dig 不解析不合格的域名，但 nslookup 可以

dns01.local.lab我有一個在 CentOS7 伺服器 ( )上執行 DNS 的實驗室。local.lab域定義在named.conf：

zone "local.lab" IN {
   type master;
   file "local.lab.zone";
   allow-update { none; };
};

我也有一個反向區域，但據我所知，這對這個問題並不重要。

區域文件如下所示：

$TTL 86400
@  IN SOA  dns01.local.lab. root.local.lab. (
   1 ; Serial
   3600 ; Refresh
   1800 ; Retry
   604800 ; Expire
   86400 ; Minimum TTL
)
@        IN NS  dns01.local.lab.
@        IN A   192.168.122.100
@        IN A   192.168.122.1
dns01      IN A 192.168.122.100
virt-host  IN A 192.168.122.1

如果我nslookup只使用主機名，我會得到一個解析的 IP：

[root@dns01 ~]# nslookup dns01
Server:          192.168.122.100
Address:         192.168.122.100#53

Name:    dns01.local.lab
Address:  192.168.122.100

但是，如果我dig只使用主機名，我不會得到預期的響應：

[root@dns01 ~]# dig dns01

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> dns01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9070
;; flags: qr rd ra ad; QUERY: 1, ANSWER 0; AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01.                         IN        A

;; AUTHORITY SECTION:
.                       10800   IN        SOA    a.root-servers.net. nstld.verisign-grs.com. 2016020401 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 192.168.122.100#53(192.168.122.100)
;; WHEN: Thu Feb 04 09:15:07 HST 2016
;; MSG SIZE  rcvd: 109

當我使用 FQDN 時，我只會得到預期的響應：

[root@dns01 ~]# dig dns01.local.lab

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> dns01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9070
;; flags: qr rd ra ad; QUERY: 1, ANSWER 1; AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01.local.lab.               IN        A

;; ANSWER SECTION:
dns01.local.lab.        86400   IN        A        192.168.122.100

;; AUTHORITY SECTION:
local.lab.              86400   IN        NS       dns01.local.lab.

;; Query time: 8 msec
;; SERVER: 192.168.122.100#53(192.168.122.100)
;; WHEN: Thu Feb 04 09:22:15 HST 2016
;; MSG SIZE  rcvd: 74

反向查找dig提供預期的答案。同樣與nslookup.

我知道dig並nslookup使用不同的解析器庫，但據我了解，這dig被認為是更好的方法。

如上面的結果所示，正在查詢正確的命名伺服器。好像dig不承認伺服器是被查詢主機名的權限。

named.conf:

options {
   listen-on port 53 { 127.0.0.1; 192.168.122.100; };
   directory    "/var/named";
   dump-file    "/var/named/data/cache_dump.db";
   statistics-file    "/var/named/data/named_stats.txt";
   memstatistics-file    "/var/named/data/named_mem_stats.txt";
   allow-query    {localhost; 192.168.122.0/24; };
   recursion yes;
   dnssec-enable yes;
   dnssec-validation yes;
   bindkeys-file "/etc/named.iscdlv.key";
   managed-keys-directory "/var/named/dynamic";
   pid-file "/run/named/named.pid";
   session-keyfile "/run/named/session.key";
};

logging {
   channel default_debug {
       file "data/named.run";
       severity dynamic;
   };
};

zone "." IN {
   type hint;
   file "named.ca";
};

zone "local.lab" IN {
   type master;
   file "local.lab.zone";
   allow-update { none; };
};

zone "122.168.192.in-addr.arpa" IN {
   type master;
   file "local.lab.revzone";
   allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

dig +search dns01給你你想要的嗎？如果是這樣，有可能以+nosearch某種方式添加到您的~/.digrc?

ETA：或者，如果你像我一樣，也許探勘精靈沒能來添加+search到你的~/.digrc.

引用自：https://unix.stackexchange.com/questions/259928