不能迷信cloudflare

发表于 更新于 分类于 本文字数: 3.5k 阅读时长 ≈ 3 分钟

之前把域名解析放到了cloudflare上,然后手贱开了dnssec。 一直也都好好的。可突然有一天发现域名无法解析了。

使用root-server.net发现也不行。然后过会是有时候行,有时候不行。

tcpdump后发现还是dnssec的问题。于是就把dnssec关了。可过了几天又发现无法解析了。

然后查了下cf的dns server还有dnssec的信息,这个它们缓存难道一直都存在的,这都快一周过去了。

想着可能cf为了降低请求,很多东西做了cache了。虽然它们的dns速度确实快(anycast),可这个也挺闹心的。而且以大宋的德性可能哪天就把cf的都毙了也未尝不可。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
$ dig +trace @8.8.8.8 mirages.tech

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> +trace @8.8.8.8 mirages.tech
; (1 server found)
;; global options: +cmd
.			158841	IN	NS	j.root-servers.net.
.			158841	IN	NS	a.root-servers.net.
.			158841	IN	NS	i.root-servers.net.
.			158841	IN	NS	f.root-servers.net.
.			158841	IN	NS	b.root-servers.net.
.			158841	IN	NS	e.root-servers.net.
.			158841	IN	NS	h.root-servers.net.
.			158841	IN	NS	g.root-servers.net.
.			158841	IN	NS	m.root-servers.net.
.			158841	IN	NS	k.root-servers.net.
.			158841	IN	NS	d.root-servers.net.
.			158841	IN	NS	c.root-servers.net.
.			158841	IN	NS	l.root-servers.net.
.			158841	IN	RRSIG	NS 8 0 518400 20190909170000 20190827160000 59944 . EFpGhBQQSuo6SS3+ItlYJq7XcSH8Vu93qxd9NOwRt4shL9mbFoyB9kju ewKw0QatndXOsiWUSNQ/sE7QJs5UbK8r7OnbqHO244yCt7/eRHUKkAdh zo7jtoGLsTvCZghkKY5zEnv2guI4CaGZszFGAt7sagHVxpReqz/Y+Io1 FfeilPd8j+zll1LnELFRaEY76Y07rq6kteW3zeQaKZJK0coL0eGw5lSa MUkYv1lLZCByblRdj9ZLAgFMyc++45A7oaqjrImDeMGhLFoQHlQgmfDs GaJPq+jY5BDAs9IBEB21y7fI1hcjC+9LLqfxDhSDIpYh9AqtYDZaVAoj d1dXMw==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 2 ms

tech.			172800	IN	NS	c.nic.tech.
tech.			172800	IN	NS	a.nic.tech.
tech.			172800	IN	NS	b.nic.tech.
tech.			172800	IN	NS	d.nic.tech.
tech.			86400	IN	DS	50095 8 1 82F72F2462DEE25B99DA2470535AD0A7D131F1EB
tech.			86400	IN	DS	50095 8 2 83F40D01141484D8F07305E5D2E44AC5663149054C598D6E9D993C66 1686C6EE
tech.			86400	IN	RRSIG	DS 8 1 86400 20190910200000 20190828190000 59944 . aiemKphEAyci7O+fz2CQyxFy2KfTzl+oPn+NxgT2cNHh/DDiuu3Go3EK HENZTeiT/tPu35W46bppO038X61KMdQSZsrXplQRVVMcO9Jpq42o+eOY DNF194P2WaVSTBV8q7btolQ+zu/JOs80X4dlTVR385DcF1jx30VVjKkn 2j5e1ovrT2aBNhQl/GwV2wfGRPGWZqfdLn2kW+C8RHsiZSw60JH65m0P BbTNPFfOmxlNLAdhQ6TDiSRZdY+QuMWgG2dp+DFnsp/6J1OLxHGUur6a 7uqxN+1KBAZWXaTyhW6dZDIPhRiTfSc0gWrnwAh9n4RPQpNaPeaxz41i g+lOVQ==
;; Received 656 bytes from 199.9.14.201#53(b.root-servers.net) in 160 ms

mirages.TECH.		3600	IN	NS	ada.ns.cloudflare.com.
mirages.TECH.		3600	IN	NS	ajay.ns.cloudflare.com.
9btf69hmd3n6368rdfnvtq09vgqbb2th.TECH. 3600 IN NSEC3 1 1 1 - 9CGN7IGB27MOH4RP0I7GC83KQLRBT0HF NS SOA RRSIG DNSKEY NSEC3PARAM
9btf69hmd3n6368rdfnvtq09vgqbb2th.TECH. 3600 IN RRSIG NSEC3 8 2 3600 20190920004611 20190821054820 22663 tech. A6sp04y1j3qTpuw+zw96erFS5eG8A+TJdNAe/GPdFtVqM0Q6j7dSPu8d 0s/OdB/cXWA4k1OuekhADw14Fp+aX4UiwNzq1/P2QNtyBw9J7vSnaQAs gtmVVMNG9zSuXh9G+L4yMHEc4HYIpWpg+/uKjgpIR3AcP7GK560QeIcy bL4=
qbbjqiak5v5p87kiq7o7cicsc74tfr6c.TECH. 3600 IN NSEC3 1 1 1 - QBJ1KGVM7SU62KD6TGDEFM8GT4KC22NB NS DS RRSIG
qbbjqiak5v5p87kiq7o7cicsc74tfr6c.TECH. 3600 IN RRSIG NSEC3 8 2 3600 20190925002624 20190826011721 22663 tech. U1hRPv+RSFOdGPyM8qemhZNLiB+S0FyZ15ouxIW4dGl5j8cP/yLr1fE8 JJdc8yBA4swxYgRLFHTR/Vcn8OapiVZEQ8uRGXUFFO5t7v4v+mcmx+cX ArF5BHdEZ/pli6CMmlZ4uAGbQli2qSepoZ7DaGzRIpVDm6I9YzQyTgY8 qfE=
;; Received 594 bytes from 108.59.161.6#53(d.nic.tech) in 4 ms

mirages.tech.		300	IN	A	128.199.68.155
mirages.tech.		300	IN	RRSIG	A 13 2 300 20190830044112 20190828024112 34505 mirages.tech. TC8TpuAHCWpUHUltic8X5Sq329XqBNQNtJhAUjl2rHEk4gTLYSqj+9sX ggW8mslyTl/RapSweCoEwz/PxB62Og==
;; Received 165 bytes from 173.245.58.54#53(ada.ns.cloudflare.com) in 2 ms