Como a Resolução de nomes realmente funciona na versão mais recente do macOS?

Navegue suas respostas
2

Versão atual: macOS Sierra 10.12.3

Eu administro um servidor OpenVPN para minha empresa. Eu defini o seguinte: 

# Send client instructions to use our internal DNS
push "dhcp-option DNS 172.31.5.39"
push "dhcp-option DNS 172.31.34.40"
push "dhcp-option DNS 172.31.33.23"

# Send client instructions to search these domains when doing short/non-FQDN name lookups
push "dhcp-option DOMAIN-SEARCH ies"
push "dhcp-option DOMAIN-SEARCH ec2"
push "dhcp-option DOMAIN-SEARCH elb"
push "dhcp-option DOMAIN-SEARCH us-west-2.compute.internal"

E na minha máquina tudo funciona perfeitamente. 

$ scutil --dns
DNS configuration

resolver #1
  search domain[0] : ies
  search domain[1] : ec2
  search domain[2] : elb
  search domain[3] : us-west-2.compute.internal
  nameserver[0] : 172.31.5.39
  nameserver[1] : 172.31.34.40
  nameserver[2] : 172.31.33.23
  flags    : Request A records
  reach    : Reachable

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 301000

resolver #8
  domain   : ies
  nameserver[0] : 172.31.5.39
  nameserver[1] : 172.31.34.40
  nameserver[2] : 172.31.33.23
  flags    : Request A records
  reach    : Reachable

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : ies
  search domain[1] : ec2
  search domain[2] : elb
  search domain[3] : us-west-2.compute.internal
  nameserver[0] : 172.31.5.39
  nameserver[1] : 172.31.34.40
  nameserver[2] : 172.31.33.23
  if_index : 4 (en0)
  flags    : Scoped, Request A records
  reach    : Reachable

$ dscacheutil -q host -a name svcmongouat1.ec2
name: svcmongouat1.ec2
ip_address: 172.31.16.60

$ dns-sd -Gv4v6 svcmongouat1.ec2
DATE: ---Fri 03 Mar 2017---
 1:03:47.635  ...STARTING...
Timestamp     A/R Flags if Hostname                               Address                                      TTL
 1:03:47.637  Add     2  0 svcmongouat1.ec2.                      0000:0000:0000:0000:0000:0000:0000:0000%<0>  60   No Such Record
 1:03:47.727  Add     2  0 svcmongouat1.ec2.                      172.31.16.60                                 39
^C

$ dns-sd -q svcmongouat1.ec2 255 255
DATE: ---Fri 03 Mar 2017---
 1:04:14.348  ...STARTING...
Timestamp     A/R Flags if Name                          Type  Class   Rdata
 1:04:14.349  Add     2  0 svcmongouat1.ec2.             Addr   IN     172.31.16.60
^C

Mas para todos os outros usuários, eles têm os mesmos resultados em scutil e são capazes de obter pesquisas corretas quando o dig , mas não dscacheutil e, é claro, a maioria dos outros aplicativos também falha.

UPDATE :

Aqui está um exemplo para um colega de trabalho que está passando por uma falha estranha: 

$ scutil --dns
DNS configuration

resolver #1
  search domain[0] : ies
  search domain[1] : ec2
  search domain[2] : elb
  search domain[3] : us-west-2.compute.internal
  nameserver[0] : 172.31.5.39
  nameserver[1] : 172.31.34.40
  nameserver[2] : 172.31.33.23
  flags    : Request A records
  reach    : Reachable

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 301000

resolver #8
  domain   : ies
  nameserver[0] : 172.31.5.39
  nameserver[1] : 172.31.34.40
  nameserver[2] : 172.31.33.23
  flags    : Request A records
  reach    : Reachable

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : ies
  search domain[1] : ec2
  search domain[2] : elb
  search domain[3] : us-west-2.compute.internal
  nameserver[0] : 172.31.5.39
  nameserver[1] : 172.31.34.40
  nameserver[2] : 172.31.33.23
  if_index : 4 (en0)
  flags    : Scoped, Request A records
  reach    : Reachable
$ 
$ 
$ dscacheutil -q host -a name svcmongouat1.ec2
$ dscacheutil -q host -a name svcmongouat1.ec2
$ 
$ 
$ dns-sd -Gv4v6 svcmongouat1.ec2
DATE: ---Thu 09 Mar 2017---
11:07:18.693  ...STARTING...
Timestamp     A/R Flags if Hostname                               Address                                      TTL
11:07:18.694  Add     3  0 svcmongouat1.ec2.                      0000:0000:0000:0000:0000:0000:0000:0000%<0>  60   No Such Record
11:07:18.695  Add     2  0 svcmongouat1.ec2.                      0.0.0.0                                      108002   No Such Record
^C
$ 
$ 
$ dns-sd -q svcmongouat1.ec2 255 255
DATE: ---Thu 09 Mar 2017---
11:07:43.522  ...STARTING...
Timestamp     A/R Flags if Name                          Type  Class   Rdata
11:07:43.523  Add     3  0 svcmongouat1.ec2.             Addr   IN     0.0.0.0    No Such Record
11:07:43.524  Add     2  0 svcmongouat1.ec2.             AAAA   IN     0.0.0.0    No Such Record
^C
$
$
$ dig svcmongouat1.ec2

; <<>> DiG 9.8.3-P1 <<>> svcmongouat1.ec2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42225
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;svcmongouat1.ec2.        IN    A

;; ANSWER SECTION:
svcmongouat1.ec2.    30    IN    A    172.31.16.60

;; AUTHORITY SECTION:
.            6413    IN    NS    i.root-servers.net.
.            6413    IN    NS    k.root-servers.net.
.            6413    IN    NS    l.root-servers.net.
.            6413    IN    NS    d.root-servers.net.
.            6413    IN    NS    j.root-servers.net.
.            6413    IN    NS    c.root-servers.net.
.            6413    IN    NS    b.root-servers.net.
.            6413    IN    NS    f.root-servers.net.
.            6413    IN    NS    a.root-servers.net.
.            6413    IN    NS    e.root-servers.net.
.            6413    IN    NS    h.root-servers.net.
.            6413    IN    NS    g.root-servers.net.
.            6413    IN    NS    m.root-servers.net.

;; Query time: 103 msec
;; SERVER: 172.31.5.39#53(172.31.5.39)
;; WHEN: Thu Mar  9 10:58:27 2017
;; MSG SIZE  rcvd: 261

$

Eu pesquisei no Google e parece ser um mistério para todos e também mudou muito tempo em diferentes versões do OS X.

Então, novamente, a questão é:

  1. Como a resolução de nomes funciona na versão mais recente do macOS?
  2. Quais aplicativos usam quais ferramentas e por quê?
  3. Como eu determino ^^ # 2 ^^?
  4. Como alguém pode depurar?
por Bruno Bronosky 28.02.2017 / 22:09

0 respostas

Tags

O que acontece ao quadro quando atinge um switch ou roteador? WPAD.dat não configurando o servidor proxy automaticamente