$ ping test-customer-1.clients.jsonar.com ping: test-customer-1.clients.jsonar.com: Name or service not known然而,
dig等。成功:$ dig test-customer-1.clients.jsonar.com ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> test-customer-1.clients.jsonar.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57830 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;test-customer-1.clients.jsonar.com. IN A ;; ANSWER SECTION: test-customer-1.clients.jsonar.com. 3119 IN CNAME _r1.clients.jsonar.com. _r1.clients.jsonar.com. 3119 IN CNAME _w1.clients.jsonar.com. _w1.clients.jsonar.com. 3119 IN A 3.209.217.53 ;; Query time: 15 msec ;; SERVER: 192.168.1.99#53(192.168.1.99) ;; WHEN: Fri Apr 12 15:44:21 PDT 2019 ;; MSG SIZE rcvd: 115 $ nslookup test-customer-1.clients.jsonar.com. Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: test-customer-1.clients.jsonar.com canonical name = _r1.clients.jsonar.com. _r1.clients.jsonar.com canonical name = _w1.clients.jsonar.com. Name: _w1.clients.jsonar.com Address: 3.209.217.53 $ host test-customer-1.clients.jsonar.com test-customer-1.clients.jsonar.com is an alias for _r1.clients.jsonar.com. _r1.clients.jsonar.com is an alias for _w1.clients.jsonar.com. _w1.clients.jsonar.com has address 3.209.217.53文件:
$ cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.1.99 nameserver 8.8.8.8 $ cat /etc/sysconfig/network-scripts/ifcfg-enp0s31f6 TYPE="Ethernet" BOOTPROTO="dhcp" DEFROUTE="yes" PEERDNS="yes" PEERROUTES="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="enp0s31f6" UUID="cf566dc0-de91-497d-a045-560fddfbaf3e" DEVICE="enp0s31f6" ONBOOT="yes" DNS1=8.8.8.8 $ cat /etc/nsswitch.conf | grep hosts #hosts: db files nisplus nis dns #hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname hosts: files dns myhostname編輯:
$ getent hosts test-customer-1.clients.jsonar.com $ echo $? 2 # According to the man page, exit code 2 means: # One or more supplied key could not be found in the database從 Linux 機器 ping 失敗,但從 Windows 機器成功。
原來問題是由相當奇怪的錯誤配置引起的:
test-customer-1.clients.jsonar.comDNS 中的記錄是NS而不是A記錄。(似乎 Windows 並不關心,這就是為什麼來自 Windows 機器的 ping 成功的原因,但 *nix 將這種錯誤配置(正確)視為可能的安全漏洞,並且 ping 失敗)。一旦使用A
test-customer-1.clients.jsonar.com記錄在 DNS 中註冊,問題就解決了。