Comments (16)
自己处理一下自动更新脚本的逻辑就行了。每次更新后,追加edu.cn到chnlist.txt里面,最简单的方式。
from chinadns-ng.
描述不清晰,逻辑前后矛盾。请重新组织语言。你上游既然都只能返回A记录,chinadns-ng难道还能凭空给变一个AAAA响应出来?这说的都是啥跟啥。
from chinadns-ng.
没写清楚。。上游可信dns只能返回A,禁止AAAA。。。国内dns正常返回A和AAAA
from chinadns-ng.
按照公平模式来的话,实测最终只返回了211.69.16.31这个结果。
测试过程呢。我需要更多细节。另外,A查询和AAAA查询是独立的,所以A响应和AAAA响应也是独立的,它们之间的判断关系根本搞不到一块去。请把你的测试过程以及详细日志输出发来。
from chinadns-ng.
测试过程呢。我需要更多细节。另外,A查询和AAAA查询是独立的,所以A响应和AAAA响应也是独立的,它们之间的判断关系根本搞不到一块去。请把你的测试过程以及详细日志输出发来。
chinadns-ng设置,始终不变
-v -f -n -b 0.0.0.0 -c 127.0.0.1#18051 -t 127.0.0.1#18052 --chnlist-first -m /opt/app/chinadns_ng/chnlist.txt -g /opt/app/chinadns_ng/gfwlist.txt
上游是smartdns,设置如下,
bind 0.0.0.0:18051 -group china //国内dns分组
bind 0.0.0.0:18052 -group office -force-aaaa-soa //可信dns分组,禁止AAAA记录返回
server 223.5.5.5 -group china //阿里
server 2400:3200::1 -group china //阿里
server 180.76.76.76 -group china //百度
server 2400:da00::6666 -group china //百度
server-https https://dns.google/dns-query -group office //可信dns为google,走只有ipv4的ss
prefetch-domain yes //预读取打开
speed-check-mode tcp:443,tcp:80 //测速打开,先测tcp的443,再80
dualstack-ip-selection no //关闭双栈优选,默认是关闭的,这里我单独写了no
浏览器访问iptv.pdsu.edu.cn,打不开页面,软件日志如下
Mar 25 16:37:49 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#52568
Mar 25 16:37:49 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#34216
Mar 25 16:37:49 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 25 16:37:49 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#22612
Mar 25 16:37:49 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: ignore
Mar 25 16:37:49 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: accept
Mar 25 16:37:50 【chinadns_ng】: ^[[1;32m2020-03-25 16:37:50 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: ignore
nslookup结果如下
PS C:\WINDOWS\system32> nslookup iptv.pdsu.edu.cn
服务器: Newifi3_D2.lan
Address: 2408:8207:2467:38a0:2276:93ff:fe56:4213
非权威应答:
名称: iptv.pdsu.edu.cn
Address: 211.69.16.31
nslookup查询时软件日志如下
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#21636
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: accept
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#61285
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18052, result: accept
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: ignore
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#27679
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 25 16:41:33 【chinadns_ng】: ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18052, result: ignore
chinadns-ng设置不变,上游smartdns设置允许可信dns返回AAAA,其余不变,设置如下
bind 0.0.0.0:18051 -group china
bind 0.0.0.0:18052 -group office //可以返回AAAA了
server 223.5.5.5 -group china
server 2400:3200::1 -group china
server 180.76.76.76 -group china
server 2400:da00::6666 -group china
server-https https://dns.google/dns-query -group office
prefetch-domain yes
speed-check-mode tcp:443,tcp:80
dualstack-ip-selection NO
此时再浏览器访问iptv.pdsu.edu.cn可以正常打开,软件日志如下
Mar 25 16:48:36 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#62628
Mar 25 16:48:36 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#47253
Mar 25 16:48:36 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:48:36 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: accept
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#18252
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: ignore
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#47253
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:48:37 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
nslookup结果如下
PS C:\WINDOWS\system32> nslookup iptv.pdsu.edu.cn
服务器: Newifi3_D2.lan
Address: 2408:8207:2467:38a0:2276:93ff:fe56:4213
非权威应答:
名称: iptv.pdsu.edu.cn
Addresses: 2001:250:4814:1::200
211.69.16.31
nslookup时,软件日志如下
Mar 25 16:48:51 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#29109
Mar 25 16:48:51 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: accept
Mar 25 16:48:51 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#64378
Mar 25 16:48:51 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: accept
Mar 25 16:48:53 【chinadns_ng】: ^[[1;32m2020-03-25 16:48:53 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18052, result: ignore
因为ss只有ipv4,如果可信dns返回a和aaaa,那纽约时报一类的被xx的双栈的网站都打不开,只能把可信dns禁止返回aaaa,禁了,那些网站就能打开了
但是禁止可信dns返回AAAA的话,比如这个iptv.pdsu.edu.cn,就会有如上的问题
这个iptv.pdsu.edu.cn,ipv4的地址是不在ipset列表里的,ipv6的在。
(另外,这个iptv.pdsu.edu.cn我估计是不是ipv4的禁止校外公众访问,然后只能ipv6的可以公开校外访问?反正只返回a的时候,网站打不开)
from chinadns-ng.
bind 0.0.0.0:18052 -group office -force-aaaa-soa //可信dns分组,禁止AAAA记录返回
我简单看了下smartdns的文档,还是没明白,这究竟是禁止aaaa查询还是禁止aaaa返回。我认为文档并没有清晰的告诉我。
from chinadns-ng.
你这个测试虽然很详细,但是很遗憾,对这个问题的解决没有帮助。我给你提供一个思路。测试过程大概如下。你有时间就按照流程测试一下,把相关过程和日志带上来。
- 首先我还是要告诉你,A查询和AAAA查询是两个完全独立的dns query,请务必记住这点。
- 然后我建议你使用 dig 来测试,我看你都是在Windows下面测试的,dig也有win32版本的。
- 在路由器上运行 chinadns-ng 以及 smartdns,参数以及配置就用你现在的,记得带-v选项。
- 让他们都监听0.0.0.0这个地址(我看你贴出来的配置已经是这样的了),便于你在win上测试。
- 然后下载安装win32版本的dig(google一搜就有,纯绿色),准备好后,请按照如下流程测试:
- 执行
dig @192.168.1.1 -p18051 iptv.pdsu.edu.cn A
,向smartdns的china-group查询该域名的A记录,把dig以及smartdns的输出贴出来。 - 执行
dig @192.168.1.1 -p18051 iptv.pdsu.edu.cn AAAA
,向smartdns的china-group查询该域名的AAAA记录,把dig以及smartdns的输出贴出来。 - 执行
dig @192.168.1.1 -p18052 iptv.pdsu.edu.cn A
,向smartdns的office-group查询该域名的A记录,把dig以及smartdns的输出贴出来。 - 执行
dig @192.168.1.1 -p18052 iptv.pdsu.edu.cn AAAA
,向smartdns的office-group查询该域名的AAAA记录,把dig以及smartdns的输出贴出来。 - 执行
dig @192.168.1.1 -p65353 iptv.pdsu.edu.cn A
,向chinadns-ng查询该域名的A记录,把dig以及chinadns-ng的输出贴出来。 - 执行
dig @192.168.1.1 -p65353 iptv.pdsu.edu.cn AAAA
,向chinadns-ng查询该域名的AAAA记录,把dig以及chinadns-ng的输出贴出来。 - 最后提示一下,因为你说这个域名既不在gfwlist.txt也不在chnlist.txt,所以它的分流判断单纯就是靠chnroute和chnroute6这两个ipset集合来判定的。如有必要,请在路由器上,执行ipset指令测试smartdns返回的相关ipv4/ipv6地址是否在对应的chnroute/chnroue6集合中。
指令是:
ipset test chnroute IPv4地址
、ipset test chnroute6 IPv6地址
。
from chinadns-ng.
bind 0.0.0.0:18052 -group office -force-aaaa-soa //可信dns分组,禁止AAAA记录返回
我简单看了下smartdns的文档,还是没明白,这究竟是禁止aaaa查询还是禁止aaaa返回。我认为文档并没有清晰的告诉我。
pymumu/smartdns@5f9167c
pymumu/smartdns@f68e4ed
关于是禁止查询还是返回,希望这两个commit能提供帮助
然后那个测试,我有环境了就去弄
那个ipv4的地址不在chnroute,ipv6的地址在chnroue6
from chinadns-ng.
这…我这个列表…前几天看的时候是反的,不过反正以现在为准……
[Newifi3_D2 /opt/home/admin]# ipset test chnroute 211.69.16.31
211.69.16.31 is in set chnroute.
[Newifi3_D2 /opt/home/admin]# ipset test chnroute6 2001:250:4814:1::200
2001:250:4814:1::200 is NOT in set chnroute6.
[Newifi3_D2 /opt/home/admin]#
设置禁止AAAA
bind 0.0.0.0:18052 -group office -force-aaaa-soa
dig @192.168.123.1 -p18051 iptv.pdsu.edu.cn A
; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18051 iptv.pdsu.edu.cn A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12491
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;iptv.pdsu.edu.cn. IN A
;; ANSWER SECTION:
iptv.pdsu.edu.cn. 1 IN A 211.69.16.31
;; Query time: 61 msec
;; SERVER: 192.168.123.1#18051(192.168.123.1)
;; WHEN: Sun Mar 29 16:30:13 **标准时间 2020
;; MSG SIZE rcvd: 66
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,773][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:1 IP: 211.69.16.31
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1649] recv udp packet from 2408:8000:1010:2::8, len: 50, ttl: 56
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,773][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:323 IP: 211.69.16.31
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1649] recv udp packet from 2408:8000:1010:1::8, len: 50, ttl: 56
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,773][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:323 IP: 211.69.16.31
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1649] recv udp packet from 101.6.6.6, len: 45, ttl: 51
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 45, id = 19, tc = 0, rd = 1, ra = 0, rcode = 5, payloadsize = 4096
[2020-03-29 16:30:12,773][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,774][DEBUG][ dns_server.c:1430] inquery failed, iptv.pdsu.edu.cn, rcode = 5, id = 19
[2020-03-29 16:30:12,775][DEBUG][ dns_client.c:1649] recv udp packet from 2400:da00::6666, len: 130, ttl: 47
[2020-03-29 16:30:12,775][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 2, nrcount = 2, len = 130, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:30:12,775][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,775][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:178 IP: 211.69.16.31
[2020-03-29 16:30:12,775][DEBUG][ dns_server.c:1466] NS: pdsu.edu.cn ttl:178 cname: dns2.pdsu.edu.cn
[2020-03-29 16:30:12,775][DEBUG][ dns_server.c:1466] NS: pdsu.edu.cn ttl:178 cname: dns.pdsu.edu.cn
[2020-03-29 16:30:12,775][DEBUG][ dns_server.c:1287] domain: dns.pdsu.edu.cn TTL:156074 IP: 211.69.16.8
[2020-03-29 16:30:12,775][DEBUG][ dns_server.c:1287] domain: dns2.pdsu.edu.cn TTL:156074 IP: 211.69.16.18
[2020-03-29 16:30:12,777][DEBUG][ dns_client.c:1649] recv udp packet from 119.29.29.29, len: 61, ttl: 237
[2020-03-29 16:30:12,777][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 2048
[2020-03-29 16:30:12,777][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,777][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:1416 IP: 211.69.16.31
[2020-03-29 16:30:12,783][DEBUG][ dns_client.c:1649] recv udp packet from 180.76.76.76, len: 61, ttl: 46
[2020-03-29 16:30:12,783][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:30:12,784][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,784][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:188 IP: 211.69.16.31
[2020-03-29 16:30:12,815][DEBUG][ dns_client.c:1649] recv udp packet from 2400:3200::1, len: 50, ttl: 116
[2020-03-29 16:30:12,815][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,815][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,815][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:126 IP: 211.69.16.31
[2020-03-29 16:30:12,825][DEBUG][ dns_client.c:1649] recv udp packet from 2001:da8::666, len: 61, ttl: 46
[2020-03-29 16:30:12,825][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:30:12,825][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,825][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:169 IP: 211.69.16.31
[2020-03-29 16:30:12,829][DEBUG][ dns_client.c:1649] recv udp packet from 223.5.5.5, len: 50, ttl: 119
[2020-03-29 16:30:12,829][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,829][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:30:12,829][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:1800 IP: 211.69.16.31
[2020-03-29 16:30:12,829][ INFO][ dns_server.c:699 ] result: iptv.pdsu.edu.cn, rcode: 0, 211.69.16.31
dig @192.168.123.1 -p18051 iptv.pdsu.edu.cn AAAA
; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18051 iptv.pdsu.edu.cn AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;iptv.pdsu.edu.cn. IN AAAA
;; ANSWER SECTION:
iptv.pdsu.edu.cn. 1 IN AAAA 2001:250:4814:1::200
;; Query time: 78 msec
;; SERVER: 192.168.123.1#18051(192.168.123.1)
;; WHEN: Sun Mar 29 16:32:13 **标准时间 2020
;; MSG SIZE rcvd: 78
[2020-03-29 16:32:12,580][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28 qclass: 1
[2020-03-29 16:32:12,580][DEBUG][ dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,583][DEBUG][ dns_client.c:1649] recv udp packet from 119.29.29.29, len: 73, ttl: 237
[2020-03-29 16:32:12,583][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 73, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 2048
[2020-03-29 16:32:12,583][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28 qclass: 1
[2020-03-29 16:32:12,583][DEBUG][ dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1358 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,607][DEBUG][ dns_client.c:1649] recv udp packet from 180.76.76.76, len: 73, ttl: 46
[2020-03-29 16:32:12,607][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 73, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:32:12,607][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28 qclass: 1
[2020-03-29 16:32:12,607][DEBUG][ dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 3620 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,631][DEBUG][ dns_client.c:1649] recv udp packet from 2001:da8::666, len: 73, ttl: 46
[2020-03-29 16:32:12,631][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 73, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:32:12,632][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28 qclass: 1
[2020-03-29 16:32:12,632][DEBUG][ dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1358 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,638][DEBUG][ dns_server.c:1060] from [2001:0250:4814:0001:0000:0000:0000:0200]:80: seq=1 time=585
[2020-03-29 16:32:12,638][ INFO][ dns_server.c:735 ] result: iptv.pdsu.edu.cn, rcode: 0, 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,638][DEBUG][ fast_ping.c:386 ] ping end, id 27
[2020-03-29 16:32:12,673][DEBUG][ dns_client.c:1649] recv udp packet from 2400:3200::1, len: 62, ttl: 116
[2020-03-29 16:32:12,673][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 62, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:32:12,673][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28 qclass: 1
[2020-03-29 16:32:12,674][DEBUG][ dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1800 IP: 2001:0250:4814:0001:0000:0000:0000:0200
dig @192.168.123.1 -p18052 iptv.pdsu.edu.cn A
; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18052 iptv.pdsu.edu.cn A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24504
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;iptv.pdsu.edu.cn. IN A
;; ANSWER SECTION:
iptv.pdsu.edu.cn. 3328 IN A 211.69.16.31
;; Query time: 171 msec
;; SERVER: 192.168.123.1#18052(192.168.123.1)
;; WHEN: Sun Mar 29 16:34:43 **标准时间 2020
;; MSG SIZE rcvd: 66
[2020-03-29 16:34:42,036][ INFO][ dns_server.c:2305] query server iptv.pdsu.edu.cn from 192.168.123.233, qtype = 1
[2020-03-29 16:34:42,036][DEBUG][ dns_client.c:402 ] send query to group office
[2020-03-29 16:34:42,037][ INFO][ dns_client.c:2616] send request iptv.pdsu.edu.cn, qtype 1, id 33
[2020-03-29 16:34:42,193][DEBUG][ dns_client.c:1857] recv tcp packet from 8.8.8.8, len = 615
[2020-03-29 16:34:42,194][DEBUG][ dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 33, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 512
[2020-03-29 16:34:42,194][DEBUG][ dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1 qclass: 1
[2020-03-29 16:34:42,194][DEBUG][ dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:3328 IP: 211.69.16.31
[2020-03-29 16:34:42,194][DEBUG][ dns_server.c:1106] ping 211.69.16.31:80 with tcp
[2020-03-29 16:34:42,194][DEBUG][ fast_ping.c:1057] ping 211.69.16.31:80, id = 30
[2020-03-29 16:34:42,195][ INFO][ dns_server.c:699 ] result: iptv.pdsu.edu.cn, rcode: 0, 211.69.16.31
dig @192.168.123.1 -p18052 iptv.pdsu.edu.cn AAAA
; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18052 iptv.pdsu.edu.cn AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51769
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;iptv.pdsu.edu.cn. IN AAAA
;; AUTHORITY SECTION:
iptv.pdsu.edu.cn. 0 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1800 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.123.1#18052(192.168.123.1)
;; WHEN: Sun Mar 29 16:36:37 **标准时间 2020
;; MSG SIZE rcvd: 126
[2020-03-29 16:36:36,481][ INFO][ dns_server.c:2305] query server iptv.pdsu.edu.cn from 192.168.123.233, qtype = 28
dig @192.168.123.1 -p8053 iptv.pdsu.edu.cn A
; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p8053 iptv.pdsu.edu.cn A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29434
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;iptv.pdsu.edu.cn. IN A
;; ANSWER SECTION:
iptv.pdsu.edu.cn. 3091 IN A 211.69.16.31
;; Query time: 166 msec
;; SERVER: 192.168.123.1#8053(192.168.123.1)
;; WHEN: Sun Mar 29 16:38:39 **标准时间 2020
;; MSG SIZE rcvd: 66
Mar 29 16:38:38 【chinadns_ng】: ^[[1;32m2020-03-29 16:38:38 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 192.168.123.233#50661
Mar 29 16:38:39 【chinadns_ng】: ^[[1;32m2020-03-29 16:38:39 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 29 16:38:39 【chinadns_ng】: ^[[1;32m2020-03-29 16:38:39 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: ignore
dig @192.168.123.1 -p8053 iptv.pdsu.edu.cn AAAA
; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p8053 iptv.pdsu.edu.cn AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59559
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;iptv.pdsu.edu.cn. IN AAAA
;; AUTHORITY SECTION:
iptv.pdsu.edu.cn. 0 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1800 1800 900 604800 86400
;; Query time: 15 msec
;; SERVER: 192.168.123.1#8053(192.168.123.1)
;; WHEN: Sun Mar 29 16:39:46 **标准时间 2020
;; MSG SIZE rcvd: 126
Mar 29 16:39:45 【chinadns_ng】: ^[[1;32m2020-03-29 16:39:45 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 192.168.123.233#50665
Mar 29 16:39:45 【chinadns_ng】: ^[[1;32m2020-03-29 16:39:45 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 29 16:39:45 【chinadns_ng】: ^[[1;32m2020-03-29 16:39:45 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: ignore
就这情况的话,能优化优化逻辑吗,或者是chnroute和chnroute6反过来也是类似的事儿
from chinadns-ng.
我寻思着,也没啥毛病,你的国内上游对应smartdns的china组,可信上游对应smartdns的office组。
- 查询A记录:可信DNS和国内DNS返回的ip都是一样的,它们都在chnroute中,接受哪个都一样。
- 查询AAAA记录:可信DNS和国内DNS返回的answer是不一样的,国内DNS返回了一个正常ipv6地址,但是它不在chnroute6中,于是被filter,那只好接受可信DNS返回的soa假记录了。
补充一点,我看你最后向chinadns-ng查询AAAA记录的时候,是trust-dns先返回china-dns后返回,默认情况下(未指定-n选项,但指定了-f选项),此时会等待china-dns返回后再做决定(因为trust-dns返回的answer里面没有任何ip地址,chinadns-ng默认会假设它是"国外ip",而又因为指定了-f选项,所以会等待china-dns返回后再判断,这个readme也说过),然后假设china-dns返回的这个v6地址在chnroute6里面,那么此次AAAA查询会得到正确的结果,但实际上他并不在chnroute6里面,所以这种情况下它还是会接收trust-dns的soa记录,这其实与指定了-n选项是一样的(我看你给出的参数中是带-n选项的,带这个选项产生的影响是:chinadns-ng认为trust-dns返回的这个soa记录是一个“国内ip”,所以就接收了trust-dns的解析结果,从而忽略后续的china-dns返回的结果)。
from chinadns-ng.
你不如直接将这个域名加入chnlist.txt列表,一点事都没有。或者加入chnroute6集合。都一样。
from chinadns-ng.
就这情况的话,能优化优化逻辑吗。
没法优化,因为程序本身就是只能靠chnroute/chnroute6/gfwlist/chnlist来判断。不知道你说的优化优化逻辑是啥意思,怎么优化。因为你这个域名不在gfwlist/chnlist里面,所以只能靠chnroute/chnroute6来判断,而又因为你这个v6地址不在chnroute6中,所以就是这个结果了。还不理解的话就仔细想想。
from chinadns-ng.
理解,我看https://github.com/zfl9/chinadns-ng#工作原理 具体逻辑部分,发帖时候就猜差不多了,但是可能表达不清楚吧…才把log都弄上来
然后主要就是因为这个,现在我chnroute和chnroute6是每天自动跟上游更新的,我手工添进去的话,一更新就覆盖了…
所以还是希望有什么办法能解决……问问大佬有什么招儿没有
因为比如自动更新了chnroute和chnroute6之后,我加个命令写入ip到更新以后的文件,也自动执行,那也才更新了这个别的ip而已,以后遇到类似情况,还是麻烦
要么我就给apnic发邮件试试?卧槽,我这感觉也没戏啊……
from chinadns-ng.
我去反馈一下chnlist.txt吧,看看能不能假一个*.edu.cn
from chinadns-ng.
A:211.69.16.31,不在chnroute
不知为何这么认为,chnroute规则里有 211.68.0.0/15
。
from chinadns-ng.
A:211.69.16.31,不在chnroute
不知为何这么认为,chnroute规则里有
211.68.0.0/15
。
是,,,那天夜里,不是夜里,凌晨五点多晕晕乎乎的,
from chinadns-ng.
Related Issues (20)
- 添加 ip 到 ipset/nftset 时,支持指定元素级别的 timeout 参数
- 关于新版本的使用方法 HOT 20
- `--no-ipv6` 修改: 不过滤、过滤所有、按域名tag过滤、按ip测试结果过滤 HOT 5
- 新版本(2024.03.27)的 udp 似乎有问题 HOT 5
- [ipset.c:606 test_res_ipset] error when querying ip: (2) No such file or directory HOT 2
- [增强] 支持 `udp://` 上游 HOT 37
- tag 的说明和功能的例子是混淆了? HOT 2
- --add-tagchn-ip 选项可否设置黑名单 HOT 17
- 对于不支持tcp查询的上游,请带上`udp://`限定 HOT 12
- 是否个例:域名层级问题 HOT 3
- 使用 chinadns-ng 替代 dnsmasq 时,需要注意的事项 HOT 81
- 环境有问题,DNS解析存在“污染” HOT 60
- 24.4.13版本用不了 ,是改变什么吗 HOT 3
- 增加-Dwolfssl编译不过去 HOT 7
- wolfssl 在某些平台上无法正确校验 SSL 证书 HOT 10
- tag有可能支持geosite吗 HOT 1
- 路由器上使用chinadns,一直日志里显示网络不可达 HOT 4
- 请问一下能否支持通过tcp/socks5访问上游 HOT 3
- 一点疑问 HOT 5
- oops, it's gone~ HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chinadns-ng.