V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
garywill
V2EX  ›  程序员

奇怪的 DNS 应答规律(是否和 DNSSEC 有点关系?)

  •  
  •   garywill ·
    garywill · 2022-03-27 12:26:06 +08:00 · 1685 次点击
    这是一个创建于 973 天前的主题,其中的信息可能已经有所发展或是发生改变。

    最近发现 B 站有时无法用 Firefox 打开,过几分钟又可以,然后又不行。的确网上有 B 站服务器崩的消息

    以上是背景,以下本帖正文开始:

    尝试 dig 其 DNS www.bilibili.com,发现一些不理解的现象

    • 第一次 query 返回正常结果,有几个 IP 。
    • 接下来的两分钟内,返回的都是“奇怪”结果(我的 ISP 是有 DNS 抢答的,随便使用一个不存在的 DNS 都有应答,不知道是否有关):
      • 仅有一个 IP ,
      • 并且带损坏警告(dig 的结果),和Cannot handle DNSSEC security RRs
      • 那一个 IP 是被 wiresharks 显示在 additional record 里

    Wireshark 抓包结果摘要:

    25	7.346083883	192.168.3.19	192.168.3.1	DNS	101	Standard query 0xd6cf A www.bilibili.com OPT
    
    26	7.354332337	192.168.3.1	192.168.3.19	DNS	185	Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60
    
    
    
    38	14.266273690	192.168.3.19	192.168.3.1	DNS	101	Standard query 0xbeed A www.bilibili.com OPT
    
    39	14.267774911	192.168.3.1	192.168.3.19	DNS	117	Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37
    
    
    
    44	15.994234720	192.168.3.19	192.168.3.1	DNS	101	Standard query 0x0fd2 A www.bilibili.com OPT
    45	15.995820491	192.168.3.1	192.168.3.19	DNS	117	Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37
    

    dig 的输出:

    值得注意的是malformed message packet警告,和CLASS4096 + 有点像 base64 的奇怪字符串

    (仅在 这里 找到一个 DNSSEC 文档有提到CLASS4096

    ================= $ dig www.bilibili.com
    
    ; <<>> DiG 9.16.6 <<>> www.bilibili.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54991
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.bilibili.com.		IN	A
    
    ;; ANSWER SECTION:
    www.bilibili.com.	159	IN	CNAME	g.w.bilicdn1.com.
    g.w.bilicdn1.com.	10	IN	A	139.159.241.37
    g.w.bilicdn1.com.	10	IN	A	8.134.50.24
    g.w.bilicdn1.com.	10	IN	A	8.134.32.222
    g.w.bilicdn1.com.	10	IN	A	8.134.64.214
    g.w.bilicdn1.com.	10	IN	A	139.159.246.60
    
    ;; Query time: 8 msec
    ;; SERVER: 192.168.3.1#53(192.168.3.1)
    ;; WHEN: 日 3 月 27 11:48:25 CST 2022
    ;; MSG SIZE  rcvd: 141
    
    ================= $ dig www.bilibili.com
    ;; Warning: Message parser reports malformed message packet.
    
    ; <<>> DiG 9.16.6 <<>> www.bilibili.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48877
    ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;www.bilibili.com.		IN	A
    
    ;; ANSWER SECTION:
    .			0	CLASS4096 OPT	10 8 wCc4o9F+e3A=
    
    ;; ADDITIONAL SECTION:
    www.bilibili.com.	3	IN	A	139.159.241.37
    
    ;; Query time: 4 msec
    ;; SERVER: 192.168.3.1#53(192.168.3.1)
    ;; WHEN: 日 3 月 27 11:48:31 CST 2022
    ;; MSG SIZE  rcvd: 73
    
    ================= $ dig www.bilibili.com
    ;; Warning: Message parser reports malformed message packet.
    
    ; <<>> DiG 9.16.6 <<>> www.bilibili.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4050
    ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;www.bilibili.com.		IN	A
    
    ;; ANSWER SECTION:
    .			0	CLASS4096 OPT	10 8 1cTrUUA0aJo=
    
    ;; ADDITIONAL SECTION:
    www.bilibili.com.	1	IN	A	139.159.241.37
    
    ;; Query time: 4 msec
    ;; SERVER: 192.168.3.1#53(192.168.3.1)
    ;; WHEN: 日 3 月 27 11:48:33 CST 2022
    ;; MSG SIZE  rcvd: 73
    

    完整的 wireshark 抓包解析:

    No.     Time           Source                Destination           Protocol Length Info
         25 7.346083883    192.168.3.19          192.168.3.1           DNS      101    Standard query 0xd6cf A www.bilibili.com OPT
    
    Frame 25: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
    Linux cooked capture v1
    Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
    User Datagram Protocol, Src Port: 38606, Dst Port: 53
    Domain Name System (query)
        Transaction ID: 0xd6cf
        Flags: 0x0120 Standard query
        Questions: 1
        Answer RRs: 0
        Authority RRs: 0
        Additional RRs: 1
        Queries
            www.bilibili.com: type A, class IN
                Name: www.bilibili.com
                [Name Length: 16]
                [Label Count: 3]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Additional records
            <Root>: type OPT
                Name: <Root>
                Type: OPT (41)
                UDP payload size: 4096
                Higher bits in extended RCODE: 0x00
                EDNS0 version: 0
                Z: 0x0000
                    0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                    .000 0000 0000 0000 = Reserved: 0x0000
                Data length: 12
                Option: COOKIE
                    Option Code: COOKIE (10)
                    Option Length: 8
                    Option Data: e036ff0d0880aa5c
                    Client Cookie: e036ff0d0880aa5c
                    Server Cookie: <MISSING>
        [Response In: 26]
    
    No.     Time           Source                Destination           Protocol Length Info
         26 7.354332337    192.168.3.1           192.168.3.19          DNS      185    Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60
    
    Frame 26: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits) on interface any, id 0
    Linux cooked capture v1
    Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
    User Datagram Protocol, Src Port: 53, Dst Port: 38606
    Domain Name System (response)
        Transaction ID: 0xd6cf
        Flags: 0x8180 Standard query response, No error
        Questions: 1
        Answer RRs: 6
        Authority RRs: 0
        Additional RRs: 0
        Queries
            www.bilibili.com: type A, class IN
                Name: www.bilibili.com
                [Name Length: 16]
                [Label Count: 3]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Answers
            www.bilibili.com: type CNAME, class IN, cname g.w.bilicdn1.com
                Name: www.bilibili.com
                Type: CNAME (Canonical NAME for an alias) (5)
                Class: IN (0x0001)
                Time to live: 159 (2 minutes, 39 seconds)
                Data length: 15
                CNAME: g.w.bilicdn1.com
            g.w.bilicdn1.com: type A, class IN, addr 139.159.241.37
                Name: g.w.bilicdn1.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 10 (10 seconds)
                Data length: 4
                Address: 139.159.241.37
            g.w.bilicdn1.com: type A, class IN, addr 8.134.50.24
                Name: g.w.bilicdn1.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 10 (10 seconds)
                Data length: 4
                Address: 8.134.50.24
            g.w.bilicdn1.com: type A, class IN, addr 8.134.32.222
                Name: g.w.bilicdn1.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 10 (10 seconds)
                Data length: 4
                Address: 8.134.32.222
            g.w.bilicdn1.com: type A, class IN, addr 8.134.64.214
                Name: g.w.bilicdn1.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 10 (10 seconds)
                Data length: 4
                Address: 8.134.64.214
            g.w.bilicdn1.com: type A, class IN, addr 139.159.246.60
                Name: g.w.bilicdn1.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 10 (10 seconds)
                Data length: 4
                Address: 139.159.246.60
        [Request In: 25]
        [Time: 0.008248454 seconds]
    
    No.     Time           Source                Destination           Protocol Length Info
         38 14.266273690   192.168.3.19          192.168.3.1           DNS      101    Standard query 0xbeed A www.bilibili.com OPT
    
    Frame 38: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
    Linux cooked capture v1
    Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
    User Datagram Protocol, Src Port: 60191, Dst Port: 53
    Domain Name System (query)
        Transaction ID: 0xbeed
        Flags: 0x0120 Standard query
        Questions: 1
        Answer RRs: 0
        Authority RRs: 0
        Additional RRs: 1
        Queries
            www.bilibili.com: type A, class IN
                Name: www.bilibili.com
                [Name Length: 16]
                [Label Count: 3]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Additional records
            <Root>: type OPT
                Name: <Root>
                Type: OPT (41)
                UDP payload size: 4096
                Higher bits in extended RCODE: 0x00
                EDNS0 version: 0
                Z: 0x0000
                    0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                    .000 0000 0000 0000 = Reserved: 0x0000
                Data length: 12
                Option: COOKIE
                    Option Code: COOKIE (10)
                    Option Length: 8
                    Option Data: c02738a3d17e7b70
                    Client Cookie: c02738a3d17e7b70
                    Server Cookie: <MISSING>
        [Response In: 39]
    
    No.     Time           Source                Destination           Protocol Length Info
         39 14.267774911   192.168.3.1           192.168.3.19          DNS      117    Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37
    
    Frame 39: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0
    Linux cooked capture v1
    Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
    User Datagram Protocol, Src Port: 53, Dst Port: 60191
    Domain Name System (response)
        Transaction ID: 0xbeed
        Flags: 0x8000 Standard query response, No error
        Questions: 1
        Answer RRs: 1
        Authority RRs: 0
        Additional RRs: 1
        Queries
            www.bilibili.com: type A, class IN
                Name: www.bilibili.com
                [Name Length: 16]
                [Label Count: 3]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Answers
            <Root>: type OPT
                Name: <Root>
                Type: OPT (41)
                UDP payload size: 4096
                Higher bits in extended RCODE: 0x00
                EDNS0 version: 0
                Z: 0x0000
                    0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                    .000 0000 0000 0000 = Reserved: 0x0000
                Data length: 12
                Option: COOKIE
                    Option Code: COOKIE (10)
                    Option Length: 8
                    Option Data: c02738a3d17e7b70
                    Client Cookie: c02738a3d17e7b70
                    Server Cookie: <MISSING>
        Additional records
            www.bilibili.com: type A, class IN, addr 139.159.241.37
                Name: www.bilibili.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 3 (3 seconds)
                Data length: 4
                Address: 139.159.241.37
        [Request In: 38]
        [Time: 0.001501221 seconds]
    
    No.     Time           Source                Destination           Protocol Length Info
         44 15.994234720   192.168.3.19          192.168.3.1           DNS      101    Standard query 0x0fd2 A www.bilibili.com OPT
    
    Frame 44: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0
    Linux cooked capture v1
    Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1
    User Datagram Protocol, Src Port: 43953, Dst Port: 53
    Domain Name System (query)
        Transaction ID: 0x0fd2
        Flags: 0x0120 Standard query
        Questions: 1
        Answer RRs: 0
        Authority RRs: 0
        Additional RRs: 1
        Queries
            www.bilibili.com: type A, class IN
                Name: www.bilibili.com
                [Name Length: 16]
                [Label Count: 3]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Additional records
            <Root>: type OPT
                Name: <Root>
                Type: OPT (41)
                UDP payload size: 4096
                Higher bits in extended RCODE: 0x00
                EDNS0 version: 0
                Z: 0x0000
                    0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                    .000 0000 0000 0000 = Reserved: 0x0000
                Data length: 12
                Option: COOKIE
                    Option Code: COOKIE (10)
                    Option Length: 8
                    Option Data: d5c4eb514034689a
                    Client Cookie: d5c4eb514034689a
                    Server Cookie: <MISSING>
        [Response In: 45]
    
    No.     Time           Source                Destination           Protocol Length Info
         45 15.995820491   192.168.3.1           192.168.3.19          DNS      117    Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37
    
    Frame 45: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0
    Linux cooked capture v1
    Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19
    User Datagram Protocol, Src Port: 53, Dst Port: 43953
    Domain Name System (response)
        Transaction ID: 0x0fd2
        Flags: 0x8000 Standard query response, No error
        Questions: 1
        Answer RRs: 1
        Authority RRs: 0
        Additional RRs: 1
        Queries
            www.bilibili.com: type A, class IN
                Name: www.bilibili.com
                [Name Length: 16]
                [Label Count: 3]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Answers
            <Root>: type OPT
                Name: <Root>
                Type: OPT (41)
                UDP payload size: 4096
                Higher bits in extended RCODE: 0x00
                EDNS0 version: 0
                Z: 0x0000
                    0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                    .000 0000 0000 0000 = Reserved: 0x0000
                Data length: 12
                Option: COOKIE
                    Option Code: COOKIE (10)
                    Option Length: 8
                    Option Data: d5c4eb514034689a
                    Client Cookie: d5c4eb514034689a
                    Server Cookie: <MISSING>
        Additional records
            www.bilibili.com: type A, class IN, addr 139.159.241.37
                Name: www.bilibili.com
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 1 (1 second)
                Data length: 4
                Address: 139.159.241.37
        [Request In: 44]
        [Time: 0.001585771 seconds]
    
    
    1 条回复    2022-03-27 12:31:38 +08:00
    miyuki
        1
    miyuki  
       2022-03-27 12:31:38 +08:00 via iPhone
    说起来我的网站前不久换了 ns 服务商,忘记去 dnspod 更改 dnssec 信息,之后偶尔居然能间歇性打开自己的网站,10 次大概能成功 2-3 次,很神奇

    路由器是 openclash fakeip 模式
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   902 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 22:02 · PVG 06:02 · LAX 14:02 · JFK 17:02
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.