我的印象是只有子域可以有 CNAME 记录:主域需要定义自己的所有记录。但是,apt-get.com
似乎只有一个 CNAME 记录。这怎么行?
$ dig apt-get.com
; <<>> DiG 9.8.1-P1 <<>> apt-get.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45743
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;apt-get.com. IN A
;; ANSWER SECTION:
apt-get.com. 86336 IN CNAME thie5ku9.dsgeneration.com.
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.242
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.246
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.166
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.232
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.161
thie5ku9.dsgeneration.com. 60 IN A 208.73.210.233
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.186
thie5ku9.dsgeneration.com. 60 IN A 208.73.211.188
;; Query time: 59 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 10 15:05:48 2014
;; MSG SIZE rcvd: 193
$ dig apt-get.com ns
; <<>> DiG 9.8.1-P1 <<>> apt-get.com ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43831
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;apt-get.com. IN NS
;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 10 15:12:37 2014
;; MSG SIZE rcvd: 29
$ dig apt-get.com ns @b.gtld-servers.net
; <<>> DiG 9.8.1-P1 <<>> apt-get.com ns @b.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38228
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;apt-get.com. IN NS
;; AUTHORITY SECTION:
apt-get.com. 172800 IN NS ns1.domainrecover.com.
apt-get.com. 172800 IN NS ns2.domainrecover.com.
;; ADDITIONAL SECTION:
ns1.domainrecover.com. 172800 IN A 66.45.232.66
ns2.domainrecover.com. 172800 IN A 65.23.159.179
;; Query time: 70 msec
;; SERVER: 192.33.14.30#53(192.33.14.30)
;; WHEN: Tue Jun 10 15:07:05 2014
;; MSG SIZE rcvd: 111
域确实解析。我得到以下标题:
GET / HTTP/1.1
User-Agent: Testing_Sniffer/4.15
Host: apt-get.com
Accept: */*
HTTP/1.0 200 (OK)
Cache-Control: private, no-cache, must-revalidate
Connection: Keep-Alive
Pragma: no-cache
Server: Oversee Turing v1.0.0
Content-Length: 1347
Content-Type: text/html
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Keep-Alive: timeout=3, max=96
P3P: policyref="http://www.dsparking.com/w3c/p3p.xml", CP="NOI DSP COR ADMa OUR NOR STA"
Set-Cookie: parkinglot=1; domain=.apt-get.com; path=/; expires=Wed, 11-Jun-2014 14:10:37 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<!-- turing_cluster_prod -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>apt-get.com</title>
<meta name="keywords" content="apt-get.com" />
<meta name="description" content="apt-get.com" />
<meta name="robots" content="index, follow" />
<meta name="revisit-after" content="10" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<script type="text/javascript">
document.cookie = "jsc=1";
</script>
</head>
<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
<frame src="http://apt-get.com?epl=5PfLSSqWrYDAt-gbwMDK_rA3b1UJCYVTJHfxTzr9FTDQV84b6vAgVhU3FTeCRQNiuRNv79Ni0V3mkEVNRhpqo2gpMjp5iOIR1w2_EISPENaqzoXohVXl2QI3ryXlRCB4FaIIaxynnWXWY6QBgBgNiIZ6agD1NBoNGg0ajXpUCXUAIJDer78AAOB_AwAAQIDbCwAAe_NWlVlTJllBMTZoWkKPAAAA8A" name="apt-get.com">
</frameset>
<noframes>
<body><a href="http://apt-get.com?epl=5PfLSSqWrYDAt-gbwMDK_rA3b1UJCYVTJHfxTzr9FTDQV84b6vAgVhU3FTeCRQNiuRNv79Ni0V3mkEVNRhpqo2gpMjp5iOIR1w2_EISPENaqzoXohVXl2QI3ryXlRCB4FaIIaxynnWXWY6QBgBgNiIZ6agD1NBoNGg0ajXpUCXUAIJDer78AAOB_AwAAQIDbCwAAe_NWlVlTJllBMTZoWkKPAAAA8A">Click here to go to apt-get.com</a>.</body>
</noframes>
</html>
您误解了 RFC 的性质。任何人都可以完全自由地违反它们,但可能会导致不可预测的行为。您正在看到一个完美的例子:当您
NS
从.com
服务器请求域的记录时,您会得到一个答案(一对记录),但是当您通过正常递归进行时,您会得到不同的结果(SERVFAIL
)。正如您所期望的那样,域名解析是有效的(毕竟有一个 CNAME),但是很难以可靠的方式对该域(没有邮件,没有服务器)做任何其他事情。
www.
您已经发布了一个完美的示例,说明为什么违反 RFC 是不明智的。
这实际上是对 CNAME 的有效使用。您可以在 DNS 区域的顶点使用 CNAME,但不能将其与任何其他记录类型(例如 MX)一起使用。对于大多数域所有者来说,这是一个不可接受的权衡,但它有时会被使用。