:Solution to Alibaba Cloud Content Delivery Network Access Exception of a Regional Node

Problem description

There are several scenarios about Alibaba Cloud Content Delivery Network access exceptions of a region node.

• Scenario 1: Failed to access the Alibaba Cloud Content Delivery Network accelerated domain name by using the ping command.
• Scenario 2: After the source station changes the file, the file obtained from the Alibaba Cloud Content Delivery Network node is still the file before the change.
• Scenario 3: After accessing the Alibaba Cloud Content Delivery Network accelerated domain name, the content of the file that is not its site is obtained.

Causes

The reasons for the problems in different problem scenarios are as follows.

• The reason for scenario one is as follows.
  • The local network is abnormal.
  • The node network is abnormal or attacked.
  • A routing node of the local to operator intermediate link fails.
• The reasons for scenario two are as follows.
  • The refresh does not take effect.
  • The local browser cache is read.
  • Hijacked by local operators.
• The reasons for scenario three are as follows.
  • The non-Alibaba Cloud Content Delivery Network node accessed.
  • Was hijacked for some reason.

Solutions

The following are solutions to different problem scenarios:

Scenario 1: Failed to access the Alibaba Cloud Content Delivery Network accelerated domain name by using the ping command

1. Check whether the accelerated domain name is in the sandbox node. Because the domain name in the sandbox cannot guarantee the service stability, the network will be blocked after using the ping command. At this time, the sandbox may be under attack.
2. Check whether the IP address that you accessed is the IP address of the CDN node. For more information about how to detect, see Diagnostic tools. If the accessed node is not the Alibaba Cloud Content Delivery Network node IP, please verify the following situations.
   • Is there local agent software that is turned on, because some agent software will force changes to the resolution of access domain names.
   • Whether to bind the Host file to force the accelerated domain name to an IP address.
   • DNS hijacking exists locally, antivirus security software can be opened locally, and DNS with IP 223.5.5.5, 114.114.114.114 or other secure DNS used locally is fixed. If the hijacking situation is serious and cannot be resolved, you need to complain to the network service provider to resolve the hijacking.
3. Using the ping command locally, connecting the IP of the node, and using webmaster tools to detect whether there is a problem with the IP of the node nationwide, that is, the delay in accessing the node in each region is large or blocked, and the node cannot be ping locally, then the possibility of the problem of the node is high, and the premise is that the domain name is indeed not in the sandbox.
4. Use tracert on the local Windows host or traceroute on the Linux host to detect the IP and provide a complete probe screenshot, and locate the problem point of the entire network link according to the obtained screenshot.
   

   Note: The MTR information judgment method is as follows:

   • The packet loss rate of the destination node is 100%, and it is checked one by one from the destination node until the first node that starts packet loss (there cannot be a routing node with a packet loss rate of 0% in the middle), then the first routing node that starts packet loss is more likely to be a problem route. For more information, see Network link test description for a packet loss or ping failure.

5. Please ask Alibaba Cloud technical support to troubleshoot. During this period, you can change the local DNS to other DNS (for example, 223.5.5.5 or 114.114.114.114) and refresh the local DNS cache to schedule it to other normal nodes.

Scenario 2: The file obtained from the Alibaba Cloud Content Delivery Network node is still the file before the change

1. Check whether the IP address that you accessed is the IP address of the CDN node.
2. Bind the CDN node and the origin server according to the CDN configuration. Note the following points when binding the source station to test.
   • In the Alibaba Cloud Content Delivery Network back-to-source Host configuration, use the curl command to test the source station as follows. If the Host file is bound, the Alibaba Cloud Content Delivery Network accelerated domain name should be bound to the IP address resolved by the origin domain name.

     curl -H "Host:[$Domain_Name]" "[$Source_Station]"

     Note:

     • [$Domain_Name] is the Alibaba Cloud Content Delivery Network accelerated domain name.
     • [$Source_Station] is the origin site domain name.

   • The access results obtained by different back-to-source ports may also be different. Test the relevant information of Response Headers to determine whether the accessed files are consistent. The following aspects are mainly judged.

     Note: If any of the following three points are inconsistent, it can be considered that the files on the origin site and the node are inconsistent. If all exist, the third point has the most judgment basis.

     • Whether the Content-Length size is consistent.
     • Whether the modification time of Last-Modified is consistent.
     • Whether ETag is consistent with Content-MD5.
     
3. If there is no problem after the preceding steps are confirmed, and the file obtained on the node is still inconsistent with the origin file, we recommend that you refresh the URL and wait for about 10 minutes before testing. If the problem remains unresolved after multiple refreshes, submit a ticket.

   Note: The refresh period is about 5 to 10 minutes.

Scenario 3: Obtain non-site file content after accessing the Alibaba Cloud Content Delivery Network accelerated domain name