Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)delvpublished in(发表于) 2014/1/23 8:09:21 Far cry for an hour, first massive national DNS pollution,
Far cry for an hour, national DNS first -65.49.2.178 the massive pollution, root domain name fails, domain name cannot be resolved, DNS failures-it news Far cry for an hour, first massive national DNS pollution
On January 21, a dozen alarm message, Larry j. Kolb up out in a cold sweat.
Larry j. Kolb is a top ten domestic traffic of the site operation and maintenance charge, he and his Corps 24 hour service maintains the daily pageview million site. A dozen alarm message, means that users throughout a dozen provinces are unable to access the site.
"Core room has gone wrong? "Larry j. Kolb, quiet meditation, quickly withdraw from the Conference, jogged upstairs and back to operation and maintenance Hall of the Department's work. His phone is shrill ringing on your desktop. "I am the customer service Department of XX, Zhejiang's users reflects our Home not to go on ..." " I see. ”
Larry j. Kolb immediately hung up the phone, being on-duty colleagues shouted, "what's going on? "" Beijing, Shanghai and the CDN (network acceleration) feedback are normal, PING my domain name, and IP address points to the right, it may be a DNS issue. "Colleagues on duty to answer him.
"Don't look, is not something we, all. com domain DNS problem. "Another colleague told Larry j. Kolb was polishing micro-blog," you know DNSPod microblog, saying internal exception occurred for all generic top level domains, contact the relevant institution for settlement. ”
DNSPod is the country's largest domain hosting and DNS resolution service provider, managing more than 2.7 million domain names. Larry j. Kolb push push glasses, get past carefully staring at Twitter, saying "don't inadvertently call room again to check. ”
About the same time, one of the largest data centers in the country, Beijing official Liu Shuo computer room is highly stressful. When he get Sina science and technology on the phone, he the plane behind the Bell sound. "Yes, we have detected problems, and many sites also has feedback to us, we immediately meet to study. "He just hung up the phone.
"Call us dead users on Twitter. "Larry j. Kolb's colleagues told him. He smiled and talked to Sina science and technology says, "we can do, are systemic issues that arise throughout the network, only the user directly by IP address to access our. ”
This failure is all about?
"All the devices must be connected on the Internet has an IP address, just like every House has an address, so you can let others find. "Larry j. Kolb started to explain to Sina science and technology. "This IP address is a number, for example 120.84.21.23, but users go online to remember this number, too much trouble, so there is a domain name. ”
Another manifestation of domain names are IP addresses, and DNS is the translator to translate domain names into IP addresses. For example, users enter Facebook.com in the browser, the browser will ask the user's most recent DNS server asking, "Facebook.com IP address that corresponds to the what is it? ”
The closest DNS server is server local telecom operators. If the server does not know that he would have higher request, is a national DNS server operators. If the national DNS does not know to query DNS servers around the world.
Level hierarchy at this level, the highest level, the world's 13 root servers, names are "a" through "m", including 10 sets in the United States, there is a setting in United Kingdom, and Sweden and Japan.
To prevent server failure causing global access exceptions, many countries around the world are equipped with mirrors. Our countries in total net exports also features top level domain name servers. "This exception is the parsing error has occurred on the server for your network. "Larry j. Kolb explained.
Why do some people correctly, some exceptions?
This is because in order to speed up the user access speed, the whole system with multiple levels of cache, including browser cache, system cache, the router cache cache, DNS servers, and so on.
When a user visits a site, the browser automatically records the domain name corresponding to IP for some time, so that when users enter the site for the second time, the browser does not have to repeatedly query level upwards, can share the results with the user directly. Similarly, the user's computer, router, and DNS server will set the amount of cache, caching is a time limit, due to the up-level servers query the most recent record.
When the top-level root name servers fails, a user's access is not immediately interrupted, because caching at all levels. When the cache time to post, they'll up a level query again, error feedback is not effective when root server, users access exception. However the caching time, due to different settings, varies greatly. Cache time of only 30 seconds, some cache for up to 12 hours.
As of that date at 4 o'clock in the afternoon, root servers resolve the country gradually returned to normal. By the same token, exception occurred, users won't soon get back to normal, because incorrect records remain in the cache, it may take up to 24 hours, after the expiration of cache, correct records is not effective.
For a large Web site, its content is generally not all under the same domain name. Such as pictures, databases generally take a different domain name when domain names caching properly, some domain names caching error, there will be pages load, and the picture does not come out, or pictures, text data garbled situation.
Mystery hacker IP address raised doubts
As the fault will resume, Liu Shuo was relieved in the data center. He told Sina science and technology says, the cause of the accident was contamination of root name servers, domain name resolution request is a link to "65.49.2.178" the IP address.
However, according to Liu Shuo test found that on more than one domain name, Facebook, Twitter and other foreign domain name resolution properly, only domestic domain contamination. Even so, the affected range is also unprecedented, including Sina, Tencent, the vast majority of site access exception occurred, the root domain name servers fail almost 1 hour.
According to rough estimates, domestic users were affected more than 200 million, average time affected about 3 hours or so. 21st night 1 point over there are still more than 10 areas of the country affected by DNS valuation effects, including telecommunications, Henan, Guizhou, Hong Kong New World Telecom, Jiangsu Telecom, Beijing Telecom pass.
Domestic vulnerability reporting platform "with dark clouds," said 65.49.2.178 this IP is located in foreign countries, there is evidence that the IP is a network to send spam and other politically motivated hacking, did not rule out the attack by hackers.
On August 25 of this year, China. CN domain name resolution mass resolution failure. China Internet network information center, later revealed that around 0 o'clock, denial of service attacks on domain name resolution node States, disposal, and at 2 o'clock comes back to normal, this is history. most large-scale denial of service attacks on the CN domain name.
However, Liu Shuo and other network security experts agree that this DNS pollution incident affected range, range, the first of its kind in the country, far more than the general hacking ability range. "Probably associated with the backbone network settings. "The Internet security experts said.
惊魂一小时,全国DNS首遭大规模污染 - 65.49.2.178,根域名故障,域名无法解析,DNS故障 - IT资讯惊魂一小时,全国DNS首遭大规模污染
1月21日下午3点,十几封报警邮件,让寇博惊出一身冷汗。
寇博是一家国内流量排名前十的网站运维负责人,他和他的团24小时队维护着这家日浏览量过亿网站。十几封报警邮件,意味着全国十几省的用户都出现无法访问该网站的状况。
“核心机房又出问题了?”寇博小声默念着,赶忙从一个会议中退席,小跑着上楼,回到运维部的工作大厅。他桌面上的座机正刺耳着响着。“我是客服部的XX,有浙江的用户反映咱们首页上不去了.。.”“知道了。”
寇博立即挂断了电话,朝着正在值班的同事大喊“怎么回事了?”“北京上海机房和CDN(网络加速)反馈都正常,PING了下域名,IP地址的指向不对,可能是DNS的问题。”值班同事回答他。
“别查了,不是咱们的事,国内所有.com域名的DNS都有问题。”正在刷微博的另一个同事告诉寇博,“你看DNSPod发微博了,说国内所有通用顶级域的根出现异常,正联系相关机构协调处理。”
DNSPod是国内第一大DNS解析服务提供商和域名托管商,管理着超过270万域名。寇博推了推眼镜,凑过去仔细盯着微博,一边说“别大意,再给机房打电话查一下。”
几乎与此同时,国内最大的数据中心之一的北京机房负责人刘硕也正高度紧张。当他接通新浪科技的电话时,他背后的座机铃声响成一片。“是的,我们已经监测到问题了,很多网站也向我们反馈了,我们马上开会研究应对。”他匆匆的挂断了电话。
“用户在微博上把我们骂死了。”寇博的同事告诉他。他笑着对新浪科技说,“我们无能为力,是全网出现的系统性问题,只能告诉用户直接用IP地址访问我们。”
这次故障是怎么回事?
“所有连接在互联网上的设备都必须有一个IP地址,就像每个房子都有地址一样,这样才能让别人找到。”寇博开始向新浪科技解释起来。“这个IP地址是一段数字,例如120.84.21.23,但是用户上网要记这段数字,太麻烦了,所以有了域名。”
域名就是IP地址的另一种体现方法,而DNS就是将域名翻译成IP地址的翻译器。比如,用户在浏览器中输入facebook.com,浏览器就会向用户最近的DNS服务器询问,“facebook.com对应的IP地址是什么?”
这个最近的DNS服务器一般是当地电信运营商的服务器。如果这个服务器不知道,他就会向上一级请求,一般是运营商的全国性DNS服务器。如果这个全国性DNS还不知道会向全球DNS服务器查询。
这一级一级的层级中,最高一级是全球的13台根服务器,名字分别为“A”至“M”,其中10台设置在美国,另外各有一台设置于英国、瑞典和日本。
为了防止上述服务器出现故障造成全球性访问异常,目前世界上很多国家都设有镜像。我们国家在全网的出口也设有顶级的域名服务器。“这次网络出现异常是这个服务器出现了解析错误。”寇博解释说。
为什么有的人正常,有的人异常?
这是因为为了加快用户访问速度,整个系统设有多级缓存,包括浏览器缓存、系统缓存、路由器缓存、DNS服务器缓存等等。
当用户访问一个网站时,其浏览器会自动记录域名对应的IP一段时间,这样用户在第二次进入该网站时,浏览器就不必向上一层级反复查询,直接就可以告知用户结果。同样的,用户的电脑、路由器和DNS服务器都会设置一定的缓存,当然缓存是有时间限制的,到期就要向上级服务器查询最新的记录。
当顶级根域名服务器出现故障时,用户的访问不会马上中断,因为各级缓存还在。当缓存时间到后,他们会向上一级重新查询,这时根服务器的错误反馈才会生效,导致用户访问异常。然而这个缓存时间,因设置不同,差异很大。有的缓存时间只有30秒,有的缓存时间长达12小时。
截至当日下午4点,全国根服务器的解析陆续恢复正常。同样的道理,出现异常的用户也不会马上恢复正常,因为错误的记录仍然在缓存中,最长可能需要等待24个小时,缓存到期后,正确的记录才会生效。
而对于一个大型网站来说,其内容一般不是全都放置在同一域名下。比如图片、数据库一般都采取不同的域名,当有的域名缓存正确,有的域名缓存错误时,就会出现页面加载出来,而图片出不来,或者图片出来,文字数据错乱的情况。
神秘IP地址引发黑客疑云
随着故障陆续恢复,数据中心的刘硕也松了一口气。他向新浪科技介绍说,这次事故的原因是根域名服务器被污染,域名解析请求都被指向“65.49.2.178”这个IP地址。
不过,据刘硕对多个域名的测试发现,Facebook、Twitter等国外域名解析正常,只是国内域名遭到污染。即便如此,受到影响的范围也是空前的,包括新浪、腾讯在内的国内绝大多数网站出现访问异常,根域名服务器故障持续将近1小时。
据粗略估算,受到影响的国内用户超过2亿,平均受影响的时间约在3小时左右。截至21日晚间1哦点,全国仍有十余个地区受DNS估值影响,包括贵州电信、河南电信、香港新世界、江苏电信、北京电信通等。
国内漏洞报告平台“乌云”称,65.49.2.178这个IP位于国外,有证据表明该IP所处于的网络有过发送垃圾邮件及其他有政治目的的黑客活动,不排除此次攻击为黑客所为。
今年8月25日凌晨,中国.cn域名解析出现大规模解析故障。中国互联网络信息中心后来透露,当日零时许,国家域名解析节点受到拒绝服务攻击,经处置,至2时许服务器恢复正常,这是有史以来.cn域名遭受的最大规模拒绝服务攻击。
不过,刘硕和另一位网络安全专家都认为,这次DNS污染事件影响之广、范围之大在国内尚属首例,远远超出一般黑客的能力范围。“很可能与主干网络的设置调整有关。”上述网络安全专家说。
赞