python-2.7 - 尽管有查询答案，dnspython 仍会引发 NoAnswer

Question

当我使用 dnspython 查询权威名称服务器以获取 NS 记录时，它会引发 NoAnswer 异常，尽管我的数据包捕获显示已收到正确的响应。

示例：向 j.gtld-servers.net (192.48.79.30) 询问 stackoverflow.com 的 NS 记录

>>> import dns.resolver
>>> r = dns.resolver.Resolver()
>>> r.nameservers = ['192.48.79.30']
>>> for answer in r.query('stackoverflow.com', 'NS'):
...     print answer.to_text()
... 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 905, in query
    raise_on_no_answer)
  File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 142, in __init__
    raise NoAnswer
dns.resolver.NoAnswer
>>>

Wireshark 表明，事实上，答案确实回来了：

Frame 2: 157 bytes on wire (1256 bits), 157 bytes captured (1256 bits)
Ethernet II, Src: xxxxxxxxxxxxxx (xx:xx:xx:xx:xx:xx), Dst: xxxxxxxxxxxxx (xx:xx:xx:xx:xx:xx)
Internet Protocol Version 4, Src: 192.48.79.30 (192.48.79.30), Dst: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55100 (55100)
Domain Name System (response)
    [Request In: 1]
    [Time: 0.278279000 seconds]
    Transaction ID: 0xb6f5
    Flags: 0x8100 (Standard query response, No error)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 2
    Additional RRs: 2
    Queries
    Authoritative nameservers
        stackoverflow.com: type NS, class IN, ns ns1.serverfault.com
        stackoverflow.com: type NS, class IN, ns ns2.serverfault.com
    Additional records
        ns1.serverfault.com: type A, class IN, addr 198.252.206.80
        ns2.serverfault.com: type A, class IN, addr 198.252.206.81

查询dig @192.48.79.30 stackoverflow.com ns成功并提供与上面数据包捕获中显示的相同的答案。

有趣的是，host -t NS stackoverflow.com 192.48.79.30响应“stackoverflow.com 没有 NS 记录”失败，在这种情况下，数据包捕获再次显示正在接收响应。

为什么 dnspython 不能正确处理对此查询的响应？

Answer 1

Bob Halley（dnspython 的维护者）提供了以下答案。这不是一个错误。我应该dns.query.udp()改用。

如果您正在查询权威服务器，您可能应该使用 dns.query.udp() 。dns.resolver.Resolver 的查询旨在转到递归服务器。从解析器的角度来看，NoAnswer 是正确的，因为响应是一个授权，而不是“答案”。

$ dig @192.48.79.30 stackoverflow.com. ns

; <<>> DiG 9.8.3-P1 <<>> @192.48.79.30 stackoverflow.com. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31192
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;stackoverflow.com. IN  NS

;; AUTHORITY SECTION:
stackoverflow.com.  172800  IN  NS  ns1.serverfault.com.
stackoverflow.com.  172800  IN  NS  ns2.serverfault.com.

;; ADDITIONAL SECTION:
ns1.serverfault.com.    172800  IN  A   198.252.206.80
ns2.serverfault.com.    172800  IN  A   198.252.206.81

;; Query time: 293 msec
;; SERVER: 192.48.79.30#53(192.48.79.30)
;; WHEN: Sat Dec  7 15:48:48 2013
;; MSG SIZE  rcvd: 115