钉钉在 ipv6 环境下出现访问问题, h5.dingtalk.com 解析错误。

2023-02-16 11:01:29 +08:00
 xaviertoo

钉钉在 ipv6 环境下出现访问问题。多个页面依赖 h5.dingtalk.com ,如“工作台”页等。域名解析到 2401:b180:2000:60::f 并不能正确返回。 阿里同学 toB 环境多考虑 ipv6 的使用场景。

1269 次点击
所在节点    全球工单系统
1 条回复
zealot
2023-03-16 14:04:27 +08:00
方便的话可以发一下 curl 命令输出结果,我这边实测是可以的
(绑 IPv6 host 验证 OK:2401:b180:2000:60::f h5.dingtalk.com

``` $ curl -6 -v https://h5.dingtalk.com/status.taobao
* Trying [2401:b180:2000:60::f]:443...
* Connected to h5.dingtalk.com (2401:b180:2000:60::f) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com
* start date: Apr 12 01:56:07 2022 GMT
* expire date: May 14 01:56:06 2023 GMT
* subjectAltName: host "h5.dingtalk.com" matched cert's "*.dingtalk.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /status.taobao]
* h2h3 [:scheme: https]
* h2h3 [:authority: h5.dingtalk.com]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x14e813400)
> GET /status.taobao HTTP/2
> Host: h5.dingtalk.com
> user-agent: curl/7.86.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< server: Tengine
< date: Thu, 16 Mar 2023 06:02:49 GMT
< content-length: 0
< accept-ranges: bytes
< etag: W/"0-1678781644000"
< last-modified: Tue, 14 Mar 2023 08:14:04 GMT
< cache-control: no-cache
< content-security-policy-report-only: default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com dev.g.alicdn.com g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com tce.taobao.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com gm.mmstat.com ynuf.aliapp.org wss://acs.wapa.taobao.com wss://acs.m.taobao.com aliliving.alicdn.com wgo.mmstat.com dtliving.alicdn.com hd.mmstat.com uc.gre alilive.alicdn.com *.mobgslb.tbcache.com *.mmstat.com px.effirst.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: ynuf.aliapp.org cn-hangzhou-dap.cloud.alipay.com cn-hangzhou-cap.cloud.alipay.com auth.cloud.alipay.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: http: fourier.taobao.com *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com landray.dingtalkapps.com restapi.amap.com image.uczzd.cn;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com dev.g.alicdn.com g.alicdn.com tbm-auth.alicdn.com alilive.alicdn.com aliliving.alicdn.com blob:;worker-src 'self' blob:;report-uri https://csp.dingtalk.com/csp;
```

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/916572

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX