Home / 2014 / Chinese top-level domain root server failure affected most websites (中國頂級域名根服務器故障 大部分網站受影響)

 

domain-name

新浪科技訊1月21日下午消息,據多家DNS服務商透露,今日下午3點,全國所有通用頂級域的根服務器出現異常,導致國內大部分用戶無法正確解析域名​​,對全國互聯網鏈接造成系統性影響。

根服務器主要用來管理互聯網的主目錄。全世界只有13台,這13台根域名服務器中名字分別為“A”至“M”,其中10台設置在美國,另外各有一台設置於英國、瑞典和日本。

“簡單的說,如果我們要訪問baidu.com這個網站,先要指向根服務器,根服務再將用戶指向.com服務器,.com的解析服務器再把用戶指向baidu.com。”一位DNS技術專家解釋說,這次的問題僅出現在中國,說明全球根服務器並未出現問題,問題很可能是國內網絡運營商。

“這次訪問故障出現在下午3點20​​分左右,當用戶請求根服務器時,被指向一個IP地址(A記錄),這是完全錯誤的引導。”上述專家表示。

據360安全衛士官方微博透露,經360網站衛士測試發現,很多網站被解析到65.49.2.178,原因在於目前國際節點出現故障,國內三分之二DNS處於癱瘓狀態。

烏雲-漏洞報告平台稱,65.49.2.178這個IP位於國外,有證據表明該IP所處於的網絡有過發送垃圾郵件及其他有政治目的的黑客活動,目前不排除此次攻擊為黑客所為。

金山毒霸安全專家表示,經查詢65.49.2.178的信息,發現該IP位於美國北卡羅萊納州卡里鎮Dynamic Internet Technology公司,從目前看該事件極可能是黑客攻擊行為。

前述技術專家解釋說,之所以有部分用戶還可以正常訪問互聯網,是因為其網絡DNS服務器有一定的緩存時間,如果根服務器的故障持續,全國大部分網站都將受到影響。 (張楠)

16:50更新:據國內DNS服務商DNSpod透露,截至下午16:50,國內訪問根服務器已恢復正常,但是由於各地DNS服務器還有緩存,徹底消除影響可能將需要12小時。

什麼是DNS?

舉一個例子,zh.wikipedia.org作為一個域名就和IP地址208.80.154.225相對應。 DNS就像是一個自動的電話號碼簿,我們可以直接撥打wikipedia的名字來代替電話號碼(IP地址)。 DNS在我們直接調用網站的名字以後就會將像zh.wikipedia.org一樣便於人類使用的名字轉化成像208.80.154.225一樣便於機器識別的IP地址。

source: http://tech.sina.com.cn/i/2014-01-21/16169115784.shtml

 

Same news in Network World

 

IDG News Service – Tuesday’s Internet outage in China is dividing experts over what caused the networking error, with authorities calling it a hacking attack, and others blaming it on the country’s censorship systems.

The outage briefly crippled the Internet in China, with many local websites inaccessible to users. User traffic was mysteriously redirected to a U.S.-based IP address belonging to a company that has hosted software capable of circumventing China’s online censorship.

The networking error, which only lasted a few hours, affected at least two-thirds of China’s websites, according to Qihoo 360, a software security vendor in the country.

On Wednesday, local authorities said a preliminary investigation found that a hacking attack caused the outage. China’s National Computer Network Emergency Response Technical Team is continuing to investigate the matter.

On the same day, China’s state-controlled Xinhua News Agency published a story quoting security experts whodemanded authorities do more to protect the nation’s Internet infrastructure.

Others experts, however, believe the error may have been caused by a glitch in China’s notorious censorship systems, also known as “The Great Firewall.”

China routinely blocks sites with content critical of the nation’s government, including Facebook, Twitter, and The New York Times. Tuesday’s Internet outage, however, rerouted traffic to an IP address belonging to Dynamic Internet Technology, a U.S. company whose site is also blocked by authorities.

The company’s CEO Bill Xia said in an email that Dynamic Internet Technology had no hand in Tuesday’s outage. Instead, he claimed China’s own censorship systems were at play.
The company’s clients include The Epoch Times, a publication banned in China. It also hosts Freegate software that can help Chinese Internet users view sites blocked in the country.

In the past, China’s censors have blocked the company’s sites with domain name system (DNS) hijacking. This is done by targeting domains like Epochtimes.com, and funneling their users to the wrong IP address, Xia said.

“This time, the DNS hijacking system targeted all domains instead for a few hours, thus the break down,” he added.

Others experts in China suspect the same.

Speculation is growing that hackers hijacked a root DNS (Domain Name System) server in China to reroute all user traffic, said GreatFire.org, a group that monitors China’s Internet and opposes the nation’s censorship.

But in a Wednesday posting, GreatFire.org dismissed such claims, noting that a public DNS server operated by Google had also been affected by the networking error. During the outage, users trying to access the Google DNS server from China were also rerouted to the IP address from Dynamic Internet Technology.

“Some are suggesting Dynamic Internet Technology is behind the outage. However, hacking into a root DNS resolver is not enough to cause this outage,” the group said. “They have to hack into GFW (The Great Firewall).”

Instead, authorities may have tried to block DIT’s IP address, but accidentally ended up rerouting all the nation’s traffic to the address, the group added.

source: http://www.networkworld.com/news/2014/012214-china-blames-internet-outage-on-277966.html