奇怪的 DNS 应答规律(是否和 DNSSEC 有点关系?)

2022-03-27 12:26:06 +08:00
 garywill

最近发现 B 站有时无法用 Firefox 打开,过几分钟又可以,然后又不行。的确网上有 B 站服务器崩的消息

以上是背景,以下本帖正文开始:

尝试 dig 其 DNS www.bilibili.com,发现一些不理解的现象

Wireshark 抓包结果摘要:

25	7.346083883	192.168.3.19	192.168.3.1	DNS	101	Standard query 0xd6cf A www.bilibili.com OPT

26	7.354332337	192.168.3.1	192.168.3.19	DNS	185	Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60



38	14.266273690	192.168.3.19	192.168.3.1	DNS	101	Standard query 0xbeed A www.bilibili.com OPT

39	14.267774911	192.168.3.1	192.168.3.19	DNS	117	Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37



44	15.994234720	192.168.3.19	192.168.3.1	DNS	101	Standard query 0x0fd2 A www.bilibili.com OPT
45	15.995820491	192.168.3.1	192.168.3.19	DNS	117	Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37

dig 的输出:

值得注意的是malformed message packet警告,和CLASS4096 + 有点像 base64 的奇怪字符串

(仅在 这里 找到一个 DNSSEC 文档有提到CLASS4096

================= $ dig www.bilibili.com

; <<>> DiG 9.16.6 <<>> www.bilibili.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54991
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.bilibili.com.		IN	A

;; ANSWER SECTION:
www.bilibili.com.	159	IN	CNAME	g.w.bilicdn1.com.
g.w.bilicdn1.com.	10	IN	A	139.159.241.37
g.w.bilicdn1.com.	10	IN	A	8.134.50.24
g.w.bilicdn1.com.	10	IN	A	8.134.32.222
g.w.bilicdn1.com.	10	IN	A	8.134.64.214
g.w.bilicdn1.com.	10	IN	A	139.159.246.60

;; Query time: 8 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: 日 3 月 27 11:48:25 CST 2022
;; MSG SIZE  rcvd: 141

================= $ dig www.bilibili.com
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.16.6 <<>> www.bilibili.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48877
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.bilibili.com.		IN	A

;; ANSWER SECTION:
.			0	CLASS4096 OPT	10 8 wCc4o9F+e3A=

;; ADDITIONAL SECTION:
www.bilibili.com.	3	IN	A	139.159.241.37

;; Query time: 4 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: 日 3 月 27 11:48:31 CST 2022
;; MSG SIZE  rcvd: 73

================= $ dig www.bilibili.com
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.16.6 <<>> www.bilibili.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4050
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.bilibili.com.		IN	A

;; ANSWER SECTION:
.			0	CLASS4096 OPT	10 8 1cTrUUA0aJo=

;; ADDITIONAL SECTION:
www.bilibili.com.	1	IN	A	139.159.241.37

;; Query time: 4 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: 日 3 月 27 11:48:33 CST 2022
;; MSG SIZE  rcvd: 73

完整的 wireshark 抓包解析:

No.     Time           Source                Destination           Protocol Length Info
     25 7.346083883    192.168.3.19          192.168.3.1           DNS      101    Standard query 0xd6cf A www.bilibili.com OPT

Frame 25: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
User Datagram Protocol, Src Port: 38606, Dst Port: 53
Domain Name System (query)
    Transaction ID: 0xd6cf
    Flags: 0x0120 Standard query
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.bilibili.com: type A, class IN
            Name: www.bilibili.com
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: COOKIE
                Option Code: COOKIE (10)
                Option Length: 8
                Option Data: e036ff0d0880aa5c
                Client Cookie: e036ff0d0880aa5c
                Server Cookie: <MISSING>
    [Response In: 26]
No.     Time           Source                Destination           Protocol Length Info
     26 7.354332337    192.168.3.1           192.168.3.19          DNS      185    Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60

Frame 26: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
User Datagram Protocol, Src Port: 53, Dst Port: 38606
Domain Name System (response)
    Transaction ID: 0xd6cf
    Flags: 0x8180 Standard query response, No error
    Questions: 1
    Answer RRs: 6
    Authority RRs: 0
    Additional RRs: 0
    Queries
        www.bilibili.com: type A, class IN
            Name: www.bilibili.com
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        www.bilibili.com: type CNAME, class IN, cname g.w.bilicdn1.com
            Name: www.bilibili.com
            Type: CNAME (Canonical NAME for an alias) (5)
            Class: IN (0x0001)
            Time to live: 159 (2 minutes, 39 seconds)
            Data length: 15
            CNAME: g.w.bilicdn1.com
        g.w.bilicdn1.com: type A, class IN, addr 139.159.241.37
            Name: g.w.bilicdn1.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 10 (10 seconds)
            Data length: 4
            Address: 139.159.241.37
        g.w.bilicdn1.com: type A, class IN, addr 8.134.50.24
            Name: g.w.bilicdn1.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 10 (10 seconds)
            Data length: 4
            Address: 8.134.50.24
        g.w.bilicdn1.com: type A, class IN, addr 8.134.32.222
            Name: g.w.bilicdn1.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 10 (10 seconds)
            Data length: 4
            Address: 8.134.32.222
        g.w.bilicdn1.com: type A, class IN, addr 8.134.64.214
            Name: g.w.bilicdn1.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 10 (10 seconds)
            Data length: 4
            Address: 8.134.64.214
        g.w.bilicdn1.com: type A, class IN, addr 139.159.246.60
            Name: g.w.bilicdn1.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 10 (10 seconds)
            Data length: 4
            Address: 139.159.246.60
    [Request In: 25]
    [Time: 0.008248454 seconds]
No.     Time           Source                Destination           Protocol Length Info
     38 14.266273690   192.168.3.19          192.168.3.1           DNS      101    Standard query 0xbeed A www.bilibili.com OPT

Frame 38: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
User Datagram Protocol, Src Port: 60191, Dst Port: 53
Domain Name System (query)
    Transaction ID: 0xbeed
    Flags: 0x0120 Standard query
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.bilibili.com: type A, class IN
            Name: www.bilibili.com
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: COOKIE
                Option Code: COOKIE (10)
                Option Length: 8
                Option Data: c02738a3d17e7b70
                Client Cookie: c02738a3d17e7b70
                Server Cookie: <MISSING>
    [Response In: 39]
No.     Time           Source                Destination           Protocol Length Info
     39 14.267774911   192.168.3.1           192.168.3.19          DNS      117    Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37

Frame 39: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
User Datagram Protocol, Src Port: 53, Dst Port: 60191
Domain Name System (response)
    Transaction ID: 0xbeed
    Flags: 0x8000 Standard query response, No error
    Questions: 1
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.bilibili.com: type A, class IN
            Name: www.bilibili.com
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: COOKIE
                Option Code: COOKIE (10)
                Option Length: 8
                Option Data: c02738a3d17e7b70
                Client Cookie: c02738a3d17e7b70
                Server Cookie: <MISSING>
    Additional records
        www.bilibili.com: type A, class IN, addr 139.159.241.37
            Name: www.bilibili.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 3 (3 seconds)
            Data length: 4
            Address: 139.159.241.37
    [Request In: 38]
    [Time: 0.001501221 seconds]
No.     Time           Source                Destination           Protocol Length Info
     44 15.994234720   192.168.3.19          192.168.3.1           DNS      101    Standard query 0x0fd2 A www.bilibili.com OPT

Frame 44: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
User Datagram Protocol, Src Port: 43953, Dst Port: 53
Domain Name System (query)
    Transaction ID: 0x0fd2
    Flags: 0x0120 Standard query
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.bilibili.com: type A, class IN
            Name: www.bilibili.com
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: COOKIE
                Option Code: COOKIE (10)
                Option Length: 8
                Option Data: d5c4eb514034689a
                Client Cookie: d5c4eb514034689a
                Server Cookie: <MISSING>
    [Response In: 45]
No.     Time           Source                Destination           Protocol Length Info
     45 15.995820491   192.168.3.1           192.168.3.19          DNS      117    Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37

Frame 45: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
User Datagram Protocol, Src Port: 53, Dst Port: 43953
Domain Name System (response)
    Transaction ID: 0x0fd2
    Flags: 0x8000 Standard query response, No error
    Questions: 1
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.bilibili.com: type A, class IN
            Name: www.bilibili.com
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: COOKIE
                Option Code: COOKIE (10)
                Option Length: 8
                Option Data: d5c4eb514034689a
                Client Cookie: d5c4eb514034689a
                Server Cookie: <MISSING>
    Additional records
        www.bilibili.com: type A, class IN, addr 139.159.241.37
            Name: www.bilibili.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 1 (1 second)
            Data length: 4
            Address: 139.159.241.37
    [Request In: 44]
    [Time: 0.001585771 seconds]

1717 次点击
所在节点    程序员
1 条回复
miyuki
2022-03-27 12:31:38 +08:00
说起来我的网站前不久换了 ns 服务商,忘记去 dnspod 更改 dnssec 信息,之后偶尔居然能间歇性打开自己的网站,10 次大概能成功 2-3 次,很神奇

路由器是 openclash fakeip 模式

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/843152

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX