时间戳

首页 > 解决方案 > resolv.conf 名称服务器响应的顺序

ubuntu - resolv.conf 名称服务器响应的顺序

问题描述

dig访问 URL 时,出现了一个对话,其中一个人声称从中选择 NS 的顺序resolv.conf是随机的或仅仅是不确定的。

我很怀疑,所以运行了一个模拟。我启动了 3 个 BIND9 Ubuntu 17 盒子并将它们映射到我的resolv.conf文件中的 jumpbox 上:

# resolv.conf on jumpbox
nameserver 10.0.215.157 #dns1
nameserver 10.0.3.163   #dns2
nameserver 10.0.22.32   #dns3

然后我从我的 jumpbox 中挖掘: dig www.amazon.com我得到了我期望的响应:

    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5308
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;amazon.com.                    IN      A

    ;; ANSWER SECTION:
    amazon.com.             25      IN      A       205.251.242.103
    amazon.com.             25      IN      A       176.32.98.166
    amazon.com.             25      IN      A       176.32.103.205

    ;; AUTHORITY SECTION:
    .                       86618   IN      NS      a.root-servers.net.
    .                       86618   IN      NS      e.root-servers.net.
    .                       86618   IN      NS      f.root-servers.net.
    .                       86618   IN      NS      c.root-servers.net.
    .                       86618   IN      NS      j.root-servers.net.
    .                       86618   IN      NS      i.root-servers.net.
    .                       86618   IN      NS      k.root-servers.net.
    .                       86618   IN      NS      h.root-servers.net.
    .                       86618   IN      NS      l.root-servers.net.
    .                       86618   IN      NS      g.root-servers.net.
    .                       86618   IN      NS      d.root-servers.net.
    .                       86618   IN      NS      m.root-servers.net.
    .                       86618   IN      NS      b.root-servers.net.

    ;; Query time: 0 msec
    ;; SERVER: 10.0.215.157#53(10.0.215.157)
    ;; WHEN: Mon Jul 02 21:44:07 EDT 2018
    ;; MSG SIZE  rcvd: 298

我挖了几次,每次都去#dns1。我systemctl stop bind9#dns1上,正如预期的那样,我的查询由#dns2处理。

systemctl start bind9#dns1上,我的挖掘由dns1处理。

所以我看到的每一步都是resolv.conf文件中列出的名称服务器的顺序是选择名称服务器时选择它们的顺序。

resolv.confManpage文件中的这个条目似乎加强了这一点:

   nameserver Name server IP address
          Internet address of a  name  server  that  the  resolver  should
          query,  either  an  IPv4  address  (in dot notation), or an IPv6
          address in colon (and possibly dot) notation as  per  RFC  2373.
          Up  to  MAXNS  (currently 3, see <resolv.h>) name servers may be
          listed, one per keyword.  If there  are  multiple  servers,  the
          resolver  library  queries  them  in  the  order  listed.  If no
          nameserver entries are present, the default is to use  the  name
          server  on  the  local machine.  (The algorithm used is to try a
          name server, and if the query times out, try the next, until out
          of name servers, then repeat trying all the name servers until a
          maximum number of retries are made.)

有什么我想念的吗?在 DNS 方面,我不是专家,但我很难找出我的逻辑可能存在缺陷的地方。

难道是systemd写入resolv.conf文件的方式是随机的吗?

这是关于递归器自然改组行为的文章:https ://github.com/systemd/systemd/issues/5755

对于 Ubuntu >= 17,递归器的选择实际上是随机行为吗

标签: ubuntudnsbindnameserversdnsmasq

解决方案

推荐阅读