在连接到某些公共可访问网络时运行dig @a.nic.ch google.com时,我收到以下响应:
; <<>> DiG 9.18.0 <<>> @a.nic.ch google.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59036
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 230 IN A 142.250.185.238
;; Query time: 3 msec
;; SERVER: 130.59.31.41#53(a.nic.ch) (UDP)
;; WHEN: Tue Jun 14 19:15:08 CEST 2022
;; MSG SIZE rcvd: 44
这是否意味着 DNS 响应被欺骗了,因为询问.ch不应该响应.com查询的名称服务器?
答案1
当您进行测试时,似乎名称服务器尚未配置为拒绝来自外部的递归查询。也许这是一个错误,因为它似乎已被纠正:
$ dig @a.nic.ch google.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 12189
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232