V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
q0000x
V2EX  ›  DNS

请教一个 pcap_dnsproxy edns 的问题

  •  
  •   q0000x · 2019-09-12 22:34:23 +08:00 · 982 次点击
    这是一个创建于 1927 天前的主题,其中的信息可能已经有所发展或是发生改变。
    [Addresses]
    IPv4 Listen Address =
    IPv4 EDNS Client Subnet Address = 218.85.157.99/32
    IPv4 Main DNS Address = 8.8.8.8:53
    IPv4 Alternate DNS Address = 8.8.4.4:53
    IPv4 Local Main DNS Address = 119.29.29.29:53
    IPv4 Local Alternate DNS Address = 223.5.5.5:53
    IPv6 Listen Address =
    IPv6 EDNS Client Subnet Address =
    IPv6 Main DNS Address = [2001:4860:4860::8844]:53
    IPv6 Alternate DNS Address = [2606:4700:4700::1001]:53|[2620:FE::9]:53|[2620:0:CCD::2]:5353
    IPv6 Local Main DNS Address = [240C::6644]:53
    IPv6 Local Alternate DNS Address = [240C::6666]:53

    [Switches]
    Domain Case Conversion = 1
    Compression Pointer Mutation = 0
    EDNS Label = 1
    EDNS Client Subnet Relay = 1

    上面是配置
    比如 A 主机的 IP 是 1.1.1.1,dig 后的结果是下面这样的
    root@debian:~# dig @1.1.1.1 -p 443 www.baidu.com
    ; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 -p 443 www.baidu.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2954
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 2048
    ; CLIENT-SUBNET: 1.1.1.1/32/24
    ;; QUESTION SECTION:
    ;www.baidu.com. IN A

    ;; ANSWER SECTION:
    www.baidu.com. 1055 IN CNAME www.a.shifen.com.
    www.a.shifen.com. 155 IN CNAME www.wshifen.com.
    www.wshifen.com. 155 IN A 104.193.88.123
    www.wshifen.com. 155 IN A 104.193.88.77

    然后在安装了 pcap_dnsproxy 的主机上 dig 127.0.0.1 结果如下
    root@outline-dns:~# dig @127.0.0.1 -p 443 www.baidu.com

    ; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 -p 443 www.baidu.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27346
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 2048
    ; CLIENT-SUBNET: 1.1.1.1/32/24
    ;; QUESTION SECTION:
    ;www.baidu.com. IN A

    ;; ANSWER SECTION:
    www.baidu.com. 1055 IN CNAME www.a.shifen.com.
    www.a.shifen.com. 155 IN CNAME www.wshifen.com.
    www.wshifen.com. 155 IN A 104.193.88.123
    www.wshifen.com. 155 IN A 104.193.88.77

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#443(127.0.0.1)
    ;; WHEN: Thu Sep 12 22:19:27 CST 2019
    ;; MSG SIZE rcvd: 139

    这说明配置文件中的 IPv4 EDNS Client Subnet Address = 218.85.157.99/32 并未生效

    如果第一次没有缓存的情况下用国内 IP 去解析得到的结果就是国内的,但是结果和直接 dig @223.5.5.5 www.baidu.com +subnet=218.85.157.99 出来的不一样,这是不是也说明了 IPv4 EDNS Client Subnet Address 没生效?

    哪位大神在 GCP 上或者其它家有部署 pcap_dnsproxy 并且 IPv4 EDNS Client Subnet Address 生效的配置借我参考一下
    谢谢啊
    1 条回复    2019-09-17 17:48:27 +08:00
    HalloCQ
        1
    HalloCQ  
       2019-09-17 17:48:27 +08:00
    好像 pcap_dnsproxy 的子网掩码不能设为 32,默认好像只支持 24,32 有 bug
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2868 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 12:23 · PVG 20:23 · LAX 04:23 · JFK 07:23
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.