流浪地球2中提到的主根服务器在中国、日本、美国是事实。全球IPv6根服务器一共25台,只有三台主根服务器,分布在中日美,其余都为辅根服务器。(除了有一台主根服务器,🇨🇳还有3台辅根服务器,是部署根服务器最多的国家。)
因为本人工作就是网络安全相关的,看电影的时候还有一点点代入感。这个视频是之前在办公室领导带我们一起看的,真的蛮精彩蛮震撼。
……网络安全这个范围很广,不过我司业务确实是其中的一方面,我本人不是相关专业的,但我这段时间的工作也一直在接触这些技术专业知识,我们的技术同事很多也不是科班出身,但他们很优秀转发2.7万 评论1635 赞4.4万
我在日本读书那会,上通信网课程,日本教授说全球13台根服务器,都在美国欧洲日本,中国——zero。教授是实话实说,但我心里不痛快,没想到啊,这才五年!ipv6服务器在中国了,还是主根服务器!
赞3522
嗷,后知后觉流浪地球2说的北京根服务器指的是IPv6协议的根服务器!我说怎么北京会有根服务器,真的外宣一部电影顶你一年的破正能量视频[怒][怒][怒]
流浪地球2有一个情节是全球3个根服务器,这个是真实情况。中国IPv6根服务有1个根服务器和3个辅根服务器。根服务器如果故障,中国互联网就会马上瘫痪,而且如果像在IPv4时代中国没有根服务器,中国的互联网不但会暴露在美国监控下,而且随时可以被美国瘫痪掉。大国的各种安全都不容易,中国互联网的发展也是经历了千辛万苦与无数幕后英雄付出了牺牲。
流浪地球2中的互联网根服务器为什么在北京?
因为ipv6的服务器在北京,是中国工程师近20年努力的结果
根据「25台根服务器」、「一主三辅在中国」等数字特征,我们可以确定这就是RFC 8483中描述的「Yeti DNS Testbed」,也就是「雪人计划」。
「Yeti DNS Testbed」是什么呢?RFC上来就给出了该项目的用途。
Yeti DNS is an experimental, non-production root server testbed that
provides an environment where technical and operational experiments
can safely be performed without risk to production root server
infrastructure.
该RFC对文档自身性质的叙述非常谨慎:
This document aims solely to document the technical
and operational experience of deploying a system that is similar to
but different from the Root Server system (on which the Internet's
Domain Name System is designed and built).
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
所谓的中美日三台「主根」,在文档中被称为「coordinator」:
The three coordinators of the Yeti DNS testbed:
BII : Beijing Internet Institute
WIDE: Widely Integrated Distributed Environment Project
TISF: A collaborative engineering and security project by Paul Vixie
具体的25台「Yeti-Root Server」如下:
+-------------------------------------+---------------+-------------+
| Name | Operator | Location |
+-------------------------------------+---------------+-------------+
| bii.dns-lab.net | BII | CHINA |
| yeti-ns.tsif.net | TSIF | USA |
| yeti-ns.wide.ad.jp | WIDE Project | Japan |
| yeti-ns.as59715.net | as59715 | Italy |
| dahu1.yeti.eu.org | Dahu Group | France |
| ns-yeti.bondis.org | Bond Internet | Spain |
| | Systems | |
| yeti-ns.ix.ru | Russia | MSK-IX |
| yeti.bofh.priv.at | CERT Austria | Austria |
| yeti.ipv6.ernet.in | ERNET India | India |
| yeti-dns01.dnsworkshop.org | dnsworkshop | Germany |
| | /informnis | |
| dahu2.yeti.eu.org | Dahu Group | France |
| yeti.aquaray.com | Aqua Ray SAS | France |
| yeti-ns.switch.ch | SWITCH | Switzerland |
| yeti-ns.lab.nic.cl | NIC Chile | Chile |
| yeti-ns1.dns-lab.net | BII | China |
| yeti-ns2.dns-lab.net | BII | China |
| yeti-ns3.dns-lab.net | BII | China |
| ca978112ca1bbdcafac231b39a23dc. | | |
| yeti-dns.net| Yeti-ZA | South |
| | | Africa |
| 3f79bb7b435b05321651daefd374cd. | | |
| yeti-dns.net| Yeti-AU | Australia |
| yeti1.ipv6.ernet.in | ERNET India | India |
| xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c | ERNET India | India |
| yeti-dns02.dnsworkshop.org | dnsworkshop | USA |
| | /informnis | |
| yeti.mind-dns.nl | Monshouwer | Netherlands |
| | Internet | |
| | Diensten | |
| yeti-ns.datev.net | DATEV | Germany |
| yeti.jhcloos.net | jhcloos | USA |
+-------------------------------------+---------------+-------------+
最左边一列是根服务器的域名,我们可以自行对其做ping
、nslookup
、dig
等测试。「Yeti-Root Server」是IPv6-only的,因此在macOS上需要使用ping6
而不是ping
。
$ ping6 bii.dns-lab.net -c 4
PING6(56=40+8+8 bytes) --> 240c:f:1:22::6
16 bytes from 240c:f:1:22::6, icmp_seq=0 hlim=49 time=32.110 ms
16 bytes from 240c:f:1:22::6, icmp_seq=1 hlim=49 time=38.273 ms
16 bytes from 240c:f:1:22::6, icmp_seq=2 hlim=49 time=35.950 ms
16 bytes from 240c:f:1:22::6, icmp_seq=3 hlim=49 time=36.325 ms
--- bii.dns-lab.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 32.110/35.665/38.273/2.234 ms
$ ping6 yeti-ns1.dns-lab.net -c 4
PING6(56=40+8+8 bytes) --> 240e:eb:8001:e01::53
16 bytes from 240e:eb:8001:e01::53, icmp_seq=0 hlim=50 time=39.958 ms
16 bytes from 240e:eb:8001:e01::53, icmp_seq=1 hlim=50 time=39.279 ms
16 bytes from 240e:eb:8001:e01::53, icmp_seq=2 hlim=50 time=39.236 ms
16 bytes from 240e:eb:8001:e01::53, icmp_seq=3 hlim=50 time=40.048 ms
--- yeti-ns1.dns-lab.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 39.236/39.630/40.048/0.374 ms
$ ping6 yeti-ns2.dns-lab.net -c 4
PING6(56=40+8+8 bytes) --> 2408:4006:1201:9c00::66
16 bytes from 2408:4006:1201:9c00::66, icmp_seq=0 hlim=52 time=41.224 ms
16 bytes from 2408:4006:1201:9c00::66, icmp_seq=1 hlim=52 time=41.170 ms
16 bytes from 2408:4006:1201:9c00::66, icmp_seq=2 hlim=52 time=41.217 ms
16 bytes from 2408:4006:1201:9c00::66, icmp_seq=3 hlim=52 time=46.022 ms
--- yeti-ns2.dns-lab.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 41.170/42.408/46.022/2.087 ms
$ ping6 yeti-ns3.dns-lab.net -c 4
PING6(56=40+8+8 bytes) --> 240e:6b0:200::139
16 bytes from 240e:6b0:200::139, icmp_seq=0 hlim=54 time=40.582 ms
16 bytes from 240e:6b0:200::139, icmp_seq=1 hlim=54 time=42.216 ms
16 bytes from 240e:6b0:200::139, icmp_seq=2 hlim=54 time=39.957 ms
16 bytes from 240e:6b0:200::139, icmp_seq=3 hlim=54 time=43.100 ms
--- yeti-ns3.dns-lab.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 39.957/41.464/43.100/1.254 ms
$ dig @yeti-ns3.dns-lab.net com.
; <<>> DiG 9.10.6 <<>> @yeti-ns3.dns-lab.net com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16817
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;com. IN A
;; AUTHORITY SECTION:
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
;; ADDITIONAL SECTION:
a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30
e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30
f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30
g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30
j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30
k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30
l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30
m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30
a.gtld-servers.net. 172800 IN A 192.5.6.30
b.gtld-servers.net. 172800 IN A 192.33.14.30
c.gtld-servers.net. 172800 IN A 192.26.92.30
d.gtld-servers.net. 172800 IN A 192.31.80.30
e.gtld-servers.net. 172800 IN A 192.12.94.30
f.gtld-servers.net. 172800 IN A 192.35.51.30
g.gtld-servers.net. 172800 IN A 192.42.93.30
h.gtld-servers.net. 172800 IN A 192.54.112.30
i.gtld-servers.net. 172800 IN A 192.43.172.30
j.gtld-servers.net. 172800 IN A 192.48.79.30
k.gtld-servers.net. 172800 IN A 192.52.178.30
l.gtld-servers.net. 172800 IN A 192.41.162.30
m.gtld-servers.net. 172800 IN A 192.55.83.30
;; Query time: 42 msec
;; SERVER: 240e:6b0:200::139#53(240e:6b0:200::139)
;; WHEN: Sat Jan 28 16:58:34 CST 2023
;; MSG SIZE rcvd: 828
可以看到4台位于中国的「Yeti-Root Server」可以正常运作。DNS root server为用户提供的服务即是如此。
总之,RFC中描述的雪人根服务器和开头引用的网友理解可以说非常不同,几乎没有关系。长期以来我们的媒体上根服务器的谣言神乎其神,不着边际,近乎于二氢妇女和折毛的胡扯。如果一部「科幻电影」教给人们也是这样的互联网知识,那我相信我们从业人员可以永远编故事坑钱。程序员讲的都是技术!不可能是骗人的!