- 论坛徽章:
- 0
|
本帖最后由 满天星 于 2011-05-17 11:55 编辑
目前使用BIND 9.8.0-P1版本验证最新发布的DNS64功能(参考:ISC发布BIND 9.8.0-P1版本支持DNS64特性),相应的IETF文档是RFC6147,基本原理就是DNS服务器先查询AAAA记录,如果权威服务器无AAAA记录返回,则DNS服务器再次发起A记录查询,根据返回的A记录,服务器自动使用options中配置的ipv6 prefix+返回的A记录ipv4地址,转换为AAAA记录返回给客户端,基本流程可以参考:NAT64与DNS64基本原理概述
目前我本机安装了一个bind进行调试与验证,但是发现www.qq.com的aaaa查询过后不会再发起a记录查询,导致服务器无信息返回给客户端
而vip.qq.com以及web.qq.com都会查询aaaa记录后再次发起a记录查询,并返回合成的AAAA记录。
不是很理解权威服务器返回www.qq.com的AAAA记录与vip.qq.com以及web.qq.com的区别……还是dns服务器自身的问题?
测试服务器上dig操作记录:- D:\Windows\System32\dns\bin>rndc flush
- D:\Windows\System32\dns\bin>dig @localhost aaaa www.qq.com
- ; <<>> DiG 9.8.0-P1 <<>> @localhost aaaa www.qq.com
- ; (2 servers found)
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3683
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
- ;; QUESTION SECTION:
- ;www.qq.com. IN AAAA
- ;; Query time: 933 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Tue May 17 10:36:50 2011
- ;; MSG SIZE rcvd: 28
- D:\Windows\System32\dns\bin>dig @localhost aaaa vip.qq.com
- ; <<>> DiG 9.8.0-P1 <<>> @localhost aaaa vip.qq.com
- ; (2 servers found)
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47706
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
- ;; QUESTION SECTION:
- ;vip.qq.com. IN AAAA
- ;; ANSWER SECTION:
- vip.qq.com. 600 IN AAAA 1234::7793:415a
- vip.qq.com. 600 IN AAAA 1234::716c:577b
- ;; AUTHORITY SECTION:
- vip.qq.com. 86400 IN NS ns-tel2.qq.com.
- vip.qq.com. 86400 IN NS ns-tel1.qq.com.
- ;; Query time: 261 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Tue May 17 10:36:58 2011
- ;; MSG SIZE rcvd: 128
- D:\Windows\System32\dns\bin>dig @localhost aaaa web.qq.com
- ; <<>> DiG 9.8.0-P1 <<>> @localhost aaaa web.qq.com
- ; (2 servers found)
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28739
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
- ;; QUESTION SECTION:
- ;web.qq.com. IN AAAA
- ;; ANSWER SECTION:
- web.qq.com. 300 IN CNAME web2.qq.com.
- web2.qq.com. 300 IN AAAA 1234::b73c:354
- web2.qq.com. 300 IN AAAA 1234::b73c:37e
- web2.qq.com. 300 IN AAAA 1234::b73e:7ed9
- web2.qq.com. 300 IN AAAA 1234::790e:4a70
- ;; AUTHORITY SECTION:
- web2.qq.com. 86400 IN NS ns-tel1.qq.com.
- web2.qq.com. 86400 IN NS ns-tel2.qq.com.
- ;; Query time: 425 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Tue May 17 10:37:04 2011
- ;; MSG SIZE rcvd: 203
复制代码 windows测试服务器安装bind的named.conf配置文件- include "d:\Windows\System32\dns\etc\rndc.key";
- options {
- listen-on-v6 {any;};
- allow-query {any;};
- dnssec-enable no;
- dnssec-validation no;
- dns64 1234::/96 {
- clients { any; };
- mapped { any; };
- exclude { 1234::/96; ::ffff:0000:0000/96; };
- suffix ::;
- };
- dns64-server "www.ipv6bbs.cn";
- dns64-contact "www.ipv6bbs.cn";
-
- };
- zone . {
- type hint;
- file "d:\Windows\System32\dns\etc\named.root";
- };
复制代码 查询过程对应的抓包记录:
dns64_packet.rar
(3.02 KB, 下载次数: 44)
|
|