저는 HPC용 서버를 가지고 있는데 RedHat입니다. 이상한 버그가 있는 것 같습니다. 나는 시도했다:
$ curl https://www.aliyun.com/ -vv
Couldn't resolve host 'www.aliyun.com'
나는 또한 다음을 시도했습니다:
wget https://www.aliyun.com/git clone https://github.com/my_username/my_repotelnet www.aliyun.com 80nc www.aliyun.com 80,등...
그들은 모두 비슷한 오류를 제공합니다 getaddrinfo: Name or service not known.. IP 주소를 직접 사용하면 모든 것이 잘 작동합니다. (예시 wget https://140.205.34.3/ --no-check-certificate:) 하지만 나는 성공할 수 있다 ping www.aliyun.com.
나는 이것을 시도했고 curl http://localhost/잘 작동합니다(localhost는 에 지정된 도메인입니다 /etc/hosts).
범인은 누구일까요? 비슷한 경험이 있고 도움을 주시나요?
/etc/resolv.conf여기에 첨부됨:
nameserver 11.11.4.1
nameserver 202.114.0.242
nameserver 8.8.8.8
nameserver 202.112.20.131
uname -a결과:
Linux node111 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
lsb_release -a결과:
LSB Version: :core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 6.2 (Santiago)
Release: 6.2
Codename: Santiago
ip -a결과: (InfiniBand 활성화됨)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:e0:81:e1:15:8d brd ff:ff:ff:ff:ff:ff
inet 11.11.0.111/16 brd 11.11.255.255 scope global eth0
inet6 fe80::2e0:81ff:fee1:158d/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:e0:81:e1:15:8e brd ff:ff:ff:ff:ff:ff
4: ib0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2044 qdisc pfifo_fast state UP qlen 256
link/infiniband 80:00:00:48:fe:80:00:00:00:00:00:00:46:d2:c9:20:00:00:38:b1 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet 10.10.0.111/16 brd 10.10.255.255 scope global ib0
inet6 fe80::46d2:c920:0:38b1/64 scope link
valid_lft forever preferred_lft forever
5: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 52:54:00:7f:dc:4b brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
link/ether 52:54:00:7f:dc:4b brd ff:ff:ff:ff:ff:ff
노트:컴퓨터에 대한 루트 액세스 권한이 없습니다.
콘텐츠 /etc/nsswitch.conf:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
편집 #1
$ getent hosts www.microsoft.com
218.58.101.49 e13678.ca.s.tl88.net www.microsoft.com www.microsoft.com-c-3.edgekey.net www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
$ getent hosts www.aliyun.com
2400:3200:1300::3e v6wagbridge.aliyun.com.gds.alibabadns.com www.aliyun.com www-jp-de-intl-adns.aliyun.com www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com v6wagbridge.aliyun.com
편집 #2
getent hosts www.aliyun.com훌륭하게 작동하지만 getaddrinfo보고서는 name or service not known. (테스트됨이 간단한 C 프로그램)
편집 #3
시도해 봤는데 digDNS 서버가 11.11.4.1글로벌 인터넷에서 작동하지 않는 것 같습니다. 내가 찾은 것은 다음과 같습니다.
$ dig @11.11.4.1 www.aliyun.com
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6 <<>> @11.11.4.1 www.aliyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37272
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.aliyun.com. IN A
;; Query time: 1 msec
;; SERVER: 11.11.4.1#53(11.11.4.1)
;; WHEN: Mon Aug 20 14:48:37 2018
;; MSG SIZE rcvd: 32
$ dig @1.1.1.1 www.aliyun.com
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6 <<>> @1.1.1.1 www.aliyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64269
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.aliyun.com. IN A
;; ANSWER SECTION:
www.aliyun.com. 113 IN CNAME www-jp-de-intl-adns.aliyun.com.
www-jp-de-intl-adns.aliyun.com. 293 IN CNAME www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com.
www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com. 113 IN CNAME xjp.wagbridge.aliyun.aliyun.com.
xjp.wagbridge.aliyun.aliyun.com. 89 IN CNAME xjp-adns.aliyun.com.
xjp-adns.aliyun.com. 89 IN CNAME xjp-adns.aliyun.com.gds.alibabadns.com.
xjp-adns.aliyun.com.gds.alibabadns.com. 89 IN A 47.88.251.164
;; Query time: 223 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 20 14:48:39 2018
;; MSG SIZE rcvd: 256
답변1
이것은 많은 사람들을 혼란스럽게 하지만 이 ping명령은 파일과 자체적으로 /etc/resolv.conf통합되어 있는 반면, 언급한 다른 도구는 이름 서버 전환 도구를 활용합니다. 명령과 상호 작용하는 라이브러리의 출력을 실행하고 분석하면 strace <cmd>이를 확인할 수 있습니다 .
예를 들면 다음과 같습니다 ping.
$ strace ping -c 3 www.aliyun.com |& grep -E "ns|resolv"
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
이것은 curl:
$ strace curl -v www.aliyun.com |& grep -E "ns|resolv"
open("/lib64/libnss3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnssutil3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnspr4.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("47.88.251.161")}, 16) = -1 EINPROGRESS (Operation now in progress)
getpeername(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("47.88.251.161")}, [16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(55876), sin_addr=inet_addr("10.0.2.15")}, [16]) = 0
궁금하실 수도 있지만 잠깐만요. 둘 다 에 대한 호출을 표시합니다 libresolv. 그러면 문제가 무엇입니까? curl심지어 전화를 한 이유가 libresolv그렇게 하라는 지시를 받았기 때문이라는 것도 알고 있습니다. 왜? 이 파일 때문에:
$ grep host /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns myhostname
이 파일의 참조는 hosts:NSS(네임 서버 스위치)를 호출하는 도구에 호출하기 files전에 먼저 문의 해야 함을 알려줍니다 dns.
참조는 파일 files을 사용하는 것을 의미하고 /etc/hosts, 옵션은 DNS 이름 서버를 dns참조하여 그곳에서 호스트 이름을 찾는 것을 의미합니다 ./etc/resolv.conf
너의 문제
따라서 귀하의 문제는 위에 표시된 항목이 귀하의 /etc/nsswitch.conf파일에 없기 때문에 발생했을 가능성이 높습니다 .dns
어떤 실행 파일이 NSS를 사용합니까?
이를 사용하여 실행 파일을 볼 수 있으며 readelf실행 파일에 필요한 공유 라이브러리가 표시됩니다.
$ type -f curl
curl is /bin/curl
$ readelf -d /bin/curl | grep -i shared
0x0000000000000001 (NEEDED) Shared library: [libcurl.so.4]
0x0000000000000001 (NEEDED) Shared library: [libssl3.so]
0x0000000000000001 (NEEDED) Shared library: [libsmime3.so]
0x0000000000000001 (NEEDED) Shared library: [libnss3.so]
0x0000000000000001 (NEEDED) Shared library: [libnssutil3.so]
0x0000000000000001 (NEEDED) Shared library: [libplds4.so]
0x0000000000000001 (NEEDED) Shared library: [libplc4.so]
0x0000000000000001 (NEEDED) Shared library: [libnspr4.so]
0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0]
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library: [libz.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
$ type -f ping
ping is /bin/ping
$ readelf -d /bin/ping | grep -i shared
0x0000000000000001 (NEEDED) Shared library: [libcap.so.2]
0x0000000000000001 (NEEDED) Shared library: [libidn.so.11]
0x0000000000000001 (NEEDED) Shared library: [libcrypto.so.10]
0x0000000000000001 (NEEDED) Shared library: [libresolv.so.2]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
다음과 같은 경우에도 유사한 접근 방식을 사용할 수 있습니다 ldd.
$ ldd /bin/ping|grep -E "ns|resolv"
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fd144d40000)
$ ldd /bin/curl|grep -E "ns|resolv"
libnss3.so => /lib64/libnss3.so (0x00007f9795413000)
libnssutil3.so => /lib64/libnssutil3.so (0x00007f97951e4000)
libnspr4.so => /lib64/libnspr4.so (0x00007f9794b9d000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f9792067000)
DNS가 실행 중인 것 같습니다.
이러한 명령을 실행할 수 있고 작동하는 경우:
$ getent hosts www.google.com
216.58.193.164 www.google.com
$ getent hosts www.aliyun.com
47.88.198.17 xjp-adns.aliyun.com.gds.alibabadns.com www.aliyun.com
그런 다음 다음 opennssl을 사용하여 이러한 서비스에 연결할 수 있는지 확인해보세요.
$ true | openssl s_client -connect www.aliyun.com:443
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = "Alibaba (China) Technology Co., Ltd.", CN = *.aliyun.com
0 s:/C=CN/ST=ZheJiang/L=HangZhou/O=Alibaba (China) Technology Co., Ltd./CN=*.aliyun.com
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
subject=/C=CN/ST=ZheJiang/L=HangZhou/O=Alibaba (China) Technology Co., Ltd./CN=*.aliyun.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2