dns问题排查.ppt

第8节: DNS 故障排查,7种常见的DNS配置错误 如何发现这些错误，如何找到问题，如何解决？,DNS Troubleshooting-2,© 2007 Infoblox Inc. All Rights Reserved.,Troubleshooting DNS with nslookup and dig,nslookup Appends search list to queries (causing confusion), or add “.” to end of query, or use “set nosearch” “set debug” will show more of the response but not as much as dig version dependent Sends recursive queries, or Use “set norecurse” IP lookup works if type is PTR, ANY, or not set Allows control of udp/tcp or timing Command line or interactive mode Is nearly ubiquitous,dig Sends what you type Shows full response in exact master file format Sends recursive queries, or Add “+norecurse” IP lookup works with -x address Allows control of udp/tcp and truncation retry timeouts port lots more Command line only Lets you put arguments in any order (nice!) Does not ship with Windows find it on the net,DNS Troubleshooting-3,© 2007 Infoblox Inc. All Rights Reserved.,问题1: 区域数据不一致,,www.dns.pn?,,,www.dns.pn?,www.dns.pn is 192.253.253.100,,??,,www.dns.pn is 192.245.12.31,,Authoritative for dns.pn,Authoritative for dns.pn,Live Data!,DNS Troubleshooting-4,© 2007 Infoblox Inc. All Rights Reserved.,,Authoritative for dns.pn,,,,,原因: 序列号没有更新,Authoritative for dns.pn,,,,$ nslookup server . Default server: . Address: 128.196.13.18 set type=soa dns.pn. dns.pn origin = NS.Opus1.COM mail addr = hostmast.Opus1.COM serial = 2006030200 refresh = 86400 retry = 7200 expire = 2592000 minimum = 10800 set type=a www.dns.pn. Server: . Address: 128.196.13.18 Name: www.dns.pn Address: 192.245.12.31,$ nslookup server . Default Server: Address: 192.245.12.50 set type=soa dns.pn. dns.pn origin = NS.Opus1.COM mail addr = hostmast.Opus1.COM serial = 2006030200 refresh = 86400 (1D) retry = 7200 (2H) expire = 2592000 (4w2d) minimum ttl = 10800 (3H) set type=a www.dns.pn. Server: Address: 192.245.12.50 Name: www.dns.pn Address: 192.253.253.100,重新加载主服务器时没有更新序列号,DNS Troubleshooting-5,© 2007 Infoblox Inc. All Rights Reserved.,问题: 变更没有生效,www.dns.pn?,,Authoritative for dns.pn,,?,I know I changed that A record!?!,www.dns.pn is 192.245.12.31,,DNS Troubleshooting-6,© 2007 Infoblox Inc. All Rights Reserved.,原因: 修改后没有重新加载,nslookup 查询主服务器显示旧的结果,磁盘中显示新的地址和序列号,,,Primary was not reloaded after zone file edit,DNS Troubleshooting-7,© 2007 Infoblox Inc. All Rights Reserved.,,dns.pn origin = NS.Opus1.COM mail addr = hostmast.Opus1.COM serial = 2006030200 refresh = 86400 (1D) retry = 7200 (2H) expire = 2592000 (4w2d) minimum ttl = 10800 (3H),,Issue: Inconsistent Zone Data… But the Serial Numbers are Different,,www.dns.pn?,,,www.dns.pn?,www.dns.pn is 192.253.253.100,,??,,www.dns.pn is 192.245.12.31,,Authoritative for dns.pn,Authoritative for dns.pn,dns.pn origin = ns.Opus1.COM mail addr = hostmast.Opus1.COM serial = 2006030202 refresh = 86400 (1D) retry = 7200 (2H) expire = 2592000 (4w2d) minimum ttl = 10800 (3H),DNS Troubleshooting-8,© 2007 Infoblox Inc. All Rights Reserved.,,zone “dns.pn” { type slave; file “dns.pn.bak”; masters {102.245.12.50; }; };,Cause: Failure to Propagate Zone From Server to Server Can Have Several Causes,Syntax error in the zone data file on the master,,,Loss of connectivity,Incorrect IP address for the master server,,192.245.12.50,Whoops!,Microsoft DNS,BIND 9,,X,“Zones containing WINS will be rejected”,DNS Troubleshooting-9,© 2007 Infoblox Inc. All Rights Reserved.,Issue: Having Problems Sending Mail,“AOL says that we can’t send mail to them.” Hmmm… what on earth can that mean? Let’s check it out. We are using the same systems for incoming and outgoing mail. Let’s investigate them in the DNS.,$ nslookup set type=mx dhcp.hm. Server: ns3.Opus1.COM Address: 192.245.12.53 dhcp.hm preference = 555, mail exchanger = mail3.dhcp.hm dhcp.hm preference = 117, mail exchanger = mail1.dhcp.hm dhcp.hm preference = 234, mail exchanger = mail2.dhcp.hm dhcp.hm nameserver = ns2.Opus1.COM dhcp.hm nameserver = ns3.Opus1.COM mail3.dhcp.hm internet address = 207.182.63.14 mail1.dhcp.hm internet address = 207.182.63.12 mail2.dhcp.hm internet address = 207.182.63.13 ns2.Opus1.COM internet address = 192.245.12.52 ns3.Opus1.COM internet address = 192.245.12.53 ,,,Live Data!,DNS Troubleshooting-10,© 2007 Infoblox Inc. All Rights Reserved.,Cause: Missing PTR Records, set type=ptr 12.63.182.207.in-addr.arpa. Server: LOCALHOST Address: 127.0.0.1 12.63.182.207.in-addr.arpa name = Mail1.DHCP.HM 63.182.207.in-addr.arpa nameserver = NS.Opus1.COM 63.182.207.in-addr.arpa nameserver = ns4.Opus1.COM NS.Opus1.COM internet address = 192.245.12.50 ns4.Opus1.COM internet address = 128.196.13.18 13.63.182.207.in-addr.arpa. Server: LOCALHOST Address: 127.0.0.1 13.63.182.207.in-addr.arpa name = Mail2.DHCP.HM 63.182.207.in-addr.arpa nameserver = NS.Opus1.COM 63.182.207.in-addr.arpa nameserver = ns4.Opus1.COM NS.Opus1.COM internet address = 192.245.12.50 ns4.Opus1.COM internet address = 128.196.13.18 14.63.182.207.in-addr.arpa. Server: LOCALHOST Address: 127.0.0.1 *** LOCALHOST can't find 14.63.182.207.in。