openwrt-chinadns
openwrt-chinadns copied to clipboard
aa65535
1.3.3关于DNS服务器端口号:/#区别,以及几个奇怪现象,并找到一个导致chinadns.c:726 local_ns_initparse: Message too 的奇怪问题
root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1:5054 -c /etc/chinadns_chn route.txt -m -v Wed Feb 5 13:52:59 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5054 Wed Feb 5 13:52:59 2020 response www.facebook.com from 223.5.5.5:53 - 74.86.226.234, filter Wed Feb 5 13:53:04 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5054 Wed Feb 5 13:53:04 2020 response www.facebook.com from 223.5.5.5:53 - 74.86.226.234, filter Wed Feb 5 13:53:09 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5054 Wed Feb 5 13:53:09 2020 response www.facebook.com from 223.5.5.5:53 - 74.86.226.234, filter ^C 本地使用https-dns-proxy,端口5053/5054/5055 使用地址127.0.0.1:5054,该服务器似乎没有返回dns,实测直接用dig ,该端口是正常的数据如下: ################################### ; <<>> DiG 9.14.8 <<>> www.facebook.com @127.0.0.1 -p 5054 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7419 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1452 ; PAD (34 bytes) ;; QUESTION SECTION: ;www.facebook.com. IN A
;; ANSWER SECTION: www.facebook.com. 2625 IN CNAME star-mini.c10r.facebook.com. star-mini.c10r.facebook.com. 60 IN A 31.13.82.36
;; Query time: 130 msec ;; SERVER: 127.0.0.1#5054(127.0.0.1) ;; WHEN: Wed Feb 05 13:55:20 CST 2020 ;; MSG SIZE rcvd: 128 #############################################
将chinadns配置更改为127.0.0.1#5054,正常工作 root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1#5054 -c /etc/chinadns_chn route.txt -m -v Wed Feb 5 13:51:05 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5054 Wed Feb 5 13:51:05 2020 response www.facebook.com from 223.5.5.5:53 - 67.228.221.221, filter Wed Feb 5 13:51:05 2020 response www.facebook.com from 127.0.0.1:5054 - 31.13.82.36, pass ^C 同时发现另一个问题,针对127.0.0.1 端口5055,这个服务器是Quad9的httpsdns服务器,采用#标识端口号时正常,但是如果采用5055,就会出现chinadns.c:726 local_ns_initparse: Message too large的错误,如下: root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1#5055 -c /etc/chinadns_chn route.txt -m -v Wed Feb 5 13:51:59 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5055 Wed Feb 5 13:51:59 2020 response www.facebook.com from 223.5.5.5:53 - 31.13.74.17, filter Wed Feb 5 13:52:00 2020 response www.facebook.com from 127.0.0.1:5055 - 157.240.13.35, pass ^C root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1:5055 -c /etc/chinadns_chn route.txt -m -v Wed Feb 5 13:52:16 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5055 Wed Feb 5 13:52:16 2020 response www.facebook.com from 223.5.5.5:53 - 74.86.226.234, filter Wed Feb 5 13:52:17 2020 chinadns.c:726 local_ns_initparse: Message too large Wed Feb 5 13:52:21 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5055 Wed Feb 5 13:52:21 2020 response www.facebook.com from 223.5.5.5:53 - 74.86.226.234, filter Wed Feb 5 13:52:21 2020 chinadns.c:726 local_ns_initparse: Message too large Wed Feb 5 13:52:26 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5055 Wed Feb 5 13:52:26 2020 response www.facebook.com from 223.5.5.5:53 - 74.86.226.234, filter Wed Feb 5 13:52:26 2020 chinadns.c:726 local_ns_initparse: Message too large
同时采用两个doh的端口,127.0.0.1:5053,127.0.0.1:5054,可以看出,5053的端口工作,但5054不工作。,端口号都是采用:进行分隔。 root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1:5053,127.0.0.1:5054 -c /e tc/chinadns_chnroute.txt -m -v Wed Feb 5 13:58:18 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5053 127.0.0.1:5054 Wed Feb 5 13:58:18 2020 response www.facebook.com from 223.5.5.5:53 - 69.171.229.11, filter Wed Feb 5 13:58:19 2020 response www.facebook.com from 127.0.0.1:5053 - 31.13.82.36, pass
同理,加入5055的quad9端口,又出错误了。chinadns.c:726 local_ns_initparse: Message too large root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1:5053,127.0.0.1:5055 -c /e tc/chinadns_chnroute.txt -m -v Wed Feb 5 14:00:03 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5053 127.0.0.1:5055 Wed Feb 5 14:00:03 2020 response www.facebook.com from 127.0.0.1:5053 - 31.13.82.36, pass Wed Feb 5 14:00:03 2020 response www.facebook.com from 223.5.5.5:53 - 69.171.245.49, filter Wed Feb 5 14:00:04 2020 chinadns.c:726 local_ns_initparse: Message too large
所以现在有些奇怪,为什么同一个服务器的端口,采用:不工作,用#分隔可以工作,但我不想把他认为设置为可信dns(顺便问一句如果有多个#号是否视为多个可信dns)。然后写入多个:+端口时,有某个或者某几个不工作。真多quad9的dns,采用:5055就会出现chinadns.c:726 local_ns_initparse: Message too large,但是用#就不会并且可以正常工作。 root@LEDE:~# /usr/bin/chinadns -p 5354 -s 119.29.29.29,223.5.5.5,127.0.0.1:5053,127.0.0.1#5055 -c /e tc/chinadns_chnroute.txt -m -v Wed Feb 5 14:02:52 2020 request www.facebook.com from 119.29.29.29:53 223.5.5.5:53 127.0.0.1:5053 127.0.0.1:5055 Wed Feb 5 14:02:52 2020 response www.facebook.com from 223.5.5.5:53 - 31.13.82.23, filter Wed Feb 5 14:02:52 2020 response www.facebook.com from 127.0.0.1:5053 - 31.13.82.36, pass Wed Feb 5 14:02:53 2020 response www.facebook.com from 127.0.0.1:5055 - 157.240.13.35, pass
https-dns-proxy配置如下 config main 'config' option update_dnsmasq_config '-'
config https-dns-proxy option bootstrap_dns '8.8.8.8,8.8.4.4' option resolver_url 'https://dns.google/dns-query' option listen_addr '127.0.0.1' option listen_port '5053' option user 'nobody' option group 'nogroup'
config https-dns-proxy option bootstrap_dns '1.1.1.1,1.0.0.1' option resolver_url 'https://cloudflare-dns.com/dns-query' option listen_addr '127.0.0.1' option listen_port '5054' option user 'nobody' option group 'nogroup'
config https-dns-proxy option bootstrap_dns '9.9.9.9,149.112.112.112' option resolver_url 'https://dns.quad9.net/dns-query' option listen_port '5055'
平台,openwrt19.07.1,MT7621,newifi-D1 https-dns-proxy从官方源下载 chiandns从openwrt-dist源rampis下载 所有海外地址均通过ipsev vpn连接,排除gfw问题。
https://github.com/aa65535/openwrt-chinadns/wiki/Use-DNS-Forwarder ChinaDNS 上游服务器设置为 114.114.114.114,127.0.0.1:5300 即可, 如果不需要压缩指针, 可以将 127.0.0.1:5300 改为 127.0.0.1#5300. 猜测:/#有可能是上述压缩指针的问题。
另外ChinaDNS似乎将所有非标端口的DNS上游均判别为可信服务器,未考虑自架非标端口DNS上游的情况。我希望将本地的DOH解析服务设为国内上游,大概只能通过设置一个虚假国内上游,通过iptables转发到本地来实现了。
