474
社区成员
发帖
与我相关
我的任务
分享[DNS] DNS查询AAAA记录疑问请教
本帖最后由 满天星 于 2011-05-17 11:55 编辑 目前使用BIND 9.8.0-P1版本验证最新发布的DNS64功能(参考:ISC发布BIND 9.8.0-P1版本支持DNS64特性),相应的IETF文档是RFC6147,基本原理就是DNS服务器先查询AAAA记录,如果权威服务器无AAAA记录返回,则DNS服务器再次发起A记录查询,根据返回的A记录,服务器自动使用options中配置的ipv6 prefix+返回的A记录ipv4地址,转换为AAAA记录返回给客户端,基本流程可以参考:NAT64与DNS64基本原理概述
目前我本机安装了一个bind进行调试与验证,但是发现www.qq.com的aaaa查询过后不会再发起a记录查询,导致服务器无信息返回给客户端
而vip.qq.com以及web.qq.com都会查询aaaa记录后再次发起a记录查询,并返回合成的AAAA记录。
不是很理解权威服务器返回www.qq.com的AAAA记录与vip.qq.com以及web.qq.com的区别……还是dns服务器自身的问题?
测试服务器上dig操作记录:D:\Windows\System32\dns\bin>rndc flush
D:\Windows\System32\dns\bin>dig @localhost aaaa www.qq.com
; <<>> DiG 9.8.0-P1 <<>> @localhost aaaa www.qq.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3683
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.qq.com. IN AAAA
;; Query time: 933 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 17 10:36:50 2011
;; MSG SIZE rcvd: 28
D:\Windows\System32\dns\bin>dig @localhost aaaa vip.qq.com
; <<>> DiG 9.8.0-P1 <<>> @localhost aaaa vip.qq.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47706
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;vip.qq.com. IN AAAA
;; ANSWER SECTION:
vip.qq.com. 600 IN AAAA 1234::7793:415a
vip.qq.com. 600 IN AAAA 1234::716c:577b
;; AUTHORITY SECTION:
vip.qq.com. 86400 IN NS ns-tel2.qq.com.
vip.qq.com. 86400 IN NS ns-tel1.qq.com.
;; Query time: 261 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 17 10:36:58 2011
;; MSG SIZE rcvd: 128
D:\Windows\System32\dns\bin>dig @localhost aaaa web.qq.com
; <<>> DiG 9.8.0-P1 <<>> @localhost aaaa web.qq.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28739
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;web.qq.com. IN AAAA
;; ANSWER SECTION:
web.qq.com. 300 IN CNAME web2.qq.com.
web2.qq.com. 300 IN AAAA 1234::b73c:354
web2.qq.com. 300 IN AAAA 1234::b73c:37e
web2.qq.com. 300 IN AAAA 1234::b73e:7ed9
web2.qq.com. 300 IN AAAA 1234::790e:4a70
;; AUTHORITY SECTION:
web2.qq.com. 86400 IN NS ns-tel1.qq.com.
web2.qq.com. 86400 IN NS ns-tel2.qq.com.
;; Query time: 425 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 17 10:37:04 2011
;; MSG SIZE rcvd: 203
复制代码windows测试服务器安装bind的named.conf配置文件include "d:\Windows\System32\dns\etc\rndc.key";
options {
listen-on-v6 {any;};
allow-query {any;};
dnssec-enable no;
dnssec-validation no;
dns64 1234::/96 {
clients { any; };
mapped { any; };
exclude { 1234::/96; ::ffff:0000:0000/96; };
suffix ::;
};
dns64-server "www.ipv6bbs.cn";
dns64-contact "www.ipv6bbs.cn";
};
zone . {
type hint;
file "d:\Windows\System32\dns\etc\named.root";
};复制代码查询过程对应的抓包记录:
dns64_packet.rar
(3.02 KB, 下载次数: 44)
2011-05-17 11:39 上传
点击文件名下载附件
对应抓包记录
...全文
请发表友善的回复…
发表回复
