有一套比较旧的环境,BIND 9.8.2,搭了域名服务器,开发反馈,dig ns . 居然没有glue record返回,甚是奇怪。
检查了配置文件,网上也查了很多,后来在官方网址找到了原因。
解释就是A/AAAA资源记录被丢掉了,导致根本没有glue record.
https://kb.isc.org/docs/aa-01537
原来是bind 9.8.2的版本bug
Therefore the A/AAAA RRsets for the root nameservers received in the priming response are discarded and the cache is not updated. After the root hint RRsets have expired, if another query for a new TLD is processed, the resolver will have to fall back to the root hints again. The hints are once again loaded into the cache with TTL=0, triggering yet another priming query, the results of which will once again be discarded, and so on.The fix has been to promote the additional data received in the response from priming queries to GLUE. This means that it will be kept in cache in the same way as nameserver addresses received in a delegation referral response, so that when named needs to contact those servers, it can query the zone root-servers.net for confirmation of their addresses, which will then be updated in cache as AUTH-ANSWER.
解决方法:1、升级BIND9版本;
2、为每个根区建立db文件;
3、根据返回的NS记录,查询每个NS对应的A/AAAA记录.
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有 