Home Sign Up Sign In
工单节点使用指南
• 请用平和的语言准确描述你所遇到的问题
• 厂商的技术支持和你一样也是有喜怒哀乐的普通人类,尊重是相互的
• 如果是关于 V2EX 本身的问题反馈,请使用 反馈 节点
swchzq

云加速你们的 NS 记录被污染了

  •   
  •   swchzq · Jul 23, 2018 · 6080 views
    This topic created in 2883 days ago, the information mentioned may be changed or developed.

    今天发现我校 DNS 递归服务器出现大量解析异常, 分析发现是从 v6 解析时 NS 记录被污染了

    从国际线路解析出现了污染

    $ dig AAAA @2001:4860:4860::8888 n3390.ns.yunjiasu.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:4860:4860::8888 n3390.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56553
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;n3390.ns.yunjiasu.com.         IN      AAAA

;; ANSWER SECTION:
n3390.ns.yunjiasu.com.  892     IN      AAAA    2001::212

;; Query time: 2 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jul 22 22:47:43 EDT 2018
;; MSG SIZE  rcvd: 67

    $ dig AAAA @2001:4860:4860::8888 n307.ns.yunjiasu.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:4860:4860::8888 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;n307.ns.yunjiasu.com.          IN      AAAA

;; ANSWER SECTION:
n307.ns.yunjiasu.com.   892     IN      AAAA    101::1234

;; Query time: 2 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jul 22 22:51:03 EDT 2018
;; MSG SIZE  rcvd: 66

    从国内解析没有问题

    $ dig AAAA @240c::6666 n307.ns.yunjiasu.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @240c::6666 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;n307.ns.yunjiasu.com.          IN      AAAA

;; ANSWER SECTION:
n307.ns.yunjiasu.com.   299     IN      AAAA    2400:cb00:2049:1::a29f:1c6e

;; Query time: 1 msec
;; SERVER: 240c::6666#53(240c::6666)
;; WHEN: Sun Jul 22 22:54:16 EDT 2018
;; MSG SIZE  rcvd: 77
  • AAAA
  • query
  • answer
  • 9.9.4
    14 replies    2018-08-06 18:08:04 +08:00
    yidinghe
        1
    yidinghe  
       Jul 23, 2018
    GFW 伤到友军了么
    wdjwxh
        2
    wdjwxh  
       Jul 23, 2018
    UP,似乎腾讯云 DNS 也中招了
    jejer
        3
    jejer  
       Jul 23, 2018
    233
    Tink
        4
    Tink  
    PRO
       Jul 23, 2018 via iPhone
    yunjiasu 是百度的吗
    burtbai
        5
    burtbai  
       Jul 23, 2018
    @wdjwxh 好像是的
    yexm0
        6
    yexm0  
       Jul 23, 2018 via iPhone
    进去黑名单后再想出来那是几乎不可能了,让百度换域名吧
    vibbow
        7
    vibbow  
       Jul 23, 2018
    目测是污染的 8888

    用 he 的 2001:470:20::2 解析没污染
    vibbow
        8
    vibbow  
       Jul 23, 2018
    国外用 ipv6 的 8888 解析也没污染
    swchzq
        9
    swchzq  
    OP
       Jul 23, 2018
    @vibbow
    我这是教育网的 v6, 国外的 DNS 服务器都不行, 你是什么运营商的 IPv6 线路?
    ```
    $ dig AAAA @2001:503:d2d::30 n307.ns.yunjiasu.com

    ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:503:d2d::30 n307.ns.yunjiasu.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22602
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;n307.ns.yunjiasu.com. IN AAAA

    ;; ANSWER SECTION:
    n307.ns.yunjiasu.com. 892 IN AAAA 2001::212

    ;; Query time: 2 msec
    ;; SERVER: 2001:503:d2d::30#53(2001:503:d2d::30)
    ;; WHEN: Mon Jul 23 03:54:39 EDT 2018
    ;; MSG SIZE rcvd: 66
    ```

    ```
    $ dig AAAA @2001:470:20::2 n307.ns.yunjiasu.com

    ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:470:20::2 n307.ns.yunjiasu.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5381
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;n307.ns.yunjiasu.com. IN AAAA

    ;; ANSWER SECTION:
    n307.ns.yunjiasu.com. 892 IN AAAA 101::1234

    ;; Query time: 2 msec
    ;; SERVER: 2001:470:20::2#53(2001:470:20::2)
    ;; WHEN: Mon Jul 23 03:55:23 EDT 2018
    ;; MSG SIZE rcvd: 66
    ```
    vibbow
        10
    vibbow  
       Jul 23, 2018
    @swchzq 我是走的 tunnelbroker
    8888 的确是劫持了
    he 的没劫持
    ermao
        11
    ermao  
       Jul 23, 2018
    我还以为我的 NS 怎么了。。。原来是 DNS
    mchtech
        12
    mchtech  
       Jul 23, 2018
    我这里和朋友那,用国外任意一个 IPv6 地址做 DNS 走 UDP 解析某些域名都有问题:
    ss0.baidu.com
    ss0.bdstatic.com
    *.360safe.com
    0.pool.ntp.org
    t0.tiles.ditu.live.com
    等等,一些 akamai 的 cdn 也有问题
    mchtech
        13
    mchtech  
       Jul 24, 2018
    域名中含“ 0 ”的都有问题
    pythonee
        14
    pythonee  
       Aug 6, 2018
    请教下,作为小白的我,怎么看出来是被污染了?
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   2951 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 51ms · UTC 04:02 · PVG 12:02 · LAX 21:02 · JFK 00:02
    ♥ Do have faith in what you're doing.