問題:
最近,我注意到桌面上的 Chrome 在加載新網站時停滯不前,說它正在解析網域名稱。最後解決了,但感覺 DNS 請求最多需要 5 秒鐘才能成功,這是不對的。
設定:
Windows Server 2012 R2 Active Directory 網域控制站。
- IPv4 位址:172.16.1.10(名稱
server.my.ad.domain:) - Windows DNS 伺服器配置為僅使用 Google 的 8.8.8.8 和 8.8.4.4 作為唯一的轉送器。
- 如果沒有可用的轉發器,它也配置為使用根提示。
dcdiag通過所有測試。
- IPv4 位址:172.16.1.10(名稱
Windows 10 桌上型計算機,網域成員。
- 姓名:
desktop.my.ad.domain - 網路設定:
- 藍牙 PAN:已停用(「未連線」)
- 乙太網路:已連線(網域網路設定檔)
- 啟用 DHCP。
- 僅使用 172.16.1.10 作為其 DNS 伺服器。
- 姓名:
nslookup輸出:
我從桌面上運行了這個 - 我很驚訝地看到超時錯誤,但要解析名稱最終無需第二次調用nslookup:
C:\>nslookup stackoverflow.com
Server: server.my.ad.domain
Address: 172.16.1.10
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: stackoverflow.com
Addresses: 151.101.65.69
151.101.1.69
151.101.129.69
151.101.193.69
我似乎無法可靠地重現該問題 - 即使ipconfig /flushdns在我的桌面和伺服器上運行並從 Windows DNS 伺服器快取中刪除快取項目後也是如此。
我剛剛再次嘗試使用nslookup and set debug,得到了這個:
> openra.net
Server: server.my.ad.domain
Address: 172.16.1.10
------------
Got answer:
HEADER:
opcode = QUERY, id = 16, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.my.ad.domain, type = A, class = IN
AUTHORITY RECORDS:
-> my.ad.domain
ttl = 3600 (1 hour)
primary name server = server.my.ad.domain
responsible mail addr = hostmaster.my.ad.domain
serial = 8384
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 17, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.my.ad.domain, type = AAAA, class = IN
AUTHORITY RECORDS:
-> my.ad.domain
ttl = 3600 (1 hour)
primary name server = server.my.ad.domain
responsible mail addr = hostmaster.my.ad.domain
serial = 8384
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 18, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.ad.domain, type = A, class = IN
AUTHORITY RECORDS:
-> ad.domain
ttl = 298 (4 mins 58 secs)
primary name server = ns1.bdm.microsoftonline.com
responsible mail addr = azuredns-hostmaster.microsoft.com
serial = 1
refresh = 3600 (1 hour)
retry = 300 (5 mins)
expire = 2419200 (28 days)
default TTL = 300 (5 mins)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 19, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
openra.net.ad.domain, type = AAAA, class = IN
AUTHORITY RECORDS:
-> ad.domain
ttl = 298 (4 mins 58 secs)
primary name server = ns1.bdm.microsoftonline.com
responsible mail addr = azuredns-hostmaster.microsoft.com
serial = 1
refresh = 3600 (1 hour)
retry = 300 (5 mins)
expire = 2419200 (28 days)
default TTL = 300 (5 mins)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 20, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
openra.net, type = A, class = IN
ANSWERS:
-> openra.net
internet address = 194.63.248.52
ttl = 3599 (59 mins 59 secs)
------------
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
Name: openra.net
Address: 194.63.248.52
>
不幸的是它仍然沒有告訴我確切地什麼超時...
答案1
您的本機 dns 伺服器可以毫無問題地解決遞歸 dns 查詢,但所花費的時間比預期多一點。這將有很多原因檢查
從您的桌面到本機 DNS 伺服器的網路連線。當您從桌面 ping 到本機 DNS 伺服器時,很可能應該 > 2 毫秒
檢查從本機 dns 伺服器到網際網路的網路連接,或檢查從本機 dns 伺服器到伺服器上設定的 dns 轉發器 ip 的連接。
在檢查上述連線時,如果您發現網路中有任何延遲,請嘗試最佳化連線問題。