所以有线问题。 Ubuntu 16.04 – 除非在dig命令中设置了ANY,否则我不会收到dig命令的回应(对于特定的域)
当然,常规的DNS查询不起作用:/
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 stg-test102.example.net ANY ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18534 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;stg-test102.example.net. IN ANY ;; ANSWER SECTION: stg-test102.example.net. 599 IN A 172.16.xx ;; Query time: 53 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Feb 08 17:58:50 CET 2017 ;; MSG SIZE rcvd: 64 root@uhost:/home/user# dig @8.8.8.8 stg-test102.example.net ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 stg-test102.example.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36491 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;stg-test102.example.net. IN A ;; Query time: 47 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Feb 08 17:58:56 CET 2017 ;; MSG SIZE rcvd: 48 tcpdumps:
tcpdump -i any port 53 -A -n -w /tmp/t.pcap
经常挖,我的主人:
Frame 2: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) Linux cooked capture Internet Protocol Version 4, Src: 8.8.8.8, Dst: 192.168.xx User Datagram Protocol, Src Port: 53 (53), Dst Port: 33205 (33205) Domain Name System (response) [Request In: 1] [Time: 0.053160000 seconds] Transaction ID: 0x4b37 Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries stg-test102.example.net: type A, class IN Name: stg-test102.example.net [Name Length: 19] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Additional records <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 0
挖任何,我的主人
Frame 4: 108 bytes on wire (864 bits), 108 bytes captured (864 bits) Linux cooked capture Internet Protocol Version 4, Src: 8.8.8.8, Dst: 192.168.xx User Datagram Protocol, Src Port: 53 (53), Dst Port: 34839 (34839) Domain Name System (response) [Request In: 3] [Time: 0.046263000 seconds] Transaction ID: 0xe8eb Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 1 Queries stg-test102.example.net: type ANY, class IN Name: stg-test102.example.net [Name Length: 19] [Label Count: 3] Type: * (A request for all records the server/cache has available) (255) Class: IN (0x0001) Answers stg-test102.example.net: type A, class IN, addr 172.16.zy Name: stg-test102.example.net Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 599 Data length: 4 Address: 172.16.zy Additional records <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 0
经常挖掘,一些其他主机
Frame 128: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) Linux cooked capture Internet Protocol Version 4, Src: 216.239.xx, Dst: 192.168.xx User Datagram Protocol, Src Port: 53 (53), Dst Port: 33085 (33085) Domain Name System (response) [Request In: 127] [Time: 0.023883000 seconds] Transaction ID: 0x5576 Flags: 0x8400 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .1.. .... .... = Authoritative: Server is an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... 0... .... = Recursion available: Server can't do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries stg-test102.example.net: type A class IN, Name: stg-test102.example.net [Name Length: 20] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers stg-test102.example.net: type A, class IN, addr 172.16.zy Name: stg-test102.example.net Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 600 Data length: 4 Address: 172.16.x.193
漂亮的命令页面: http : //linoxide.com/how-tos/useful-options-dig/
gadgoyle stetup
我确实禁用了“本地DNS强制”,并开始工作:)
我想我已经知道了 – 在我的networking中有一些问题。 通过移动互联网连接工程。
我有一个陆线路由器+ TP链接(Gargoyle-openWRT) – 必须有一些networking问题(数据包越来越多)。 我要进一步debugging – 有什么build议吗?