On the afternoon of January 23, 2019, I was in the company madly coding, immersed in my code world, enjoying the line of lambda expression I had just written, when suddenly I received a message from my girlfriend on wechat.

Enter cn.bing.com in a browser. The result is as follows:

So I opened my Terminal and prepared to ping to see what was going on:

➜ mhcoding ping cn.bing.com ping cn.bing.com ( 56 data bytes 64 bytes from Icmp_seq =0 TTL =64 time=0.046 ms 64 bytes from ICmp_seq =1 TTL =64 time=0.091 ms 64 bytes from icmp_seq=1 TTL =64 time=0.091 ms 64 bytes from Icmp_seq = 2 TTL = 64 time = 0.098 msCopy the code

So I replied to my girlfriend on wechat:

Come home from work in the evening, before I take off my backpack, my girlfriend quickly ran over to find me.


DNS, the abbreviation of Domain Name System, translates as Domain Name System. As a distributed database that maps domain names and IP addresses to each other, it makes it easier for people to access the Internet.

The main function of DNS is to translate domain names into IP addresses.

The IP address

IP Address is the abbreviation of IP Address, which refers to the Internet Protocol Address (English: Also translated as the Internet Protocol Address). An IP address is a unified address format provided by the IP protocol. It allocates a logical address to each network and each host on the Internet to shield physical address differences.

Every computer on the Internet is assigned an IP address.

IP addresses are used to number computers on the Internet. What you see on a daily basis is that every NETWORKED PC needs an IP address in order to communicate properly.

An IP address is a 32-bit binary number, usually divided into four “8-bit binaries” (that is, four bytes). An IP address is usually in dotted decimal notation (A.B.C.D). Such as:

The domain name

Domain name, this is a concept that many people are familiar with, most of the time, when we visit a website on the browser, we are accessed through the domain name.

A domain name is the name of a computer or computer group on the Internet separated by dots and used to identify the computer’s electronic location during data transmission.

A domain name is an alternate name for an IP address for easy memorization.

For example, wikipedia.org is a domain name that corresponds to the IP address People can access Wikipedia.org directly in place of an IP address, and the Domain Name System (DNS) will convert it into an IP address that is easy for machines to recognize.

In this way, people only need to remember a string of characters called wikipedia.org with a particular meaning, rather than a number with no meaning.

Domain name, IP, and DNS

In real life, we may often need to find people by phone, each phone connected to the network has its own unique number.

Sometimes, we want to call the customer service number of a certain company, for example, we want to call the customer service number of ICBC to check the account balance. But we don’t know the specific number. We can dial 114 and tell them that we want to call icbc. Then 114’s customer service will help you find the telephone number of industrial and Commercial Bank, and help you automatically transfer to the customer service number of industrial and Commercial Bank.

This process is much like the relationship between domain names, IP addresses, and DNS.

Every phone connected to the network -> every computer connected to the network ICBC -> Domain name telephone number -> IP address 114 Information desk -> DNSCopy the code

With DNS, we don’t need to remember multiple IP addresses for every website, we just need the domain name of the website. Just like we don’t care about the customer service number of ICBC, we just need to know that we are looking for ICBC.

Moreover, for a website, a domain name corresponds to an infinite number of IP addresses. Deployment is performed through load balancing. Just like the customer service center of ICBC also has a lot of extension is the same truth.

Some network operators may restrict some users’ access to some specific websites for some purposes, and the most commonly used restriction means are DNS contamination and DNS hijacking.

Normally, when we visit a domain name, we will jump to the failed page, but if we climb outside the wall, we can access it normally. For example, qiang.

There is also a typical scenario, when our broadband overdue, when visiting a website, was automatically redirected to the operator’s website, prompt recharge.

This is all because the carriers have rigged DNS. The purpose is that the domain name cannot be resolved to a normal IP address.

In the meantime, ping found that cn.bing.com was resolved to This is the direct cause of the failure to access Bing. is a loopback address, which is used for testing.

DNS pollution

DNS cache pollution, also known as DNS cache poisoning, is a case of deliberately or inadvertently produced domain name server data packets that refer domain names to incorrect IP addresses.

The way it works is: Due to the usual DNS queries without any authentication mechanism, and DNS queries are usually based on UDP is unreliable connectionless protocol, so the DNS queries are very easy to be tampered with, based on UDP port 53 DNS queries on intrusion detection, at the request of found that match the keywords are immediately disguised as target domain name servers (NS, Name Server) returns false results to the inquirer.

DNS contamination refers to the behavior that when a user accesses an address and a domestic server (non-DNS) detects that the user accesses an address that has been marked, the server disguises itself as a DNS server and sends back an incorrect address to the user. To avoid traffic on the network, domain names typically store their DNS data in an external domain for the next time another machine asks for resolution. Once the cache of the local domain name server for the domain is contaminated, computers in the domain are directed to the wrong server or to the server’s web address.

To put it more simply, DNS contamination is the act of disguising yourself as a DNS server and resolving a domain name to the wrong IP address after detecting that users are visiting certain websites.

DNS hijacking

DNS hijacking, also known as domain name hijacking, intercepts domain name resolution requests within a hijacked network, analyzes the requested domain name, and permits the requests beyond the scope of review. Otherwise, a fake IP address is returned or the request is not responded to by doing nothing. The effect is that the specific network cannot be accessed or a fake ADDRESS is accessed.

To put it simply, DNS hijacking refers to obtaining the permission of a DNS server by illegal means and modifying the DNS configuration so that the domain name is resolved to an incorrect IP address.

DNS contamination and DNS hijacking

DNS hijacking refers to hijacking a DNS server to modify its resolution result.

DNS pollution refers to the fact that some domestic servers perform intrusion detection on DNS queries and discover the matching requests on the blacklist. The server disguises itself as a DNS server and returns false results to the query users. It utilizes the UDP protocol to be connectionless and unreliable.

One is hijacking the DNS server, one is masquerading as a DNS server. The result is that the wrong IP address is returned.

How to resolve DNS contamination and hijacking

To resolve DNS hijacking, manually replace the DNS server with a third-party public DNS server.

Public DNS is a free DNS Internet basic service for the public. Changing the DNS server address to a public DNS server can speed up domain name resolution, prevent DNS hijacking, enhance Internet security, and block most carrier advertisements.

The following is a common public DNS:

(FIG. Source: http://www.yunweipai.com/archives/5175.html)

For DNS pollution, it can be said that it is difficult for individual users to solve the problem by setting up a VPN or remote domain name resolution.

How do I access bing

Use a temporary Bing domain name

Www2.bing.com or www4.bing.com

Bind to host forcibly

All you need to do is temporarily change host and wait for Microsoft servers to recover before deleting it. That is, enforces the IP address pointed to cn.bing.com. cn.bing.com

If the browser still cannot be opened after the modification, please restart the system directly. After the restart, try to open Bing Search to see whether the normal access can be restored.

3. Modify the DNS server

Example Change the DNS to a public DNS, such as or

Reference: https://laod.cn/news/cn-bing-com-404.html

Subsequent events

On the afternoon of January 23, Internet users discovered that Bing, Microsoft’s search engine, had become inaccessible. When opened, the message “cannot access this website” is displayed.

On January 24, a Microsoft spokesperson told reporters that “an investigation is under way” and “we are actively working to determine our next steps.”

“We can confirm that Bing was previously unavailable in China, but is now back up and running,” a Microsoft spokesman said in a response to reporters on The morning of Jan. 25. However, Microsoft did not disclose the reason for the previous access failure.

The focus of this paper is to analyze the reason why Bing cannot be accessed normally. The domain name and DNS are not introduced in depth. If readers are interested, they will continue to be introduced one by one later.