众所周知,作DNS区域传输时会用到TCP:53
但在某种情况下作域名解析时也可能会用到TCP进行查询。
我在实验中发现
当同一域名对应A记录超过28条时,查询该A记录,就会先进行一个UDP回合(DNS服务器应答中的Truncation标志位被置1),然后客户端就开始SYN了。
Tcpdump到的包:
IP 192.168.1.26.1477 > 192.168.1.253.domain: 11+ A? server2.oi.com. (32)
IP 192.168.1.253.domain > 192.168.1.26.1477: 11*| 29/0/0 A 192.168.1.20,[|domain]
IP 192.168.1.26.1478 > 192.168.1.253.domain: S 1373309631:1373309631(0) win 65535
IP 192.168.1.253.domain > 192.168.1.26.1478: S 3722467642:3722467642(0) ack 1373309632 win 5840
IP 192.168.1.26.1478 > 192.168.1.253.domain: . ack 1 win 65535
IP 192.168.1.26.1478 > 192.168.1.253.domain: P 1:3(2) ack 1 win 65535
IP 192.168.1.253.domain > 192.168.1.26.1478: . ack 3 win 5840
IP 192.168.1.26.1478 > 192.168.1.253.domain: P 3:35(32) ack 1 win 65535 256 [b2&3=0x1] [0q] [1907au] (30)
IP 192.168.1.253.domain > 192.168.1.26.1478: . ack 35 win 5840
IP 192.168.1.253.domain > 192.168.1.26.1478: P 1:535(534) ack 35 win 5840 11* 29/1/1[|domain]
IP 192.168.1.26.1478 > 192.168.1.253.domain: F 35:35(0) ack 535 win 65001
IP 192.168.1.253.domain > 192.168.1.26.1478: F 535:535(0) ack 36 win 5840
IP 192.168.1.26.1478 > 192.168.1.253.domain: . ack 536 win 65001
CommView到那个Truncation标志位:
DNS
ID: 0x000B (11)
Response packet: 1
Operation code: 0x00 (0) - Standard query
Flags
Authoritative Answer: 1
Truncation: 1
Recursion Desired: 1
Recursion Available: 1
Result code: 0x00 (0) - Success
Question records: 0x0001 (1)
Answer records: 0x001D (29)
Authority records: 0x0000 (0)
Additional records: 0x0000 (0)
Question section
Record: 0x1 (1)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
Answer section
Record: 0x1 (1)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.20
Record: 0x2 (2)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.21
Record: 0x3 (3)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.22
Record: 0x4 (4)................
...............................
...............................
...............................
然而,我却发现,第一个UDP回合已经answer了所有A记录。
Packet #3, Direction: In, Time:10:41:39.310, Size: 538
Ethernet II
Destination MAC: 00:02:3F:B3:71:83
Source MAC: 00:E0:4C:F6:75:93
Ethertype: 0x0800 (2048) - IP
IP
IP version: 0x04 (4)
Header length: 0x05 (5) - 20 bytes
Type of service: 0x00 (0)
Precedence: 000 - Routine
Delay: 0 - Normal delay
Throughput: 0 - Normal throughput
Reliability: 0 - Normal reliability
Total length: 0x020C (524)
ID: 0x0001 (1)
Flags
Don't fragment bit: 1 - Don't fragment
More fragments bit: 0 - Last fragment
Fragment offset: 0x0000 (0)
Time to live: 0x40 (64)
Protocol: 0x11 (17) - UDP
Checksum: 0xB478 (46200) - correct
Source IP: 192.168.1.253
Destination IP: 192.168.1.26
IP Options: None
UDP
Source port: 53
Destination port: 1477
Length: 0x01F8 (504)
Checksum: 0x66D3 (26323) - correct
DNS
ID: 0x000B (11)
Response packet: 1
Operation code: 0x00 (0) - Standard query
Flags
Authoritative Answer: 1
Truncation: 1
Recursion Desired: 1
Recursion Available: 1
Result code: 0x00 (0) - Success
Question records: 0x0001 (1)
Answer records: 0x001D (29)
Authority records: 0x0000 (0)
Additional records: 0x0000 (0)
Question section
Record: 0x1 (1)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
Answer section
Record: 0x1 (1)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.20
Record: 0x2 (2)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.21
Record: 0x3 (3)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.22
Record: 0x4 (4)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.23
Record: 0x5 (5)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.24
Record: 0x6 (6)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.25
Record: 0x7 (7)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.26
Record: 0x8 (8)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.27
Record: 0x9 (9)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.28
Record: 0xA (10)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.29
Record: 0xB (11)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.30
Record: 0xC (12)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.31
Record: 0xD (13)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.32
Record: 0xE (14)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.33
Record: 0xF (15)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.34
Record: 0x10 (16)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.35
Record: 0x11 (17)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.36
Record: 0x12 (18)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.37
Record: 0x13 (19)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.38
Record: 0x14 (20)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.39
Record: 0x15 (21)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.40
Record: 0x16 (22)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.41
Record: 0x17 (23)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.42
Record: 0x18 (24)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.43
Record: 0x19 (25)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.44
Record: 0x1A (26)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.45
Record: 0x1B (27)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.46
Record: 0x1C (28)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.47
Record: 0x1D (29)
Name: server2.oi.com
Type: 0x0001 (1) - A
Class: 0x0001 (1) - IN
TTL: 86400 - 1 Day
IP address: 192.168.1.48
阅读(1054) | 评论(0) | 转发(0) |
