login.live.com 被湖北电信本地 DNS 污染，指向反诈提示

工单节点使用指南

• 请用平和的语言准确描述你所遇到的问题

• 厂商的技术支持和你一样也是有喜怒哀乐的普通人类，尊重是相互的

• 如果是关于 V2EX 本身的问题反馈，请使用反馈节点

This topic created in 1725 days ago, the information mentioned may be changed or developed.

今天登录微软账号的时候发现一直提示 CONNECT_REFUSED，排查发现是 DNS 被污染了

本地电信分配的 DNS 为

202.103.44.150
202.103.24.68

使用 dig 查询均返回被劫持的 ip 地址

; <<>> DiG 9.16.1-Ubuntu <<>> @202.103.44.150 login.live.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56397
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;login.live.com.                        IN      A

;; ANSWER SECTION:
login.live.com.         300     IN      A       223.75.236.241

;; Query time: 0 msec
;; SERVER: 202.103.44.150#53(202.103.44.150)
;; WHEN: Wed Aug 25 15:48:41 CST 2021
;; MSG SIZE  rcvd: 48

; <<>> DiG 9.16.1-Ubuntu <<>> @202.103.24.68 login.live.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2138
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;login.live.com.                        IN      A

;; ANSWER SECTION:
login.live.com.         300     IN      A       223.75.236.241

;; Query time: 0 msec
;; SERVER: 202.103.24.68#53(202.103.24.68)
;; WHEN: Wed Aug 25 15:48:58 CST 2021
;; MSG SIZE  rcvd: 48

直接访问该 ip 可得反诈提示

Supplement 1 · Aug 29, 2021

今日查询已恢复正常

; <<>> DiG 9.16.1-Ubuntu <<>> @202.103.44.150 login.live.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49929
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 9, ADDITIONAL: 0

;; QUESTION SECTION:
;login.live.com.                        IN      A

;; ANSWER SECTION:
login.live.com.         600     IN      CNAME   login.msa.msidentity.com.
login.msa.msidentity.com. 600   IN      CNAME   www.tm.lg.prod.aadmsa.akadns.net.
www.tm.lg.prod.aadmsa.akadns.net. 600 IN CNAME  prda.aadg.msidentity.com.
prda.aadg.msidentity.com. 600   IN      CNAME   www.tm.a.prd.aadg.akadns.net.
www.tm.a.prd.aadg.akadns.net. 600 IN    A       40.126.35.151
www.tm.a.prd.aadg.akadns.net. 600 IN    A       40.126.35.80
www.tm.a.prd.aadg.akadns.net. 600 IN    A       40.126.35.128
www.tm.a.prd.aadg.akadns.net. 600 IN    A       20.190.163.21
www.tm.a.prd.aadg.akadns.net. 600 IN    A       40.126.35.86
www.tm.a.prd.aadg.akadns.net. 600 IN    A       40.126.35.129
www.tm.a.prd.aadg.akadns.net. 600 IN    A       40.126.35.87
www.tm.a.prd.aadg.akadns.net. 600 IN    A       20.190.163.19

;; AUTHORITY SECTION:
akadns.net.             76175   IN      NS      a9-128.akadns.net.
akadns.net.             76175   IN      NS      a18-128.akagtm.org.
akadns.net.             76175   IN      NS      a3-129.akadns.net.
akadns.net.             76175   IN      NS      a13-130.akagtm.org.
akadns.net.             76175   IN      NS      a28-129.akagtm.org.
akadns.net.             76175   IN      NS      a7-131.akadns.net.
akadns.net.             76175   IN      NS      a1-128.akadns.net.
akadns.net.             76175   IN      NS      a12-131.akagtm.org.
akadns.net.             76175   IN      NS      a11-129.akadns.net.

;; Query time: 10 msec
;; SERVER: 202.103.44.150#53(202.103.44.150)
;; WHEN: Sun Aug 29 20:07:26 CST 2021
;; MSG SIZE  rcvd: 501

10 replies • 2021-09-12 00:20:44 +08:00