none
DNS服務器解析慢 RRS feed

  • 问题

  • 客戶機dns指向ad server (10.10.1.1),domain(cityu.edu.mo)

    由於domain亦是官網,所以新增了一條指向官網的A Record

    但是客戶機訪問官網的時候dns解析很慢,把dns服務器換成其他就沒有這種狀況

    請問是哪裡設置有誤?

    2019年9月17日 3:59

全部回复

  • Hi ,

    请运行nslookup set d2的命令进入高级调试模式,检查整个解析过程中是否存在问题:

    >NSlookup
    >set d2
    >[name which you want to resolve]

    请注意:由于论坛是公共开放的,任何人都可以看到您发布的消息,在您上传结果之前,请将隐私信息抹黑或者删除,以防止个人信息泄露。

    另外这种内部域名和外部域名相同的情况,也叫做split zone。针对split zone,我们还有其他的两种方案:

    1.在DC上安装IIS,通过IIS配置重定向引导到你的官网地址。

    2.修改注册表防止DC去注册主机记录。

    可以参考以下的链接:

    DNS (internal domain has same name as external website)

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   



    2019年9月18日 3:15
    版主
  • 預設伺服器:  UnKnown
    Address:  10.10.61.1

    > set d2
    > cityu.edu.mo
    伺服器:  UnKnown
    Address:  10.10.61.1

    ------------
    SendRequest(), len 43
        HEADER:
            opcode = QUERY, id = 2, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo.cityu.edu.mo, type = A, class = IN

    ------------
    ------------
    Got answer (111 bytes):
        HEADER:
            opcode = QUERY, id = 2, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            cityu.edu.mo.cityu.edu.mo, type = A, class = IN
        AUTHORITY RECORDS:
        ->  cityu.edu.mo
            type = SOA, class = IN, dlen = 44
            ttl = 3600 (1 hour)
            primary name server = cityuad1.cityu.edu.mo
            responsible mail addr = hostmaster.cityu.edu.mo
            serial  = 915
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 43
        HEADER:
            opcode = QUERY, id = 3, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo.cityu.edu.mo, type = AAAA, class = IN

    ------------
    ------------
    Got answer (111 bytes):
        HEADER:
            opcode = QUERY, id = 3, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            cityu.edu.mo.cityu.edu.mo, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  cityu.edu.mo
            type = SOA, class = IN, dlen = 44
            ttl = 3600 (1 hour)
            primary name server = cityuad1.cityu.edu.mo
            responsible mail addr = hostmaster.cityu.edu.mo
            serial  = 915
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 37
        HEADER:
            opcode = QUERY, id = 4, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo.edu.mo, type = A, class = IN

    ------------
    ------------
    Got answer (82 bytes):
        HEADER:
            opcode = QUERY, id = 4, rcode = NXDOMAIN
            header flags:  response, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            cityu.edu.mo.edu.mo, type = A, class = IN
        AUTHORITY RECORDS:
        ->  edu.mo
            type = SOA, class = IN, dlen = 33
            ttl = 650 (10 mins 50 secs)
            primary name server = edu.mo
            responsible mail addr = dnsadmin.edu.mo
            serial  = 1568779201
            refresh = 3600 (1 hour)
            retry   = 900 (15 mins)
            expire  = 432000 (5 days)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 37
        HEADER:
            opcode = QUERY, id = 5, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo.edu.mo, type = AAAA, class = IN

    ------------
    ------------
    Got answer (82 bytes):
        HEADER:
            opcode = QUERY, id = 5, rcode = NXDOMAIN
            header flags:  response, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            cityu.edu.mo.edu.mo, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  edu.mo
            type = SOA, class = IN, dlen = 33
            ttl = 650 (10 mins 50 secs)
            primary name server = edu.mo
            responsible mail addr = dnsadmin.edu.mo
            serial  = 1568779201
            refresh = 3600 (1 hour)
            retry   = 900 (15 mins)
            expire  = 432000 (5 days)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 30
        HEADER:
            opcode = QUERY, id = 6, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo, type = A, class = IN

    ------------
    ------------
    Got answer (62 bytes):
        HEADER:
            opcode = QUERY, id = 6, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 2,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo, type = A, class = IN
        ANSWERS:
        ->  cityu.edu.mo
            type = A, class = IN, dlen = 4
            internet address = 202.175.81.202
            ttl = 600 (10 mins)
        ->  cityu.edu.mo
            type = A, class = IN, dlen = 4
            internet address = 10.10.61.1
            ttl = 600 (10 mins)

    ------------
    ------------
    SendRequest(), len 30
        HEADER:
            opcode = QUERY, id = 7, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            cityu.edu.mo, type = AAAA, class = IN

    ------------
    ------------
    Got answer (86 bytes):
        HEADER:
            opcode = QUERY, id = 7, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            cityu.edu.mo, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  cityu.edu.mo
            type = SOA, class = IN, dlen = 44
            ttl = 3600 (1 hour)
            primary name server = cityuad1.cityu.edu.mo
            responsible mail addr = hostmaster.cityu.edu.mo
            serial  = 915
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    名稱:    cityu.edu.mo
    Addresses:  202.175.81.202
              10.10.61.1

    >
    2019年9月18日 4:10
  • Hi ,

    请单击附加这些DNS后缀(按顺序),并添加edu.mo的后缀,确定保存之后,看看解析是否还有缓慢的情况。

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2019年9月18日 4:43
    版主
  • 情況沒有改善。

    其實該a record一開始添加的時候沒有任何問題的

    但是上星期把該a record的ip修改后就變得很慢了

    2019年9月18日 5:50
  • Hi ,

    目前看PO出来的nslookup的解析过程问题不大。

    >>名稱:    cityu.edu.mo
    Addresses:  202.175.81.202
              10.10.61.1

    >>客戶機dns指向ad server (10.10.1.1)

    这边的DNS服务器的IP地址是打错了吗? 前面是10.10.1.1,后面是10.10.61.1。

    如果是打错了的话,我认为可能是由于在解析的时候,首先找了DC的地址,所以导致解析变缓慢了,这种情况应该是正常的。

    个人建议是,你可以添加一个www的A记录来指向这个官网地址,这样就不会有DC的地址来干扰了。

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2019年9月18日 7:28
    版主
  • 在chrome的開發者工具裡面,發現dns lookup速度是很快的,stalled時間很長

    經過抓包,發現出現很多TCP Dup ACK的包

    不清楚為什麼連了內部dns就會丟失TCP狀態

    2019年9月18日 7:30
  • Hi ,

    您有添加过www的A记录做测试吗?

    另外,把实际抓包的过程截图上传一下,我尝试给您分析一下(请注意,隐藏或者是删除掉个人信息

    还有就是分别Ping DC的IP地址,和官网IP地址有出现丢包的情况吗?

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2019年9月18日 8:31
    版主
  • www的A記錄之前就有設置

    wireshark

    www.cityu.edu.mo/html/upload/2.png

    PING

    www.cityu.edu.mo/html/upload/3.png

    Thx!

    2019年9月18日 8:52
  • Hi ,

    请问外网的用户访问这个新的WEB服务器是否正常? 看看是否和内网机器遇到相同的问题。

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2019年9月19日 9:22
    版主
  • 外網訪問正常。

    內網如果dns改為8.8.8.8的話也正常,但是一設置為10.10.61.1就會變得很慢

    2019年9月19日 10:16
  • Hi ,

    感谢您的更新。

    从您PO出的nslookup的结果来看,解析过程中并没有什么问题。

    从整个情况来看,我也和同事讨论了一下,我还是在怀疑是由于浏览器拿到了两个IP,轮询到内网的IP了,然后等了好几秒,三次握手不成功再去试了外网的IP。最终导致了解析变慢。

    这个过程要去分析完整的抓包流程才能确认了。

    由于论坛是不支持抓包分析,我建议还是和微软开一个case,深入分析抓包的过程来确定具体原因。以下是开case的链接:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers 

    感谢您的理解和支持。

    此致

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2019年9月20日 6:25
    版主
  • 該問題的最終解決方法

    在AD Group Policy 里對每個用戶的hosts file 進行replace,hosts文件新增了外部網域的ip記錄。

    當用戶訪問網站時會先查詢本機dns記錄,所以不會經過dns server,直接將發生的問題繞過。

    2019年10月11日 9:39
  • Hi ,

    感谢您在论坛分享您的解决方法!

    Highly appreciate your effort and time!

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2019年10月11日 9:48
    版主