最近发现,通过 DIG 工具解析域名时可以通过 flags 中是否包含“ad”( Authenticated Data )字样识别。 下面 233.5.5.5 、180.184.1.1 、114.114.114.114 等分别是阿里云、腾讯、百度、字节跳动的 DNS 检验结果。 国内竟然都不支持 DNSSEC ,难不成是为了方便劫持? (base) ➜ ~ dig +dnssec cf.com @180.184.1.1 |grep QUE|grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 (base) ➜ ~ dig +dnssec cf.com @119.29.29.29 |grep QUE|grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 (base) ➜ ~ dig +dnssec cloudflare.com @180.76.76.76 |grep QUERY |grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 (base) ➜ ~ dig +dnssec cloudflare.com @114.114.114.114 |grep QUERY |grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 (base) ➜ ~ dig +dnssec cloudflare.com @114.114.114.114 |grep QUERY |grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 (base) ➜ ~ dig +dnssec cloudflare.com @8.8.8.8 |grep QUERY |grep flags ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 (base) ➜ ~ dig +dnssec cloudflare.com @1.1.1.1 |grep QUERY |grep flags ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
国内反诈反的那么认真,为什么几乎所有的 DNS 都不上 DNS sec 呢?
内容版权声明:除非注明,否则皆为本站原创文章。
上一篇
我们都是加拉格
下一篇
四博 AI 小黄鸭几点体验