Jump to content
Калькуляторы

Странный глюк с DNS

Столкнулся со странным глюком в работе DNS на Windows.

Воспроизводится на трех разных ПК, подключенных в разных местах и разным способом (PPPoE и IPoE), с разными ОС.

Общего только ОС Windows и DNS-сервера провайдера.

Глюк выглядит так:

>ipconfig /flushdns

Настройка протокола IP для Windows

Кэш сопоставителя DNS успешно очищен.


>nslookup mc.yandex.ru
╤хЁтхЁ:  ***
Address:  192.168.1.250

Не заслуживающий доверия ответ:
╚ь :     mc.yandex.ru
Addresses:  2a02:6b8::1:119
          87.250.251.119
          93.158.134.119
          87.250.250.119
          213.180.193.119



>ping mc.yandex.ru
При проверке связи не удалось обнаружить узел mc.yandex.ru.
Проверьте имя узла и повторите попытку.

В клиентском кеше запись есть (правда кеш быстро успевает забиться и не влезает в буфер терминального окна, поэтому вывод отфильтрован):

>ipconfig /displaydns | find "mc.yandex.ru"
    PTR-запись. . . . . . : mc.yandex.ru
    mc.yandex.ru
    Имя записи. . . . . . : mc.yandex.ru
    mc.yandex.ru

nslookup с подробностями в спойлере.

Спойлер

Запрос делал с рабочего ПК в домене, поэтому в ответах так много NXDOMAIN.


>nslookup -d mc.yandex.ru
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        250.1.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  250.1.168.192.in-addr.arpa
        name = srv-main.corp.corpdomain.ru
        ttl = 1200 (20 mins)

------------
╤хЁтхЁ:  srv-main.corp.corpdomain.ru
Address:  192.168.1.250

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mc.yandex.ru.corp.corpdomain.ru, type = A, class = IN
    AUTHORITY RECORDS:
    ->  corp.corpdomain.ru
        ttl = 3600 (1 hour)
        primary name server = srv-main.corp.corpdomain.ru
        responsible mail addr = hostmaster.corp.corpdomain.ru
        serial  = 24113
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mc.yandex.ru.corp.corpdomain.ru, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  corp.corpdomain.ru
        ttl = 3600 (1 hour)
        primary name server = srv-main.corp.corpdomain.ru
        responsible mail addr = hostmaster.corp.corpdomain.ru
        serial  = 24113
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mc.yandex.ru.corpdomain.ru, type = A, class = IN
    AUTHORITY RECORDS:
    ->  corpdomain.ru
        ttl = 729 (12 mins 9 secs)
        primary name server = ns.cyber.com.ru
        responsible mail addr = root.cyber.com.ru
        serial  = 1511384170
        refresh = 14400 (4 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mc.yandex.ru.corpdomain.ru, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  corpdomain.ru
        ttl = 729 (12 mins 9 secs)
        primary name server = ns.cyber.com.ru
        responsible mail addr = root.cyber.com.ru
        serial  = 1511384170
        refresh = 14400 (4 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 4,  authority records = 0,  additional = 0

    QUESTIONS:
        mc.yandex.ru, type = A, class = IN
    ANSWERS:
    ->  mc.yandex.ru
        internet address = 93.158.134.119
        ttl = 84 (1 min 24 secs)
    ->  mc.yandex.ru
        internet address = 87.250.250.119
        ttl = 84 (1 min 24 secs)
    ->  mc.yandex.ru
        internet address = 213.180.193.119
        ttl = 84 (1 min 24 secs)
    ->  mc.yandex.ru
        internet address = 87.250.251.119
        ttl = 84 (1 min 24 secs)

------------
Не заслуживающий доверия ответ:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        mc.yandex.ru, type = AAAA, class = IN
    ANSWERS:
    ->  mc.yandex.ru
        AAAA IPv6 address = 2a02:6b8::1:119
        ttl = 98 (1 min 38 secs)

------------
╚ь :     mc.yandex.ru
Addresses:  2a02:6b8::1:119
          93.158.134.119
          87.250.250.119
          213.180.193.119
          87.250.251.119

 

Нет версий что это и почему?

Share this post


Link to post
Share on other sites

Разобрался с глюком, забыл написать.

Я в файле hosts кучу рекламных серверов блокировал, в том числе mc.yandex.ru.

Поэтому в локальном кеше DNS была фейковая запись.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.