2010年3月27日星期六

被篡改的DNS记录

我在Google Buzz里面曾经说过这样一句:不同网站被炖的表象还不一样:Youtube是连接立刻被重置,Twitter是一直在连接,永远上不去。今天看到Solidot上一条新闻:中国DNS污染通过根服务器影响全世界,里面说:一位来自智利域名注册商的技术人员周三称,他们在DNS根服务器"i.root-servers.net"的一个节点上观察到了奇怪的响应行为,当用户查询facebook.com、youtube.com和twitter.com等域名时,返回的是虚假的IP地址,没有转到.com。我想到了我前面发现的问题,怀疑是不是twitter.com的域名解析在国内被篡改了。于是我在用VPN翻墙前和翻墙后分别ping twitter.com,果然得到了不同的IP地址:

C:\Documents and Settings\Limo>ping twitter.com

Pinging twitter.com [46.82.174.68] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 46.82.174.68:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Limo>ping twitter.com

Pinging twitter.com [128.242.240.116] with 32 bytes of data:

Reply from 128.242.240.116: bytes=32 time=310ms TTL=243
Reply from 128.242.240.116: bytes=32 time=311ms TTL=243
Reply from 128.242.240.116: bytes=32 time=311ms TTL=243
Reply from 128.242.240.116: bytes=32 time=332ms TTL=243

Ping statistics for 128.242.240.116:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 310ms, Maximum = 332ms, Average = 316ms

翻墙前得到的46.82.174.68是假的IP,所以在Firefox里面就一直等待;而翻墙后得到128.242.240.116是真的IP,如果未翻墙时用这个IP连接,就会立刻被盾。这就是说,我们用ping得到的twitter.com的IP地址是被篡改过的。

没有评论: