Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,2007 Infoblox Inc.All Rights Reserved.,DNS Troubleshooting,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,DNS Troubleshooting-,*,2007 Infoblox Inc.All Rights Reserved.,第,8,节,:DNS,故障排查,7,种常见的,DNS,配置错误,如何发现这些错误，如何找到问题，如何解决？,DNS Troubleshooting-,2,2007 Infoblox Inc.All Rights Reserved.,Troubleshooting DNS with nslookup and dig,nslookup,Appends search list to queries(causing confusion),or,add“.”to end of query,or,use“set nosearch”,“set debug”will show more of the response,but not as much as dig,version dependent,Sends recursive queries,or,Use“set norecurse”,IP lookup works if type is PTR,ANY,or not set,Allows control of udp/tcp or timing,Command line or interactive mode,Is nearly ubiquitous,dig,Sends what you type,Shows full response in exact master file format,Sends recursive queries,or,Add“+norecurse”,IP lookup works with-x address,Allows control of,udp/tcp and truncation retry,timeouts,port,lots more,Command line only,Lets you put arguments in any order(nice!),Does not ship with Windows,find it on the net,DNS Troubleshooting-,3,2007 Infoblox Inc.All Rights Reserved.,问题,1:,区域数据不一致,www.dns.pn,?,www.dns.pn,?,www.dns.pn,is 192.253.253.100,?,www.dns.pn,is 192.245.12.31,Authoritativefor,dns.pn,Authoritativefor,dns.pn,Live Data!,DNS Troubleshooting-,4,2007 Infoblox Inc.All Rights Reserved.,Authoritativefor,dns.pn,原因,:,序列号没有更新,Authoritativefor,dns.pn,$nslookup,server .,Default server:.,Address:128.196.13.18,set type=soa,dns.pn.,dns.pn,origin=NS.Opus1.COM,mail addr=hostmast.Opus1.COM,serial=2006030200,refresh=86400,retry=7200,expire=2592000,minimum=10800,set type=a,www.dns.pn.,Server:.,Address:128.196.13.18,Name:www.dns.pn,Address:192.245.12.31,$nslookup,server .,Default Server:,Address:192.245.12.50,set type=soa,dns.pn.,dns.pn,origin=NS.Opus1.COM,mail addr=hostmast.Opus1.COM,serial=2006030200,refresh=86400(1D),retry =7200(2H),expire =2592000(4w2d),minimum ttl=10800(3H),set type=a,www.dns.pn.,Server:,Address:192.245.12.50,Name:www.dns.pn,Address:192.253.253.100,重新加载主服务器时没有更新序列号,DNS Troubleshooting-,5,2007 Infoblox Inc.All Rights Reserved.,问题,:,变更没有生效,www.dns.pn,?,Authoritativefor,dns.pn,?,I know I changed that A record!?!,www.dns.pn,is 192.245.12.31,DNS Troubleshooting-,6,2007 Infoblox Inc.All Rights Reserved.,$cat db.dns.pn,;authoritative data for dns.pn,$TTL 1d,IN SOA NS.Opus1.COM.hostmast.Opus1.COM.,(,2006030201 ;serial number,1d ;refresh 1x per day,2h ;retry every 2 hours,30d ;expire after 1 month,3h ;Negative TTL is 3 hours,),IN MX 100 Ironport.Opus1.COM.,IN NS ns.Opus1.COM.,IN NS ns4.Opus1.COM.,IN A 192.245.12.31,;,WWWIN A 192.253.253.100,原因,:,修改后没有重新加载,nslookup,查询主服务器显示旧的结果,磁盘中显示新的地址和序列号,Primary was not reloaded after zone file edit,$nslookup,www.dns.pn.,Server:,Address:192.245.12.50,Name:www.dns.pn,Address:192.253.253.31,set type=soa,dns.pn.,Server:,Address:192.245.12.50,dns.pn,origin=NS.Opus1.COM,mail addr=hostmast.Opus1.COM,serial=2006030200,refresh=86400(1D),retry =7200(2H),expire =2592000(4w2d),minimum ttl=10800(3H),DNS Troubleshooting-,7,2007 Infoblox Inc.All Rights Reserved.,dns.pn,origin=NS.Opus1.COM,mail addr=hostmast.Opus1.COM,serial=2006030200,refresh=86400(1D),retry =7200(2H),expire =2592000(4w2d),minimum ttl=10800(3H),Issue:Inconsistent Zone Data But the Serial Numbers are Different,www.dns.pn,?,www.dns.pn,?,www.dns.pn,is 192.253.253.100,?,www.dns.pn,is 192.245.12.31,Authoritativefor,dns.pn,Authoritativefor,dns.pn,dns.pn,origin=ns.Opus1.COM,mail addr=hostmast.Opus1.COM,serial=2006030202,refresh=86400(1D),retry =7200(2H),expire =2592000(4w2d),minimum ttl=10800(3H),DNS Troubleshooting-,8,2007 Infoblox Inc.All Rights Reserved.,zone“dns.pn”type slave;file“dns.pn.bak”;masters 102.245.12.50;,Cause:Failure to Propagate Zone From Server to Server Can Have Several Causes,Syntax error in the zone data file on the master,Master,“,dns.pn”,Slave,“,dns.pn”,Loss of connectivity,Incorrect IP address for the master server,Master,“,dns.pn”,Slave,“,dns.pn”,Master,“,dns.pn”,Slave,“,dns.pn”,192.245.12.50,Whoops!,Microsoft DNS,BIND 9,X,“,Zones containing WINS will be rejected”,DNS Troubleshooting-,9,2007 Infoblox Inc.All Rights Reserved.,Issue:Having Problems Sending Mail,“,AOL says that we cant send mail to them.”,Hmmm what on earth can that mean?Lets check it out.,We are using the same systems for incoming and outgoing mail.Lets investigate them in the DNS.,$nslookup,set type=mx,dhcp.hm.,Server:ns3.Opus1.COM,Address:192.245.12.53,dhcp.hm preference=555,mail exchanger=mail3.dhcp.hm,dhcp.hm preference=117,mail exchanger=mail1.dhcp.hm,dhcp.hm preference=234,mail exchanger=mail2.dhcp.hm,dhcp.hm nameserver=ns2.Opus1.COM,dhcp.hm nameserver=ns3.Opus1.COM,mail3.dhcp.hm internet address=207.182.63.14,mail1.dhcp.hm internet address=207.182.63.12,mail2.dhcp.hm internet address=207.182.63.13,ns2.Opus1.COM internet address=192.245.12.52,ns3.Opus1