当前位置: 首页 > 工具软件 > IP resolver > 使用案例 >

linux dns resolver,如何解决Linux in-kernel dns_resolver问题

潘坚白
2023-12-01

Linux提供了一种工具,允许内核及其模块依靠用户空间工具来解析DNS名称.例如,CIFS使用它来支持DFS中的引用.

我看到的问题是我无法让内核解析特定的DNS名称,我不明白为什么它失败了.

要了解根本原因,我通过运行以下命令在CIFS和内核dns解析器中启用了调试输出:

echo "1" > /sys/module/dns_resolver/parameters/debug # dns_resolver

echo "7" > /proc/fs/cifs/cifsFYI # CIFS

这是我在发生故障时在dmesg中看到的内容:

fs/cifs/cifs_dfs_ref.c: DFS: ref path: \ESOTEST\dfstest\FS_SERV

fs/cifs/cifs_dfs_ref.c: DFS: node path: \FS\FS_SERV

fs/cifs/cifs_dfs_ref.c: DFS: fl: 2,srv_type: 0

fs/cifs/cifs_dfs_ref.c: DFS: ref_flags: 0,path_consumed: 24

fs/cifs/netmisc.c: address conversion returned 0 for FS

fs/cifs/netmisc.c: address conversion returned 0 for FS

[ls ] ==> dns_query((null),FS,2,(null))

fs/cifs/dns_resolve.c: dns_resolve_server_name_to_ip: unable to resolve: FS

fs/cifs/cifs_dfs_ref.c: cifs_compose_mount_options: Failed to resolve server part of \\FS\FS_SERV to IP:

-22

这是成功解决方案的输出:

fs/cifs/cifs_dfs_ref.c: DFS: node path: \ESOTEST\File-Server

fs/cifs/cifs_dfs_ref.c: DFS: fl: 2,path_consumed: 28

fs/cifs/netmisc.c: address conversion returned 0 for ESOTEST

fs/cifs/netmisc.c: address conversion returned 0 for ESOTEST

[ls ] ==> dns_query((null),ESOTEST,7,(null))

[ls ] call request_key(,)

[ls ] ==> dns_resolver_match(ESOTEST,ESOTEST)

[ls ] <== dns_resolver_match() = 1

[ls ] <== dns_query() = 14

fs/cifs/dns_resolve.c: dns_resolve_server_name_to_ip: resolved: ESOTEST to 192.168.56.102

fs/cifs/cifsfs.c: Devname: \\ESOTEST\File-Server flags: 0

我使用Windows作为DNS服务器,我可以从机器解析名称“FS”:

$ping FS

PING FS.esodomain.com (192.168.56.104) 56(84) bytes of data.

64 bytes from fs.esodomain.com (192.168.56.104): icmp_seq=1 ttl=128 time=1.37 ms

64 bytes from fs.esodomain.com (192.168.56.104): icmp_seq=2 ttl=128 time=0.630 ms

我也尝试使用key.dns_resolver手动执行测试,它似乎工作:

$key.dns_resolver -vv -D "FS" 'hello'

I: Key description: 'dns_resolver;-1;-1;0;FS'

I: Callout info: 'hello'

D: Get A/AAAA RR for hostname:'FS',options:'hello'

D: Opt hello

D: Resolve 'FS' with 1ff

D: getaddrinfo = 0

D: RR: 0,1,6,10,(null)

D: append '192.168.56.104'

I: The key instantiation data is '192.168.56.104'

/etc/request-key.conf的内容是:

create dns_resolver * * /sbin/key.dns_resolver %k

create user debug:* negate /bin/keyctl negate %k 30 %S

create user debug:* rejected /bin/keyctl reject %k 30 %c %S

create user debug:* expired /bin/keyctl reject %k 30 %c %S

create user debug:* revoked /bin/keyctl reject %k 30 %c %S

create user debug:loop:* * |/bin/cat

create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S

negate * * * /bin/keyctl negate %k 30 %S

我摆弄这个的原因是我试图让Windows DFS共享成功安装.我能够挂载和访问托管在根服务器上的文件夹,但是当我尝试访问引用外部服务器的子文件夹时,我得到:

ls: cannot access /mnt/dfstest/FS_SERV/: Invalid argument

我在3.7.10内核上:

Linux gentoo 3.7.10-gentoo-r1 #3 SMP Fri Apr 19 17:32:20 PDT 2013 x86_64 Intel(R) Xeon(R) cpu E5620 @ 2.40GHz GenuineIntel GNU/Linux

在网络捕获中,当我看到“ESOTEST”请求时,我看不到任何针对“FS”的DNS请求.这表明该请求永远不会发生.

您建议采取哪些后续步骤来解决此问题?

 类似资料: