Coder Social home page Coder Social logo

匹配CN地址表 about gfwlist2agh HOT 46 CLOSED

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024
匹配CN地址表

from gfwlist2agh.

Comments (46)

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

感觉并不是不可以,工程量可能有点大,有空试试

from gfwlist2agh.

avatar commented on July 17, 2024

是的,这种工程量会很大

from gfwlist2agh.

avatar commented on July 17, 2024

可以在dhdb_dead下进行操作

from gfwlist2agh.

avatar commented on July 17, 2024

我看adg,支持了ipset,感觉可以引用ipset进行分流

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

我看adg,支持了ipset,感觉可以引用ipset进行分流

AGH 的 IPSET 暂不支持外部配置文件,需要手动修改 AdGuardHome.yaml,或后续使用脚本替换

ipset — List of domain-ipset_name associations for adding IP addresses of the specified domain names to an ipset list. Syntax: DOMAIN[,DOMAIN].../IPSET_NAME[,IPSET_NAME].... IPv4 addresses are added to an ipset list with ipv4 family, IPv6 addresses - to ipv6 ipset list. ipset list must exist. This setting is supported on Linux only. This feature is similar to --ipset in dnsmasq.

from gfwlist2agh.

avatar commented on July 17, 2024

不支持外部配置文件,那还是算了,这样的话AdGuardHome.yaml配置文件有点大

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

初步功能已实现(待优化部分场景)
截图 2021-02-01 22 36 02

from gfwlist2agh.

avatar commented on July 17, 2024

但是有个别域名,需要添加强制,比如apple.com这个域名,解析出来的ip是美国ip。

from gfwlist2agh.

avatar commented on July 17, 2024

还有一个就是,不知道检测的机制是什么,去检测域名是否是CN地址表,那么你检测时用的dns是什么?如果遇到污染的地址那该如何选择。因为有一些国内应用是有国外cdn的。

from gfwlist2agh.

avatar commented on July 17, 2024

主要还是cdn这个问题比较难解决吧。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

还有一个就是,不知道检测的机制是什么,去检测域名是否是CN地址表,那么你检测时用的dns是什么?如果遇到污染的地址那该如何选择。因为有一些国内应用是有国外cdn的。

截图 2021-02-01 23 05 12

截图 2021-02-01 23 09 37

确实,CDN 和已被污染的域名是最难解决的

from gfwlist2agh.

avatar commented on July 17, 2024

匹配ns记录吗?

from gfwlist2agh.

avatar commented on July 17, 2024

image

from gfwlist2agh.

avatar commented on July 17, 2024

image
image

from gfwlist2agh.

avatar commented on July 17, 2024

我的思路不是特别的清晰,目前只能想到这些。

from gfwlist2agh.

avatar commented on July 17, 2024

如果使用检测使用的dns是利用ADG分流出来的dns,那么是可以完美解决污染等问题,但是这样,检测就变得没有意义了。

from gfwlist2agh.

avatar commented on July 17, 2024

我能想到的就是利用ns记录来进行检测了。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

如果使用检测使用的dns是利用ADG分流出来的dns,那么是可以完美解决污染等问题,但是这样,检测就变得没有意义了。

DoH 查询时带上国内 IP 掩码(待做,但这需要一个可靠的并对 EDNS 支持的服务器)
类似 dig +subnet=103.104.252.0/22 www.baidu.com

匹配ns记录吗?

不是,提取dig后的所有结果,对结果进行批量whois检测,如:

  1. dig dns.alidns.com -> 223.5.5.5 223.6.6.6A 记录
  2. whois 223.5.5.5 223.6.6.6 -> 将给出该IP地址的所有者信息
  3. 若结果中存在 country: CN 即存放入国内

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

完整whois结果如下:
截图 2021-02-01 23 34 00

from gfwlist2agh.

avatar commented on July 17, 2024

检测ip倒是没什么问题,关键在于,如何解决cdn解析和污染的域名。

from gfwlist2agh.

avatar commented on July 17, 2024

带着ecs过去,可以解决cdn的问题,但是污染解决不了好像。

from gfwlist2agh.

avatar commented on July 17, 2024

带着国内ip过去,会返回国内的cdn,匹配到国内的cdn就可以进行whios ,是cn就可以丢到国内进行解析。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

目前测试的这三组域名,结果正确,能否提供一些稍微复杂点情况的域名做测试
截图 2021-02-02 16 00 53

from gfwlist2agh.

avatar commented on July 17, 2024

apple.com

from gfwlist2agh.

avatar commented on July 17, 2024

https://github.com/felixonmars/dnsmasq-china-list/blob/master/apple.china.conf
https://github.com/felixonmars/dnsmasq-china-list/blob/master/google.china.conf

from gfwlist2agh.

avatar commented on July 17, 2024

这里面的域名都是在国内有服务器的,看下检测是否正常。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

貌似苹果这块情况较为复杂,谷歌都能正常识别
截图 2021-02-02 16 19 37

from gfwlist2agh.

avatar commented on July 17, 2024

这个cdn的检测是如何检测出来是cdn的?

from gfwlist2agh.

avatar commented on July 17, 2024

如果是cdn,那么cdn的域名丢在国内域名列表中呢还是国外域名列表中呢。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

这个cdn的检测是如何检测出来是cdn的?

发送国内国外 IP + 掩码,若同为 CN 为国内,均不同则为海外,其中一个为 CN 则为 CDN

如果是cdn,那么cdn的域名丢在国内域名列表中呢还是国外域名列表中呢。

暂时还没决定,但按照 CDN 的特性,放入国内列表或使用 # 作为上游服务器比较妥当

from gfwlist2agh.

avatar commented on July 17, 2024

其实现在目前问题不大,或者说是否可以调用api查询该域名是否在国内备案,因为使用国内cdn,域名就必须在国内进行备案才可使用。

from gfwlist2agh.

avatar commented on July 17, 2024

但是好像站长工具的api,是需要收费的,算了。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024
  1. 苹果CDN问题我在测试DoH的过程中,已解决
  2. 主要原因还是 53 端口的 DNS 并没有开放太多的 EDNS-Client-Subnet 权限,部分存在直接丢弃的情况
  3. 演示如下:
    国内:curl "https://dns.alidns.com/resolve?name=configuration.apple.com.&type=1&edns_client_subnet=222.64.8.0/22"
    国外:curl "https://dns.alidns.com/resolve?name=configuration.apple.com.&type=1&edns_client_subnet=104.192.48.0/22"

from gfwlist2agh.

avatar commented on July 17, 2024

那现在污染的域名是否解决了?

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024
  1. 返回结果为 JSON 格式,我为了方便将使用 jq 工具对 JSON 文件进行解析

截图 2021-02-02 17 08 41

  1. 后续正式使用时将使用 dns.google 进行查询,防止 DNS 污染(其实 dns.alidns.com 在海外返回的结果也是正确的)

from gfwlist2agh.

avatar commented on July 17, 2024

image
这个解析是不正常的,没有解析到正确的ip上,还是使用dns.google进行解析把,1.1.1.1不支持ecs

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

过墙必定污染,GitHub Actions 测试结果正常
截图 2021-02-02 17 24 38

from gfwlist2agh.

avatar commented on July 17, 2024

这次的检测机制是在本规则后,在进行一次检测分流,然后在生成最终的域名规则吗?

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024
  1. 使用 hezhijie0327/DHDb 的存活域名作为查询列表,检测分析后生成区分文件dhdb_domestic.txtdhdb_foreign.txt
  2. 前期作为辅助,后期稳定后可作为主要上游规则列表

from gfwlist2agh.

avatar commented on July 17, 2024

felixonmars
Loyalsoldier
gfwlist
这些规则不能舍弃,毕竟这三个项目还是很好的。

from gfwlist2agh.

avatar commented on July 17, 2024

成为规则最全,也是分流最准确的规则。😄

from gfwlist2agh.

Potterli20 avatar Potterli20 commented on July 17, 2024

可以加个bind的分流?? @hezhijie0327

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024

可以加个bind的分流?? @hezhijie0327

给个规则格式样例

from gfwlist2agh.

Potterli20 avatar Potterli20 commented on July 17, 2024

可以加个bind的分流?? @hezhijie0327

给个规则格式样例

https://github.com/felixonmars/dnsmasq-china-list/blob/master/Makefile

from gfwlist2agh.

avatar commented on July 17, 2024
  1. 使用 hezhijie0327/DHDb 的存活域名作为查询列表,检测分析后生成区分文件dhdb_domestic.txtdhdb_foreign.txt
  2. 前期作为辅助,后期稳定后可作为主要上游规则列表

期待上线的时间。

from gfwlist2agh.

hezhijie0327 avatar hezhijie0327 commented on July 17, 2024
  1. 已上线测试,如对 DHDb 数据有疑问,请移步至此处提交 ISSUE
  2. 由于需要数据重建,初期DHDb 数据量较少,预计一周内能恢复至正常水平

from gfwlist2agh.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.