最基本的物质需求得到满足之后，唯一能够不断增加个人幸福感的事情就是帮助他人

美国尖端武器制造商洛克希德·马丁周六晚间表示挫败了一次大规模的顽强的网络攻击。据称攻击目标是公司雇员远程拜访公司计算机系统时用的RSA SecurID token。洛克希德·马丁未透露袭击的方式。

-- 发送自我的 iPad

位置:贝森路,成都市,中国

最近Google宣布将关闭一批API，被称为“春季大扫除”，其中包括了Translate API(12月1日彻底关闭)──无数开发者都在利用它打造丰富的翻译类第三方应用。Google对此的解释是说这些API给Google带来了巨大的经济负担，且存在大量的滥用行为。


-- 发送自我的 iPad

位置:贝森路,成都市,中国

未使用VPN
$ nslookup
> www.vpnvip.com
Server: 8.8.8.8              //Google域名服务器
Address: 8.8.8.8#53


Non-authoritative answer:
Name: www.vpnvip.com        
Address: 93.46.8.89               //未拨vpn，域名被劫持，返回伪造ip地址，注意劫持ip是固定的


使用VPN
$ nslookup
> www.vpnvip.com
Server: 202.134.93.120         //已拨vpn，香港电信运营商dns服务器
Address: 202.134.93.120#53


Non-authoritative answer:
www.vpnvip.com canonical name = vpnvip.com.
Name: vpnvip.com
Address: 96.44.184.190              //返回正确ip地址
> server 8.8.8.8                         //改为Google DNS服务器
Default server: 8.8.8.8
Address: 8.8.8.8#53
> www.vpnvip.com
Server: 8.8.8.8
Address: 8.8.8.8#53


Non-authoritative answer:
www.vpnvip.com canonical name = vpnvip.com.
Name: vpnvip.com
Address: 96.44.184.190              //仍返回正确IP地址


断开vpn
> www.vpnvip.com
Server: 8.8.8.8
Address: 8.8.8.8#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 54.76.135.1                        //域名被劫持，返回伪造ip地址
> server 208.67.222.222                   //修改DNS服务器为openDNS
Default server: 208.67.222.222
Address: 208.67.222.222#53
> www.vpnvip.com
Server: 208.67.222.222
Address: 208.67.222.222#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 188.5.4.96                           //域名被劫持，返回伪造ip地址


已拨vpn
> www.vpnvip.com
Server: 208.67.222.222
Address: 208.67.222.222#53


Non-authoritative answer:
www.vpnvip.com canonical name = vpnvip.com.
Name: vpnvip.com
Address: 96.44.184.190             //返回正确ip地址
> server 208.67.220.220
Default server: 208.67.220.220
Address: 208.67.220.220#53
> www.vpnvip.com
Server: 208.67.220.220
Address: 208.67.220.220#53


Non-authoritative answer:
www.vpnvip.com canonical name = vpnvip.com.
Name: vpnvip.com
Address: 96.44.184.190             //重新查询，稳定地返回正确ip地址
> server 8.8.4.4
Default server: 8.8.4.4
Address: 8.8.4.4#53
> www.vpnvip.com
Server: 8.8.4.4
Address: 8.8.4.4#53


Non-authoritative answer:
www.vpnvip.com canonical name = vpnvip.com.
Name: vpnvip.com
Address: 96.44.184.190              //更换DNS服务器， 重新查询，稳定地返回正确ip地址




断开vpn
> www.vpnvip.com
Server: 8.8.4.4
Address: 8.8.4.4#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 159.106.121.75            //dns被劫持，返回伪造ip地址
> www.vpnvip.com
Server: 8.8.4.4
Address: 8.8.4.4#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 197.4.4.12                     //dns被劫持，返回伪造ip地址
> www.vpnvip.com
Server: 8.8.4.4
Address: 8.8.4.4#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 188.5.4.96                     //dns被劫持，返回伪造ip地址
> www.vpnvip.com
Server: 8.8.4.4
Address: 8.8.4.4#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 189.163.17.5                  //dns被劫持，返回伪造ip地址
> server 202.96.128.86                //更换为广东电信dns服务器
Default server: 202.96.128.86
Address: 202.96.128.86#53
> www.vpnvip.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.vpnvip.com                  
Address: 23.89.5.60                    //dns缓存污染，返回伪造ip


拨vpn，
> www.vpnvip.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 23.89.5.60        //dns缓存污染，返回伪造ip，拨vpn无法阻止国内运营商的dns污染行为
> www.vipvpn.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
www.vipvpn.com canonical name = vipvpn.com.
Name: vipvpn.com
Address: 89.149.254.116   //dns缓存污染，返回伪造ip，拨vpn无法阻止国内运营商的dns污染行为
> www.vpnvip.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 23.89.5.60         //dns污染ip重复出现




> www.vpnvip.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 159.106.121.75       //dns污染ip重复出现


> www.vpnvip.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.vpnvip.com
Address: 93.46.8.89      //dns污染ip重复出现


对pptp.witopia.net进行查询，未拨vpn
$ nslookup
> pptp.witopia.net
Server: 8.8.8.8
Address: 8.8.8.8#53


Non-authoritative answer:
Name: pptp.witopia.net
Address: 93.46.8.89        //对不同域名的劫持ip一样，可以断定劫持ip都源于同一个ip库


拨 vpn
> pptp.witopia.net
Server: 8.8.8.8
Address: 8.8.8.8#53


Non-authoritative answer:
pptp.witopia.net canonical name = pptp.all.witopia.net.
Name: pptp.all.witopia.net
Address: 74.115.160.183
Name: pptp.all.witopia.net
Address: 74.115.160.213
Name: pptp.all.witopia.net
Address: 188.165.22.196
Name: pptp.all.witopia.net
Address: 209.222.3.7
Name: pptp.all.witopia.net
Address: 209.237.253.77
Name: pptp.all.witopia.net
Address: 213.229.66.58
Name: pptp.all.witopia.net
Address: 216.240.128.86
Name: pptp.all.witopia.net
Address: 27.50.91.229
Name: pptp.all.witopia.net
Address: 64.69.46.219
Name: pptp.all.witopia.net
Address: 64.120.5.133
Name: pptp.all.witopia.net
Address: 65.111.175.196
Name: pptp.all.witopia.net
Address: 69.50.200.242


dig查询www.vpnvip.com，未拨vpn
$ dig @8.8.8.8 www.vpnvip.com


; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.vpnvip.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60952
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:
;www.vpnvip.com. IN A


;; ANSWER SECTION:
www.vpnvip.com. 300 IN A 93.46.8.89


;; Query time: 520 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May 29 00:54:33 2011
;; MSG SIZE  rcvd: 48




拨vpn
$ dig @8.8.8.8 www.vpnvip.com


; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.vpnvip.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36599
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:
;www.vpnvip.com. IN A


;; ANSWER SECTION:
www.vpnvip.com. 3581 IN CNAME vpnvip.com.
vpnvip.com. 3581 IN A 96.44.184.190


;; Query time: 158 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May 29 00:54:53 2011
;; MSG SIZE  rcvd: 62


dig trace www.vpnvip.com，拨vpn，轨迹正常，结果正确。
$ dig @8.8.8.8 www.vpnvip.com +trace


; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.vpnvip.com +trace
; (1 server found)
;; global options: +cmd
. 64501 IN NS l.root-servers.net.
. 64501 IN NS b.root-servers.net.
. 64501 IN NS e.root-servers.net.
. 64501 IN NS a.root-servers.net.
. 64501 IN NS c.root-servers.net.
. 64501 IN NS f.root-servers.net.
. 64501 IN NS g.root-servers.net.
. 64501 IN NS m.root-servers.net.
. 64501 IN NS h.root-servers.net.
. 64501 IN NS d.root-servers.net.
. 64501 IN NS k.root-servers.net.
. 64501 IN NS i.root-servers.net.
. 64501 IN NS j.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 817 ms


com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
;; Received 492 bytes from 192.112.36.4#53(g.root-servers.net) in 820 ms


vpnvip.com. 172800 IN NS dns1.vpnvip.com.
vpnvip.com. 172800 IN NS dns2.vpnvip.com.
vpnvip.com. 172800 IN NS dns3.vpnvip.com.
;; Received 137 bytes from 192.43.172.30#53(i.gtld-servers.net) in 156 ms


www.vpnvip.com. 3600 IN CNAME vpnvip.com.
vpnvip.com. 3600 IN A 96.44.184.190
vpnvip.com. 3600 IN NS dns1.vpnvip.com.
vpnvip.com. 3600 IN NS dns3.vpnvip.com.
vpnvip.com. 3600 IN NS dns2.vpnvip.com.
;; Received 167 bytes from 96.44.184.190#53(dns2.vpnvip.com) in 1169 ms




dig trace www.vpnvip.com，未拨vpn，轨迹确实，结果不正确。
$ dig @8.8.8.8 www.vpnvip.com +trace


; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.vpnvip.com +trace
; (1 server found)
;; global options: +cmd
. 64069 IN NS l.root-servers.net.
. 64069 IN NS b.root-servers.net.
. 64069 IN NS e.root-servers.net.
. 64069 IN NS a.root-servers.net.
. 64069 IN NS c.root-servers.net.
. 64069 IN NS f.root-servers.net.
. 64069 IN NS g.root-servers.net.
. 64069 IN NS m.root-servers.net.
. 64069 IN NS h.root-servers.net.
. 64069 IN NS d.root-servers.net.
. 64069 IN NS k.root-servers.net.
. 64069 IN NS i.root-servers.net.
. 64069 IN NS j.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 704 ms


www.vpnvip.com. 300 IN A 46.82.174.68
;; Received 48 bytes from 192.58.128.30#53(j.root-servers.net) in 774 ms




总结：
1、用国内运营商DNS服务器，无论是否通过vpn，dns缓存都会被污染。
2、用Google DNS或OpenDNS，如果拨vpn，dns不被劫持；如果不拨vpn，dns被劫持。
3、污染ip和劫持ip相对固定，且可以确定来源于同一ip库。

标签： DNS Hijack

二、缓存污染攻击。
一般来说，一部连上了互联网的电脑都会使用互联网服务供应商(ISP)提供的域名服务器。这个服务器一般只会为供应商的客户来服务，通常都会储蓄起部份客户曾经请求过的域名的缓存。缓存污染攻击就是针对这一种服务器，以影响服务器的用户或下游服务。




三、防火长城的缓存污染攻击。

在中国，对于所有经过防火长城的在UDP的53端口上的域名查询进行IDS入侵检测，一经发现与黑名单关键词相匹配的域名查询请求，其会马上伪装成目标域名的解析服务器给查询者返回虚假结果。由于通常的域名查询查询没有任何认证机制，而且域名查询通常基于的UDP协议是无连接不可靠的协议，查询者只能接受最先到达的格式正确结果，并丢弃之后的结果。

对于不了解相关知识的网民来说也就是，由于系统默认使用的ISP提供的域名查询服务器查询国外的权威服务器时即被防火长城被污染，使其缓存受到污染，因而默认情况下查询ISP的服务器就会获得虚假IP地址；而用户直接查询境外域名查询服务器（比如 Google Public DNS）又可能会被防火长城污染，从而在没有任何防范机制的情况下仍然不能获得目标网站正确的IP地址。


四、DNS缓存污染之于DNS劫持，相对被动，DNS劫持更显主动。

$nslookup
> www.facebook.com
Server: 202.96.128.86           //广东电信DNS服务器
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.facebook.com
Address: 203.98.7.65                       //dns缓存污染
> server 8.8.8.8                                //Google DNS服务器
Default server: 8.8.8.8
Address: 8.8.8.8#53
> www.facebook.com
Server: 8.8.8.8
Address: 8.8.8.8#53


Non-authoritative answer:
Name: www.facebook.com
Address: 46.82.174.68                    //DNS劫持
个人认为DNS劫持和DNS缓存污染没有太明确的界限，DNS劫持概念更大一些，而DNS缓存污染只是DNS劫持的一种方式。

标签： DNS Cache Poisoning

一、DNS劫持的概念。
from wiki: DNS hijacking or DNS redirection is the practice of redirecting the resolution of Domain Name System (DNS) names to other DNS servers. This is done for malicious purposes such as phishing; for self-serving purposes by Internet service providers (ISPs) to direct users' HTTP traffic via the ISP's own webservers where advertisements are served, statistics can be collected, or other purposes of the ISP; and by DNS service providers to block access to selected domains as a form of censorship.
DNS劫持或DNS重定向是将对DNS的解析重定向到其他DNS服务器，字面意思即由非用户指定的DNS服务器实现DNS解析。这种技术用于如钓鱼的恶意应用，ISP也经常通过该技术打广告、进行统计信息收集等目的，而DNS服务商通过该技术进行特定域名的审查。


二、 DNS劫持的具体实现方法：
1、劫持用户的dns请求，返回给用户伪造的回复。如图。
三、DNS劫持和NXDOMAIN
NXDOMAIN表示Non-eXistent Domain，指不存在的域名。如果用户对不存在的域名进行查询，域名服务器应该通知用户该域名不存在。但是有些运营商DNS服务器的处理方式是返回给用户一个属于该运营商的不存在的ip地址，比如广东电信就是这样作的。如下：

$ nslookup
> www.abcfakeabc.com
Server: 202.96.128.86
Address: 202.96.128.86#53


Non-authoritative answer:
Name: www.abcfakeabc.com
Address: 61.140.3.66
> 
而经查，61.140.3.66是属于广州电信的ip地址。如果换作Google的DNS服务器，结果不一样。

$ nslookup
> www.abcfakeabc.com
Server: 8.8.8.8
Address: 8.8.8.8#53


** server can't find www.abcfakeabc.com: NXDOMAIN
会直接告诉用户这是不存在的域名。


浏览器的反应会更加冒犯或者令人不快。如果DNS服务器是202.96.128.86，在浏览器中输入www.abcfakeabc.com，返回页面如下：





"ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in existing gTLDs, ccTLDs and any other level in the DNS tree for registry-class domain names."

标签： DNS Hijack

Firefox扩展程序Firesheep，能监听和劫持WiFi热点或无保护网络中的未加密社交网站帐号，开发者的本意是提醒Facebook、Twitter等网站采取措施保护用户。现在，Zscaler研究人员推出了反制工具BlackSheep。BlackSheep也是一个Firefox扩展程序，它会监视网络流量，如果发现网络中有Firesheep的活动痕迹，它会警告用户。BlackSheep的工作过程是向网络中释放虚假的ID会话信息（cookies），然后观察它是否被劫持，它甚至能提供入侵者的IP数据。

标签： BlackSheep, Firesheep

使用Wi-Fi网络通常是不安全的，无论你在咖啡馆还是其他公共场合，都有可能导致自己的信息被泄漏出去。这不是什么新鲜事，但拜FireFox的新拓展功能Firesheep所赐，这变得越来越容易了。任何一个人通过Firesheep都可以很轻易地看到你正在上网、攫取你的在社交网站的登录信息，然后接管你的在线帐户。 


总得来说，Firesheep的插件程序会探寻一些大型网站，如Facebook、Twitter等——只对初始的登录页面进行加密，而非整个网站 ——并伺机插入其中，截获cookies认证信息，特别是当你使用Wi-Fi的时候。使用HTTPS协议或者SSL加密技术的站点不易受到影响，如Gmail和网上银行等。但是，目前流行的大量的网络服务，包括Facebook、Twitter、Windows Live,、WordPress、雅虎（Yahoo）、Evernote 和《纽约时报》（NY Times）等，都没有使用HTTPS和SSL技术。


Firesheep的开发者埃里克·巴特勒（Eric Butler）使这种攻击变得易如反掌。Firesheep在FireFox浏览器上增加了一个工具条，可以显示出任何正在连接某个不安全Wi-Fi网络的人的帐户。人们可使用这项功能自动地获得留在对方电脑上的cookies，只需要轻轻点击就可登录这个帐户，然后开始利用这个被“绑架”的帐户为所欲为，无论是模仿帐户主人以取乐，还是盗取其个人信息，甚至做其他更恶意的事情。这使得该功能刚刚被开发出来两天，就已经有超过20万的下载量了。 巴特勒说自己并非出于恶意才开发Firesheep的，自己的初衷是希望这个拓展功能可以迫使诸如Facebook、Twitter等的主流网站对此作出反应，积极采取措施保护其用户。他在自己的博客里写道：“网站对自己的用户是负有保护其信息安全的责任的，但是长久以来它们对此极为漠视……我希望 firesheep会帮助这些用户。” 


截图如下：

标签： Firesheep

参考：https://github.com/mxcl/homebrew/wiki/installation

Homebrew is the easiest and most flexible way to install the UNIX tools Apple didn't include with OS X.Homebrew是安装mac os x不具备的unix工具的一种最简单最灵活的方法。$ cd /usr/local 

标签： homebrew, Mac OS X

 

几个常用DNS server:

Google Public DNS:  8.8.8.8  8.8.4.4

Open DNS: 208.67.222.222  208.67.220.220

Guangdong Telecommunication DNS: 202.96.128.86

北京 网通 DNS: 202.106.195.68

 

指定dns服务器8.8.8.8查询www.qq.com

woodys-MacBook-Pro:~ woody$ dig @8.8.8.8 www.qq.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.qq.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5832

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.qq.com. IN A

;; ANSWER SECTION:

www.qq.com. 152 IN A 60.28.14.159（天津网通）

www.qq.com. 152 IN A 60.28.14.158

;; Query time: 74 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Wed Dec  9 12:28:30 2009

;; MSG SIZE  rcvd: 60

 

指定dns服务器8.8.4.4查询www.qq.com

woodys-MacBook-Pro:~ woody$ dig @8.8.4.4 www.qq.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.4.4 www.qq.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32276

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.qq.com. IN A

;; ANSWER SECTION:

www.qq.com. 42 IN A 60.28.14.159（天津网通）

www.qq.com. 42 IN A 60.28.14.158

;; Query time: 1629 msec

;; SERVER: 8.8.4.4#53(8.8.4.4)

;; WHEN: Wed Dec  9 12:50:52 2009

;; MSG SIZE  rcvd: 60

 

指定dns服务器208.67.222.222查询www.qq.com

woodys-MacBook-Pro:~ woody$ dig @208.67.222.222 www.qq.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @208.67.222.222 www.qq.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49872

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.qq.com. IN A

;; ANSWER SECTION:

www.qq.com. 256 IN A 60.28.14.159（天津网通）

www.qq.com. 256 IN A 60.28.14.158

;; Query time: 245 msec

;; SERVER: 208.67.222.222#53(208.67.222.222)

;; WHEN: Wed Dec  9 12:28:58 2009

;; MSG SIZE  rcvd: 60

 

指定dns服务器208.67.220.220查询www.qq.com

woodys-MacBook-Pro:~ woody$ dig @208.67.220.220 www.qq.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @208.67.220.220 www.qq.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41237

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.qq.com. IN A

;; ANSWER SECTION:

www.qq.com. 79 IN A 60.28.14.159（天津网通）

www.qq.com. 79 IN A 60.28.14.158

;; Query time: 230 msec

;; SERVER: 208.67.220.220#53(208.67.220.220)

;; WHEN: Wed Dec  9 12:30:04 2009

;; MSG SIZE  rcvd: 60

 

指定dns服务器202.96.128.86 查询www.qq.com

woodys-MacBook-Pro:~ woody$ dig @202.96.128.86 www.qq.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @202.96.128.86 www.qq.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21203

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.qq.com. IN A

;; ANSWER SECTION:

www.qq.com. 258 IN A 119.147.15.13（深圳电信）

www.qq.com. 258 IN A 119.147.15.17

www.qq.com. 258 IN A 119.147.74.18

;; Query time: 1588 msec

;; SERVER: 202.96.128.86#53(202.96.128.86)

;; WHEN: Wed Dec  9 12:53:07 2009

;; MSG SIZE  rcvd: 76

 

指定dns服务器202.106.195.68查询www.qq.com

woodys-MacBook-Pro:~ woody$ dig @202.106.195.68 www.qq.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @202.106.195.68 www.qq.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12247

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.qq.com. IN A

;; ANSWER SECTION:

www.qq.com. 120 IN A 60.28.14.158（天津网通）

www.qq.com. 120 IN A 61.135.167.36（北京网通）

;; Query time: 206 msec

;; SERVER: 202.106.195.68#53(202.106.195.68)

;; WHEN: Wed Dec  9 13:17:54 2009

;; MSG SIZE  rcvd: 60

——————————————————————————————————

跟踪模式

woodys-MacBook-Pro:~ woody$ dig @8.8.8.8 www.qq.com +trace

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.qq.com +trace

; (1 server found)

;; global options: +cmd

. 228170 IN NS A.ROOT-SERVERS.NET.（根域名服务器）

. 228170 IN NS H.ROOT-SERVERS.NET.

. 228170 IN NS L.ROOT-SERVERS.NET.

. 228170 IN NS M.ROOT-SERVERS.NET.

. 228170 IN NS G.ROOT-SERVERS.NET.

. 228170 IN NS C.ROOT-SERVERS.NET.

. 228170 IN NS D.ROOT-SERVERS.NET.

. 228170 IN NS J.ROOT-SERVERS.NET.

. 228170 IN NS I.ROOT-SERVERS.NET.

. 228170 IN NS B.ROOT-SERVERS.NET.

. 228170 IN NS F.ROOT-SERVERS.NET.

. 228170 IN NS E.ROOT-SERVERS.NET.

. 228170 IN NS K.ROOT-SERVERS.NET.

;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 76 ms

com. 172800 IN NS J.GTLD-SERVERS.NET.

com. 172800 IN NS F.GTLD-SERVERS.NET.

com. 172800 IN NS I.GTLD-SERVERS.NET.

com. 172800 IN NS G.GTLD-SERVERS.NET.（Delegation Record for .COM）

com. 172800 IN NS A.GTLD-SERVERS.NET.

com. 172800 IN NS M.GTLD-SERVERS.NET.

com. 172800 IN NS C.GTLD-SERVERS.NET.

com. 172800 IN NS H.GTLD-SERVERS.NET.

com. 172800 IN NS D.GTLD-SERVERS.NET.

com. 172800 IN NS L.GTLD-SERVERS.NET.

com. 172800 IN NS K.GTLD-SERVERS.NET.

com. 172800 IN NS E.GTLD-SERVERS.NET.

com. 172800 IN NS B.GTLD-SERVERS.NET.(管理dns1.imok.net)

;; Received 488 bytes from 192.112.36.4#53(G.ROOT-SERVERS.NET) in 84 ms

qq.com. 172800 IN NS dns1.imok.net.（管理qq域的域名服务器）

qq.com. 172800 IN NS dns2.imok.net.

qq.com. 172800 IN NS dns3.imok.net.

;; Received 141 bytes from 192.33.14.30#53(B.GTLD-SERVERS.NET) in 104 ms

www.qq.com. 86400 IN NS ns-cnc2.qq.com.（qq域内的域名服务器）

www.qq.com. 86400 IN NS ns-cnc1.qq.com.

;; Received 104 bytes from 218.30.72.181#53(dns3.imok.net) in 115 ms

www.qq.com. 300 IN A 119.147.15.17（与直接在8.8.8.8缓存中查询的结果60.28.14.159不一样）

www.qq.com. 300 IN A 119.147.74.18

www.qq.com. 300 IN A 119.147.15.13

;; Received 76 bytes from 60.28.234.10#53(ns-cnc2.qq.com) in 114 ms

 

跟踪模式

woodys-MacBook-Pro:~ woody$ dig @8.8.8.8 qq.com +trace

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 qq.com +trace

; (1 server found)

;; global options: +cmd

. 221208 IN NS a.root-servers.net.

. 221208 IN NS b.root-servers.net.

. 221208 IN NS c.root-servers.net.

. 221208 IN NS d.root-servers.net.

. 221208 IN NS e.root-servers.net.

. 221208 IN NS f.root-servers.net.

. 221208 IN NS g.root-servers.net.

. 221208 IN NS h.root-servers.net.

. 221208 IN NS i.root-servers.net.

. 221208 IN NS j.root-servers.net.

. 221208 IN NS k.root-servers.net.

. 221208 IN NS l.root-servers.net.

. 221208 IN NS m.root-servers.net.

;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 137 ms

com. 172800 IN NS K.GTLD-SERVERS.NET.

com. 172800 IN NS H.GTLD-SERVERS.NET.

com. 172800 IN NS M.GTLD-SERVERS.NET.

com. 172800 IN NS J.GTLD-SERVERS.NET.

com. 172800 IN NS A.GTLD-SERVERS.NET.

com. 172800 IN NS E.GTLD-SERVERS.NET.

com. 172800 IN NS F.GTLD-SERVERS.NET.

com. 172800 IN NS C.GTLD-SERVERS.NET.

com. 172800 IN NS G.GTLD-SERVERS.NET.

com. 172800 IN NS D.GTLD-SERVERS.NET.

com. 172800 IN NS L.GTLD-SERVERS.NET.

com. 172800 IN NS I.GTLD-SERVERS.NET.

com. 172800 IN NS B.GTLD-SERVERS.NET.

;; Received 512 bytes from 192.36.148.17#53(i.root-servers.net) in 99 ms

qq.com. 172800 IN NS dns1.imok.net.

qq.com. 172800 IN NS dns2.imok.net.

qq.com. 172800 IN NS dns3.imok.net.

;; Received 137 bytes from 192.55.83.30#53(M.GTLD-SERVERS.NET) in 391 ms

qq.com. 43200 IN A 60.28.188.192（天津网通）

qq.com. 43200 IN A 60.28.188.9

qq.com. 43200 IN NS dns2.imok.net.

qq.com. 43200 IN NS dns1.imok.net.

qq.com. 43200 IN NS dns3.imok.net.

;; Received 169 bytes from 218.30.72.181#53(dns3.imok.net) in 111 ms

dig命令加“+trace”参数，追踪出整个域名查询的过程。对www.qq.com的最终查询结果与直接在8.8.8.8缓存查询结果是不一样的。

在看一下对www.google.com的追踪查询结果。

woodys-MacBook-Pro:~ woody$ dig @8.8.8.8 www.google.com +trace

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.google.com +trace

; (1 server found)

;; global options: +cmd

. 221138 IN NS A.ROOT-SERVERS.NET.

. 221138 IN NS H.ROOT-SERVERS.NET.

. 221138 IN NS L.ROOT-SERVERS.NET.

. 221138 IN NS M.ROOT-SERVERS.NET.

. 221138 IN NS G.ROOT-SERVERS.NET.

. 221138 IN NS C.ROOT-SERVERS.NET.

. 221138 IN NS D.ROOT-SERVERS.NET.

. 221138 IN NS J.ROOT-SERVERS.NET.

. 221138 IN NS I.ROOT-SERVERS.NET.

. 221138 IN NS B.ROOT-SERVERS.NET.

. 221138 IN NS F.ROOT-SERVERS.NET.

. 221138 IN NS E.ROOT-SERVERS.NET.

. 221138 IN NS K.ROOT-SERVERS.NET.

;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 113 ms

com. 172800 IN NS E.GTLD-SERVERS.NET.

com. 172800 IN NS J.GTLD-SERVERS.NET.

com. 172800 IN NS I.GTLD-SERVERS.NET.

com. 172800 IN NS B.GTLD-SERVERS.NET.

com. 172800 IN NS D.GTLD-SERVERS.NET.

com. 172800 IN NS C.GTLD-SERVERS.NET.

com. 172800 IN NS M.GTLD-SERVERS.NET.

com. 172800 IN NS H.GTLD-SERVERS.NET.

com. 172800 IN NS K.GTLD-SERVERS.NET.

com. 172800 IN NS F.GTLD-SERVERS.NET.

com. 172800 IN NS L.GTLD-SERVERS.NET.

com. 172800 IN NS A.GTLD-SERVERS.NET.

com. 172800 IN NS G.GTLD-SERVERS.NET.

;; Received 504 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 540 ms

google.com. 172800 IN NS ns1.google.com.

google.com. 172800 IN NS ns2.google.com.

google.com. 172800 IN NS ns3.google.com.

google.com. 172800 IN NS ns4.google.com.

;; Received 168 bytes from 192.43.172.30#53(I.GTLD-SERVERS.NET) in 411 ms

www.google.com. 604800 IN CNAME www.l.google.com.

www.l.google.com. 300 IN A 64.233.189.103

www.l.google.com. 300 IN A 64.233.189.104

www.l.google.com. 300 IN A 64.233.189.99

www.l.google.com. 300 IN A 64.233.189.147

;; Received 116 bytes from 216.239.38.10#53(ns4.google.com) in 149 ms

对比刚才对www.qq.com的追踪查询，可以刊出对www.google.com的查询结果更为扁平，从x.gtld-servers.net.直接返回nsx.google.com等google自己的域名服务器，而qq则多了一层dnsx.imok.net。

woodys-MacBook-Pro:~ woody$ dig @8.8.8.8 www.baidu.com +trace

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 www.baidu.com +trace

; (1 server found)

;; global options: +cmd

. 220913 IN NS A.ROOT-SERVERS.NET.

. 220913 IN NS H.ROOT-SERVERS.NET.

. 220913 IN NS L.ROOT-SERVERS.NET.

. 220913 IN NS M.ROOT-SERVERS.NET.

. 220913 IN NS G.ROOT-SERVERS.NET.

. 220913 IN NS C.ROOT-SERVERS.NET.

. 220913 IN NS D.ROOT-SERVERS.NET.

. 220913 IN NS J.ROOT-SERVERS.NET.

. 220913 IN NS I.ROOT-SERVERS.NET.

. 220913 IN NS B.ROOT-SERVERS.NET.

. 220913 IN NS F.ROOT-SERVERS.NET.

. 220913 IN NS E.ROOT-SERVERS.NET.

. 220913 IN NS K.ROOT-SERVERS.NET.

;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 110 ms

com. 172800 IN NS J.GTLD-SERVERS.NET.

com. 172800 IN NS L.GTLD-SERVERS.NET.

com. 172800 IN NS G.GTLD-SERVERS.NET.

com. 172800 IN NS B.GTLD-SERVERS.NET.

com. 172800 IN NS C.GTLD-SERVERS.NET.

com. 172800 IN NS I.GTLD-SERVERS.NET.

com. 172800 IN NS D.GTLD-SERVERS.NET.

com. 172800 IN NS F.GTLD-SERVERS.NET.

com. 172800 IN NS H.GTLD-SERVERS.NET.

com. 172800 IN NS E.GTLD-SERVERS.NET.

com. 172800 IN NS K.GTLD-SERVERS.NET.

com. 172800 IN NS M.GTLD-SERVERS.NET.

com. 172800 IN NS A.GTLD-SERVERS.NET.

;; Received 503 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 542 ms

baidu.com. 172800 IN NS dns.baidu.com.

baidu.com. 172800 IN NS ns2.baidu.com.

baidu.com. 172800 IN NS ns3.baidu.com.

baidu.com. 172800 IN NS ns4.baidu.com.

;; Received 167 bytes from 192.43.172.30#53(I.GTLD-SERVERS.NET) in 415 ms

www.baidu.com. 1200 IN CNAME www.a.shifen.com.

a.shifen.com. 86411 IN NS ns5.a.shifen.com.

a.shifen.com. 86411 IN NS ns6.a.shifen.com.

a.shifen.com. 86411 IN NS ns1.a.shifen.com.

a.shifen.com. 86411 IN NS ns3.a.shifen.com.

;; Received 194 bytes from 202.108.22.220#53(dns.baidu.com) in 75 ms

看以下对www.baidu.com的追踪查询，结果与google类似。

标签： dig, DNS