Я сталкиваюсь с этой странной проблемой DNS на одном из ящиков CentOS, в которой авторитетный NS возвращает устаревшие записи, что приводит к сбою в разрешении.
Домен, который я пытаюсь разрешить is chengyu.ga .
Давайте назовем проблемную коробку c CentOS A и обычную коробку CentOS B .
Вот трассировка копания при работе на B , которая возвращает правильные ответы:
$ dig chengyu.ga +trace +additional
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> chengyu.ga +trace +additional
;; global options: +cmd
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
;; Received 239 bytes from 172.31.0.2#53(172.31.0.2) in 0 ms
ga. 172800 IN NS a.ns.ga.
ga. 172800 IN NS b.ns.ga.
ga. 172800 IN NS c.ns.ga.
ga. 172800 IN NS d.ns.ga.
ga. 86400 IN NSEC gal. NS RRSIG NSEC
ga. 86400 IN RRSIG NSEC 8 1 86400 20200327050000 20200314040000 33853 . AUOV4PSeXQZ+PpcrnlNQIxmP1vnMcTe77+bQop06CAx1Q4oPMm+ujQY3 AMnp+ex8onrv
1VpJgaENd4gyf6bgOkYCNcy2hY/DpXyQ1UY/TLBZigkO Q+xtDwVcXnw/BvP+KpDeEj0KcMSh8qqRRkhVH77KPOEVgmQzyuUZ12GH sc9mmcwxT/Ugl+qG60ib7C3jFi8VYGsMNUk+p2RfDw5MPRPfFGZxEyNH XdmW7ABYm62
QdI1oAVPND9UjVkV/aw59Yq55cwrFqcQt+2aM10yrssII nx0o5NX3zqhMt2gkwOnZrGBgIxD1QdJXMZtT7aPk3UgaAvFnOgOpg81Y HtdTFg==
a.ns.ga. 172800 IN A 185.21.168.49
a.ns.ga. 172800 IN AAAA 2a04:1b00:c::1
b.ns.ga. 172800 IN A 185.21.169.49
b.ns.ga. 172800 IN AAAA 2a04:1b00:d::1
c.ns.ga. 172800 IN A 185.21.170.49
c.ns.ga. 172800 IN AAAA 2a04:1b00:e::1
d.ns.ga. 172800 IN A 185.21.171.49
d.ns.ga. 172800 IN AAAA 2a04:1b00:f::1
;; Received 594 bytes from 192.5.5.241#53(F.ROOT-SERVERS.NET) in 3 ms
chengyu.ga. 300 IN NS ns-1096.awsdns-09.org.
chengyu.ga. 300 IN NS ns-58.awsdns-07.com.
chengyu.ga. 300 IN NS ns-720.awsdns-26.net.
chengyu.ga. 300 IN NS ns-1829.awsdns-36.co.uk.
;; Received 178 bytes from 185.21.171.49#53(d.ns.ga) in 186 ms
chengyu.ga. 60 IN A 3.112.158.242
chengyu.ga. 60 IN A 52.196.4.107
chengyu.ga. 60 IN A 13.114.167.91
chengyu.ga. 172800 IN NS ns-1096.awsdns-09.org.
chengyu.ga. 172800 IN NS ns-1829.awsdns-36.co.uk.
chengyu.ga. 172800 IN NS ns-58.awsdns-07.com.
chengyu.ga. 172800 IN NS ns-720.awsdns-26.net.
;; Received 226 bytes from 205.251.199.37#53(ns-1829.awsdns-36.co.uk) in 3 ms
И результаты A :
$ dig chengyu.ga +trace +additional
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> chengyu.ga +trace +additional
;; global options: +cmd
. 259199 IN NS a.root-servers.net.
. 259199 IN NS b.root-servers.net.
. 259199 IN NS c.root-servers.net.
. 259199 IN NS d.root-servers.net.
. 259199 IN NS e.root-servers.net.
. 259199 IN NS f.root-servers.net.
. 259199 IN NS g.root-servers.net.
. 259199 IN NS h.root-servers.net.
. 259199 IN NS i.root-servers.net.
. 259199 IN NS j.root-servers.net.
. 259199 IN NS k.root-servers.net.
. 259199 IN NS l.root-servers.net.
. 259199 IN NS m.root-servers.net.
. 259199 IN RRSIG NS 8 0 518400 20200326050000 20200313040000 33853 . Qm1Ie0FEwyqy+PCVypAz7PuwJ4aFaQAjU2om+IRPQb/eQ2xjAwDm0YnW vws6lzDe5KKTkQYmSYmPyJ+ccoCk6zqvVVFzMjNQk5mgIpLdxvxLibkk 0hW5MFtY4fdFKmTS14RuqfEXVkEaYIph/Hvyh7Mw/5hKSttwMbJTELfx 8rBEQwVVFYcdazc2oko0UvnBSlnoYbpvlVR7QcrhJ7fAEQfzyy9SsR0Z jWn2G+OdwSfJgN1f7BXftC055yEnCWfG+qJNWrt+QofNolgQTbQDOY3t 3m9ITkBJvvPSUKH7mIIXHYMM3wbO6PenkY9VaPTYW+XkAxJvR+/r+UvE iEpSQw==
;; Received 525 bytes from 169.254.169.254#53(169.254.169.254) in 2 ms
ga. 172800 IN NS a.ns.ga.
ga. 172800 IN NS b.ns.ga.
ga. 172800 IN NS c.ns.ga.
ga. 172800 IN NS d.ns.ga.
ga. 86400 IN NSEC gal. NS RRSIG NSEC
ga. 86400 IN RRSIG NSEC 8 1 86400 20200327050000 20200314040000 33853 . AUOV4PSeXQZ+PpcrnlNQIxmP1vnMcTe77+bQop06CAx1Q4oPMm+ujQY3 AMnp+ex8onrv1VpJgaENd4gyf6bgOkYCNcy2hY/DpXyQ1UY/TLBZigkO Q+xtDwVcXnw/BvP+KpDeEj0KcMSh8qqRRkhVH77KPOEVgmQzyuUZ12GH sc9mmcwxT/Ugl+qG60ib7C3jFi8VYGsMNUk+p2RfDw5MPRPfFGZxEyNH XdmW7ABYm62QdI1oAVPND9UjVkV/aw59Yq55cwrFqcQt+2aM10yrssII nx0o5NX3zqhMt2gkwOnZrGBgIxD1QdJXMZtT7aPk3UgaAvFnOgOpg81Y HtdTFg==
a.ns.ga. 172800 IN A 185.21.168.49
b.ns.ga. 172800 IN A 185.21.169.49
c.ns.ga. 172800 IN A 185.21.170.49
d.ns.ga. 172800 IN A 185.21.171.49
a.ns.ga. 172800 IN AAAA 2a04:1b00:c::1
b.ns.ga. 172800 IN AAAA 2a04:1b00:d::1
c.ns.ga. 172800 IN AAAA 2a04:1b00:e::1
d.ns.ga. 172800 IN AAAA 2a04:1b00:f::1
;; Received 594 bytes from 198.41.0.4#53(a.root-servers.net) in 2 ms
chengyu.ga. 300 IN NS ns01.freenom.com.
chengyu.ga. 300 IN NS ns02.freenom.com.
chengyu.ga. 300 IN NS ns03.freenom.com.
chengyu.ga. 300 IN NS ns04.freenom.com.
;; Received 126 bytes from 185.21.168.49#53(a.ns.ga) in 2 ms
;; connection timed out; no servers could be reached
[guanshan@instance-2 ~]$ dig @185.21.171.49 chengyu.ga +trace +additional
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @185.21.171.49 chengyu.ga +trace +additional
; (1 server found)
;; global options: +cmd
;; Received 28 bytes from 185.21.171.49#53(185.21.171.49) in 2 ms
FYI, серверы .freenom.com. NS были изменены на сервер awsdns пару дней назад. Как видите, результаты, возвращаемые a.ns.ga, устарели.
У меня вопрос, что может вызвать такое поведение?