Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rawgit.com 在大陆可能存在解析问题 #11

Closed
StarDuster opened this issue May 4, 2018 · 0 comments
Closed

rawgit.com 在大陆可能存在解析问题 #11

StarDuster opened this issue May 4, 2018 · 0 comments

Comments

@StarDuster
Copy link

StarDuster commented May 4, 2018
edited
Loading

TL,DR:rawgit.com 在大陆的部分 DNS Server 的解析结果可能存在问题(有可能是污染),建议不要在 readme 中使用 rawgit.com 作为使用指引

-> # dig rawgit.com @223.5.5.5

; <<>> DiG 9.10.3-P4-Ubuntu <<>> rawgit.com @223.5.5.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1939
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;rawgit.com.			IN	A

;; ANSWER SECTION:
rawgit.com.		147	IN	A	31.13.64.1

;; Query time: 86 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Fri May 04 20:33:56 CST 2018
;; MSG SIZE  rcvd: 44

解析结果属 AS32934 Facebook, Inc. 意料之中被墙

-> # dig rawgit.com @202.112.14.21

; <<>> DiG 9.10.3-P4-Ubuntu <<>> rawgit.com @202.112.14.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29008
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rawgit.com.			IN	A

;; ANSWER SECTION:
rawgit.com.		93	IN	A	208.43.170.231

;; AUTHORITY SECTION:
#节约篇幅

;; ADDITIONAL SECTION:
#节约篇幅

;; Query time: 0 msec
;; SERVER: 202.112.14.21#53(202.112.14.21)
;; WHEN: Fri May 04 21:06:25 CST 2018
;; MSG SIZE  rcvd: 851

DNS Server 202.112.14.21 为电子科大沙河教育网服务器,解析结果 208.43.170.231 属 AS36351 SoftLayer Technologies Inc. ,同样被墙,在另一台机器使用此 DNS Server 查询时获得过 69.171.228.20 AS32934 Facebook 的结果

-> # dig rawgit.com @101.6.6.6

; <<>> DiG 9.10.3-P4-Ubuntu <<>> rawgit.com @101.6.6.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40173
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rawgit.com.			IN	A

;; ANSWER SECTION:
rawgit.com.		54	IN	A	104.18.62.176
rawgit.com.		54	IN	A	104.18.63.176

;; Query time: 28 msec
;; SERVER: 101.6.6.6#53(101.6.6.6)
;; WHEN: Fri May 04 20:34:30 CST 2018
;; MSG SIZE  rcvd: 71

使用大清 DNS666 解析结果属 AS13335 Cloudflare, Inc. 考虑到域名解析托管在 CF,解析结果是 CF 应该是正常的,测试 HTTP 的访问也正常

另一方面在测试 8888 的时候发现 TCP 查询会被 Reset,其他境外 Public DNS 如1111和9999结果类似,因此怀疑被污染:

-> # dig rawgit.com @8.8.8.8 +tcp
;; communications error to 8.8.8.8#53: connection reset

-> # dig rawgit.com @8.8.8.8

; <<>> DiG 9.10.3-P4-Ubuntu <<>> rawgit.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9324
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;rawgit.com.			IN	A

;; ANSWER SECTION:
rawgit.com.		158	IN	A	31.13.81.17

;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri May 04 20:46:13 CST 2018
;; MSG SIZE  rcvd: 44

以上结果主要在电子科大教育网机房得到,同时在四川移动、阿里云深圳等得到了类似的结果(UDP 查询和境内 TCP 查询返回 Facebook IP,跨境 TCP 被 Reset),应当认为解析结果和 DNS Server 的选取有关而非当地运营商劫持,但是不是很确定返回的 Facebook 和 softlayer IP 是否确为污染导致

实际上准确的说这个问题不应该算 TUNA 的问题,不过考虑到 TUNA 的主要用户都处于中国大陆境内,使用的第一步 wget 就撞墙应该是严重影响使用的,建议在使用说明里直接使用 raw.githubusercontent.com 或者使用境内域名进行一次跳转
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@huiyiqun @StarDuster