请教一个 pcap_dnsproxy edns 的问题

2019-09-12 22:34:23 +08:00
 q0000x
[Addresses]
IPv4 Listen Address =
IPv4 EDNS Client Subnet Address = 218.85.157.99/32
IPv4 Main DNS Address = 8.8.8.8:53
IPv4 Alternate DNS Address = 8.8.4.4:53
IPv4 Local Main DNS Address = 119.29.29.29:53
IPv4 Local Alternate DNS Address = 223.5.5.5:53
IPv6 Listen Address =
IPv6 EDNS Client Subnet Address =
IPv6 Main DNS Address = [2001:4860:4860::8844]:53
IPv6 Alternate DNS Address = [2606:4700:4700::1001]:53|[2620:FE::9]:53|[2620:0:CCD::2]:5353
IPv6 Local Main DNS Address = [240C::6644]:53
IPv6 Local Alternate DNS Address = [240C::6666]:53

[Switches]
Domain Case Conversion = 1
Compression Pointer Mutation = 0
EDNS Label = 1
EDNS Client Subnet Relay = 1

上面是配置
比如 A 主机的 IP 是 1.1.1.1,dig 后的结果是下面这样的
root@debian:~# dig @1.1.1.1 -p 443 www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 -p 443 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2954
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
; CLIENT-SUBNET: 1.1.1.1/32/24
;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 1055 IN CNAME www.a.shifen.com.
www.a.shifen.com. 155 IN CNAME www.wshifen.com.
www.wshifen.com. 155 IN A 104.193.88.123
www.wshifen.com. 155 IN A 104.193.88.77

然后在安装了 pcap_dnsproxy 的主机上 dig 127.0.0.1 结果如下
root@outline-dns:~# dig @127.0.0.1 -p 443 www.baidu.com

; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 -p 443 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27346
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
; CLIENT-SUBNET: 1.1.1.1/32/24
;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 1055 IN CNAME www.a.shifen.com.
www.a.shifen.com. 155 IN CNAME www.wshifen.com.
www.wshifen.com. 155 IN A 104.193.88.123
www.wshifen.com. 155 IN A 104.193.88.77

;; Query time: 0 msec
;; SERVER: 127.0.0.1#443(127.0.0.1)
;; WHEN: Thu Sep 12 22:19:27 CST 2019
;; MSG SIZE rcvd: 139

这说明配置文件中的 IPv4 EDNS Client Subnet Address = 218.85.157.99/32 并未生效

如果第一次没有缓存的情况下用国内 IP 去解析得到的结果就是国内的,但是结果和直接 dig @223.5.5.5 www.baidu.com +subnet=218.85.157.99 出来的不一样,这是不是也说明了 IPv4 EDNS Client Subnet Address 没生效?

哪位大神在 GCP 上或者其它家有部署 pcap_dnsproxy 并且 IPv4 EDNS Client Subnet Address 生效的配置借我参考一下
谢谢啊
956 次点击
所在节点    DNS
1 条回复
HalloCQ
2019-09-17 17:48:27 +08:00
好像 pcap_dnsproxy 的子网掩码不能设为 32,默认好像只支持 24,32 有 bug

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/600531

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX