紧急求助大家看下这个域名的 DNS 解析异常

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

这是一个创建于 2151 天前的主题，其中的信息可能已经有所发展或是发生改变。

内网用 unbound 做的 DNS 缓存服务器,但是这个域名解析有异常,我 reload 好了一会,又不行了..

dig www.creditchina.gov.cn

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> www.creditchina.gov.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28547
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.creditchina.gov.cn.                IN      A

;; ANSWER SECTION:
www.creditchina.gov.cn. 19731   IN      CNAME   creditchina.baidu.com.
creditchina.baidu.com.  6209    IN      CNAME   creditchina.e.shifen.com.

;; AUTHORITY SECTION:
e.shifen.com.           3432    IN      NS      ns2.e.shifen.com.
e.shifen.com.           3432    IN      NS      ns5.e.shifen.com.
e.shifen.com.           3432    IN      NS      ns3.e.shifen.com.
e.shifen.com.           3432    IN      NS      ns4.e.shifen.com.
e.shifen.com.           3432    IN      NS      ns1.e.shifen.com.

;; ADDITIONAL SECTION:
ns1.e.shifen.com.       193     IN      A       61.135.165.225
ns2.e.shifen.com.       193     IN      A       180.149.133.242
ns3.e.shifen.com.       193     IN      A       61.135.162.217
ns4.e.shifen.com.       193     IN      A       115.239.210.177
ns5.e.shifen.com.       193     IN      A       119.75.222.13

;; Query time: 0 msec
;; SERVER: 10.28.70.14#53(x.x.x.x)
;; WHEN: Tue Jun 05 11:09:30 CST 2018
;; MSG SIZE  rcvd: 291

3 条回复 • 2018-06-05 11:57:30 +08:00

denghongcai

2018-06-05 11:32:15 +08:00

这个有百度云加速的，你的缓存是强设了 TTL 吗？有可能是 CDN 节点一直在调度换了

mrco

2018-06-05 11:40:33 +08:00

@denghongcai 设置了

```bash
grep -i ttl /etc/unbound/unbound.conf
# the time to live (TTL) value lower bound, in seconds. Default 0.
cache-min-ttl: 600
# the time to live (TTL) value cap for RRsets and messages in the
cache-max-ttl: 86400
# the time to live (TTL) value cap for negative responses in the cache
cache-max-negative-ttl: 600
# the time to live (TTL) value for cached roundtrip times, lameness and
infra-host-ttl: 900
# single line, surrounded by "". TTL is ignored. class is IN default.
val-bogus-ttl: 600
# Serve expired responses from cache, with TTL 0 in the response,
# instruct the auto-trust-anchor-file probing to add anchors after ttl.
# instruct the auto-trust-anchor-file probing to del anchors after ttl.
# auto-trust-anchor-file probing removes missing anchors after ttl.
# Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY.
ipsecmod-max-ttl: 3600
```

mrco

2018-06-05 11:57:30 +08:00

直接去 dig 居然返回 NOERROR,但是没用 A 记录返回:

```bash
dig creditchina.e.shifen.com.

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> creditchina.e.shifen.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25281
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;creditchina.e.shifen.com. IN A

;; AUTHORITY SECTION:
e.shifen.com. 631 IN NS ns5.e.shifen.com.
e.shifen.com. 631 IN NS ns2.e.shifen.com.
e.shifen.com. 631 IN NS ns1.e.shifen.com.
e.shifen.com. 631 IN NS ns3.e.shifen.com.
e.shifen.com. 631 IN NS ns4.e.shifen.com.

;; ADDITIONAL SECTION:
ns1.e.shifen.com. 211 IN A 61.135.165.225
ns2.e.shifen.com. 211 IN A 180.149.133.242
ns3.e.shifen.com. 211 IN A 61.135.162.217
ns4.e.shifen.com. 211 IN A 115.239.210.177
ns5.e.shifen.com. 211 IN A 119.75.222.13

;; Query time: 0 msec
;; SERVER: 10.28.70.14#53(10.28.70.14)
;; WHEN: Tue Jun 05 11:56:11 CST 2018
;; MSG SIZE rcvd: 223
```