360 released technical analysis and repair solutions for "1. 21 national DNS faults"
At around 03:10 P.M. on January 26, January 21, the root server of general top-level domains in China suddenly experienced an exception. A large number of website domain names were hijacked to the IP address 65.49.2.178, resulting in resolution failures on about 2/3 of the national website DNS servers, tens of millions of users cannot access the Internet smoothly. 360 through the DNS tracking test and analysis, the website guard team contaminated at least two of the 13 root domain name servers (C and E) worldwide, as a result, a large number of Chinese websites cannot be accessed normally.
Root name server is the most advanced Domain name server in the Internet domain name resolution System (DNS), with only 13 root servers worldwide. Among them, the primary root server (A) is one in the United States, the secondary root server (B to M) is nine in the United States, and one in Sweden, the Netherlands, and one in Japan. Details of the 13 root servers are shown in:
360 analysis by the website guard team found that the DNS fault lasted about 20 minutes. After more than one hour, most netizens gradually discovered that the website was restored to normal access. At the same time, due to DNS Cache and other reasons, some netizens in more than 10 provinces and municipalities in China will not be able to completely recover to normal in the next few hours.
During the DNS failure, Weibo users @ Zhang likun and @ yizerowu performed a resolution test on the root domain name. It was found that in the facenano.com website test, the C root domain name (192.33.4.12) was resolved to 65.49.2.178, indicating that the C root domain name was contaminated.
According to tests on taobao.com, the root domain name E (192.203.230.10) is also contaminated and resolved to the IP address 65.49.2.178.
The above is only the result of the domestic domain name test. Subsequently, website guard 360 tested multiple foreign domain names such as twitter.com. The result shows that the resolved IP address is normal, indicating that the domain name is not contaminated. It can be inferred that this DNS fault only caused domestic domain names to be contaminated and no foreign domain names were found to be affected.
In addition, 360 of website guard track domain name resolution across the country, and found that the resolution time of domain names in all regions is 25 ms, and the resolution time is surprisingly consistent. It is estimated that the root domain name server may be contaminated and only targeted at domestic domain names.
According to incomplete statistics on 360 of website guard, more than 10 netizens in China are still affected by the DNS fault "sequelae, including Guizhou Telecom, Henan Telecom, Hong Kong New World, Jiangsu Telecom, Beijing Telecom, Shanghai Telecom, Hebei Telecom, Hebei Unicom, Sichuan Telecom, Shanghai Mobile, Fujian Unicom, and Jiangxi Telecom. The DNS server in these regions takes 12 to 24 hours to take effect due to caching. The website accessed by local netizens may still be resolved to the wrong IP address.
360 website guard suggestion: If a netizen is unable to access the website, you can change the computer's "network connection-properties-Internet Protocol Version 4" DNS server address to: (China Telecom) 101.226.4.6, (China Unicom) 123.125.81.6, (mobile) 101.226.4.6, (tietong) 101.226.4.6, you can restore to normal. If you do not manually set DNS, you can also click "Computer Rescue" on the main interface of 360 security guard. You only need to find the DNS keyword and then can automatically fix it with one click.