DNS resolution translates the domain name that people are Xi to using into a computer-recognized IP address, which is an important function to ensure that people have normal access. In the actual domain name management process, DNS resolution failures often occur due to various reasons. DNS resolution failures are mainly manifested in the fact that the web server can be directly accessed through the IP address, but the site cannot be reached through the domain name or the wrong site is accessed.
There are many reasons for DNS resolution failures, which can be roughly divided into domain name resolution configuration errors, domain name status abnormalities, modification of DNS servers, modification of domain name resolution records, domain name server failures, DNS hijacking, etc.
Parsing configuration error
When a resolution failure occurs, first check whether the parameters of the DNS record configuration are correct, including the record type, host value, record value, and whether the DNS record has been deleted by mistake1.1.1 miswritten 11.1.11. IPv6 address selection record type is A record, etc.
It should be noted that when you use cloud resolution to configure an intelligent resolution line, you must set the default line, because if the default line is not configured, some users will not be able to resolve it. If a visitor's IP address does not belong to any of the configured DNS lines, DNS will not assign any IP address to the guest if there is no default line, and the domain name cannot be reached if the resolution does not take effect.
The status of the domain name is abnormal
If there is no problem with the DNS configuration, you can use the whois tool to check whether the status of the domain name is abnormal. If the domain name is in the clienthold, serverhold, and inactive states, the resolution of the domain name is suspended due to an abnormal status. The status of a domain name may be abnormal, such as domain name violations, ownership disputes, incomplete registration information, failure to renew fees upon expiration, and failure to complete real-name authentication. If the resolution failure is caused by an abnormal status of the domain name, you need to contact the domain name registrar to find out the specific cause and solution.
Modify the parsing record
If you have recently modified the DNS record, the DNS may fail. Due to the existence of DNS cache, when the DNS record is modified, the recursive server in each region will not synchronize the latest DNS record in real time, but needs to wait for the DNS cache to expire (TTL value) before requesting the latest record from the authoritative server. During this time, when a user initiates an access, the recursive server informs the user of the old records in the DNS cache, resulting in the unreachable site where the resolution does not take effect.
This is a normal situation, just wait for the cache in the recursive server to expire and re-request the authoritative server. The DNS cache expiration time is related to the TTL value in the resolution record before the modification, and if you want the change to take effect as soon as possible after the resolution record, you need to set a smaller TTL value.
Replace the DNS server
In addition to modifying the DNS record, changing the DNS server will also cause the DNS resolution to not take effect within a certain period of time. Also because of DNS caching, the name of the authoritative resolution server with domain name authorization cached in the recursive server does not take effect immediately after the DNS server is replaced, and it generally takes 24 to 48 hours to take effect depending on the type of domain name.
Before the new DNS server takes effect, the DNS query will still request the original DNS server, so try not to delete or modify the DNS record in the original DNS server within 48 hours of modifying the DNS server, otherwise it is very likely that the original DNS server will be requested but the resolution record cannot be found.
After the DNS cache fails, the recursive server will re-request the latest authoritative server through a global iterative query to obtain the latest resolution record.
Domain name server failure
Problems with the DNS server that provides domain name resolution can also cause resolution failures. If the DNS server is congested or even paralyzed due to DDoS attacks, frequent requests, insufficient bandwidth resources, etc., the DNS server cannot respond quickly and provide normal resolution services when the recursive server requests to the DNS server through global iterative queries.
In this case, you need to contact the resolution service provider to find out the cause and provide corresponding solutions, or replace it with a more secure and stable DNS, which uses technical means such as anti-DDS high-anti DNS, elastic bandwidth, and traffic cleaning, which can effectively deal with high-traffic QPS queries and DDoS attacks to ensure the stable operation of domain name resolution.
DNS hijacked
In addition to the above situations, if the domain name resolution does not take effect, it is possible that the DNS has been hijacked. Due to DNS caching, the resolution process is greatly simplified, and the resolution speed and efficiency are improved, but it also generates large security risks. By controlling the user's host or using malware to attack the user's DNS cache, the attacker can tamper with the mapping relationship in the DNS cache and point the domain name resolution result to an IP address controlled by the attacker, resulting in unreachable sites or wrong access, which is DNS hijacking.
DNS hijacking is one of the most common methods of DNS attacks, and the most effective way to deal with DNS hijacking is to clear the DNS cache in time, or set a low TTL value to reduce the survival time of the DNS cache, so that the recursive server can request the authoritative server in time to obtain the latest resolution record.
The above situations are common causes of domain name resolution failures. If a DNS resolution failure occurs, you can find out the cause and solve it in a targeted manner according to this troubleshooting idea, so as to ensure the safe and stable operation of DNS resolution and the normal development of the business.
About Guoke Cloud
Beijing Guoke Cloud Computing Technology Co., Ltd. is a subsidiary of the Chinese Academy of Sciences, focusing on domain name related technologies for more than 20 years, ensuring the safe and smooth domain name resolution of customers from multiple aspects such as products, technologies and services. CAS Cloud Resolution uses DNSSEC, Anti-DDoS and other technical means to effectively prevent DNS attacks such as cache poisoning and DNS hijackingA team of professional engineers provides rigorous system diagnosis services, quick troubleshooting, and accurate location of domain name-related problemsProvide one-to-one manual exclusive service, 7*24 hours a day**, and can respond and solve the problem of analysis failure in the first time. Over the years, CAS Cloud has provided domain name registration and resolution services for many provincial and ministerial-level state agencies, finance, central enterprises, scientific research and other leading customers in key fields, and has won unanimous trust and praise from customers with its professional technical level and service attitude of excellence.