Windows Server DNS、ルートゾーンリクエストを無効にする
良い一日。簡単な問題がありますが、解決できません。私はDC with domain sub.domain.com。そして、別のサーバーと別のDNSでホストされているウェブサイトdomain.comのpublickドメインを持っています。fbをリクエストしようとすると。ドメインPCからのcom(例)。fb.comsub.domain.comを要求し、PCがルートドメインfb.comを要求するよりも、my DC DNSから応答を取得します。 .domain.com(「サブ」なし)、およびサーバーからの応答がない(ローカルレコードがないため)domain.comへのリクエストを禁止し、インターネットに解決する方法ps申し訳ありませんが英語
ルックアップログ
PS C:\Windows\system32> nslookup -d2 fb.com
------------
SendRequest(), len 40
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (63 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.0.0.127.in-addr.arpa
type = PTR, class = IN, dlen = 11
name = localhost
ttl = 3600 (1 hour)
------------
Server: localhost
Address: 127.0.0.1
------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = A, class = IN
------------
------------
Got answer (110 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = A, class = IN
AUTHORITY RECORDS:
-> sub.domain.com
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = dc2.sub.domain.com
responsible mail addr = hostmaster.sub.domain.com
serial = 57017
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600 (1 hour)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = AAAA, class = IN
------------
------------
Got answer (110 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
fb.com.sub.domain.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> sub.domain.com
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = dc2.sub.domain.com
responsible mail addr = hostmaster.sub.domain.com
serial = 57017
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600 (1 hour)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.domain.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com.domain.com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
fb.com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to localhost timed-out
私はあなたが何を求めているのか正確にはわかりませんが、あなたが説明する行動は正しく、期待されています。 fb.comのクエリは、末尾にドットがないため、完全には修飾されていません。そのため、nslookupはクライアントのプライマリDNSサフィックスをクエリに追加し、クエリをルートドメインに繰り返し委任します。
あなたは実際に何を達成しようとしていますか?クエリでfb.comDNSサーバーのみをクエリしますか?その場合は、クエリを末尾のドットで完全修飾します。
nslookup -d2 fb.com.