云加速你们的 NS 记录被污染了

2018-07-23 10:57:17 +08:00
 swchzq

今天发现我校 DNS 递归服务器出现大量解析异常, 分析发现是从 v6 解析时 NS 记录被污染了

从国际线路解析出现了污染

$ dig AAAA @2001:4860:4860::8888 n3390.ns.yunjiasu.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:4860:4860::8888 n3390.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56553
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;n3390.ns.yunjiasu.com.         IN      AAAA

;; ANSWER SECTION:
n3390.ns.yunjiasu.com.  892     IN      AAAA    2001::212

;; Query time: 2 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jul 22 22:47:43 EDT 2018
;; MSG SIZE  rcvd: 67

$ dig AAAA @2001:4860:4860::8888 n307.ns.yunjiasu.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:4860:4860::8888 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;n307.ns.yunjiasu.com.          IN      AAAA

;; ANSWER SECTION:
n307.ns.yunjiasu.com.   892     IN      AAAA    101::1234

;; Query time: 2 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jul 22 22:51:03 EDT 2018
;; MSG SIZE  rcvd: 66

从国内解析没有问题

$ dig AAAA @240c::6666 n307.ns.yunjiasu.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @240c::6666 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;n307.ns.yunjiasu.com.          IN      AAAA

;; ANSWER SECTION:
n307.ns.yunjiasu.com.   299     IN      AAAA    2400:cb00:2049:1::a29f:1c6e

;; Query time: 1 msec
;; SERVER: 240c::6666#53(240c::6666)
;; WHEN: Sun Jul 22 22:54:16 EDT 2018
;; MSG SIZE  rcvd: 77
4806 次点击
所在节点    全球工单系统
14 条回复
yidinghe
2018-07-23 11:14:43 +08:00
GFW 伤到友军了么
wdjwxh
2018-07-23 11:15:00 +08:00
UP,似乎腾讯云 DNS 也中招了
jejer
2018-07-23 12:29:42 +08:00
233
Tink
2018-07-23 12:42:42 +08:00
yunjiasu 是百度的吗
burtbai
2018-07-23 13:26:11 +08:00
@wdjwxh 好像是的
yexm0
2018-07-23 13:58:31 +08:00
进去黑名单后再想出来那是几乎不可能了,让百度换域名吧
vibbow
2018-07-23 14:09:34 +08:00
目测是污染的 8888

用 he 的 2001:470:20::2 解析没污染
vibbow
2018-07-23 14:12:05 +08:00
国外用 ipv6 的 8888 解析也没污染
swchzq
2018-07-23 15:56:10 +08:00
@vibbow
我这是教育网的 v6, 国外的 DNS 服务器都不行, 你是什么运营商的 IPv6 线路?
```
$ dig AAAA @2001:503:d2d::30 n307.ns.yunjiasu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:503:d2d::30 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22602
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;n307.ns.yunjiasu.com. IN AAAA

;; ANSWER SECTION:
n307.ns.yunjiasu.com. 892 IN AAAA 2001::212

;; Query time: 2 msec
;; SERVER: 2001:503:d2d::30#53(2001:503:d2d::30)
;; WHEN: Mon Jul 23 03:54:39 EDT 2018
;; MSG SIZE rcvd: 66
```

```
$ dig AAAA @2001:470:20::2 n307.ns.yunjiasu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> AAAA @2001:470:20::2 n307.ns.yunjiasu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;n307.ns.yunjiasu.com. IN AAAA

;; ANSWER SECTION:
n307.ns.yunjiasu.com. 892 IN AAAA 101::1234

;; Query time: 2 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Mon Jul 23 03:55:23 EDT 2018
;; MSG SIZE rcvd: 66
```
vibbow
2018-07-23 16:02:23 +08:00
@swchzq 我是走的 tunnelbroker
8888 的确是劫持了
he 的没劫持
ermao
2018-07-23 19:13:21 +08:00
我还以为我的 NS 怎么了。。。原来是 DNS
mchtech
2018-07-23 21:49:54 +08:00
我这里和朋友那,用国外任意一个 IPv6 地址做 DNS 走 UDP 解析某些域名都有问题:
ss0.baidu.com
ss0.bdstatic.com
*.360safe.com
0.pool.ntp.org
t0.tiles.ditu.live.com
等等,一些 akamai 的 cdn 也有问题
mchtech
2018-07-24 10:48:43 +08:00
域名中含“ 0 ”的都有问题
pythonee
2018-08-06 18:08:04 +08:00
请教下,作为小白的我,怎么看出来是被污染了?

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/473234

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX