為什麼自訂名稱伺服器不會委託?

tag-icon tag-icon linux networking dns
為什麼自訂名稱伺服器不會委託?

在我被告知“瀏覽 google.com”之前,我需要澄清我有一個工作設置,我已經解決了所有“常見”問題,並且我已經研究了這個問題超過六個月並得到了正是無處可去。我還與Name.com 支援人員進行了交談,他們告訴我,私有/自訂/虛榮名稱伺服器不是他們的問題,公平地說,使用他們的名稱伺服器可以工作,但無法宣傳我透過他們添加的任何A 或AAAA 記錄控制面板。

如標題所述,問題是我的網域伺服器不會委託。 - 我在linux端使用IPTables(mod_sec和mod_evasive)並且可以確認路由器端的防火牆不是問題(允許IPv6路由封包,並且無論開啟、關閉或嚴格規則開啟都沒有區別)。

對網路伺服器的存取是透過IPv4 端的路由子網路進行的,IPv6 連線是使用我的IPv6 子網路中的位址透過PPP 連線建立的,因此IPv6 連線無需額外設定即可運作(已驗證),而我的/29 IPv4 使用第一個位址作為路由子網路的網關,其餘位址附加到 Linux 乙太網路適配器。這也有效,雖然這是為了繞過 NAT,但我仍然能夠在其餘(非網關)IPv4 位址上為 DNS 位址配置端口,並打開端口 53 和 80,以確保兩者中的 DNS 和 HTTPD 連接方向( TCP 和UDP)。

我的命名設定檔(刪除了 rndc 金鑰),命名.運行, 和命名.insurgent.info(清晰的形式,我的伺服器上的版本為DNSSEC格式)文件如下所示。如果需要更多詳細資訊或澄清,請告訴我。

命名.conf:

options {
    listen-on { any; };
    allow-query { any; };
    listen-on-v6 { any; };

    directory           "/var/named";
    dump-file           "/var/named/data/cache_dump.db";
    statistics-file     "/var/named/data/named_stats.txt";
    memstatistics-file  "/var/named/data/named_mem_stats.txt";

    recursion yes;
    // edns-udp-size 1432;
    // allow-new-zones yes;
    allow-transfer { none; };

    dnssec-enable yes;
    dnssec-validation yes;
    managed-keys-directory "/var/named/dynamic";

    version "Damned If I Know";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "insurgent.info" IN {
    type master;
    file "named.insurgent.info";
    auto-dnssec maintain;
    key-directory "/var/named/dynamic";
    update-policy local;
};

zone "46.102.204.in-addr.arpa" IN {
    type master;
    file "named.PTR4.insurgent";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa" IN {
    type master;
    file "named.PTR6.insurgent";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

命名.insurgent.info:

$TTL 1D
@                       IN  SOA    ns1.insurgent.info.    hostmaster.insurgent.info. (
                        110     ; serial
                        21600   ; refresh after 6 hours
                        3600    ; retry after 1 hour
                        604800  ; expire after 1 week
                        86400 ) ; minimum TTL of 1 day
;
                        IN  NS  ns1.insurgent.info.
                        IN  NS  ns2.insurgent.info.
;
                        IN  A       46.102.204.226
ns1                     IN  AAAA    2A00:B900:10A4:1::2
                        IN  A       46.102.204.227
ns2                     IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  A       46.102.204.227
insurgent.info.         IN  AAAA    2A00:B900:10A4:1::4
;
insurgent.info.         IN  TXT     protonmail-verification=
;
www                     IN  A       46.102.204.227
www                     IN  AAAA    2A00:B900:10A4:1::4

命名.運行:

zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 04:09:01.695
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 05:09:01.695
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 06:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 07:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 08:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 09:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 10:09:01.696
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 11:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 12:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 13:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 14:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 15:09:01.697
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 16:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 17:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 18:09:01.698
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 182.254.49.112#53
FORMERR resolving 'ns-tel1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-cmn1.qq.com/AAAA/IN': 223.167.83.104#53
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 223.167.83.104#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 19:09:01.698
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 20:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 21:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 22:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 19-Aug-2018 23:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 00:09:01.699
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 01:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 02:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 03:09:01.700
_default: sending trust-anchor-telemetry query '_ta-4a5c-4f66/NULL'
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 04:09:01.700
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 05:09:01.700
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 06:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 07:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 08:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 09:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 10:09:01.701
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 11:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 12:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 13:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 14:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 15:09:01.702
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 16:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 17:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 18:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 19:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 20:09:01.703
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 21:09:01.704
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:09:01.704
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:23.537
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: journal file is out of date: removing journal file
managed-keys-zone: loaded serial 24
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
all zones loaded
running
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:11:53.608
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
received control channel command 'reload'
loading configuration from '/etc/named.conf'
unable to open '/etc/bind.keys'; using built-in keys instead
initializing GeoIP Country (IPv4) (type 1) DB
GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
GeoIP Country (IPv6) (type 12) DB not available
GeoIP City (IPv4) (type 2) DB not available
GeoIP City (IPv4) (type 6) DB not available
GeoIP City (IPv6) (type 30) DB not available
GeoIP City (IPv6) (type 31) DB not available
GeoIP Region (type 3) DB not available
GeoIP Region (type 7) DB not available
GeoIP ISP (type 4) DB not available
GeoIP Org (type 5) DB not available
GeoIP AS (type 9) DB not available
GeoIP Domain (type 11) DB not available
GeoIP NetSpeed (type 10) DB not available
using default UDP/IPv4 port range: [32768, 60999]
using default UDP/IPv6 port range: [32768, 60999]
sizing zone task pool based on 9 zones
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
automatic empty zone: 10.IN-ADDR.ARPA
automatic empty zone: 16.172.IN-ADDR.ARPA
automatic empty zone: 17.172.IN-ADDR.ARPA
automatic empty zone: 18.172.IN-ADDR.ARPA
automatic empty zone: 19.172.IN-ADDR.ARPA
automatic empty zone: 20.172.IN-ADDR.ARPA
automatic empty zone: 21.172.IN-ADDR.ARPA
automatic empty zone: 22.172.IN-ADDR.ARPA
automatic empty zone: 23.172.IN-ADDR.ARPA
automatic empty zone: 24.172.IN-ADDR.ARPA
automatic empty zone: 25.172.IN-ADDR.ARPA
automatic empty zone: 26.172.IN-ADDR.ARPA
automatic empty zone: 27.172.IN-ADDR.ARPA
automatic empty zone: 28.172.IN-ADDR.ARPA
automatic empty zone: 29.172.IN-ADDR.ARPA
automatic empty zone: 30.172.IN-ADDR.ARPA
automatic empty zone: 31.172.IN-ADDR.ARPA
automatic empty zone: 168.192.IN-ADDR.ARPA
automatic empty zone: 64.100.IN-ADDR.ARPA
automatic empty zone: 65.100.IN-ADDR.ARPA
automatic empty zone: 66.100.IN-ADDR.ARPA
automatic empty zone: 67.100.IN-ADDR.ARPA
automatic empty zone: 68.100.IN-ADDR.ARPA
automatic empty zone: 69.100.IN-ADDR.ARPA
automatic empty zone: 70.100.IN-ADDR.ARPA
automatic empty zone: 71.100.IN-ADDR.ARPA
automatic empty zone: 72.100.IN-ADDR.ARPA
automatic empty zone: 73.100.IN-ADDR.ARPA
automatic empty zone: 74.100.IN-ADDR.ARPA
automatic empty zone: 75.100.IN-ADDR.ARPA
automatic empty zone: 76.100.IN-ADDR.ARPA
automatic empty zone: 77.100.IN-ADDR.ARPA
automatic empty zone: 78.100.IN-ADDR.ARPA
automatic empty zone: 79.100.IN-ADDR.ARPA
automatic empty zone: 80.100.IN-ADDR.ARPA
automatic empty zone: 81.100.IN-ADDR.ARPA
automatic empty zone: 82.100.IN-ADDR.ARPA
automatic empty zone: 83.100.IN-ADDR.ARPA
automatic empty zone: 84.100.IN-ADDR.ARPA
automatic empty zone: 85.100.IN-ADDR.ARPA
automatic empty zone: 86.100.IN-ADDR.ARPA
automatic empty zone: 87.100.IN-ADDR.ARPA
automatic empty zone: 88.100.IN-ADDR.ARPA
automatic empty zone: 89.100.IN-ADDR.ARPA
automatic empty zone: 90.100.IN-ADDR.ARPA
automatic empty zone: 91.100.IN-ADDR.ARPA
automatic empty zone: 92.100.IN-ADDR.ARPA
automatic empty zone: 93.100.IN-ADDR.ARPA
automatic empty zone: 94.100.IN-ADDR.ARPA
automatic empty zone: 95.100.IN-ADDR.ARPA
automatic empty zone: 96.100.IN-ADDR.ARPA
automatic empty zone: 97.100.IN-ADDR.ARPA
automatic empty zone: 98.100.IN-ADDR.ARPA
automatic empty zone: 99.100.IN-ADDR.ARPA
automatic empty zone: 100.100.IN-ADDR.ARPA
automatic empty zone: 101.100.IN-ADDR.ARPA
automatic empty zone: 102.100.IN-ADDR.ARPA
automatic empty zone: 103.100.IN-ADDR.ARPA
automatic empty zone: 104.100.IN-ADDR.ARPA
automatic empty zone: 105.100.IN-ADDR.ARPA
automatic empty zone: 106.100.IN-ADDR.ARPA
automatic empty zone: 107.100.IN-ADDR.ARPA
automatic empty zone: 108.100.IN-ADDR.ARPA
automatic empty zone: 109.100.IN-ADDR.ARPA
automatic empty zone: 110.100.IN-ADDR.ARPA
automatic empty zone: 111.100.IN-ADDR.ARPA
automatic empty zone: 112.100.IN-ADDR.ARPA
automatic empty zone: 113.100.IN-ADDR.ARPA
automatic empty zone: 114.100.IN-ADDR.ARPA
automatic empty zone: 115.100.IN-ADDR.ARPA
automatic empty zone: 116.100.IN-ADDR.ARPA
automatic empty zone: 117.100.IN-ADDR.ARPA
automatic empty zone: 118.100.IN-ADDR.ARPA
automatic empty zone: 119.100.IN-ADDR.ARPA
automatic empty zone: 120.100.IN-ADDR.ARPA
automatic empty zone: 121.100.IN-ADDR.ARPA
automatic empty zone: 122.100.IN-ADDR.ARPA
automatic empty zone: 123.100.IN-ADDR.ARPA
automatic empty zone: 124.100.IN-ADDR.ARPA
automatic empty zone: 125.100.IN-ADDR.ARPA
automatic empty zone: 126.100.IN-ADDR.ARPA
automatic empty zone: 127.100.IN-ADDR.ARPA
automatic empty zone: 127.IN-ADDR.ARPA
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: EMPTY.AS112.ARPA
automatic empty zone: HOME.ARPA
none:104: 'max-cache-size 90%' - setting to 6897MB (out of 7663MB)
reloading configuration succeeded
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:07.578
reloading zones succeeded
all zones loaded
running
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
no longer listening on ::#53
no longer listening on 127.0.0.1#53
no longer listening on 10.200.0.6#53
no longer listening on 46.102.204.226#53
no longer listening on 46.102.204.227#53
no longer listening on 46.102.204.228#53
no longer listening on 46.102.204.229#53
no longer listening on 46.102.204.230#53
exiting
managed-keys-zone: loaded serial 26
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: loaded serial 101
addnode: NSEC node already exists
zone localhost.localdomain/IN: loaded serial 0
zone insurgent.info/IN: loaded serial 113 (DNSSEC signed)
zone 46.102.204.in-addr.arpa/IN: loaded serial 101
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
all zones loaded
running
zone insurgent.info/IN: sending notifies (serial 113)
zone insurgent.info/IN: reconfiguring zone keys
zone 46.102.204.in-addr.arpa/IN: sending notifies (serial 101)
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.4.a.0.1.0.0.9.b.0.0.a.2.ip6.arpa/IN: sending notifies (serial 101)
zone insurgent.info/IN: next key event: 20-Aug-2018 22:12:09.955
managed-keys-zone: Key 19036 for zone . acceptance timer complete: key now trusted
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
resolver priming query complete
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 20-Aug-2018 23:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 00:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 01:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 02:12:09.955
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 03:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 04:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 05:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 06:12:09.956
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
connection refused resolving 'researchscan541.eecs.umich.edu/A/IN': 141.213.15.4#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 07:12:09.956
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 08:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 09:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 10:12:09.957
FORMERR resolving 'ns-os1.qq.com/AAAA/IN': 183.2.186.153#53
FORMERR resolving 'ns-cnc1.qq.com/AAAA/IN': 183.2.186.153#53
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 11:12:09.957
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 12:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 13:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 14:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 15:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 16:12:09.958
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 17:12:09.959
zone insurgent.info/IN: reconfiguring zone keys
zone insurgent.info/IN: next key event: 21-Aug-2018 18:12:09.959

答案1

如標題所述,問題是我的網域伺服器不會委託。

「不會委託」可以有兩種解釋:

  1. 名稱伺服器info不會委託insurgent.info給您的名稱伺服器。
  2. 您的網域伺服器不會委託<something>.insurgent.info給其他人的網域伺服器。

第二種解釋不太可能,只是因為您已經表明您的區域沒有任何第三級委派(NS 記錄)。

第一種解釋是最有可能的,但透過檢查info名稱伺服器上的 NS 記錄可以證明它是錯誤的,所有這些記錄都包含正確的資訊:

$ dnstracer -r1 -t1 -s。叛亂分子資訊網
透過 A.ROOT-SERVERS.NET 追蹤 insurgent.info[a],最多重試 1 次
A.ROOT-SERVERS.NET [.] (2001:0503:ba3e:0000:0000:0000:0002:0030)
 |\___ a0.info.afilias-nst.info [訊息] (2001:0500:0019:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002) 得到權威答案
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) 得到權威答案
 |\___ a0.info.afilias-nst.info [資訊] (199.254.31.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ b2.info.afilias-nst.org [訊息] (2001:0500:0049:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 |\___ b2.info.afilias-nst.org [資訊] (199.249.121.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ c0.info.afilias-nst.info [訊息] (2001:0500:001b:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (快取)
 |\___ c0.info.afilias-nst.info [資訊] (199.254.49.1)
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ d0.info.afilias-nst.org [訊息] (2001:0500:001c:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 |\___ d0.info.afilias-nst.org [資訊] (199.254.50.1)
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | \___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 |\___ b0.info.afilias-nst.org [訊息] (2001:0500:001a:0000:0000:0000:0000:0001)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | \___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004) (快取)
 |\___ b0.info.afilias-nst.org [資訊] (199.254.48.1)
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
 | \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 |\___ a2.info.afilias-nst.info [訊息] (2001:0500:0041:0000:0000:0000:0000:0001)
 | |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
 | |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
 | |\___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *
 | \___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
  \___ a2.info.afilias-nst.info [訊息] (199.249.113.1)
       |\___ ns2.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0004)(已快取)
       |\___ ns2.insurgent.info [insurgent.info] (46.102.204.227) *
       |\___ ns1.insurgent.info [insurgent.info] (2a00:b900:10a4:0001:0000:0000:0000:0002)(已快取)
        \___ ns1.insurgent.info [insurgent.info] (46.102.204.226) *

透過檢查單一伺服器dig顯示相同的結果:

$ dig +nocmd +nostats insurgent.info。 NS@a0.info.afilias-nst.info
;;得到答案:
;; ->>HEADER<<- 操作碼:QUERY,狀態:NOERROR,id:56401
;;標誌:qr rd;查詢:1,答案:0,權限:2,附加:5
;;警告:遞歸已請求但不可用

;;選擇偽部分:
; EDNS:版本:0,標誌:; UDP:4096
;;問題部分:
;叛亂分子資訊。在新斯科細亞省

;;權力部分:
叛亂分子訊息。 86400 IN NS ns2.insurgent.info。
叛亂分子訊息。 86400 IN NS ns1.insurgent.info。

;;附加部分:
ns1.insurgent.info。 86400 在 AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info。 86400 在 AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info。 86400 在 46.102.204.226
ns2.insurgent.info。 86400 在 46.102.204.227

$ dig +nocmd +nostats insurgent.info。 DS @a0.info.afilias-nst.info
;;得到答案:
;; ->>標頭<<- 操作碼:QUERY,狀態:NOERROR,id:28823
;;標誌:qr aa rd;查詢:1,答案:1,權限:0,附加:1
;;警告:遞歸已請求但不可用

;;選擇偽部分:
; EDNS:版本:0,標誌:; UDP:4096
;;問題部分:
;叛亂分子資訊。在DS

;;答案部分:
叛亂分子訊息。 86400 輸入 DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

如您所看到的,委派(NS 記錄、黏合 A/AAAA 記錄,甚至 DNSSEC DS 記錄)是正確的,因為它與您在自己的區域中提供的 IP 位址完全匹配。

查詢已授權網域的各個伺服器顯示它們都返回帶有“權威”標誌的答案,所以委託有效:

$ dig +nocmd +nostats insurgent.info。 SOA @2a00:b900:10a4:1::2
;;得到答案:
;; ->>HEADER<<- 操作碼:QUERY,狀態:NOERROR,id:50734
;;標誌:qr aa rd ra;查詢:1,答案:1,權限:2,附加:4

;;選擇偽部分:
; EDNS:版本:0,標誌:; UDP:4096
;餅乾:cc7cec751344643dd263565e5b7c5d3f1915af129394589c(好)
;;問題部分:
;叛亂分子資訊。在SOA中

;;答案部分:
叛亂分子訊息。 86400 在 SOA ns1.insurgent.info 中。 Hostmaster.insurgent.info。 113 21600 3600 604800 86400

;;權力部分:
叛亂分子訊息。 86400 IN NS ns2.insurgent.info。
叛亂分子訊息。 86400 IN NS ns1.insurgent.info。

;;附加部分:
ns1.insurgent.info。 86400 在 AAAA 2a00:b900:10a4:1::2
ns2.insurgent.info。 86400 在 AAAA 2a00:b900:10a4:1::4
ns1.insurgent.info。 86400 在 46.102.204.227

$ dig +nocmd +nostats insurgent.info。 DS @2a00:b900:10a4:1::4
;;得到答案:
;; ->>標頭<<- 操作碼:QUERY,狀態:NOERROR,id:1061
;;標誌:qr rd ra ad;查詢:1,答案:1,權限:0,附加:1

;;選擇偽部分:
; EDNS:版本:0,標誌:; UDP:4096
;餅乾:ffdb2d48b46554e4a6017bda5b7c5d0e3a07a163aa55d6d5(好)
;;問題部分:
;叛亂分子資訊。在DS

;;答案部分:
叛亂分子訊息。 86255 輸入 DS 29763 5 2 B5A75E0AE77392BB32F92943DCD9E086B8351CD32F30ECED2BCD3692 EA539934

然而:

$ dig +nocmd +nostats insurgent.info。 SOA @46.102.204.227
;;連線逾時;無法存取伺服器

在上面的日誌中,您可以看到您的名稱伺服器不回應 DNS 查詢基於 UDP/IPv4,僅接受 TCP/IPv4、UDP/IPv6 和 TCP/IPv6。

雖然這與「標題中概述的」問題無關,但在嘗試實際解析網域名稱時確實會導致問題(因為 UDP(而不是 TCP)是預設的 DNS 傳輸,並且缺乏 UDP 回應將不會導致 TCP 回退)。

相關內容