我有绑定9.9.4(RHEL7)上的3个DNS服务器,configuration为1个主站和2个从站。 今天我发现请求域“desktop.telegram.org”在所有这些服务器上导致SERVFAIL。 请求其他域仍然有效。
# dig @127.0.0.1 desktop.telegram.org +trace 工作正常。
下面的一些debugging输出:
# rndc trace 9 # grep '127.0.0.1' /var/named/data/named.run 31-May-2017 15:41:25.683 client 127.0.0.1#56542: UDP request 31-May-2017 15:41:25.684 client 127.0.0.1#56542: using view '_default' 31-May-2017 15:41:25.684 client 127.0.0.1#56542: request is not signed 31-May-2017 15:41:25.684 client 127.0.0.1#56542: recursion available 31-May-2017 15:41:25.684 client 127.0.0.1#56542: query 31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved 31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): replace 31-May-2017 15:41:30.684 client 127.0.0.1#56542: UDP request 31-May-2017 15:41:30.684 client 127.0.0.1#56542: using view '_default' 31-May-2017 15:41:30.684 client 127.0.0.1#56542: request is not signed 31-May-2017 15:41:30.684 client 127.0.0.1#56542: recursion available 31-May-2017 15:41:30.684 client 127.0.0.1#56542: query 31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved 31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): replace 31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): next 31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query 31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest 31-May-2017 15:41:35.684 client 127.0.0.1#56542: UDP request 31-May-2017 15:41:35.684 client 127.0.0.1#56542: using view '_default' 31-May-2017 15:41:35.684 client 127.0.0.1#56542: request is not signed 31-May-2017 15:41:35.684 client 127.0.0.1#56542: recursion available 31-May-2017 15:41:35.684 client 127.0.0.1#56542: query 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): replace 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query failed (SERVFAIL) for desktop.telegram.org/IN/A at query.c:7003 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): error 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): send 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): sendto 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): senddone 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next 31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
named.conf中:
options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; version "none"; allow-recursion{ 127.0.0.1; my.internal.dns.server.ip1; my.internal.dns.server.ip2; }; dnssec-enable yes; dnssec-validation auto; notify no; allow-transfer { none; }; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; print-time yes; }; }; include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; zone "." IN { type hint; file "/var/named/named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "mydomain.com" { type slave; file "mydomain.com"; masters { master.server.ip; }; }; zone ... (my domains)
UPD:恶魔重启后,问题就消失了。 如果有必要,我没有在其中一台服务器上重新启动守护程序来重现问题。