DNS cloud school | quickly locate DNS resolution exceptions and keep these four DNS status codes in mind

DNS The status code of plays an important role in troubleshooting . stay DNS We often encounter in the maintenance of DNS Resolve the exception problem , adopt DNS The status code of can be preliminarily judged DNS Resolve the exception problem . In this issue, cloud school passed the detailed explanation DNS Definition of status code , Give examples of common status codes .enjoy：

① Write it at the front

This paper aims at Header section format Of RCODE Analyze .

This part corresponds to Wireshark Open in DNS Data packets Domian Name System part Flags Of RCODE

             

1:RFC1035[4.1.1]

0 NOERROR No error condition

1 Format error, Format error - The name server cannot interpret the query .

2 Server failure, Due to a name server problem , The name server cannot process the query .

3 Name Error, Only meaningful for responses from authoritative name servers , This code indicates that the domain name referenced in the query does not exist .

4 Not Implemented , Unrealized - The name server does not support the requested query type .

5 Refused, Refuse - The name server refused to perform the specified operation due to policy reasons . for example , The name server may not want to provide information to a particular requester , Or the name server may not want to perform specific operations on specific data （ for example , Zone transfer ）.

 

6-15 Reserved for future use ：

QDCOUNT An unsigned 16 An integer , Specify the number of entries in the problem section .

ANCOUNT An unsigned 16 An integer , Used to specify the number of resource records in the answer section .

NSCOUNT An unsigned 16 An integer , Appoint ame Number of authorized records in the server .

ARCOUNT An unsigned 16 An integer , Used to specify the number of resource records in other record sections .

 

2:RFC2136 [pag5-6]

rfc2136 [pag5-6] Yes DNS The description of the status code has been updated （1997 Release ）：x

NOERROR 0 No error condition .

FORMERR 1 The name server cannot interpret the request caused by a format error .

SERVFAIL 2 The name server encountered an internal failure while processing this request , For example, operating system error or forwarding timeout .

NXDOMAIN 3 Some names that should exist do not exist .

NOTIMP 4 The name server does not support the specified opcode .

REFUSED 5 The name server refused to perform the specified operation for policy or security reasons .

YXDOMAIN 6 There are some names that shouldn't exist .

YXRRSET 7 There are some things that shouldn't exist RRset.

NXRRSET 8 There should be some RRset non-existent .

NOTAUTH 9 Server pair “ Area ” The areas named in the section are not authoritative .

NOTZONE 10 stay “ Prerequisite ” or “ to update ” The name used in the section is not in “ Area ” In the area indicated in part .

 

ZOCOUNT In the area section RR Count .

PRCOUNT In the prerequisites section RR Count .

UPCOUNT Update... In section RR Count .

ADCOUNT In the additional data section RR Count .

 

② Common status code analysis

RFC There are many status codes described in , But in most scenarios, only a few states are used , for example ：

0   NOERROR、2   SERVFAIL、3   NXDOMAIN、5   REFUSED

The following is an introduction to several common scenarios of status codes ：

1：NOERROR

Response code 0 —— NOERROR

When the server parses the result , Reply the result to the client , This status is NOERROR, example ：

Environmental statement

DNS The server has test.com Authoritative District , There are the following records

test.com. 3600 NS ns.test.com.

ns.test.com. 3600 A 1.1.1.1 

www.tes.tcom 3600 A 2.2.2.2

 

Scene one ： The domain name is normally resolved to the record

1） Client to DNS Server resolution www.tes.tcom Of A Record

2） The server answers NOERROR, With ：www.test.com 3600 A 2.2.2.2

 

Scene two ： When requesting a domain name , If there is one type under the domain name type tree , Other types of responses are NOERROR

1） Client to DNS Server resolution www.tes.tcom Of TXT Record

2） The server answers NOERROR, With test.com Of SOA

 

2：SERVFAIL

Response code 2 —— SERVFAIL

recursive DNS The network from the server to the authoritative server is blocked , perhaps DNS Server error , Will lead to SERVFAIL

Environmental statement

1 Table recursion DNS：A;1 Taiwan authority DNS：B;1 A client ：C

 

Scene one : recursive DNS To authority DNS Server due to network problems , Parsing timeout

1） The client initiates a request to the recursive server DNS analysis

2） Due to network problems , Recursive server to authority DNS Parsing timeout , Answer to the client SERVFAIL

 

Scene two ： recursive DNS Cache an authority area NS Domain name NXDOMAIN state , When the client queries the domain name under this authoritative area , recursive DNS The reply SERVFAIL

1）new.test.com Of NS by ns.new.test.com, recursive DNS Inquire about ns.new.test.com Got it NXDOMAIN Response to .

2） Client side recursion DNS Inquire about new.test.com Domain name under the authority area , Then there is SERVFAIL

 

3：NXDOMAIN

Response code 3 —— NXDOMAIN

Resolve a domain name , This domain name does not have any type of resolution record , example ：

Environmental statement

DNS The server has test.com Authoritative District , There are the following records

test.com. 3600 NS ns.test.com.

ns.test.com. 3600 A 1.1.1.1 

www.tes.tcom 3600 A 2.2.2.2

 

Scene one ： There is no type under the domain name type tree , The reply NXDOMAIN

1） Client to DNS Server resolution ww123.tes.tcom Of A Record

2） The server response code is NXDOMAIN, With test.com Of SOA

 

4：REFUSED

Response code 5 —— REFUSED

Client to DNS Server query domain name , But this DNS The server needs external recursive query , But this DNS It's not turned on DNS Recursive function , example ：

Environmental statement

DNS The server turns off recursion , And there are test.com Authoritative District , There are the following records ：

test.com. 3600 NS ns.test.com.

ns.test.com. 3600 A 1.1.1.1 

new.test.com. 3600 NS ns.new.test.com 

ns.new.test.com. 3600 A 2.2.2.2 

1) The customer asked DNS The server initiates www.baidu.com. Query for

2)DNS The server answers REFUSED

 

This issue of cloud school will be shared here , If you have any questions about DNS Other problems with the status code , Welcome to leave a message at the bottom of the article , We will arrange professional engineers to answer your questions . Let's see you next time ~