今天发现我校 DNS 递归服务器出现大量解析异常, 分析发现是从 v6 解析时 NS 记录被污染了
$ dig AAAA @2001:4860:4860::8888 n3390.ns.yunjiasu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:4860:4860::8888 n3390.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56553
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;n3390.ns.yunjiasu.com. IN AAAA
;; ANSWER SECTION:
n3390.ns.yunjiasu.com. 892 IN AAAA 2001::212
;; Query time: 2 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jul 22 22:47:43 EDT 2018
;; MSG SIZE rcvd: 67
$ dig AAAA @2001:4860:4860::8888 n307.ns.yunjiasu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:4860:4860::8888 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;n307.ns.yunjiasu.com. IN AAAA
;; ANSWER SECTION:
n307.ns.yunjiasu.com. 892 IN AAAA 101::1234
;; Query time: 2 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jul 22 22:51:03 EDT 2018
;; MSG SIZE rcvd: 66
$ dig AAAA @240c::6666 n307.ns.yunjiasu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @240c::6666 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;n307.ns.yunjiasu.com. IN AAAA
;; ANSWER SECTION:
n307.ns.yunjiasu.com. 299 IN AAAA 2400:cb00:2049:1::a29f:1c6e
;; Query time: 1 msec
;; SERVER: 240c::6666#53(240c::6666)
;; WHEN: Sun Jul 22 22:54:16 EDT 2018
;; MSG SIZE rcvd: 77
1
yidinghe 2018-07-23 11:14:43 +08:00
GFW 伤到友军了么
|
2
wdjwxh 2018-07-23 11:15:00 +08:00
UP,似乎腾讯云 DNS 也中招了
|
3
jejer 2018-07-23 12:29:42 +08:00
233
|
4
Tink 2018-07-23 12:42:42 +08:00 via iPhone
yunjiasu 是百度的吗
|
6
yexm0 2018-07-23 13:58:31 +08:00 via iPhone
进去黑名单后再想出来那是几乎不可能了,让百度换域名吧
|
7
vibbow 2018-07-23 14:09:34 +08:00
目测是污染的 8888
用 he 的 2001:470:20::2 解析没污染 |
8
vibbow 2018-07-23 14:12:05 +08:00
国外用 ipv6 的 8888 解析也没污染
|
9
swchzq OP @vibbow
我这是教育网的 v6, 国外的 DNS 服务器都不行, 你是什么运营商的 IPv6 线路? ``` $ dig AAAA @2001:503:d2d::30 n307.ns.yunjiasu.com ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:503:d2d::30 n307.ns.yunjiasu.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22602 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;n307.ns.yunjiasu.com. IN AAAA ;; ANSWER SECTION: n307.ns.yunjiasu.com. 892 IN AAAA 2001::212 ;; Query time: 2 msec ;; SERVER: 2001:503:d2d::30#53(2001:503:d2d::30) ;; WHEN: Mon Jul 23 03:54:39 EDT 2018 ;; MSG SIZE rcvd: 66 ``` ``` $ dig AAAA @2001:470:20::2 n307.ns.yunjiasu.com ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:470:20::2 n307.ns.yunjiasu.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5381 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;n307.ns.yunjiasu.com. IN AAAA ;; ANSWER SECTION: n307.ns.yunjiasu.com. 892 IN AAAA 101::1234 ;; Query time: 2 msec ;; SERVER: 2001:470:20::2#53(2001:470:20::2) ;; WHEN: Mon Jul 23 03:55:23 EDT 2018 ;; MSG SIZE rcvd: 66 ``` |
11
ermao 2018-07-23 19:13:21 +08:00
我还以为我的 NS 怎么了。。。原来是 DNS
|
12
mchtech 2018-07-23 21:49:54 +08:00
我这里和朋友那,用国外任意一个 IPv6 地址做 DNS 走 UDP 解析某些域名都有问题:
ss0.baidu.com ss0.bdstatic.com *.360safe.com 0.pool.ntp.org t0.tiles.ditu.live.com 等等,一些 akamai 的 cdn 也有问题 |
13
mchtech 2018-07-24 10:48:43 +08:00
域名中含“ 0 ”的都有问题
|
14
pythonee 2018-08-06 18:08:04 +08:00
请教下,作为小白的我,怎么看出来是被污染了?
|