dig我正在比较使用Cloudflare 的 1.1.1.1 和 Google 的 8.8.8.8 名称服务器执行的相同 DNS 查询的输出:
$> dig +trace +additional wikpedia.org @1.1.1.1
; <<>> DiG 9.16.1-Ubuntu <<>> +trace +additional wikipedia.org @1.1.1.1
;; global options: +cmd
. 512680 IN NS a.root-servers.net.
. 512680 IN NS b.root-servers.net.
. 512680 IN NS c.root-servers.net.
. 512680 IN NS d.root-servers.net.
. 512680 IN NS e.root-servers.net.
. 512680 IN NS f.root-servers.net.
. 512680 IN NS g.root-servers.net.
. 512680 IN NS h.root-servers.net.
. 512680 IN NS i.root-servers.net.
. 512680 IN NS j.root-servers.net.
. 512680 IN NS k.root-servers.net.
. 512680 IN NS l.root-servers.net.
. 512680 IN NS m.root-servers.net.
. 512680 IN RRSIG NS 8 0 518400 20221010050000 20220927040000 20826 . E5aHqAj0MqKBkUBMP7OC3GDjnnr2T1unuV9Qy29b4VAYj7onRsOJypPn MDlXlFx1PcnOxOR3ATfuJnvKp+e7jOTsX7XJNo3NKhlin+dzdL12q9Rg /D3kutjO6eDFBySaJU9fzt4yFa92hZclEiZSk87GkTZPfkV1k9exgP0U NszN9caQfChOt9/jS+0d8LAO9ZWdiPWeB+d/cXwm+wtE4YmV0eUjmuPw ZOGBLKX6EYSoYBm2gLK4ObAGb9OXgty5ub85RVdwTIIegRHHD0YisYYS 0YiPos4LCDlUgRDWIOicz4a44ThQ5Q59HuZmCgYCIJbGH8u2nmfcYPru xfv8Bw==
a.root-servers.net. 512680 IN A 198.41.0.4
a.root-servers.net. 512680 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 512680 IN A 199.9.14.201
b.root-servers.net. 512680 IN AAAA 2001:500:200::b
c.root-servers.net. 512680 IN A 192.33.4.12
c.root-servers.net. 512680 IN AAAA 2001:500:2::c
d.root-servers.net. 512680 IN A 199.7.91.13
d.root-servers.net. 512680 IN AAAA 2001:500:2d::d
e.root-servers.net. 512680 IN A 192.203.230.10
e.root-servers.net. 512680 IN AAAA 2001:500:a8::e
f.root-servers.net. 512680 IN A 192.5.5.241
f.root-servers.net. 512680 IN AAAA 2001:500:2f::f
g.root-servers.net. 512680 IN A 192.112.36.4
g.root-servers.net. 512680 IN AAAA 2001:500:12::d0d
h.root-servers.net. 512680 IN A 198.97.190.53
h.root-servers.net. 512680 IN AAAA 2001:500:1::53
i.root-servers.net. 512680 IN A 192.36.148.17
i.root-servers.net. 512680 IN AAAA 2001:7fe::53
j.root-servers.net. 512680 IN A 192.58.128.30
j.root-servers.net. 512680 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 512680 IN A 193.0.14.129
k.root-servers.net. 512680 IN AAAA 2001:7fd::1
l.root-servers.net. 512680 IN A 199.7.83.42
l.root-servers.net. 512680 IN AAAA 2001:500:9f::42
m.root-servers.net. 512680 IN A 202.12.27.33
m.root-servers.net. 512680 IN AAAA 2001:dc3::35
;; Received 1097 bytes from 1.1.1.1#53(1.1.1.1) in 16 ms
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS a2.org.afilias-nst.info.
org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS b2.org.afilias-nst.org.
org. 172800 IN NS c0.org.afilias-nst.info.
org. 172800 IN NS d0.org.afilias-nst.org.
org. 86400 IN DS 26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org. 86400 IN RRSIG DS 8 1 86400 20221010050000 20220927040000 20826 . RdN/DLbZIJJuBD/GiDbrXN5dOdHfOicZgCJOH+FyHgySbHNgTOdd3YTx qd0+TkMw5Tn5ASYwv6Jgr7Z2IyAnEamhpPkWyAB0DKaaNq9fxPihLE7X gFw2rOZC3WoHuglasLa7hZ1sxVfezLjDFFLCZpAv1PIJtMJUTQhouHs+ tXWXVP9wtEaQpkB9lrvsqF3DJ2AXYRunjyQFeOyT89rFPuVOa810ZMJX 47JBe5L5NiPbJZ8w7+QXLdubOxiydBU6nLgIsbcwC1H3nmT70HI5B4QX TvMb++jeZZLSYGITuNxepg35Ej0yhEgtmG4EBLY0I7EFehJ4D+FrtfsE MhRHbg==
a0.org.afilias-nst.info. 172800 IN A 199.19.56.1
a2.org.afilias-nst.info. 172800 IN A 199.249.112.1
b0.org.afilias-nst.org. 172800 IN A 199.19.54.1
b2.org.afilias-nst.org. 172800 IN A 199.249.120.1
c0.org.afilias-nst.info. 172800 IN A 199.19.53.1
d0.org.afilias-nst.org. 172800 IN A 199.19.57.1
a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1
a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1
b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1
b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1
c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1
d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1
;; Received 779 bytes from 198.97.190.53#53(h.root-servers.net) in 32 ms
wikipedia.org. 3600 IN NS ns0.wikimedia.org.
wikipedia.org. 3600 IN NS ns1.wikimedia.org.
wikipedia.org. 3600 IN NS ns2.wikimedia.org.
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 3600 IN NSEC3 1 1 0 332539EE7F95C32A GDTREA8KMJ2RNEQEN4M2OGJ26KFSUKJ7 NS SOA RRSIG DNSKEY NSEC3PARAM
tpeahq77pcfqu9h00c3mh570ah1f4g65.org. 3600 IN NSEC3 1 1 0 332539EE7F95C32A TPEESGJUPU0G7LLLUQEA296C6EAUG5AU NS DS RRSIG
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 3600 IN RRSIG NSEC3 8 2 3600 20221018110348 20220927100348 56124 org. LEhQtnCo1BVvRmTpABXjHydO5iNF7TrLE2x2xeaaH2olcyVW8uKOsb5Y ReXZGbZOb43yHCk1vG0gQGrx2MBK5Oe/qi2SAunCMacS2bSmeXORkcfQ A/7jTngjUuT/BLuCWhztQ6zQW8cnn9UqJ5ORoE6kzt8K+jvgPgt06d7s yIo=
tpeahq77pcfqu9h00c3mh570ah1f4g65.org. 3600 IN RRSIG NSEC3 8 2 3600 20221016152907 20220925142907 56124 org. mnaJPzFSM+e5YbHREKLk/YTsOpnaJFO5aD2C18jAx1HJcn/a2huZFUil 2ig1CkHYDdbygYlfcKRmuW98h4QfJ3aGBDm8LBPWayC0Ehe1d8YHdzzE 9eZXZaiPhx13xwhOp4d9sGsRXs1OYNdwNO+Z+gxFY0bDJ9dduzt3PAtm /qw=
ns0.wikimedia.org. 3600 IN A 208.80.154.238
ns1.wikimedia.org. 3600 IN A 208.80.153.231
ns2.wikimedia.org. 3600 IN A 91.198.174.239
;; Received 655 bytes from 199.249.112.1#53(a2.org.afilias-nst.info) in 244 ms
wikipedia.org. 600 IN A 185.15.58.224
;; Received 78 bytes from 208.80.154.238#53(ns0.wikimedia.org) in 108 ms
和
$> dig +trace +additional wikpedia.org @8.8.8.8
; <<>> DiG 9.16.1-Ubuntu <<>> +trace +additional wikipedia.org @8.8.8.8
;; global options: +cmd
. 16129 IN NS m.root-servers.net.
. 16129 IN NS b.root-servers.net.
. 16129 IN NS c.root-servers.net.
. 16129 IN NS d.root-servers.net.
. 16129 IN NS e.root-servers.net.
. 16129 IN NS f.root-servers.net.
. 16129 IN NS g.root-servers.net.
. 16129 IN NS h.root-servers.net.
. 16129 IN NS i.root-servers.net.
. 16129 IN NS a.root-servers.net.
. 16129 IN NS j.root-servers.net.
. 16129 IN NS k.root-servers.net.
. 16129 IN NS l.root-servers.net.
. 16129 IN RRSIG NS 8 0 518400 20221009040000 20220926030000 20826 . Daw1Qe+tZFuaEP/Z6Dhp91rsDfVTNJ/exRtguZJt4NO2Jig/xuulcfai O5vkKFIn/nXPIkiMfk/UPZJn+08J8PCA8yFBjHRLmnAh25PFH6iDqjXb 192lMdeByCjEELw8P8YgzXXsPX1a526WiW9YmQtCsJfuFebqYV5lDVmI JRYwRd9Xsp8RHwfPMdG/UlVJQD+tVdf7VNaAuqA+VzNRWOYEAnkU8QVh INZqVBgSKV1/Zwi2SHrZxjRc3Zpo3NDXBRG9hQ/TXpf5IbyV9/TsVa1T M6p5/Eu7KsrRGhsoy6U6CeLrGhi7sXp0VehmW139ttQ4mmAnzBy7MrRc QNAYHg==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 16 ms
org. 172800 IN NS b2.org.afilias-nst.org.
org. 172800 IN NS d0.org.afilias-nst.org.
org. 172800 IN NS a2.org.afilias-nst.info.
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS c0.org.afilias-nst.info.
org. 86400 IN DS 26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org. 86400 IN RRSIG DS 8 1 86400 20221010050000 20220927040000 20826 . RdN/DLbZIJJuBD/GiDbrXN5dOdHfOicZgCJOH+FyHgySbHNgTOdd3YTx qd0+TkMw5Tn5ASYwv6Jgr7Z2IyAnEamhpPkWyAB0DKaaNq9fxPihLE7X gFw2rOZC3WoHuglasLa7hZ1sxVfezLjDFFLCZpAv1PIJtMJUTQhouHs+ tXWXVP9wtEaQpkB9lrvsqF3DJ2AXYRunjyQFeOyT89rFPuVOa810ZMJX 47JBe5L5NiPbJZ8w7+QXLdubOxiydBU6nLgIsbcwC1H3nmT70HI5B4QX TvMb++jeZZLSYGITuNxepg35Ej0yhEgtmG4EBLY0I7EFehJ4D+FrtfsE MhRHbg==
d0.org.afilias-nst.org. 172800 IN A 199.19.57.1
c0.org.afilias-nst.info. 172800 IN A 199.19.53.1
b2.org.afilias-nst.org. 172800 IN A 199.249.120.1
b0.org.afilias-nst.org. 172800 IN A 199.19.54.1
a2.org.afilias-nst.info. 172800 IN A 199.249.112.1
a0.org.afilias-nst.info. 172800 IN A 199.19.56.1
d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1
c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1
b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1
b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1
a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1
a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1
;; Received 810 bytes from 192.36.148.17#53(i.root-servers.net) in 36 ms
wikipedia.org. 3600 IN NS ns1.wikimedia.org.
wikipedia.org. 3600 IN NS ns0.wikimedia.org.
wikipedia.org. 3600 IN NS ns2.wikimedia.org.
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 3600 IN NSEC3 1 1 0 332539EE7F95C32A GDTREA8KMJ2RNEQEN4M2OGJ26KFSUKJ7 NS SOA RRSIG DNSKEY NSEC3PARAM
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 3600 IN RRSIG NSEC3 8 2 3600 20221018110920 20220927100920 56124 org. iwWHasNQhI07eGqMt4x8wd/Cnpmz+uggD/ArES2+Dpb44wCkVbC2oNGg rnPRoCyIi2YU+aVeZOmrDA8l2P3DNGT9R/pt0HT6Si098ZRjYSU0zZJj N4b1RWf/qtIS25z82jFjYh/NW4aPURpFZPL3Jg+UJkDAOarX0ZyzHHtA uM8=
tpeahq77pcfqu9h00c3mh570ah1f4g65.org. 3600 IN NSEC3 1 1 0 332539EE7F95C32A TPEESGJUPU0G7LLLUQEA296C6EAUG5AU NS DS RRSIG
tpeahq77pcfqu9h00c3mh570ah1f4g65.org. 3600 IN RRSIG NSEC3 8 2 3600 20221016152907 20220925142907 56124 org. mnaJPzFSM+e5YbHREKLk/YTsOpnaJFO5aD2C18jAx1HJcn/a2huZFUil 2ig1CkHYDdbygYlfcKRmuW98h4QfJ3aGBDm8LBPWayC0Ehe1d8YHdzzE 9eZXZaiPhx13xwhOp4d9sGsRXs1OYNdwNO+Z+gxFY0bDJ9dduzt3PAtm /qw=
ns0.wikimedia.org. 3600 IN A 208.80.154.238
ns1.wikimedia.org. 3600 IN A 208.80.153.231
ns2.wikimedia.org. 3600 IN A 91.198.174.239
;; Received 655 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 244 ms
wikipedia.org. 600 IN A 185.15.58.224
;; Received 78 bytes from 91.198.174.239#53(ns2.wikimedia.org) in 32 ms
Cloudflare 的答案包含 A 和 AAAA 记录,而 Google 的答案却没有,这让我感到困惑。
深入挖掘,我发现了一篇 BIND 知识库文章 ( https://kb.isc.org/docs/aa-00208 ),其中解释了以下内容:
当按照 +trace 选项的指定迭代地执行委派时,dig 将首先请求具有 root 权限的服务器的 NS 记录(“.”)。这些可能会或可能不会提供胶水 - 即 A 和 AAAA 记录可用于 dig 必须发送的下一个查询。当没有提供胶水时,无论是在对根名称服务器的初始查询中,还是稍后在进行委托时,dig 将恢复为递归查询 /etc/resolv.conf 中列出的服务器以获得所需的 A/AAAA RRset
因此,我的结论是 Google 的 8.8.8.8 在询问根区域的名称服务器时不会返回粘连。
我的结论是正确的还是我遗漏了什么?
DNS 名称服务器以名称服务器的域名(NS 记录)进行响应。要到达它,首先需要解析此名称。仅拥有域名是不够的,因此 NS 记录伴随着额外的 A 记录,例如 IP。这些附加记录是粘合记录。
对于根服务器,此信息不是必需的——您已经知道他们的 IP 地址,所以这完全是可选的。根据您的测试,Google 的服务器在回答根服务器时更加经济。