腾讯 Public DNS 部分域名无法解析？

UDP

$ dig fonts.gstatic.com @119.29.29.29

; <<>> DiG 9.11.2 <<>> fonts.gstatic.com @119.29.29.29
;; global options: +cmd
;; connection timed out; no servers could be reached

TCP

$ dig fonts.gstatic.com @119.29.29.29 +tcp
;; Connection to 119.29.29.29#53(119.29.29.29) for fonts.gstatic.com failed: connection refused.

httpdns 能正常解析

curl 119.29.29.29/d?dn=fonts.gstatic.com
203.208.39.255;203.208.39.247;203.208.39.239;203.208.39.255;203.208.39.248;203.208.39.247;203.208.39.239;203.208.39.248

另外 119.28.28.28 182.254.116.116 182.254.118.118 也是相同的结果
1.2.4.8 就可以正常解析所以应该不是 ISP 的劫持？

$ dig fonts.gstatic.com @1.2.4.8

; <<>> DiG 9.11.2 <<>> fonts.gstatic.com @1.2.4.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7572
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fonts.gstatic.com.		IN	A

;; ANSWER SECTION:
fonts.gstatic.com.	48	IN	CNAME	gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 2	IN	A	203.208.48.88
gstaticadssl.l.google.com. 2	IN	A	203.208.48.95
gstaticadssl.l.google.com. 2	IN	A	203.208.48.79
gstaticadssl.l.google.com. 2	IN	A	203.208.48.88
gstaticadssl.l.google.com. 122	IN	A	203.208.48.87
gstaticadssl.l.google.com. 122	IN	A	203.208.48.95
gstaticadssl.l.google.com. 122	IN	A	203.208.48.79
gstaticadssl.l.google.com. 122	IN	A	203.208.48.87

;; Query time: 15 msec
;; SERVER: 1.2.4.8#53(1.2.4.8)
;; WHEN: Thu Dec 28 23:15:21 CST 2017
;; MSG SIZE  rcvd: 210

网络是联通 @johnjiang85 给看一下？

iLiberty

2017-12-28 23:17:14 +08:00

额没召唤成功... @johnjiang85

skylancer

2017-12-29 02:13:20 +08:00

DNSPod 天天 SRVFAIL 我都懒得用

miaomiao888

2017-12-29 06:01:15 +08:00

很早就发现有这个问题同样是 fonts.gstatic.com 这个域名
得还是 114

lhx2008

2017-12-29 07:09:37 +08:00

dnspod 一直有奇怪的问题，无解

laoyuan

2017-12-29 07:32:40 +08:00

不用为妙

lniwn

2017-12-29 08:54:24 +08:00

遇到过好几次，解析不了 jianshu.com ，现在用阿里的了

yexm0

2017-12-29 09:04:12 +08:00

联通用阿里那个 dns 经常会给我解析到电信的 ip 上，弃了

HalloCQ

2017-12-29 09:16:24 +08:00

+nocookie

a86913179

2017-12-29 09:16:49 +08:00

首先，本身不支持 TCP，然后 UDP 不行，HTTP 正常，说明是运营商问题

HalloCQ

2017-12-29 09:17:59 +08:00

C:\Users\My>dig @119.29.29.29 jianshu.com +nocookie

; <<>> DiG 9.11.2 <<>> @119.29.29.29 jianshu.com +nocookie
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63650
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jianshu.com. IN A

;; ANSWER SECTION:
jianshu.com. 600 IN A 106.75.17.181

;; Query time: 185 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: Fri Dec 29 09:16:47 ?D1ú±ê×?ê±?? 2017
;; MSG SIZE rcvd: 56

C:\Users\My>dig @119.29.29.29 fonts.gstatic.com +nocookie

; <<>> DiG 9.11.2 <<>> @119.29.29.29 fonts.gstatic.com +nocookie
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49536
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fonts.gstatic.com. IN A

;; ANSWER SECTION:
fonts.gstatic.com. 281 IN CNAME gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 161 IN A 203.208.39.215
gstaticadssl.l.google.com. 161 IN A 203.208.39.207
gstaticadssl.l.google.com. 161 IN A 203.208.39.223
gstaticadssl.l.google.com. 161 IN A 203.208.39.216

;; Query time: 95 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: Fri Dec 29 09:17:41 ?D1ú±ê×?ê±?? 2017
;; MSG SIZE rcvd: 146
@lniwn
@miaomiao888

lniwn

2017-12-29 09:35:47 +08:00

@HalloCQ 我只是说遇到过，并且还不止一次，但是现在能否解析就不知道了。

johnjiang85

2017-12-29 11:07:36 +08:00

@iLiberty bind9.11 之后的版本默认开启了 cookie，DNSPod 的公共 DNS 和权威 DNS 都还没有支持 cookie，需要显示指定+nocookie 或使用 9.10 版本，之前已经转给相关开发同事了，会慢慢灰度，权威已经少量灰度。

johnjiang85

2017-12-29 11:11:32 +08:00

@skylancer
@miaomiao888
@lhx2008
@laoyuan
@lniwn
几个问题吧，1.今年 119.29.29.29 遇到的攻击特别多，就不说了，奇怪的是 114 竟然从最早到现在基本没遇到过攻击，个人可以先用 119.28.28.28 ，用户比较少，路由和 119.29.29.29 基本是一样的,节点完全一样。182.254.116.116,182.254.118.118 不推荐使用。

johnjiang85

2017-12-29 11:13:20 +08:00

再就是个别特殊域名在特定运营商可能有问题，这些大部分是递归到权威的线路和兼容性问题，后端节点太多，某些线路就可能被搞，或者权威对 ecs 的支持特别乱，自动判断是否支持 ecs 判断不出来，就得手工拉黑名单。都是需要人工验证操作的。具体就是需要提供域名、地区、运营商和截图了。

joejhy

2017-12-29 12:38:58 +08:00

我这边测试了一下是 OK 的，119.29.29.29 能够正常解析到域名 fonts.gstatic.com 。不过查了这个域名是 google 的，有些网络不能解析可能跟运营商的限制有关，毕竟 google 退出中国之后，有些域名还是受到限制的。请看下面：

linux$ dig fonts.gstatic.com @119.29.29.29

; <<>> DiG 9.10.3-P4-Ubuntu <<>> fonts.gstatic.com @119.29.29.29
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22116
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fonts.gstatic.com. IN A

;; ANSWER SECTION:
fonts.gstatic.com. 120 IN CNAME gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 18 IN A 203.208.51.87
gstaticadssl.l.google.com. 18 IN A 203.208.51.79
gstaticadssl.l.google.com. 18 IN A 203.208.51.88
gstaticadssl.l.google.com. 18 IN A 203.208.51.95

;; Query time: 8 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: Fri Dec 29 09:52:29 DST 2017
;; MSG SIZE rcvd: 146
----------------------------------------------------------------------------------------------------
linux/$ dig fonts.gstatic.com @119.28.28.28

; <<>> DiG 9.10.3-P4-Ubuntu <<>> fonts.gstatic.com @119.28.28.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49460
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fonts.gstatic.com. IN A

;; ANSWER SECTION:
fonts.gstatic.com. 123 IN CNAME gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 123 IN A 216.58.220.195

;; Query time: 9 msec
;; SERVER: 119.28.28.28#53(119.28.28.28)
;; WHEN: Fri Dec 29 11:38:40 DST 2017
;; MSG SIZE rcvd: 98
---------------------------------------------------------------------------------------------
linux:/$ dig fonts.gstatic.com @182.254.116.116

; <<>> DiG 9.10.3-P4-Ubuntu <<>> fonts.gstatic.com @182.254.116.116
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41104
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fonts.gstatic.com. IN A

;; ANSWER SECTION:
fonts.gstatic.com. 104 IN CNAME gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 16 IN A 203.208.43.127
gstaticadssl.l.google.com. 16 IN A 203.208.43.111
gstaticadssl.l.google.com. 16 IN A 203.208.43.119
gstaticadssl.l.google.com. 16 IN A 203.208.43.120

;; Query time: 10 msec
;; SERVER: 182.254.116.116#53(182.254.116.116)
;; WHEN: Fri Dec 29 11:50:35 DST 2017
;; MSG SIZE rcvd: 146
-----------------------------------------------------------------------------------------------------
linux@DESKTOP-F7RK6L5:/$ dig fonts.gstatic.com @182.254.118.118

; <<>> DiG 9.10.3-P4-Ubuntu <<>> fonts.gstatic.com @182.254.118.118
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17342
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fonts.gstatic.com. IN A

;; ANSWER SECTION:
fonts.gstatic.com. 256 IN CNAME gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 256 IN A 203.208.43.79
gstaticadssl.l.google.com. 256 IN A 203.208.43.87
gstaticadssl.l.google.com. 256 IN A 203.208.43.95
gstaticadssl.l.google.com. 256 IN A 203.208.43.88
gstaticadssl.l.google.com. 136 IN A 203.208.43.79
gstaticadssl.l.google.com. 136 IN A 203.208.43.88
gstaticadssl.l.google.com. 136 IN A 203.208.43.87
gstaticadssl.l.google.com. 136 IN A 203.208.43.95

;; Query time: 34 msec
;; SERVER: 182.254.118.118#53(182.254.118.118)
;; WHEN: Fri Dec 29 11:51:09 DST 2017
;; MSG SIZE rcvd: 210

楼主可以看我的以上分析。