DNSparsing在三月底正常工作,但是现在,一些parsing器(我的parsing器在我的LAN后面,和我的ISP RCN的parsing器)在这个区域有主机名的问题,而其他的(例如,Google的8.8.8.8)则没有。
这些DNS查询不会被粉刷。 您可以在“.mail.eo.outlook.com”区域查询任何主机名。
GOOGLE可以解决它。 。 。
$ dig anything.mail.eo.outlook.com @8.8.8.8 ; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26750 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;anything.mail.eo.outlook.com. IN A ;; ANSWER SECTION: anything.mail.eo.outlook.com. 10 IN A 213.199.154.87 anything.mail.eo.outlook.com. 10 IN A 213.199.154.23 ;; Query time: 45 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Apr 4 12:32:01 2013 ;; MSG SIZE rcvd: 78 虽然我的解决scheme和RCN不能:
$ dig anything.mail.eo.outlook.com @192.168.42.108 ; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @192.168.42.108 ;; global options: +cmd ;; connection timed out; no servers could be reached $ dig anything.mail.eo.outlook.com @97.107.142.193 ; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @97.107.142.193 ;; global options: +cmd ;; connection timed out; no servers could be reached
parsing器在其他区域上正常工作:
$ dig +short www.google.com @192.168.42.108 74.125.131.105 74.125.131.106 74.125.131.147 74.125.131.99 74.125.131.103 74.125.131.104 $ dig +short www.amizon.com @192.168.42.108 rewrite.amazon.com. 72.21.210.29 $ dig +short www.google.com @97.107.142.193 74.125.228.49 74.125.228.50 74.125.228.51 74.125.228.52 74.125.228.48 $ dig +short www.amizon.com @97.107.142.193 rewrite.amazon.com. 207.171.166.22
如果我一步一步来。 。 。
谁是审查outlook.com? 我们来问一下192.35.51.30(这是f.gtld-servers.net)。
$ dig ns outlook.com @192.35.51.30 ; <<>> DiG 9.8.3-P1 <<>> ns outlook.com @192.35.51.30 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11775 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 10 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;outlook.com. IN NS ;; AUTHORITY SECTION: outlook.com. 172800 IN NS nse1.msft.net. outlook.com. 172800 IN NS nse5.msft.net. outlook.com. 172800 IN NS nse2.msft.net. outlook.com. 172800 IN NS nse3.msft.net. outlook.com. 172800 IN NS nse4.msft.net. ;; ADDITIONAL SECTION: nse1.msft.net. 172800 IN AAAA 2a01:111:2005::1:1 nse1.msft.net. 172800 IN A 65.55.37.62 nse5.msft.net. 172800 IN AAAA 2a01:111:200f:1::1:1 nse5.msft.net. 172800 IN A 65.55.226.140 nse2.msft.net. 172800 IN AAAA 2a01:111:2006:6::1:1 nse2.msft.net. 172800 IN A 64.4.59.173 nse3.msft.net. 172800 IN A 213.199.180.53 nse3.msft.net. 172800 IN AAAA 2a01:111:2020::1:1 nse4.msft.net. 172800 IN A 207.46.75.254 nse4.msft.net. 172800 IN AAAA 2404:f800:2003::1:1 ;; Query time: 97 msec ;; SERVER: 192.35.51.30#53(192.35.51.30) ;; WHEN: Thu Apr 4 13:57:45 2013 ;; MSG SIZE rcvd: 352
请求其中一个名称服务器的答案…
$ dig soa anything.mail.eo.outlook.com @65.55.37.62 ; <<>> DiG 9.8.3-P1 <<>> soa anything.mail.eo.outlook.com @65.55.37.62 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19950 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;anything.mail.eo.outlook.com. IN SOA ;; AUTHORITY SECTION: mail.eo.outlook.com. 7200 IN NS ns2-prodeodns.glbdns.o365filtering.com. mail.eo.outlook.com. 7200 IN NS ns1-prodeodns.glbdns.o365filtering.com. ;; Query time: 95 msec ;; SERVER: 65.55.37.62#53(65.55.37.62) ;; WHEN: Thu Apr 4 14:36:33 2013 ;; MSG SIZE rcvd: 142
所以区域被委托,让我们来查询委托NS的IP …
$ dig +short ns1-prodeodns.glbdns.o365filtering.com 65.55.169.42 207.46.100.42
然后问他们俩
$ dig anything.mail.eo.outlook.com @65.55.169.42 ; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @65.55.169.42 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33481 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;anything.mail.eo.outlook.com. IN A ;; ANSWER SECTION: anything.mail.eo.outlook.com. 10 IN A 213.199.154.87 anything.mail.eo.outlook.com. 10 IN A 213.199.154.23 ;; Query time: 55 msec ;; SERVER: 65.55.169.42#53(65.55.169.42) ;; WHEN: Thu Apr 4 14:38:21 2013 ;; MSG SIZE rcvd: 134 $ dig anything.mail.eo.outlook.com @207.46.100.42 ; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @207.46.100.42 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36656 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;anything.mail.eo.outlook.com. IN A ;; ANSWER SECTION: anything.mail.eo.outlook.com. 10 IN A 213.199.154.87 anything.mail.eo.outlook.com. 10 IN A 213.199.154.23 ;; Query time: 91 msec ;; SERVER: 207.46.100.42#53(207.46.100.42) ;; WHEN: Thu Apr 4 14:38:31 2013 ;; MSG SIZE rcvd: 134
我从我的named.conf文件中删除了下面一行,现在请求正在工作。
查询源地址*端口53;
以下是从我接触到的人转交给我的…
如你所知,来自DNS服务器的DNS查询可能来自53端口。而后来,由于一些安全问题,BIND开始允许随机化端口。 但是,经常将DNS服务器configuration为使用传统的使用源端口53的行为。
例如..查询源地址*端口53指令
这通常是因为在伪装的连接之后的端口随机化,或者一些防火墙最终使用了所有大小的caching和转换表。
两种方法的效果一样好,直到最近。
我们注意到,ATT和Microsoft Live托pipe的域名有问题,因为如果DNS查询的源端口低于端口1024,则无法执行DNS MXlogging查找(无法访问服务器)
不用说,这可能会导致电子邮件传递中断..