저는 Fedora 33과 systemd 246을 사용하고 있습니다. 약간의 배경 지식을 제공하기 위해 멀티캐스트 DNS 확인에 문제가 있어서 nss-mdns다음을 확인했습니다.유니캐스트 SOA 휴리스틱문제가 되려면.
그런 다음 systemd-resolved가 현재 DNS 서버를 향해 보내는 쿼리가 NXDOMAIN이 되더라도 NOERROR 응답 코드로 응답하는 것을 확인했습니다.
$ resolvectl status
Global
LLMNR setting: resolve
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Fallback DNS Servers: 1.1.1.1
8.8.8.8
1.0.0.1
8.8.4.4
2606:4700:4700::1111
2001:4860:4860::8888
2606:4700:4700::1001
2001:4860:4860::8844
Link 3 (wlo1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.1.1
DNS Servers: 192.168.1.1
DNS Domain: ~.
lan
DNS 서버에 쿼리:
$ dig @192.168.1.1 -t SOA example.local
; <<>> DiG 9.11.24-RedHat-9.11.24-2.fc33 <<>> @192.168.1.1 -t SOA example.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4136
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.local. IN SOA
;; AUTHORITY SECTION:
example.local. 10800 IN SOA example.local. nobody.invalid. 1 3600 1200 604800 10800
;; ADDITIONAL SECTION:
explanation.invalid. 10800 IN TXT "Blocking is mandated by standards, see references on https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml"
;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: St pro 02 16:42:24 CET 2020
;; MSG SIZE rcvd: 254
systemd에서 확인된 로컬 DNS 스텁 리스너에 대한 쿼리:
$ dig @127.0.0.53 -t SOA example.local
; <<>> DiG 9.11.24-RedHat-9.11.24-2.fc33 <<>> @127.0.0.53 -t SOA example.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5771
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.local. IN SOA
;; ANSWER SECTION:
example.local. 10800 IN SOA example.local. nobody.invalid. 1 3600 1200 604800 10800
;; Query time: 3 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: St pro 02 16:44:21 CET 2020
;; MSG SIZE rcvd: 92
resolvectl을 사용하여 쿼리:
$ resolvectl query -t SOA example.local
example.local IN SOA example.local nobody.invalid 1 3600 1200 604800 10800 -- link: wlo1
-- Information acquired via protocol DNS in 5.0ms.
-- Data is authenticated: no
tcpdump에 의해 캡처된 해당 패킷:
$ tcpdump -n -i wlo1 port domain
listening on wlo1, link-type EN10MB (Ethernet), capture size 262144 bytes
16:49:57.660945 IP 192.168.1.187.37304 > 192.168.1.1.domain: 32798+ SOA? example.local. (31)
16:49:57.664257 IP 192.168.1.1.domain > 192.168.1.187.37304: 32798 NXDomain* 0/1/1 (254)
해당 systemd 해결 로그:
systemd-resolved[186024]: Got message type=method_call sender=:1.3283 destination=org.freedesktop.resolve1 path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveRecord cookie=2 reply_cookie=0 signature=isqqt error-name=n/a error-message=n/a
systemd-resolved[186024]: Looking up RR for example.local IN SOA.
systemd-resolved[186024]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=89 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[186024]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=90 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[186024]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.3260 path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=90 signature=s error-name=n/a error-message=n/a
systemd-resolved[186024]: Cache miss for example.local IN SOA
systemd-resolved[186024]: Transaction 13951 for <example.local IN SOA> scope dns on wlo1/*.
systemd-resolved[186024]: Using feature level UDP+EDNS0 for transaction 13951.
systemd-resolved[186024]: Using DNS server 192.168.1.1 for transaction 13951.
systemd-resolved[186024]: Sending query packet with id 13951.
systemd-resolved[186024]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.3260 path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=89 signature= error-name=n/a error-message=n/a
systemd-resolved[186024]: Match type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.3283' successfully installed.
systemd-resolved[186024]: Processing incoming packet on transaction 13951 (rcode=NXDOMAIN).
systemd-resolved[186024]: Server doesn't support EDNS(0) properly, downgrading feature level...
systemd-resolved[186024]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.1.1.
systemd-resolved[186024]: Server feature level is now lower than when we began our transaction. Restarting with new ID.
systemd-resolved[186024]: Transaction 13951 is now 31028.
systemd-resolved[186024]: Cache miss for example.local IN SOA
systemd-resolved[186024]: Transaction 31028 for <example.local IN SOA> scope dns on wlo1/*.
systemd-resolved[186024]: Using feature level UDP for transaction 31028.
systemd-resolved[186024]: Sending query packet with id 31028.
systemd-resolved[186024]: Processing incoming packet on transaction 31028 (rcode=NXDOMAIN).
systemd-resolved[186024]: Transaction 31028 for <example.local IN SOA> on scope dns on wlo1/* now complete with <success> from network (unsigned).
systemd-resolved[186024]: Sent message type=method_return sender=n/a destination=:1.3283 path=n/a interface=n/a member=n/a cookie=91 reply_cookie=2 signature=a(iqqay)t error-name=n/a error-message=n/a
systemd-resolved[186024]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=92 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[186024]: Freeing transaction 31028.
왜 이런 일이 발생합니까?