这是一个创建于 1899 天前的主题,其中的信息可能已经有所发展或是发生改变。
[Addresses]
IPv4 Listen Address =
IPv4 EDNS Client Subnet Address = 218.85.157.99/32
IPv4 Main DNS Address = 8.8.8.8:53
IPv4 Alternate DNS Address = 8.8.4.4:53
IPv4 Local Main DNS Address = 119.29.29.29:53
IPv4 Local Alternate DNS Address = 223.5.5.5:53
IPv6 Listen Address =
IPv6 EDNS Client Subnet Address =
IPv6 Main DNS Address = [2001:4860:4860::8844]:53
IPv6 Alternate DNS Address = [2606:4700:4700::1001]:53|[2620:FE::9]:53|[2620:0:CCD::2]:5353
IPv6 Local Main DNS Address = [240C::6644]:53
IPv6 Local Alternate DNS Address = [240C::6666]:53
[Switches]
Domain Case Conversion = 1
Compression Pointer Mutation = 0
EDNS Label = 1
EDNS Client Subnet Relay = 1
上面是配置
比如 A 主机的 IP 是 1.1.1.1,dig 后的结果是下面这样的
root@debian:~# dig @1.1.1.1 -p 443 www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 -p 443 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2954
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
; CLIENT-SUBNET: 1.1.1.1/32/24
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1055 IN CNAME www.a.shifen.com.
www.a.shifen.com. 155 IN CNAME www.wshifen.com.
www.wshifen.com. 155 IN A 104.193.88.123
www.wshifen.com. 155 IN A 104.193.88.77
然后在安装了 pcap_dnsproxy 的主机上 dig 127.0.0.1 结果如下
root@outline-dns:~# dig @127.0.0.1 -p 443 www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 -p 443 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27346
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
; CLIENT-SUBNET: 1.1.1.1/32/24
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1055 IN CNAME www.a.shifen.com.
www.a.shifen.com. 155 IN CNAME www.wshifen.com.
www.wshifen.com. 155 IN A 104.193.88.123
www.wshifen.com. 155 IN A 104.193.88.77
;; Query time: 0 msec
;; SERVER: 127.0.0.1#443(127.0.0.1)
;; WHEN: Thu Sep 12 22:19:27 CST 2019
;; MSG SIZE rcvd: 139
这说明配置文件中的 IPv4 EDNS Client Subnet Address = 218.85.157.99/32 并未生效
如果第一次没有缓存的情况下用国内 IP 去解析得到的结果就是国内的,但是结果和直接 dig @223.5.5.5 www.baidu.com +subnet=218.85.157.99 出来的不一样,这是不是也说明了 IPv4 EDNS Client Subnet Address 没生效?
哪位大神在 GCP 上或者其它家有部署 pcap_dnsproxy 并且 IPv4 EDNS Client Subnet Address 生效的配置借我参考一下
谢谢啊
IPv4 Listen Address =
IPv4 EDNS Client Subnet Address = 218.85.157.99/32
IPv4 Main DNS Address = 8.8.8.8:53
IPv4 Alternate DNS Address = 8.8.4.4:53
IPv4 Local Main DNS Address = 119.29.29.29:53
IPv4 Local Alternate DNS Address = 223.5.5.5:53
IPv6 Listen Address =
IPv6 EDNS Client Subnet Address =
IPv6 Main DNS Address = [2001:4860:4860::8844]:53
IPv6 Alternate DNS Address = [2606:4700:4700::1001]:53|[2620:FE::9]:53|[2620:0:CCD::2]:5353
IPv6 Local Main DNS Address = [240C::6644]:53
IPv6 Local Alternate DNS Address = [240C::6666]:53
[Switches]
Domain Case Conversion = 1
Compression Pointer Mutation = 0
EDNS Label = 1
EDNS Client Subnet Relay = 1
上面是配置
比如 A 主机的 IP 是 1.1.1.1,dig 后的结果是下面这样的
root@debian:~# dig @1.1.1.1 -p 443 www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 -p 443 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2954
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
; CLIENT-SUBNET: 1.1.1.1/32/24
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1055 IN CNAME www.a.shifen.com.
www.a.shifen.com. 155 IN CNAME www.wshifen.com.
www.wshifen.com. 155 IN A 104.193.88.123
www.wshifen.com. 155 IN A 104.193.88.77
然后在安装了 pcap_dnsproxy 的主机上 dig 127.0.0.1 结果如下
root@outline-dns:~# dig @127.0.0.1 -p 443 www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 -p 443 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27346
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
; CLIENT-SUBNET: 1.1.1.1/32/24
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1055 IN CNAME www.a.shifen.com.
www.a.shifen.com. 155 IN CNAME www.wshifen.com.
www.wshifen.com. 155 IN A 104.193.88.123
www.wshifen.com. 155 IN A 104.193.88.77
;; Query time: 0 msec
;; SERVER: 127.0.0.1#443(127.0.0.1)
;; WHEN: Thu Sep 12 22:19:27 CST 2019
;; MSG SIZE rcvd: 139
这说明配置文件中的 IPv4 EDNS Client Subnet Address = 218.85.157.99/32 并未生效
如果第一次没有缓存的情况下用国内 IP 去解析得到的结果就是国内的,但是结果和直接 dig @223.5.5.5 www.baidu.com +subnet=218.85.157.99 出来的不一样,这是不是也说明了 IPv4 EDNS Client Subnet Address 没生效?
哪位大神在 GCP 上或者其它家有部署 pcap_dnsproxy 并且 IPv4 EDNS Client Subnet Address 生效的配置借我参考一下
谢谢啊
 |
1
HalloCQ 2019-09-17 17:48:27 +08:00
好像 pcap_dnsproxy 的子网掩码不能设为 32,默认好像只支持 24,32 有 bug
|
Select Language