广州电信宽带 DNS 污染: cloudflare.com 及子域名都解析成 127.0.0.1
cnbatch 2023-08-06 23:58:41 +08:00 10435 次点击这是一个创建于 849 天前的主题,其中的信息可能已经有所发展或是发生改变。
前有深圳电信 DNS 污染 /t/962196 ,现在广州电信也有同样的情况了
无论是广州东区还是西区,得到的解析结果都是污染的
nslookup cloudflare.com 202.96.128.166 Server: cache-b.guangzhou.gd.cn Address: 202.96.128.166 Name: cloudflare.com Addresses: ::1 127.0.0.1 nslookup cloudflare.com 202.96.134.133 Server: ns.szptt.net.cn Address: 202.96.134.133 Name: cloudflare.com Addresses: ::1 127.0.0.1 nslookup api.cloudflare.com 202.96.128.166 Server: cache-b.guangzhou.gd.cn Address: 202.96.128.166 Name: api.cloudflare.com Addresses: ::1 127.0.0.1 nslookup api.cloudflare.com 202.96.134.133 Server: ns.szptt.net.cn Address: 202.96.134.133 Name: api.cloudflare.com Addresses: ::1 127.0.0.1 用广东电信 IPv6 的 DNS:
nslookup cloudflare.com 240e:1f:1::1 Server: UnKnown Address: 240e:1f:1::1 Name: cloudflare.com Addresses: ::1 127.0.0.1 nslookup api.cloudflare.com 240e:1f:1::1 Server: UnKnown Address: 240e:1f:1::1 Name: api.cloudflare.com Addresses: ::1 127.0.0.1 全部都污染了。
但如果用外省电信的 DNS ,就一切正常,例如用贵州电信的:
nslookup cloudflare.com 202.98.192.67 Server: gz.ctcdma.com Address: 202.98.192.67 Non-authoritative answer: Name: cloudflare.com Addresses: 2606:4700::6810:85e5 2606:4700::6810:84e5 104.16.132.229 104.16.133.229 nslookup api.cloudflare.com 202.98.192.67 Server: gz.ctcdma.com Address: 202.98.192.67 Non-authoritative answer: Name: api.cloudflare.com Addresses: 2606:4700:300a::6813:c0af 2606:4700:300a::6813:c01d 2606:4700:300a::6813:c0b0 2606:4700:300a::6813:c11d 2606:4700:300a::6813:c0ae 2606:4700:300a::6813:c0b1 104.19.192.176 104.19.192.175 104.19.192.174 104.19.192.29 104.19.193.29 104.19.192.177 换成江西电信的 DNS ,正常:
nslookup cloudflare.com 202.101.224.68 Server: ns.jxncptt.net.cn Address: 202.101.224.68 Non-authoritative answer: Name: cloudflare.com Addresses: 2606:4700::6810:85e5 2606:4700::6810:84e5 104.16.133.229 104.16.132.229 nslookup api.cloudflare.com 202.101.224.68 Server: ns.jxncptt.net.cn Address: 202.101.224.68 Non-authoritative answer: Name: api.cloudflare.com Addresses: 2606:4700:300a::6813:c0af 2606:4700:300a::6813:c0b0 2606:4700:300a::6813:c11d 2606:4700:300a::6813:c0ae 2606:4700:300a::6813:c0b1 2606:4700:300a::6813:c01d 104.19.192.175 104.19.192.177 104.19.192.29 104.19.192.176 104.19.193.29 104.19.192.174 换成安徽电信的 DNS ,正常:
nslookup cloudflare.com 202.102.199.68 Server: cache2.ahwhtel.net.cn Address: 202.102.199.68 Non-authoritative answer: Name: cloudflare.com Addresses: 2606:4700::6810:85e5 2606:4700::6810:84e5 104.16.132.229 104.16.133.229 nslookup api.cloudflare.com 202.102.199.68 Server: cache2.ahwhtel.net.cn Address: 202.102.199.68 Non-authoritative answer: Name: api.cloudflare.com Addresses: 2606:4700:300a::6813:c01d 2606:4700:300a::6813:c0b0 2606:4700:300a::6813:c0af 2606:4700:300a::6813:c0ae 2606:4700:300a::6813:c11d 2606:4700:300a::6813:c0b1 104.19.192.175 104.19.193.29 104.19.192.177 104.19.192.29 104.19.192.174 104.19.192.176  | 1 yyzh 2023-08-07 00:24:11 +08:00 via Android 还好没上反诈墙.不然连改 dns 也无法访问的 |
 | 2 wwbfred 2023-08-07 00:39:38 +08:00 运营商自己的 DNS 都带着各种稀奇古怪的污染和反诈墙,全国各地现在都这样了,不想使用换公共 DNS 就好。 |
 | 3 pcslide 2023-08-07 01:26:07 +08:00 现在不推荐使用 nslookup 。看下 dig 结果。 |
 | 4 cnbatch OP  1 @pcslide 没任何区别 ; <<>> DiG 9.18.16 <<>> cloudflare.com @202.96.134.133 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8546 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cloudflare.com. IN A ;; ANSWER SECTION: cloudflare.com. 300 IN A 127.0.0.1 ;; Query time: 5 msec ;; SERVER: 202.96.134.133#53(202.96.134.133) (UDP) ;; WHEN: Mon Aug 07 02:00:36 HKT 2023 ;; MSG SIZE rcvd: 48 ; <<>> DiG 9.18.16 <<>> cloudflare.com AAAA @202.96.134.133 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19392 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cloudflare.com. IN AAAA ;; ANSWER SECTION: cloudflare.com. 300 IN AAAA ::1 ;; Query time: 5 msec ;; SERVER: 202.96.134.133#53(202.96.134.133) (UDP) ;; WHEN: Mon Aug 07 02:00:41 HKT 2023 ;; MSG SIZE rcvd: 60 ; <<>> DiG 9.18.16 <<>> api.cloudflare.com A @202.96.134.133 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50590 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;api.cloudflare.com. IN A ;; ANSWER SECTION: api.cloudflare.com. 300 IN A 127.0.0.1 ;; Query time: 3 msec ;; SERVER: 202.96.134.133#53(202.96.134.133) (UDP) ;; WHEN: Mon Aug 07 02:01:50 HKT 2023 ;; MSG SIZE rcvd: 52 ; <<>> DiG 9.18.16 <<>> api.cloudflare.com AAAA @202.96.134.133 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10470 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;api.cloudflare.com. IN AAAA ;; ANSWER SECTION: api.cloudflare.com. 300 IN AAAA ::1 ;; Query time: 5 msec ;; SERVER: 202.96.134.133#53(202.96.134.133) (UDP) ;; WHEN: Mon Aug 07 02:01:37 HKT 2023 ;; MSG SIZE rcvd: 64 ; <<>> DiG 9.18.16 <<>> api.cloudflare.com A @240e:1f:1::1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19489 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;api.cloudflare.com. IN A ;; ANSWER SECTION: api.cloudflare.com. 300 IN A 127.0.0.1 ;; Query time: 4 msec ;; SERVER: 240e:1f:1::1#53(240e:1f:1::1) (UDP) ;; WHEN: Mon Aug 07 02:02:41 HKT 2023 ;; MSG SIZE rcvd: 52 ; <<>> DiG 9.18.16 <<>> api.cloudflare.com AAAA @240e:1f:1::1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28900 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;api.cloudflare.com. IN AAAA ;; ANSWER SECTION: api.cloudflare.com. 300 IN AAAA ::1 ;; Query time: 4 msec ;; SERVER: 240e:1f:1::1#53(240e:1f:1::1) (UDP) ;; WHEN: Mon Aug 07 02:02:57 HKT 2023 ;; MSG SIZE rcvd: 64 |
 | 6 szzys 2023-08-07 02:20:22 +08:00 via Android 不只是电信了,深圳移动也开始这样了 |
 | 7 jackOff 2023-08-07 02:37:09 +08:00 via Android 我日,想想 17 年直接手机装个翻墙软件就可以翻墙,现在感觉难度有点高了啊 |
 | 8 Laeoo 2023-08-07 04:01:05 +08:00 今天家里 nas 的 cloudflare ddns 没法注册,换了公共 dns 才注册成功。 另外才发现直连访问 cloudflare 会跳转 cloudflare-cn.com |
 | 9 xpn282 2023-08-07 07:17:15 +08:00 现在这种网络环境,想想都气人!毫不犹豫的分流吧,国内域名 IP 走直连,其余全部走代理 包括 dns 也一样要分流,国内域名用国内 dns 解析,其余全部用国外 dns 解析(并且要代理解析才行) |
 | 11 lzl2000 2023-08-07 07:36:17 +08:00 via iPhone 0668 电信一样。从昨天起,用默认 DNS 的 Cloudflare DDNS 一直报错,换成公共 DNS 就正常了 |
 | 12 winterx 2023-08-07 08:22:44 +08:00 坐标 0756 ,202.86.128.86 仍返回正确结果,128.166 确实被污染 ``` ; <<>> DiG 9.16.26 <<>> cloudflare.com @202.96.128.86 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12145 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;cloudflare.com. IN A ;; ANSWER SECTION: cloudflare.com. 204 IN A 104.16.133.229 cloudflare.com. 204 IN A 104.16.132.229 ;; Query time: 2 msec ;; SERVER: 202.96.128.86#53(202.96.128.86) ;; WHEN: Mon Aug 07 08:21:32 ;; MSG SIZE rcvd: 75 ``` ``` ; <<>> DiG 9.16.26 <<>> cloudflare.com @202.96.128.166 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32398 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cloudflare.com. IN A ;; ANSWER SECTION: cloudflare.com. 300 IN A 127.0.0.1 ;; Query time: 5 msec ;; SERVER: 202.96.128.166#53(202.96.128.166) ;; WHEN: Mon Aug 07 08:21:07 ;; MSG SIZE rcvd: 48 ``` |
 | 13 TESTFLIGHT2021 2023-08-07 08:37:07 +08:00 快要白名单了 |
 | 14 noahzh 2023-08-07 09:15:14 +08:00 哎,主要是这个电信诈骗一点办法也没有,逼的运营商搞白名单了 |
| 15 cnbatch OP @winterx 刚试了下 202.86.128.86 ,广州电信得到的是污染过的结果,我怀疑这个 DNS 要么按照区分地域返回结果,要么各市都有缓存服务器 nslookup cloudflare.com 202.96.128.86 Server: cache-a.guangzhou.gd.cn Address: 202.96.128.86 Name: cloudflare.com Addresses: ::1 127.0.0.1 nslookup api.cloudflare.com 202.96.128.86 Server: cache-a.guangzhou.gd.cn Address: 202.96.128.86 Name: api.cloudflare.com Addresses: ::1 127.0.0.1 ; <<>> DiG 9.18.16 <<>> cloudflare.com @202.96.128.86 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23963 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cloudflare.com. IN A ;; ANSWER SECTION: cloudflare.com. 300 IN A 127.0.0.1 ;; Query time: 67 msec ;; SERVER: 202.96.128.86#53(202.96.128.86) (UDP) ;; WHEN: Mon Aug 07 13:33:13 HKT 2023 ;; MSG SIZE rcvd: 48 |
| 16 cnbatch OP @lzl2000 看来只能暂时用公共 DNS 代替了,目前我在路由器手动设置了公共 DNS 的地址,替换掉运营商的 DNS ,暂时恢复正常 |
 | 17 asdgsdg98 2023-08-07 13:41:24 +08:00 202.101.172.47 202.101.172.35 正常 |
 | 18 54xavier 2023-08-07 13:51:36 +08:00 C:\>nslookup github.githubassets.com 202.96.128.86 服务器: cache-a.guangzhou.gd.cn Address: 202.96.128.86 名称: github.githubassets.com Addresses: ::1 127.0.0.1 C:\>nslookup github.githubassets.com 202.96.134.133 服务器: ns.szptt.net.cn Address: 202.96.134.133 名称: github.githubassets.com Addresses: ::1 127.0.0.1 C:\>nslookup github.githubassets.com 202.96.128.166 服务器: cache-b.guangzhou.gd.cn Address: 202.96.128.166 名称: github.githubassets.com Addresses: ::1 127.0.0.1 C:\>nslookup github.githubassets.com 202.96.134.33 服务器: cache-b.shenzhen.gd.cn Address: 202.96.134.33 名称: github.githubassets.com Addresses: ::1 127.0.0.1 佛山电信 github 的静态资源解析也是 |
| 20 cnbatch OP @szzys 刚发现广州移动也一样,cloudflare 和前面楼层提到的 github 的静态资源全都是 127.0.0.1 、::1 顺便试了下广州联通,还好仍然正常 |
 | 21 strp 2023-08-07 15:15:06 +08:00 3202 真别用运营商的 DNS 了,网上这么多纯净 DNS ,你再不放心去用清华的也行。But enough with the lecturing ,我也试了一下,我这边在天河区的电信没污染到 127.0.0.1 ,但是空解析了。 |
 | 22 JensenQian 2023-08-07 15:21:16 +08:00 我这以前移动还把 cf 的官网内网穿透转发到 hk 那个 ip 拿来富强,速度快的一批 不过现在都没了,直接去美西 |
| 23 strp 2023-08-07 15:32:35 +08:00 @JensenQian 现在可以白嫖别人国内专线中转的 CF 甚至可以用 Workers 搞 VLESS 实现真0 元低时延的千兆梯子 且用且珍惜。。 |
| 24 JensenQian 2023-08-07 15:51:49 +08:00 @strp #23 我知道,但是懒得搞了,我移动宽带,cmi 小鸡,直连也很快的 |
 | 26 a95788 2023-08-07 16:01:27 +08:00 广州电信 +1 即使 nslookup www.cloudflare.com 8.8.8.8 也一样返回 127.0.0.1 |
 | 27 drvDPqg5nO7kZWhv 2023-08-07 16:27:39 +08:00 使用 doh ,同时 doh 要使用 ip 访问,否则又触发 sni.... |
 | 28 yijiangchengming 2023-08-07 22:17:46 +08:00 @a95788 DNS 劫持这么严重。你可以试试内网自建 DNS ,mosdns 。 |
 | 30 2000wcw 2023-08-08 00:20:57 +08:00 我都是用 8.8.4.4 的,一定要用国内 DNS 只会选阿里 DNS 。 |
 | 31 Unclev21x 2023-08-08 09:19:06 +08:00 nslookup cloudflare.com 202.96.134.133 DNS request timed out. timeout was 2 seconds. 服务器: UnKnown Address: 202.96.134.133 名称: cloudflare.com Addresses: 2606:4700::6810:85e5 2606:4700::6810:84e5 104.16.133.229 104.16.132.229 |
| 32 Unclev21x 2023-08-08 09:19:45 +08:00 nslookup cloudflare.com 202.96.128.86 服务器: cache-a.guangzhou.gd.cn Address: 202.96.128.86 名称: cloudflare.com Addresses: 2606:4700::6810:85e5 2606:4700::6810:84e5 104.16.133.229 104.16.132.229 C:\Users\Jasper> |
 | 33 MoonWalker 2023-08-08 10:43:38 +08:00 > github.githubassets.com 服务器: cache-b.shenzhen.gd.cn Address: 202.96.134.33 名称: github.githubassets.com Addresses: ::1 127.0.0.1 > cloudflare.com 服务器: cache-b.shenzhen.gd.cn Address: 202.96.134.33 名称: cloudflare.com Addresses: ::1 127.0.0.1 |
| 34 a95788 2023-08-08 10:58:28 +08:00 @yijiangchengming 用的爱快,直接在路由器上强制 www.cloudflare.com 解析某个 ip 地址了,不管设置什么 dns 都解析到某个 ip 去。 当然也配置了 doh ,mosdns 有点复杂,非技术人员 |
| 35 cnbatch OP |
 | 37 PLDj0j9FY2y8Wm9i 2023-08-08 14:59:38 +08:00 我用 CF 加速的个人博客网站在河南无论移动还是联通都直接重置连接,访问不了 不知道是不是这个的原因?但是 ping 还是能 ping 通 CF 的 IP |
| 38 cnbatch OP @username1919810 可能不止这个原因,似乎还有 SNI 阻断: /t/962714 |
 | 39 mortal 2023-08-08 16:51:07 +08:00 广州电信 +1 自己搭建 AdguardHome 了,真是遭不住 |
 | 40 exnes 2023-08-08 17:21:06 +08:00 WARP 的影响? |
 | 41 Drumming 2023-08-08 17:43:49 +08:00 路由器上把 DNS 改成腾讯的 119.29.29.29 就好了,阿里的都不行。 |
 | 42 a413128 2023-08-09 01:56:56 +08:00 via iPhone 广东联通 5g 直接返回 0.0.0.0 |
| 44 cnbatch OP @a413128 联通 5g 十分“神奇”,cloudflare 主域名返回全零,api 子域名却正常返回。可能过不了多久 api 子域名都会被污染。 |
 | 46 xwybss 2023-08-10 11:27:41 +08:00 |
| 47 mortal 2023-08-10 12:01:46 +08:00 @tmzg0000 #45 我不是通过这种方式设置的,我只是 ADG 加了 *.cloudflare.com 使用干净的上游 DNS 。 |
 | 48 tmzg0000 2023-08-10 15:16:40 +08:00 @mortal 第一次用这个软件。是在 DNS 设置的上游 DNS 服务器 设置吗? 我设置如下: 202.96.128.166 202.96.134.133 202.86.128.86 8.8.8.8 114.114.114.114 [/cloudflare.com/]8.8.8.8 发现没有效果,能分享下你的具体设置吗? |
| 49 mortal 2023-08-10 18:30:41 +08:00 |
| 50 tmzg0000 2023-08-10 19:27:20 +08:00 @mortal nslookup cloudflare.com 8.8.8.8 服务器: dns.google Address: 8.8.8.8 名称: cloudflare.com Addresses: ::1 127.0.0.1 原来 8.8.8.8 也 不行 开来是没干净的 DNS 了 |
 | 52 veSir 2023-08-10 23:59:11 +08:00 |
| 53 szzys 2023-08-13 03:55:56 +08:00 via Android 我觉得下一步可能要把 CF 的地址全部干掉。 |
 | 54 pipishrimp 2023-08-13 19:28:10 +08:00 广州电信宽带无论 DNS 设置成什么,Cloudlfare 都会被指向 127.0.0.1, 中国移动手机流量也是 127.0.0.1 ,但是移动改成公共 DNS 不会被污染。担心以后流量也会被抢答,白名单不会真的要来了吧,细思极恐 |
 | 55 JoeoooLAI 2023-08-13 22:35:58 +08:00 这个问题大约一年前就出现了,我群晖 synology.me 的 DDNS 一直被解析 127.0.0.1 ,一开始发现在广州不行,拜托朋友帮我试试上海和深圳是正常的,年尾开始上海和深圳也 127 了,其他地区不清楚,不知道是不是电信都这样。最后还是买了个域名挂 dnspods 。 |
 | 56 iamwho 2023-08-15 08:26:33 +08:00 |
 | 57 a578800641 2023-08-18 16:57:47 +08:00 2023 年 8 月 18 日 |
| 58 a578800641 2023-08-18 16:57:56 +08:00 2023 年 8 月 18 日 C:\Users\Administrator>nslookup cloudflare.com 202.96.128.166 服务器: cache-b.guangzhou.gd.cn Address: 202.96.128.166 非权威应答: 名称: cloudflare.com Addresses: 2606:4700::6810:85e5 104.16.132.229 104.16.133.229 |
 | 59 warriorl 2023-12-08 22:32:56 +08:00 @JoeoooLAI #55 上周心血来潮把 ipv6 的 DNS 启用了, 昨天在家直接浏览器打开收藏夹的群晖 ddns 的 user.myds.me 域名无法访问, 鉴于之前听说群晖停止 quick connect 服务还以为是 myds.me 的域名也停止服务了, 一通操作把 ddns 的域名换成了 dnspod 上注册的 然后再 nslookup 域名发现是被广东电信的 ipv6 dns 240e:1f:1::1 解析到了 127.0.0.1...换成阿里 ipv6 dns 就正常了. 简直丧心病狂 |
 | 60 sxguka 296 天前 外省 DNS 还不如公共 DNS ,省内优势是快 |
Select Language