在 Hacker News Daily 上的「Tell HN: Microsoft.com added 192.168.1.1 to their DNS record」這邊看到的,看起來是某種 misconfiguration 造成 microsoft.com
的 A record 除了給正常的 IPv4 address 外,還給出了 192.168.1.1
與 192.168.1.0
的 IPv4 address。
不過裡面比較有趣的是 id=38704301 這個,提到他反而查不到,看 log 發現被 dnsmasq 認定是 DNS rebinding 的攻擊而擋下來不回應任何 IP address:
I was getting an empty answer for microsoft.com. Turns out my dnsmasq is blocking it: $ dig microsoft.com. | grep EDE ; EDE: 15 (Blocked) resolver.log:Dec 20 00:43:57 router dnsmasq[8172]: possible DNS-rebind attack detected: microsoft.com
翻了 dnsmasq 的 manpage,可以看到這個功能:
--stop-dns-rebind
Reject (and log) addresses from upstream nameservers which are in the private ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network. For IPv6, the private range covers the IPv4-mapped addresses in private space plus all link-local (LL) and site-local (ULA) addresses.
在 id=38704159 這邊也有類似的情況,不過這邊是提到 OpenWrt:
microsoft.com is currently IPv6-only on my network, because OpenWrt's DNS rebinding protection filters out the A records: $ ping -4 microsoft.com ping: microsoft.com: Address family for hostname not supported $ ping -6 microsoft.com PING microsoft.com(2603:1030:c02:8::14 (2603:1030:c02:8::14)) 56 data bytes 64 bytes from 2603:1030:c02:8::14 (2603:1030:c02:8::14): icmp_seq=1 ttl=112 time=68.4 ms