windows 域后缀添加到 DNS 查询
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1016026/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Domain Suffix added to DNS Queries
提问by Xap
I have a reoccurring DNS problem that has been plaguing our users, occasionally causing their laptops to append our company's domain to the end of all DNS queries. The problem only occurs when users are off site and it appears to be fairly random. It will work one day and then, out of the blue, it will show the invalid entry. This effects mostly Windows XP users but has recently been seen on Vista as well. Here is an example using nslookup.
我有一个反复出现的 DNS 问题,它一直困扰着我们的用户,偶尔会导致他们的笔记本电脑将我们公司的域附加到所有 DNS 查询的末尾。该问题仅在用户不在现场时出现,而且似乎相当随机。有一天它会起作用,然后突然间,它会显示无效的条目。这主要影响 Windows XP 用户,但最近也出现在 Vista 上。这是使用 nslookup 的示例。
C:\Users\Username>nslookup www.yahoo.com Server: Linksys Address: 192.168.0.1
C:\Users\Username>nslookup www.yahoo.com 服务器:Linksys 地址:192.168.0.1
Non-authoritative answer: Name: www.yahoo.com.MYDOMAIN.COM Address: 999.999.999.999
非权威回答:名称:www.yahoo.com.MYDOMAIN.COM 地址:999.999.999.999
I have replaced the IP address that is reported with a placeholder but I can tell you that what it returns is the default *. entry on our Network Solutions configuration. Since obvious www.yahoo.com.MYDOMAIN.COM doesn't exist this makes since. I believe the users internal equipment is functioning properly. Internally we run a Windows 2k3 Active Directory w/ Windows based DHCP and DNS servers. Eventually the problem resolves itself usually over a couple of hours or a number of reboots.
我已经用占位符替换了报告的 IP 地址,但我可以告诉你它返回的是默认的 *. 进入我们的网络解决方案配置。由于明显的 www.yahoo.com.MYDOMAIN.COM 不存在这使得因为。我相信用户内部设备运行正常。在内部,我们运行带有基于 Windows 的 DHCP 和 DNS 服务器的 Windows 2k3 Active Directory。最终问题通常会在几个小时或多次重启后自行解决。
Has anyone seen this behavior before?
有没有人见过这种行为?
采纳答案by Philip Derbeko
The default behavior of nslookup is to append domain suffixes to your query. It will do that until it gets an answer to some question.
nslookup 的默认行为是将域后缀附加到您的查询中。它会这样做,直到它得到某个问题的答案。
It appears that you probably had temporary network disconnection. the host then tried to resolve a name and since it could not resolve www.yahoo.com it started adding known domains suffixes to it. You should see www.yahoo.com.SUBDOMAIN.MYDOMAIN.COM, www.yahoo.com.MYDOMAIN.COM and www.yahoo.com.COM
看来您可能暂时断开了网络连接。然后主机尝试解析一个名称,由于它无法解析 www.yahoo.com,它开始向其添加已知域后缀。您应该看到 www.yahoo.com.SUBDOMAIN.MYDOMAIN.COM、www.yahoo.com.MYDOMAIN.COM 和 www.yahoo.com.COM
When all works correctly (network and DNS server) this should not be a problem.
如果一切正常(网络和 DNS 服务器),这应该不是问题。
回答by Mike
I've had the same problem with Win XP. I fixed it by installing "Portable DNS Cache and Firewall" and specifying the rule to block "*.com.mydomain.com". This blocks all the queries for ".com" domains that are attempted to be resolved as you company's subdomains.
我在使用 Win XP 时遇到了同样的问题。我通过安装“便携式 DNS 缓存和防火墙”并指定阻止“*.com.mydomain.com”的规则来修复它。这会阻止对“.com”域的所有查询,这些查询试图解析为贵公司的子域。
回答by chaos
I haven't, but the scenario that comes to mind is that perhaps your systems are trying to determine whether to append the domain suffix by looking to see whether they can retrieve NS records for the .com TLD, and then intermittent network failures are causing false negatives on that check.
我没有,但我想到的情况是,您的系统可能正在尝试通过查看是否可以检索 .com TLD 的 NS 记录来确定是否附加域后缀,然后导致间歇性网络故障那张支票的假阴性。
回答by sybreon
It could also be a DHCP/DNS issue. Part of the DHCP reply can include information about the search domain. Typically, the PC would try to guess to see if it needed to append the search domain before sending the query up to the DNS server. Might warrant an investigation as well.
也可能是 DHCP/DNS 问题。部分 DHCP 回复可以包括有关搜索域的信息。通常,PC 会尝试猜测是否需要在将查询发送到 DNS 服务器之前附加搜索域。也可能需要调查。
回答by benc
There are still a lot of possibilities, so see if you can narrow it down.
还有很多可能性,所以看看你是否可以缩小它。
You need to isolate the problem to a specific application on a specific system.
您需要将问题隔离到特定系统上的特定应用程序。
You could have a misconfigured DHCP server (you might be able to compare the lease log on the DHCP server with windows of activity). You might have a badly behaving application, which composes calls to the resolver without an FQDN (which should end in a period). If your first query fails (lets say the DNS request times out), then the resolver might cause a second query where treated your string as a PQDN and literalized it into the longer FQDN you see.
您可能有一个错误配置的 DHCP 服务器(您可以将 DHCP 服务器上的租用日志与活动窗口进行比较)。您可能有一个行为不佳的应用程序,它在没有 FQDN(应该以句点结束)的情况下组合对解析器的调用。如果您的第一个查询失败(假设 DNS 请求超时),那么解析器可能会导致第二个查询,其中将您的字符串视为 PQDN 并将其文字化为您看到的更长的 FQDN。
![在 Windows 和 LINUX 中创建程序库 [C++]](/res/img/loading.gif)