smartdns icon indicating copy to clipboard operation
smartdns copied to clipboard

Published 20 hours ago verified publisher icon pymumu

CNAME doesn't follow domain-rules

Open zonyitoo opened this issue 1 year ago • 0 comments

需求应用场景

api.pinterest.com 被劫持了,于是使用 domain-rule 来让它使用海外可信DNS来解析:

domain-rules /pinterest.com/ -nameserver oversea -ipset #4:gfwlist,#6:gfwlist6 -speed-check-mode none

但是 api.pinterest.com 有部分海外 DNS 解析时会返回 CNAME ,CNAME 的域名没有在 domain-rules 中导致还是被劫持。

以下是前置的 dnsmasq 的日志,实际域名由 smartdns 解析

Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: query[A] api.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: forwarded api.pinterest.com to 127.0.0.1#6051
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: query[AAAA] api.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: forwarded api.pinterest.com to 127.0.0.1#6051
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply api.pinterest.com is <CNAME>
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.192.84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 23.54.56.217
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.64.84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.0.84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.128.84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 23.193.119.210
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 23.193.119.203
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 172.64.149.192
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 146.75.112.84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 151.101.228.84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 104.18.38.64
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 2606:4700:4400::ac40:95c0
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 2a04:4e42:1a::84
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 2600:140b:1e00:11::17db:aa27
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 2600:140b:1e00:11::17db:aa1c
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 2606:4700:4400::6812:2640
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply api.pinterest.com is NODATA-IPv6
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: query[AAAA] prod.pinterest.global.map.fastly.net from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: forwarded prod.pinterest.global.map.fastly.net to 127.0.0.1#6051
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 2a03:2880:f126:83:face:b00c:0:25de
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 2a03:2880:f12c:183:face:b00c:0:25de
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 2a03:2880:f11b:83:face:b00c:0:25de
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: query[A] trk.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: forwarded trk.pinterest.com to 127.0.0.1#6051
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: query[AAAA] trk.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: forwarded trk.pinterest.com to 127.0.0.1#6051
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply trk.pinterest.com is <CNAME>
Sat May 25 02:03:52 2024 daemon.info dnsmasq[1]: reply trk.pinterest.com is <CNAME>
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: query[A] api.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: forwarded api.pinterest.com to 127.0.0.1#6051
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply api.pinterest.com is <CNAME>
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.192.84
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 23.54.56.217
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.64.84
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.0.84
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 151.101.128.84
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: query[AAAA] prod.pinterest.global.map.fastly.net from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: forwarded prod.pinterest.global.map.fastly.net to 127.0.0.1#6051
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 2a03:2880:f10f:83:face:b00c:0:25de
Sat May 25 02:04:52 2024 daemon.info dnsmasq[1]: reply prod.pinterest.global.map.fastly.net is 2a03:2880:f126:83:face:b00c:0:25de
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[AAAA] trk.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded trk.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[A] trk.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded trk.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply trk.pinterest.com is <CNAME>
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply trk.pinterest.com is <CNAME>
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[HTTPS] assets.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded assets.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[AAAA] assets.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded assets.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[A] assets.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded assets.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply assets.pinterest.com is NODATA
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply assets.pinterest.com is <CNAME>
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 151.101.228.84
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[HTTPS] dualstack.pinterest.map.fastly.net from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded dualstack.pinterest.map.fastly.net to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is NODATA
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply assets.pinterest.com is <CNAME>
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: query[AAAA] dualstack.pinterest.map.fastly.net from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: forwarded dualstack.pinterest.map.fastly.net to 127.0.0.1#6051
Sat May 25 02:06:05 2024 daemon.info dnsmasq[1]: reply dualstack.pinterest.map.fastly.net is 2a03:2880:f10a:83:face:b00c:0:25de
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: query[HTTPS] api-pinterest-com-eip-akadns-net.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: forwarded api-pinterest-com-eip-akadns-net.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: reply api-pinterest-com-eip-akadns-net.pinterest.com is NODATA
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: query[AAAA] api-pinterest-com-eip-akadns-net.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: forwarded api-pinterest-com-eip-akadns-net.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: query[A] api-pinterest-com-eip-akadns-net.pinterest.com from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:21 2024 daemon.info dnsmasq[1]: forwarded api-pinterest-com-eip-akadns-net.pinterest.com to 127.0.0.1#6051
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: reply api-pinterest-com-eip-akadns-net.pinterest.com is NODATA-IPv6
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: reply api-pinterest-com-eip-akadns-net.pinterest.com is <CNAME>
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: reply eip-tata.api.pinterest.com.akahost.net is 23.40.100.37
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: query[HTTPS] eip-tata.api.pinterest.com.akahost.net from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: forwarded eip-tata.api.pinterest.com.akahost.net to 127.0.0.1#6051
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: query[AAAA] eip-tata.api.pinterest.com.akahost.net from 240e:3b7:3222:fbb0:1db8:bf3:8e23:6efb
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: forwarded eip-tata.api.pinterest.com.akahost.net to 127.0.0.1#6051
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: reply eip-tata.api.pinterest.com.akahost.net is NODATA
Sat May 25 02:06:22 2024 daemon.info dnsmasq[1]: reply eip-tata.api.pinterest.com.akahost.net is NODATA-IPv6

api.pinterest.com 是没有 AAAA Records 的,从上面日志可以看出是那几个 fastly.net 的域名返回了 AAAA Records ,被劫持。

建议的方案

若主查询的域名有 domain-rules ,CNAME 的域名应同样应用其 domain-rules

设备信息

  1. 设备信息(CPU,厂家) R4S

  2. 固件信息 OpenWRT 18.06

zonyitoo avatar May 24 '24 18:05 zonyitoo