获取负责特定主机的 DNS 服务器列表的正确方法是什么?
我使用以下步骤:
- 查询主机的 A 记录,某些服务器在权限部分返回 NS 记录,因此我从该部分中提取它们(如果有)。
- 查询 NS 记录,从答案部分提取它们。
问题出在“子域名”(CNAME) 上,例如:
>挖 www.microsoft.com A
;; ANSWER SECTION:
www.microsoft.com. 696 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 119 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 263 IN CNAME lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net. 31 IN A 65.55.12.249
>挖 www.microsoft.com NS
;; ANSWER SECTION:
www.microsoft.com. 619 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 42 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 186 IN CNAME lb1.www.ms.akadns.net.
;; AUTHORITY SECTION:
akadns.net. 174 IN SOA internal.akadns.net. hostmaster.akamai.com. 1304057105 90000 90000 90000 180
>挖掘 lb1.www.ms.akadns.net A
;; ANSWER SECTION:
lb1.www.ms.akadns.net. 79 IN A 65.55.12.249
> dig lb1.www.ms.akadns.net NS
;; AUTHORITY SECTION:
akadns.net. 176 IN SOA internal.akadns.net. hostmaster.akamai.com. 1304057402 90000 90000 90000 180
可以看到,没有返回 NS 记录。如何克服这个问题呢?
I use following steps:
- Query A records for host, some servers return NS records in authority section, so I extract them from that section, if any.
- Query NS records, extract them from answer section.
The problem is with "subdomains" (CNAME), for example:
> dig www.microsoft.com A
;; ANSWER SECTION:
www.microsoft.com. 696 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 119 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 263 IN CNAME lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net. 31 IN A 65.55.12.249
> dig www.microsoft.com NS
;; ANSWER SECTION:
www.microsoft.com. 619 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 42 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 186 IN CNAME lb1.www.ms.akadns.net.
;; AUTHORITY SECTION:
akadns.net. 174 IN SOA internal.akadns.net. hostmaster.akamai.com. 1304057105 90000 90000 90000 180
> dig lb1.www.ms.akadns.net A
;; ANSWER SECTION:
lb1.www.ms.akadns.net. 79 IN A 65.55.12.249
> dig lb1.www.ms.akadns.net NS
;; AUTHORITY SECTION:
akadns.net. 176 IN SOA internal.akadns.net. hostmaster.akamai.com. 1304057402 90000 90000 90000 180
As you can see, there are no NS records returned. How to overcome this problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你的算法是错误的。这是正确的。
对于目标域名
T的每个连续较短的超级域S,从T本身开始:NS查找在S上。如果答案不是非空资源记录集,请转到步骤 3。否则您将拥有一组中间域名D[]。D[]中的每个名称执行A和AAAA查找。这将为您提供一组 IP 地址。你有你的答案。 结束。S执行SOA查找。如果答案是非空资源记录集,则您将跨越管理边界,到目前为止尚未发现非空NS资源记录集。您可以根据您想要查找的内容选择ABEND。请记住,您必须对自己的 解析代理 DNS 服务器,而不是外部内容 DNS 服务器,以便您获得 完整答案 而不是部分的。另请记住,检查响应时必须遵循
CNAME链。对您挖掘 www.microsoft.com 的回复。例如,上面的 NS 查询是一条CNAME链,指向 lb1 的空NS资源记录集。 www.ms.akadns.net。。Your algorithm is wrong. Here's the right one.
For each successively shorter superdomain
Sof the target domain nameT, starting withTitself:NSlookup onS. If the answer is not a non-empty resource record set, go to step 3. Otherwise you have a set of intermediate domain namesD[].AandAAAAlookups on each name inD[]. This will give you a set of IP addresses. You have your answer. END.SOAlookup onS. If the answer is a non-empty resource record set, you are about to cross an administrative boundary having found no non-emptyNSresource record set thus far. You may choose, according to exactly what you are trying to find out, to ABEND.Remember that you have to make queries to your own resolving proxy DNS server, not to the external content DNS servers, so that you get a complete answer rather than a partial one. Also remember that you have to follow
CNAMEchains when inspecting responses. The response to yourdig www.microsoft.com. NSquery above, for example, is aCNAMEchain leading to an emptyNSresource record set forlb1.www.ms.akadns.net..