ustclug / neatdns Goto Github PK
View Code? Open in Web Editor NEWanti-pollution DNS server
License: MIT License
anti-pollution DNS server
License: MIT License
具体一点来讲,10次解析可能有8次解析到国外的节点。。
原因应该是这部分域名未分流至国内的上游DNS解析,所以导致了此情况。
(也有可能是上游的DNS故障?)
Hi,
And good job on NeatDNS!
I was just wondering if you had a public running DNSCrypt instance (that forwards to servers in mainland China for chinese domains, and servers outside mainland China for non-chinese domains)?
If you do, maybe you can add it to https://github.com/DNSCrypt/dnscrypt-resolvers ?
$ dig @202.141.162.123 ftp.gnu.org
; <<>> DiG 9.12.0 <<>> @202.141.162.123 ftp.gnu.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1405
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.gnu.org. IN A
;; Query time: 3023 msec
;; SERVER: 202.141.162.123#53(202.141.162.123)
;; WHEN: Sun Feb 25 15:50:50 CST 2018
;; MSG SIZE rcvd: 40
$ dig @202.141.162.123 www.gnu.org
; <<>> DiG 9.12.0 <<>> @202.141.162.123 www.gnu.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33266
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gnu.org. IN A
;; Query time: 3006 msec
;; SERVER: 202.141.162.123#53(202.141.162.123)
;; WHEN: Sun Feb 25 15:50:56 CST 2018
;; MSG SIZE rcvd: 40
$ dig @202.141.162.123 forums.freebsd.org
; <<>> DiG 9.12.0 <<>> @202.141.162.123 forums.freebsd.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59057
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;forums.freebsd.org. IN A
;; Query time: 3006 msec
;; SERVER: 202.141.162.123#53(202.141.162.123)
;; WHEN: Sun Feb 25 15:52:37 CST 2018
;; MSG SIZE rcvd: 47
client: https://github.com/jedisct1/dnscrypt-proxy
DNS Stamp Generate by https://dnscrypt.info/stamps
dnscrypt:sdns://AQcAAAAAAAAAEzIwMi4xNDEuMTYyLjEyMzo0NDMgQ2UVh-egjHwXWdMAYhiJrlmZQspWLssAA-UhR6hQ4ZEbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
doh: sdns://AgcAAAAAAAAADzIwMi4xNDEuMTYyLjEyMwATbmVhdGRucy51c3RjbHVnLm9yZwgvcmVzb2x2ZQ
All timeout
以www.huawei.com
为例,CHINA_DNS1
返回它的CNAME,直至解析到A记录。A记录中的地址指向国内
但是named的默认行为只取其中直接相关的CNAME,再根据zone配置继续查询,最终的效果是解析出的地址为国外地址,并且解析响应时较长
在neatdns的应用场景下,应该允许直接返回CHINA_DNS1的结果吧,像dnsmasq那样?
20:44:43.502289 IP 172.17.0.1.56625 > 172.17.0.7.53: 59570+ [1au] A? www.huawei.com. (43)
20:44:43.504004 IP 172.17.0.7.42238 > x.x.x.x.53: 18241+ A? www.huawei.com. (32)
20:44:43.506888 IP x.x.x.x.53 > 172.17.0.7.42238: 18241 4/0/0 CNAME www.huawei.com.akadns.net., CNAME www.huawei.com.lxdns.com., A 60.222.221.125, A 111.206.186.250 (138)
20:44:43.508651 IP 172.17.0.7.55259 > 8.8.4.4.53: 52641+% [1au] A? www.huawei.com.akadns.net. (66)
20:44:43.653994 IP 8.8.4.4.53 > 172.17.0.7.55259: 52641 3/0/1 CNAME ion-sslv6.huawei.com.edgekey.net., CNAME e10173.dsca.akamaiedge.net., A 184.51.184.239 (150)
20:44:43.655605 IP 172.17.0.7.34264 > 8.8.4.4.53: 51105+% [1au] A? ion-sslv6.huawei.com.edgekey.net. (73)
20:44:43.719259 IP 8.8.4.4.53 > 172.17.0.7.34264: 51105 2/0/1 CNAME e10173.dsca.akamaiedge.net., A 184.51.184.239 (114)
20:44:43.721277 IP 172.17.0.7.48331 > 8.8.4.4.53: 13692+% [1au] A? e10173.dsca.akamaiedge.net. (67)
20:44:43.787276 IP 8.8.4.4.53 > 172.17.0.7.48331: 13692 1/0/1 A 184.51.184.239 (71)
20:44:43.788431 IP 172.17.0.7.53 > 172.17.0.1.56625: 59570 4/0/1 CNAME www.huawei.com.akadns.net., CNAME ion-sslv6.huawei.com.edgekey.net., CNAME e10173.dsca.akamaiedge.net., A 184.51.184.239 (184)
When I run the 'pre-run' command manually in the container, it worked like below.
bash-4.4# dnscrypt-wrapper --show-provider-publickey-fingerprint --provider-publickey-file public.key > fingerprint
error: unknown option `--show-provider-publickey-fingerprint`
安卓9只支持DOT。。
在树莓派3上面不能正常编译,上面时候能够适配arm平台?
Sending build context to Docker daemon 45.06kB
Step 1/4 : FROM smartentry/alpine:3.6-0.4.0
---> fd6124af5993
Step 2/4 : MAINTAINER Yifan Gao [email protected]
---> Using cache
---> 46a3ad3d5611
Step 3/4 : ADD .docker $ASSETS_DIR
---> Using cache
---> f655863d765f
Step 4/4 : RUN smartentry.sh build
---> Running in 3ea06503dc34
standard_init_linux.go:190: exec user process caused "exec format error"
The command '/bin/sh -c smartentry.sh build' returned a non-zero code:
国内服务器解析到国内的DNS,国外的解析到国外
默认情况下,services.googleapis.cn
是解析到国内的IP,并且如果EDNS为国内IP段的话,Google DNS也是解析到国内的IP,这就带来了一个问题,因为在某些国内Android手机中的Play Store的相关功能会请求该域名,如果解析至国内的IP,则会出现404错误,所以我建议对此域名作特殊处理。
比如国内外的上游dns服务器,现在我看配置文件里国内用的合肥的,国外用的google的,想换就得从新构建
顺便,看里面有dnscrypt的相关配置,问下dnscrypt的证书哪里设置的
水平渣,看不懂
λ nslookup www.dropbox.com 202.141.162.123
服务器: lug.ustc.edu.cn
Address: 202.141.162.123
非权威应答:
名称: www.dropbox.com
Address: 64.13.192.76
λ nslookup -vc www.dropbox.com 202.141.162.123
服务器: lug.ustc.edu.cn
Address: 202.141.162.123
非权威应答:
名称: www.dropbox-dns.com
Addresses: 2620💯6032:1::a27d:5201
67.228.102.32
Aliases: www.dropbox.com
多次NSLOOKUP,发现时常会被污染!
比起chinadns项目,性能如何?有哪些新的特性??
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.