맞춤 네임서버가 위임되지 않는 이유는 무엇입니까?

tag-icon tag-icon linux networking dns
맞춤 네임서버가 위임되지 않는 이유는 무엇입니까?

"google.com으로 이동하세요"라는 메시지를 받기 전에 작업 설정이 완료되었고 '일반적인' 문제가 모두 해결되었으며 이 문제를 6개월 이상 조사해 왔으며 결과를 얻었음을 분명히 해야 합니다. 정확히는 어디에도 없습니다. 나는 또한 Name.com 지원팀에 문의했는데 그들은 개인/사용자 정의/허영 네임 서버가 그들의 문제가 아니며 공평하게 그들의 네임 서버를 사용하는 것은 작동하지만 내가 그들의 네트워크를 통해 추가한 A 또는 AAAA 레코드를 광고하지 못한다고 말했습니다. 제어판.

제목에 설명된 대로 문제는 내 네임서버가 위임되지 않는다는 것입니다. - Linux 측(mod_sec 및 mod_evasive)에서 IPTables를 사용하고 있으며 라우터 측 방화벽에 문제가 없는지 확인할 수 있습니다(IPv6 라우팅 패킷이 허용되며 엄격한 규칙에 따라 켜기, 끄기 또는 켜기 여부에 차이가 없음).

웹 서버에 대한 액세스는 IPv4 측의 라우팅된 서브넷을 통해 이루어지며 IPv6 연결은 내 IPv6 서브넷의 주소를 사용하여 PPP 연결을 통해 설정되므로 추가 구성 없이 IPv6 연결이 작동(검증)되지만 내 /29 IPv4는 첫 번째 구성을 사용합니다. Linux 이더넷 어댑터에 연결된 나머지 주소를 사용하여 라우팅된 서브넷의 게이트웨이로 주소를 지정합니다. 이 방법도 작동하며 NAT를 우회하기 위한 것이지만 DNS 주소에 대해 나머지(게이트웨이가 아닌) IPv4 주소에 포트를 구성할 수 있으며 두 포트 모두에서 DNS 및 HTTPD 연결을 보장하기 위해 포트 53과 80을 모두 열어 둘 수 있습니다. 방향(TCP 및 UDP).

나의명명된.conf(rndc 키가 제거된 상태)명명된.실행, 그리고명명된.insurgent.info(일반 형식, 내 서버의 DNSSEC 형식 버전) 파일은 아래와 같습니다. 추가 세부정보나 설명이 필요한 경우 알려주시기 바랍니다.

명명된.conf:

options {
    listen-on { any; };
    allow-query { any; };
    listen-on-v6 { any; };

    directory           "/var/named";
    dump-file           "/var/named/data/cache_dump.db";
    statistics-file     "/var/named/data/named_stats.txt";
    memstatistics-file  "/var/named/data/named_mem_stats.txt";

    recursion yes;
    // edns-udp-size 1432;
    // allow-new-zones yes;
    allow-transfer { none; };

    dnssec-enable yes;
    dnssec-validation yes;
    managed-keys-directory "/var/named/dynamic";

    version "Damned If I Know";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "insurgent.info" IN {
    type master;
    file "named.insurgent.info";
    auto-dnssec maintain;
    key-directory "/var/named/dynamic";
    update-policy local;
};

zone "46.102.204.in-addr.arpa" IN {
    type master;
    file "named.PTR4.insurgent";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa" IN {
    type master;
    file "named.PTR6.insurgent";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

명명된.insurgent.info:

$TTL 1D
@                       IN  SOA    ns1.insurgent.info.    hostmaster.insurgent.info. (
                        110     ; serial
                        21600   ; refresh after 6 hours
                        3600    ; retry after 1 hour
                        604800  ; expire after 1 week
                        86400 ) ; minimum TTL of 1 day
;
                        IN  NS  ns1.insurgent.info.
                        IN  NS  ns2.insurgent.info.
;
                        IN  A       46.102.204.226
ns1                     IN  AAAA    2A00:B900:10A4:1::2
                        IN  A       46.102.204.227
ns2                     IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  A       46.102.204.227
insurgent.info.         IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  TXT     protonmail-verification=
;
www                     IN  A       46.102.204.227
www                     IN  AAAA    2A00:B900:10A4:1::4

명명된.실행:

zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 04:09:01.695
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 05:09:01.695
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 06:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 07:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 08:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 09:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 10:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 11:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 12:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 13:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 14:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 15:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 16:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 17:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 18:09:01.698
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 182.254.49.112#53
FORMERR resolving 'ns-tel1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-cmn1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 223.167.83.104#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 19:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 20:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 21:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 22:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 23:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 00:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 01:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 02:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 03:09:01.700
_default: sending trust-anchor-telemetry query '_ta-4a5c-4f66/NULL'
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 04:09:01.700
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 05:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 06:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 07:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 08:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 09:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 10:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 11:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 12:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 13:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 14:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 15:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 16:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 17:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 18:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 19:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 20:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 21:09:01.704
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:09:01.704
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:23.537
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: journal file is out of date: removing journal file
managed-keys-zone: loaded serial 24
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
all zones loaded
running
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:53.608
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
reloading configuration succeeded
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:07.578
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: loaded serial 26
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
addnode: NSEC node already exists
zone localhost.localdomain/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
all zones loaded
running
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:09.955
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 23:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 00:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 01:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 02:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 03:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 04:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 05:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 06:12:09.956
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 07:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 08:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 09:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 10:12:09.957
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 183.2.186.153#53
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 183.2.186.153#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 11:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 12:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 13:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 14:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 15:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 16:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 17:12:09.959
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 18:12:09.959

답변1

제목에 설명된 대로 문제는 내 네임서버가 위임되지 않는다는 것입니다.

"위임하지 않습니다"는 두 가지 방식으로 해석될 수 있습니다.

  1. 네임서버 는 귀하의 네임서버에 info위임되지 않습니다 insurgent.info.
  2. <something>.insurgent.info귀하의 네임서버는 다른 사람의 네임서버에 위임되지 않습니다 .

두 번째 해석은 가능성이 낮습니다. 단순히 해당 영역에 3차 수준 위임(NS 레코드)이 없음을 보여주었기 때문입니다.

첫 번째 해석이 가장 가능성이 높지만, info모두 올바른 정보가 포함된 네임서버의 NS 레코드를 확인하면 거짓임이 입증될 수 있습니다.

$ dnstracer -r1 -t1 -s. insurgent.info
A.ROOT-SERVERS.NET을 통해 insurgent.info[a] 추적, 최대 1회 재시도
A.ROOT-SERVERS.NET [.] (2001:0503:ba3e:0000:0000:0000:0002:0030)
 |\___ a0.info.afilias-nst.info [정보] (2001:0500:0019:0000:0000:0000:0000:0001)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) 권위있는 답변을 얻었습니다
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) 권위있는 답변을 얻었습니다
 |\__ a0.info.afilias-nst.info [정보] (199.254.31.1)
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ b2.info.afilias-nst.org [정보] (2001:0500:0049:0000:0000:0000:0000:0001)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 |\__ b2.info.afilias-nst.org [정보] (199.249.121.1)
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ c0.info.afilias-nst.info [정보] (2001:0500:001b:0000:0000:0000:0000:0001)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 |\__ c0.info.afilias-nst.info [정보] (199.254.49.1)
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ d0.info.afilias-nst.org [정보] (2001:0500:001c:0000:0000:0000:0000:0001)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 |\__ d0.info.afilias-nst.org [정보] (199.254.50.1)
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\__ b0.info.afilias-nst.org [정보] (2001:0500:001a:0000:0000:0000:0000:0001)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 |\__ b0.info.afilias-nst.org [정보] (199.254.48.1)
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ a2.info.afilias-nst.info [정보] (2001:0500:0041:0000:0000:0000:0000:0001)
 | |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
 | |\__ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
  \___ a2.info.afilias-nst.info [정보] (199.249.113.1)
       |\__ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (캐시됨)
       |\__ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
       |\__ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) (캐시됨)
        \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *

개별 서버를 검사하면 dig다음과 같은 결과가 나타납니다.

$ 발굴 +nocmd +nostats insurgent.info. NS @a0.info.afilias-nst.info
;; 답변을 얻었습니다:
;; ->>HEADER<<- opcode: QUERY, 상태: NOERROR, ID: 56401
;; 플래그: qr rd; 쿼리: 1, 답변: 0, 권한: 2, 추가: 5
;; 경고: 재귀가 요청되었지만 사용할 수 없습니다.

;; OPT 의사 섹션:
; EDNS: 버전: 0, 플래그:; UDP: 4096
;; 질문 섹션:
;insurgent.info. NS에서

;; 권한 섹션:
insurgent.info. 86400 IN NS ns2.insurgent.info.
insurgent.info. 86400 IN NS ns1.insurgent.info.

;; 추가 섹션:
ns1.insurgent.info. 86400 AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info. 86400 AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info. 46.102.204.226의 86400
ns2.insurgent.info. 46.102.204.227의 86400

$ 발굴 +nocmd +nostats insurgent.info. DS @a0.info.afilias-nst.info
;; 답변을 얻었습니다:
;; ->>HEADER<<- opcode: QUERY, 상태: NOERROR, ID: 28823
;; 플래그: qr aa rd; 쿼리: 1, 답변: 1, 권한: 0, 추가: 1
;; 경고: 재귀가 요청되었지만 사용할 수 없습니다.

;; OPT 의사 섹션:
; EDNS: 버전: 0, 플래그:; UDP: 4096
;; 질문 섹션:
;insurgent.info. DS에서

;; 답변 섹션:
insurgent.info. 86400 DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

보시다시피 위임(NS 레코드, Glue A/AAAA 레코드, 심지어 DNSSEC DS 레코드까지)은 정확합니다. 즉, 자신의 영역에 제공한 IP 주소와 정확하게 일치합니다.

도메인이 위임된 개별 서버 조회에게모두 'authoritative' 플래그와 함께 답변을 반환한다는 것을 보여줍니다.위임이 유효합니다:

$ 발굴 +nocmd +nostats insurgent.info. SOA @2a00:b900:10a4:1::2
;; 답변을 얻었습니다:
;; ->>HEADER<<- opcode: QUERY, 상태: NOERROR, ID: 50734
;; 플래그: qr aa rd ra; 질문: 1, 답변: 1, 권한: 2, 추가: 4

;; OPT 의사 섹션:
; EDNS: 버전: 0, 플래그:; UDP: 4096
; 쿠키: cc7cec751344643dd263565e5b7c5d3f1915af129394589c (양호)
;; 질문 섹션:
;insurgent.info. SOA에서

;; 답변 섹션:
insurgent.info. 86400 IN SOA ns1.insurgent.info. hostmaster.insurgent.info. 113 21600 3600 604800 86400

;; 권한 섹션:
insurgent.info. 86400 IN NS ns2.insurgent.info.
insurgent.info. 86400 IN NS ns1.insurgent.info.

;; 추가 섹션:
ns1.insurgent.info. 86400 AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info. 86400 AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info. 46.102.204.227의 86400

$ 발굴 +nocmd +nostats insurgent.info. DS @2a00:b900:10a4:1::4
;; 답변을 얻었습니다:
;; ->>HEADER<<- opcode: QUERY, 상태: NOERROR, ID: 1061
;; 플래그: qr rd ra 광고; 쿼리: 1, 답변: 1, 권한: 0, 추가: 1

;; OPT 의사 섹션:
; EDNS: 버전: 0, 플래그:; UDP: 4096
; 쿠키: ffdb2d48b46554e4a6017bda5b7c5d0e3a07a163aa55d6d5 (좋음)
;; 질문 섹션:
;insurgent.info. DS에서

;; 답변 섹션:
insurgent.info. 86255 DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

하지만:

$ 발굴 +nocmd +nostats insurgent.info. SOA @46.102.204.227
;; 연결 시간이 초과되었습니다; 서버에 연결할 수 없습니다

위의 로그에서 네임서버가DNS 쿼리에 응답하지 않습니다UDP/IPv4를 통해 TCP/IPv4, UDP/IPv6 및 TCP/IPv6만 허용합니다.

이는 "제목에 설명된" 문제와는 아무런 관련이 없지만 실제로 도메인 이름을 확인하려고 할 때 문제를 일으킬 수 있습니다(TCP가 아닌 UDP가 기본 DNS 전송이고 UDP 응답이 부족하기 때문입니다).~하지 않을 것이다TCP 대체를 유발함).

관련 정보