用Ping返回的IP地址无法访问网页
1. Ping百度得到IP地址不能访问
1.1 问题描述
用Ping获取域名对应的IP地址(值得注意的是,ping baidu.com得到的IP地址不一样),
$ ping baidu.com
Pinging baidu.com [110.242.68.66] with 32 bytes of data:
Reply from 110.242.68.66: bytes=32 time=63ms TTL=50
Reply from 110.242.68.66: bytes=32 time=84ms TTL=50
Reply from 110.242.68.66: bytes=32 time=49ms TTL=50
Reply from 110.242.68.66: bytes=32 time=50ms TTL=50
Ping statistics for 110.242.68.66:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 84ms, Average = 61ms
$ ping baidu.com
Pinging baidu.com [39.156.66.10] with 32 bytes of data:
Reply from 39.156.66.10: bytes=32 time=41ms TTL=49
Reply from 39.156.66.10: bytes=32 time=40ms TTL=49
Reply from 39.156.66.10: bytes=32 time=41ms TTL=49
Reply from 39.156.66.10: bytes=32 time=41ms TTL=49
Ping statistics for 39.156.66.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 41ms, Average = 40ms
然而,在浏览器输入得到的IP地址,却不能访问网页,
但ping www.baidu.com得到IP地址14.215.177.38,却可以通过IP地址访问到网页。然而,ping www.baidu.com得到IP地址会变,14.119.104.189就不能访问。
$ ping www.baidu.com
Pinging www.a.shifen.com [14.215.177.38] with 32 bytes of data:
Reply from 14.215.177.38: bytes=32 time=24ms TTL=54
Reply from 14.215.177.38: bytes=32 time=65ms TTL=54
Reply from 14.215.177.38: bytes=32 time=50ms TTL=54
Reply from 14.215.177.38: bytes=32 time=55ms TTL=54
Ping statistics for 14.215.177.38:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 65ms, Average = 48ms
root@ubuntu:~# ping www.baidu.com
PING www.a.shifen.com (14.119.104.189) 56(84) bytes of data.
64 字节,来自 14.119.104.189 (14.119.104.189): icmp_seq=1 ttl=52 时间=7.16 毫秒
64 字节,来自 14.119.104.189 (14.119.104.189): icmp_seq=2 ttl=52 时间=7.16 毫秒
1.2 可能原因:使用CDN
CDN(Content Delivery Network,内容分发网络)
(1)如何判断一个网站是否使用了CDN
nslookup查询如果返回多个IP地址,通常是使用了CDN;如果只返回一个IP地址,则没有使用CDN。
root@ubuntu:~# nslookup baidu.com ns3.baidu.com
Server: ns3.baidu.com
Address: 112.80.248.64#53
Name: baidu.com
Address: 39.156.66.10
Name: baidu.com
Address: 110.242.68.66
root@ubuntu:~# nslookup suqiankun.com quince.dnspod.net
Server: quince.dnspod.net
Address: 112.80.181.111#53
Name: suqiankun.com
Address: 120.79.30.6
得到CDN的IP地址,但一个CDN服务器的公网ip可能对应于多个域名网站,CDN服务器不知道该返回哪个网站内容,索性拒绝访问。
www.baidu.com
www.baidu.com使用CNAME记录映射到www.a.shifen.com,
root@ubuntu:~# nslookup www.baidu.com ns3.baidu.com
Server: ns3.baidu.com
Address: 112.80.248.64#53
www.baidu.com canonical name = www.a.shifen.com.
而www.a.shifen.com映射到www.wshifen.com,www.wshifen.com解析到的IP地址为103.235.46.40。
root@ubuntu:~# dig @8.8.8.8 www.a.shifen.com
; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 www.a.shifen.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10312
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.a.shifen.com. IN A
;; ANSWER SECTION:
www.a.shifen.com. 7 IN CNAME www.wshifen.com.
www.wshifen.com. 300 IN A 103.235.46.40
总结起来,域名解析关系如下:
NAME TYPE VALUE
--------------------------------------------------
www.baidu.com. CNAME www.a.shifen.com.
www.a.shifen.com. CNAME www.wshifen.com.
www.wshifen.com. A 103.235.46.40
2. 多个站点对应于同一个IP
一个IP是可以绑定多个域名的,应用场景:购买一台服务器,服务器挂着很多个网站,叫虚拟主机。以Apache网页服务器为例,在/etc/apache2/sites-available/*.conf配置文件进行如下配置:
<VirtualHost *:80>
Servername yaohao.cc
ServerAlias www.yaohao.cc
DocumentRoot /var/www/yaohao.cc
</VirtualHost>
<VirtualHost *:80>
Servername dianyao.co
ServerAlias www.dianyao.co
DocumentRoot /var/www/dianyao.co
</VirtualHost>
(1)IP地址访问哪个网站
配置文件中的第一个?
(2)禁止使用IP地址访问网站
Apache默认是允许使用服务器的IP地址访问网站。通过在/etc/apache2/sites-available/*.conf文件添加下列内容(xx.xx.xx.xx为服务器的IP地址):
<VirtualHost *:80>
ServerName xx.xx.xx.xx
<Location />
Order Allow,Deny
Deny from all
</Location>
</VirtualHost>
修改完后配置,让其生效,
sudo a2ensite others.conf
sudo /etc/init.d/apache2 reload
3. 另一个例子
再举一个例子,ping csdn.net返回IP地址为120.46.209.149,
