尝试了解DNSparsing不一致性

我正在使用我遇到的DNS问题，以帮助我更好地理解DNSparsing。我似乎无法弄清楚解决www.fandompost.com时出现的不一致性。在我的查询列表的顶部是OpenDNS。当被查询时，他们将返回一个适当的IP。列表中的下一个是我们的内部DNS服务器。它确实返回有用的信息，但不是有用的IP。最后是我查询权威NS。但是，与OpenDNS相反，最终的结果是没有可用的IP。是否有我/我们的内部DNS服务器错误导致我们的服务器在OpenDNS成功的地方失败？

> www.fandompost.com. Server: [208.67.222.222] Address: 208.67.222.222 ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 45, rcode = NOERROR header flags: query questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = A, class = IN ------------ ------------ Got answer (119 bytes): HEADER: opcode = QUERY, id = 45, rcode = NOERROR header flags: response, recursion avail. questions = 1, answers = 3, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = A, class = IN ANSWERS: -> www.fandompost.com type = CNAME, class = IN, dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 0 (0 secs) -> www.fandompost.com.cdn.cloudflare.net type = A, class = IN, dlen = 4 internet address = 108.162.206.239 ttl = 0 (0 secs) -> www.fandompost.com.cdn.cloudflare.net type = A, class = IN, dlen = 4 internet address = 108.162.205.239 ttl = 0 (0 secs) ------------ Non-authoritative answer: ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 46, rcode = NOERROR header flags: query questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = AAAA, class = IN ------------ ------------ Got answer (36 bytes): HEADER: opcode = QUERY, id = 46, rcode = SERVFAIL header flags: response, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = AAAA, class = IN ------------ Name: www.fandompost.com.cdn.cloudflare.net Addresses: 108.162.206.239 108.162.205.239 Aliases: www.fandompost.com

 > www.fandompost.com. Server: [192.168.1.101] Address: 192.168.1.101 ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 48, rcode = NOERROR header flags: query questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = A, class = IN ------------ ------------ Got answer (162 bytes): HEADER: opcode = QUERY, id = 48, rcode = NOERROR header flags: response, recursion avail. questions = 1, answers = 0, authority records = 3, additional = 3 QUESTIONS: www.fandompost.com, type = A, class = IN AUTHORITY RECORDS: -> fandompost.com type = NS, class = IN, dlen = 16 nameserver = ns1.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS, class = IN, dlen = 6 nameserver = ns2.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS, class = IN, dlen = 6 nameserver = ns3.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) ADDITIONAL RECORDS: -> ns1.dreamhost.com type = A, class = IN, dlen = 4 internet address = 66.33.206.206 ttl = 84581 (23 hours 29 mins 41 secs) -> ns2.dreamhost.com type = A, class = IN, dlen = 4 internet address = 208.97.182.10 ttl = 84581 (23 hours 29 mins 41 secs) -> ns3.dreamhost.com type = A, class = IN, dlen = 4 internet address = 66.33.216.216 ttl = 84581 (23 hours 29 mins 41 secs) ------------ ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 49, rcode = NOERROR header flags: query questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = AAAA, class = IN ------------ ------------ Got answer (162 bytes): HEADER: opcode = QUERY, id = 49, rcode = NOERROR header flags: response, recursion avail. questions = 1, answers = 0, authority records = 3, additional = 3 QUESTIONS: www.fandompost.com, type = AAAA, class = IN AUTHORITY RECORDS: -> fandompost.com type = NS, class = IN, dlen = 16 nameserver = ns2.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS, class = IN, dlen = 6 nameserver = ns3.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) -> fandompost.com type = NS, class = IN, dlen = 6 nameserver = ns1.dreamhost.com ttl = 84200 (23 hours 23 mins 20 secs) ADDITIONAL RECORDS: -> ns2.dreamhost.com type = A, class = IN, dlen = 4 internet address = 208.97.182.10 ttl = 84581 (23 hours 29 mins 41 secs) -> ns3.dreamhost.com type = A, class = IN, dlen = 4 internet address = 66.33.216.216 ttl = 84581 (23 hours 29 mins 41 secs) -> ns1.dreamhost.com type = A, class = IN, dlen = 4 internet address = 66.33.206.206 ttl = 84581 (23 hours 29 mins 41 secs) ------------ Name: www.fandompost.com Served by: - ns1.dreamhost.com 66.33.206.206 fandompost.com - ns2.dreamhost.com 208.97.182.10 fandompost.com - ns3.dreamhost.com 66.33.216.216 fandompost.com

 > www.fandompost.com. Server: [66.33.206.206] Address: 66.33.206.206 ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 51, rcode = NOERROR header flags: query questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = A, class = IN ------------ ------------ Got answer (148 bytes): HEADER: opcode = QUERY, id = 51, rcode = NXDOMAIN header flags: response, auth. answer questions = 1, answers = 1, authority records = 1, additional = 0 QUESTIONS: www.fandompost.com, type = A, class = IN ANSWERS: -> www.fandompost.com type = CNAME, class = IN, dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 300 (5 mins) AUTHORITY RECORDS: -> cloudflare.net type = SOA, class = IN, dlen = 49 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 52, rcode = NOERROR header flags: query questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com, type = AAAA, class = IN ------------ ------------ Got answer (148 bytes): HEADER: opcode = QUERY, id = 52, rcode = NXDOMAIN header flags: response, auth. answer questions = 1, answers = 1, authority records = 1, additional = 0 QUESTIONS: www.fandompost.com, type = AAAA, class = IN ANSWERS: -> www.fandompost.com type = CNAME, class = IN, dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 300 (5 mins) AUTHORITY RECORDS: -> cloudflare.net type = SOA, class = IN, dlen = 49 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ *** [66.33.206.206] can't find www.fandompost.com.: Non-existent domain ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ > www.fandompost.com.cdn.cloudflare.net. Server: [66.33.206.206] Address: 66.33.206.206 ------------ SendRequest(), len 55 HEADER: opcode = QUERY, id = 55, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com.cdn.cloudflare.net, type = A, class = IN ------------ ------------ Got answer (119 bytes): HEADER: opcode = QUERY, id = 55, rcode = NXDOMAIN header flags: response, auth. answer, want recursion questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: www.fandompost.com.cdn.cloudflare.net, type = A, class = IN AUTHORITY RECORDS: -> cloudflare.net type = SOA, class = IN, dlen = 52 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ ------------ SendRequest(), len 55 HEADER: opcode = QUERY, id = 56, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.fandompost.com.cdn.cloudflare.net, type = AAAA, class = IN ------------ ------------ Got answer (119 bytes): HEADER: opcode = QUERY, id = 56, rcode = NXDOMAIN header flags: response, auth. answer, want recursion questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: www.fandompost.com.cdn.cloudflare.net, type = AAAA, class = IN AUTHORITY RECORDS: -> cloudflare.net type = SOA, class = IN, dlen = 52 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2014071000 refresh = 14908 (4 hours 8 mins 28 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) ------------ *** [66.33.206.206] can't find www.fandompost.com.cdn.cloudflare.net.: Non-exist ent domain

首先，我们来比较三个响应情况。

第一种情况（resolver1.opendns.com/208.67.222.222）：NOERROR的响应代码。看起来不错：一个非权威的答案。
第二种情况（192.168.1.101）：NOERROR的响应码。零答案。 Authority部分存在，这表明与上游DNS服务器通信没有问题。（不是防火墙问题）
第三种情况（ns1.dreamhost.com/66.33.206.206）：NXDOMAIN的响应代码。一个答案与“authentication答案”（ AA ）标志设置： www.fandompost.com.cdn.cloudflare.net.

第三个是有趣的。一个权威的答案被返回，一个logging在ANSWER部分，但是响应代码是NXDOMAIN。通常你会希望在这种情况下看到一个NOERROR的响应代码：一个权威的域名服务器通常不会试图为你recursionparsingCNAME。

再看看权威部分的答案：

 ANSWERS: -> www.fandompost.com type = CNAME, class = IN, dlen = 39 canonical name = www.fandompost.com.cdn.cloudflare.net ttl = 300 (5 mins) AUTHORITY RECORDS: -> cloudflare.net type = SOA, class = IN, dlen = 49 ttl = 14400 (4 hours) primary name server = ns1.dreamhost.com

看到“主名称服务器”？这个cloudflare.net区域显然是从ns1.dreamhost.com提供的。我自己的一个快速证实这一点：

 $ dig @ns1.dreamhost.com +norecurse fandompost.com cloudflare.net SOA | grep -E 'HEADER|flags' ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11600 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32367 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

两个SOA查询都有一个aa标志。您从ns1.dreamhost.com获得NXDOMAIN响应的原因是因为该名称服务器试图parsingwww.fandompost.com.cdn.cloudflare.net. 因为它认为自己也是该领域的权威，并且该logging似乎缺失。为什么Dreamhost有一个cloudflare.net. 区？问Dreamhost。这NXDOMAIN代码似乎没有提出大多数recursionparsing器的问题; 我一会儿没有盯着RFC，但我最好的猜测是他们忽略了这个响应代码，并且使用了返回的答案。

这终于把我们带到你的问题：你的DNS服务器有问题吗？不知道你正在使用的软件是很难说的。我可以说BIND和Windows DNS对这个configuration没有任何问题，而且你的软件可能不同于这两个实现来处理NXDOMAIN 。