奇怪的 DNS 应答规律(是否和 DNSSEC 有点关系?)
garywill · garywill · 2022-03-27 12:26:06 +08:00 · 1681 次点击这是一个创建于 970 天前的主题,其中的信息可能已经有所发展或是发生改变。
最近发现 B 站有时无法用 Firefox 打开,过几分钟又可以,然后又不行。的确网上有 B 站服务器崩的消息
以上是背景,以下本帖正文开始:
尝试 dig 其 DNS www.bilibili.com,发现一些不理解的现象
- 第一次 query 返回正常结果,有几个 IP 。
-
接下来的两分钟内,返回的都是“奇怪”结果(我的 ISP 是有 DNS 抢答的,随便使用一个不存在的 DNS 都有应答,不知道是否有关):
- 仅有一个 IP ,
- 并且带损坏警告(dig 的结果),和
Cannot handle DNSSEC security RRs - 那一个 IP 是被 wiresharks 显示在 additional record 里
Wireshark 抓包结果摘要:
25 7.346083883 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xd6cf A www.bilibili.com OPT
26 7.354332337 192.168.3.1 192.168.3.19 DNS 185 Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60
38 14.266273690 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xbeed A www.bilibili.com OPT
39 14.267774911 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37
44 15.994234720 192.168.3.19 192.168.3.1 DNS 101 Standard query 0x0fd2 A www.bilibili.com OPT
45 15.995820491 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37
dig 的输出:
值得注意的是malformed message packet警告,和CLASS4096 + 有点像 base64 的奇怪字符串
(仅在 这里 找到一个 DNSSEC 文档有提到CLASS4096)
================= $ dig www.bilibili.com
; <<>> DiG 9.16.6 <<>> www.bilibili.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54991
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.bilibili.com. IN A
;; ANSWER SECTION:
www.bilibili.com. 159 IN CNAME g.w.bilicdn1.com.
g.w.bilicdn1.com. 10 IN A 139.159.241.37
g.w.bilicdn1.com. 10 IN A 8.134.50.24
g.w.bilicdn1.com. 10 IN A 8.134.32.222
g.w.bilicdn1.com. 10 IN A 8.134.64.214
g.w.bilicdn1.com. 10 IN A 139.159.246.60
;; Query time: 8 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: 日 3 月 27 11:48:25 CST 2022
;; MSG SIZE rcvd: 141
================= $ dig www.bilibili.com
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.16.6 <<>> www.bilibili.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48877
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.bilibili.com. IN A
;; ANSWER SECTION:
. 0 CLASS4096 OPT 10 8 wCc4o9F+e3A=
;; ADDITIONAL SECTION:
www.bilibili.com. 3 IN A 139.159.241.37
;; Query time: 4 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: 日 3 月 27 11:48:31 CST 2022
;; MSG SIZE rcvd: 73
================= $ dig www.bilibili.com
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.16.6 <<>> www.bilibili.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4050
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.bilibili.com. IN A
;; ANSWER SECTION:
. 0 CLASS4096 OPT 10 8 1cTrUUA0aJo=
;; ADDITIONAL SECTION:
www.bilibili.com. 1 IN A 139.159.241.37
;; Query time: 4 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: 日 3 月 27 11:48:33 CST 2022
;; MSG SIZE rcvd: 73
完整的 wireshark 抓包解析:
No. Time Source Destination Protocol Length Info
25 7.346083883 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xd6cf A www.bilibili.com OPT
Frame 25: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
User Datagram Protocol, Src Port: 38606, Dst Port: 53
Domain Name System (query)
Transaction ID: 0xd6cf
Flags: 0x0120 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.bilibili.com: type A, class IN
Name: www.bilibili.com
[Name Length: 16]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 8
Option Data: e036ff0d0880aa5c
Client Cookie: e036ff0d0880aa5c
Server Cookie: <MISSING>
[Response In: 26]
No. Time Source Destination Protocol Length Info
26 7.354332337 192.168.3.1 192.168.3.19 DNS 185 Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60
Frame 26: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
User Datagram Protocol, Src Port: 53, Dst Port: 38606
Domain Name System (response)
Transaction ID: 0xd6cf
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 6
Authority RRs: 0
Additional RRs: 0
Queries
www.bilibili.com: type A, class IN
Name: www.bilibili.com
[Name Length: 16]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
www.bilibili.com: type CNAME, class IN, cname g.w.bilicdn1.com
Name: www.bilibili.com
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 159 (2 minutes, 39 seconds)
Data length: 15
CNAME: g.w.bilicdn1.com
g.w.bilicdn1.com: type A, class IN, addr 139.159.241.37
Name: g.w.bilicdn1.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 10 (10 seconds)
Data length: 4
Address: 139.159.241.37
g.w.bilicdn1.com: type A, class IN, addr 8.134.50.24
Name: g.w.bilicdn1.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 10 (10 seconds)
Data length: 4
Address: 8.134.50.24
g.w.bilicdn1.com: type A, class IN, addr 8.134.32.222
Name: g.w.bilicdn1.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 10 (10 seconds)
Data length: 4
Address: 8.134.32.222
g.w.bilicdn1.com: type A, class IN, addr 8.134.64.214
Name: g.w.bilicdn1.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 10 (10 seconds)
Data length: 4
Address: 8.134.64.214
g.w.bilicdn1.com: type A, class IN, addr 139.159.246.60
Name: g.w.bilicdn1.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 10 (10 seconds)
Data length: 4
Address: 139.159.246.60
[Request In: 25]
[Time: 0.008248454 seconds]
No. Time Source Destination Protocol Length Info
38 14.266273690 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xbeed A www.bilibili.com OPT
Frame 38: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
User Datagram Protocol, Src Port: 60191, Dst Port: 53
Domain Name System (query)
Transaction ID: 0xbeed
Flags: 0x0120 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.bilibili.com: type A, class IN
Name: www.bilibili.com
[Name Length: 16]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 8
Option Data: c02738a3d17e7b70
Client Cookie: c02738a3d17e7b70
Server Cookie: <MISSING>
[Response In: 39]
No. Time Source Destination Protocol Length Info
39 14.267774911 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37
Frame 39: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
User Datagram Protocol, Src Port: 53, Dst Port: 60191
Domain Name System (response)
Transaction ID: 0xbeed
Flags: 0x8000 Standard query response, No error
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 1
Queries
www.bilibili.com: type A, class IN
Name: www.bilibili.com
[Name Length: 16]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 8
Option Data: c02738a3d17e7b70
Client Cookie: c02738a3d17e7b70
Server Cookie: <MISSING>
Additional records
www.bilibili.com: type A, class IN, addr 139.159.241.37
Name: www.bilibili.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 3 (3 seconds)
Data length: 4
Address: 139.159.241.37
[Request In: 38]
[Time: 0.001501221 seconds]
No. Time Source Destination Protocol Length Info
44 15.994234720 192.168.3.19 192.168.3.1 DNS 101 Standard query 0x0fd2 A www.bilibili.com OPT
Frame 44: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
User Datagram Protocol, Src Port: 43953, Dst Port: 53
Domain Name System (query)
Transaction ID: 0x0fd2
Flags: 0x0120 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.bilibili.com: type A, class IN
Name: www.bilibili.com
[Name Length: 16]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 8
Option Data: d5c4eb514034689a
Client Cookie: d5c4eb514034689a
Server Cookie: <MISSING>
[Response In: 45]
No. Time Source Destination Protocol Length Info
45 15.995820491 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37
Frame 45: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
User Datagram Protocol, Src Port: 53, Dst Port: 43953
Domain Name System (response)
Transaction ID: 0x0fd2
Flags: 0x8000 Standard query response, No error
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 1
Queries
www.bilibili.com: type A, class IN
Name: www.bilibili.com
[Name Length: 16]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 8
Option Data: d5c4eb514034689a
Client Cookie: d5c4eb514034689a
Server Cookie: <MISSING>
Additional records
www.bilibili.com: type A, class IN, addr 139.159.241.37
Name: www.bilibili.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 1 (1 second)
Data length: 4
Address: 139.159.241.37
[Request In: 44]
[Time: 0.001585771 seconds]
1 条回复 • 2022-03-27 12:31:38 +08:00
 |
1
miyuki 2022-03-27 12:31:38 +08:00 via iPhone
说起来我的网站前不久换了 ns 服务商,忘记去 dnspod 更改 dnssec 信息,之后偶尔居然能间歇性打开自己的网站,10 次大概能成功 2-3 次,很神奇
路由器是 openclash fakeip 模式 |
Select Language