Domain-Name-System

為什麼 ping FQDN 失敗,但 dig 成功?

  • April 18, 2019

當我嘗試 ping 某個 FQDN 時,我失敗了:

$ ping test-customer-1.clients.jsonar.com
ping: test-customer-1.clients.jsonar.com: Name or service not known

然而,dig等。成功:

$ dig test-customer-1.clients.jsonar.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> test-customer-1.clients.jsonar.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57830
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test-customer-1.clients.jsonar.com. IN A

;; ANSWER SECTION:
test-customer-1.clients.jsonar.com. 3119 IN CNAME _r1.clients.jsonar.com.
_r1.clients.jsonar.com. 3119    IN  CNAME   _w1.clients.jsonar.com.
_w1.clients.jsonar.com. 3119    IN  A   3.209.217.53

;; Query time: 15 msec
;; SERVER: 192.168.1.99#53(192.168.1.99)
;; WHEN: Fri Apr 12 15:44:21 PDT 2019
;; MSG SIZE  rcvd: 115

$ nslookup test-customer-1.clients.jsonar.com.
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
test-customer-1.clients.jsonar.com  canonical name = _r1.clients.jsonar.com.
_r1.clients.jsonar.com  canonical name = _w1.clients.jsonar.com.
Name:   _w1.clients.jsonar.com
Address: 3.209.217.53

$ host test-customer-1.clients.jsonar.com
test-customer-1.clients.jsonar.com is an alias for _r1.clients.jsonar.com.
_r1.clients.jsonar.com is an alias for _w1.clients.jsonar.com.
_w1.clients.jsonar.com has address 3.209.217.53

文件:

$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.1.99
nameserver 8.8.8.8

$ cat /etc/sysconfig/network-scripts/ifcfg-enp0s31f6 
TYPE="Ethernet"
BOOTPROTO="dhcp"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="enp0s31f6"
UUID="cf566dc0-de91-497d-a045-560fddfbaf3e"
DEVICE="enp0s31f6"
ONBOOT="yes"
DNS1=8.8.8.8

$ cat /etc/nsswitch.conf | grep hosts
#hosts:     db files nisplus nis dns
#hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname
hosts:      files dns myhostname

編輯:

$ getent hosts test-customer-1.clients.jsonar.com
$ echo $?
2
# According to the man page, exit code 2 means: 
# One or more supplied key could not be found in the database

從 Linux 機器 ping 失敗,但從 Windows 機器成功。

原來問題是由相當奇怪的錯誤配置引起的:

test-customer-1.clients.jsonar.comDNS 中的記錄是NS而不是A記錄。(似乎 Windows 並不關心,這就是為什麼來自 Windows 機器的 ping 成功的原因,但 *nix 將這種錯誤配置(正確)視為可能的安全漏洞,並且 ping 失敗)。

一旦使用Atest-customer-1.clients.jsonar.com記錄在 DNS 中註冊,問題就解決了。

引用自:https://serverfault.com/questions/962872