2009年7月14日星期二
对境外dns查询的劫持
GFW对本地dns查询的劫持是总所周知的,随着对互联网管制的强化,GFW开始对境外dns查询也作劫持。
测试内容:使用不同dns对twitter进行查询
用广州电信dns:202.96.128.86
> www.twitter.com
Server: cache-a.guangzhou.gd.cn
Address: 202.96.128.86
Non-authoritative answer:
Name: www.twitter.com
Address: 203.161.230.171
几次查询都是这个结果,203.161.230.171归属地为香港,ping不可达,域名被劫持
用香港dns:203.198.23.208
Default Server: dns03.netvigator.com
Address: 203.198.23.208
> www.twitter.com
Server: dns03.netvigator.com
Address: 203.198.23.208
Name: www.twitter.com
Address: 202.181.7.85(australia)
> www.twitter.com
Server: dns03.netvigator.com
Address: 203.198.23.208
Name: www.twitter.com
Address: 211.94.66.147(北京联通)
> quit
每次查询结果不同,202.181.7.85(australia),211.94.66.147(北京联通),ping均不可达
用台湾hinet域名服务器: 168.95.192.1
> www.twitter.com
Server: hntp1.hinet.net
Address: 168.95.192.1
Name: twitter.com
Address: 128.121.146.100
Aliases: www.twitter.com
这个ip解析是正确的,说明目前还没有对所有的境外dns解析服务进行劫持
用ultravpn拨通后,作nslookup
> www.twitter.com
Server: ns368973.ovh.net
Address: 94.23.39.201
Non-authoritative answer:
Name: twitter.com
Address: 128.121.146.100
Aliases: www.twitter.com
> www.twitter.com
Server: ns368973.ovh.net
Address: 94.23.39.201
Non-authoritative answer:
Name: twitter.com
Address: 168.143.162.116
Aliases: www.twitter.com
两个解析结果均正确。
测试内容:使用不同dns对twitter进行查询
用广州电信dns:202.96.128.86
> www.twitter.com
Server: cache-a.guangzhou.gd.cn
Address: 202.96.128.86
Non-authoritative answer:
Name: www.twitter.com
Address: 203.161.230.171
几次查询都是这个结果,203.161.230.171归属地为香港,ping不可达,域名被劫持
用香港dns:203.198.23.208
Default Server: dns03.netvigator.com
Address: 203.198.23.208
> www.twitter.com
Server: dns03.netvigator.com
Address: 203.198.23.208
Name: www.twitter.com
Address: 202.181.7.85(australia)
> www.twitter.com
Server: dns03.netvigator.com
Address: 203.198.23.208
Name: www.twitter.com
Address: 211.94.66.147(北京联通)
> quit
每次查询结果不同,202.181.7.85(australia),211.94.66.147(北京联通),ping均不可达
用台湾hinet域名服务器: 168.95.192.1
> www.twitter.com
Server: hntp1.hinet.net
Address: 168.95.192.1
Name: twitter.com
Address: 128.121.146.100
Aliases: www.twitter.com
这个ip解析是正确的,说明目前还没有对所有的境外dns解析服务进行劫持
用ultravpn拨通后,作nslookup
> www.twitter.com
Server: ns368973.ovh.net
Address: 94.23.39.201
Non-authoritative answer:
Name: twitter.com
Address: 128.121.146.100
Aliases: www.twitter.com
> www.twitter.com
Server: ns368973.ovh.net
Address: 94.23.39.201
Non-authoritative answer:
Name: twitter.com
Address: 168.143.162.116
Aliases: www.twitter.com
两个解析结果均正确。
标签: dns query hijack
// 发贴者:放牛娃的春天 @ 七月 14, 2009 
订阅 博文 [Atom]