下一代互联网国家工程中心的官方 doh/dot 公布

2020-11-21 22:52:10 +08:00
 liuzhuorui88
doh: https://dns.cfiec.net/dns-query
dot:dns.cfiec.net
但是我试了一下,貌似需要纯 ipv6 环境,或者手动设置本地 IP,不然解析不出来。需要的大佬可以试一试,还蛮好用的。
官方网址: https://www.chinaipv6.com.cn/dot-doh/
9961 次点击
所在节点    DNS
23 条回复
jim9606
2020-11-21 23:21:45 +08:00
证书用的是 Let's Encrypt,槽点略多
301
2020-11-21 23:24:39 +08:00
我刚试了,有 IPv4 地址,解析出来是这个 111.7.186.177 ,谁测测有没有污染
learningman
2020-11-21 23:27:48 +08:00
dns query not allowed because of ACL
Greatshu
2020-11-21 23:38:16 +08:00
indev
2020-11-21 23:50:25 +08:00
无法解析?
lxilu
2020-11-22 00:03:34 +08:00
这是啥中心,够格国字吗?
v2tudnew
2020-11-22 00:13:34 +08:00
pmispig
2020-11-22 00:19:01 +08:00
看上去像私企搞的,不是工信部直属的
Henryzhao
2020-11-22 00:28:27 +08:00
有污染,解析谷歌返回了 199.59.149.136 2001::9a5c:1061,分别是推特 IP 和非法 IPv6 。

```
$ curl -v --doh-url 'https://dns.cfiec.net/dns-query' www.google.com
* Added dns.cfiec.net:443:240e:e9:900b::6 to DNS cache
* Found bundle for host dns.cfiec.net: 0x7fffed0e5680 [serially]
* Server doesn't support multiplex (yet)
* Trying 240e:e9:900b::6:443...
* TCP_NODELAY set
* Hostname 'dns.cfiec.net' was found in DNS cache
* Trying 240e:e9:900b::6:443...
* TCP_NODELAY set
* Connected to dns.cfiec.net (240e:e9:900b::6) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* Connected to dns.cfiec.net (240e:e9:900b::6) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=dns.cfiec.net
* start date: Oct 26 01:01:40 2020 GMT
* expire date: Jan 24 01:01:40 2021 GMT
* subjectAltName: host "dns.cfiec.net" matched cert's "dns.cfiec.net"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fffed105700)
> POST /dns-query HTTP/2
Host: dns.cfiec.net
accept: */*
content-type: application/dns-message
content-length: 32

* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* We are completely uploaded and fine
< HTTP/2 200
< server: h2o/dnsdist
< date: Sat, 21 Nov 2020 16:25:17 GMT
< content-type: application/dns-message
< content-length: 48
<
* Connection #0 to host dns.cfiec.net left intact
* a DOH request is completed, 1 to go
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=dns.cfiec.net
* start date: Oct 26 01:01:40 2020 GMT
* expire date: Jan 24 01:01:40 2021 GMT
* subjectAltName: host "dns.cfiec.net" matched cert's "dns.cfiec.net"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fffed10aea0)
> POST /dns-query HTTP/2
Host: dns.cfiec.net
accept: */*
content-type: application/dns-message
content-length: 32

* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* We are completely uploaded and fine
< HTTP/2 200
< server: h2o/dnsdist
< date: Sat, 21 Nov 2020 16:25:18 GMT
< content-type: application/dns-message
< content-length: 60
<
* Connection #1 to host dns.cfiec.net left intact
* a DOH request is completed, 0 to go
* DOH Host name: www.google.com
* TTL: 101 seconds
* DOH A: 199.59.149.136
* DOH AAAA: 2001:0000:0000:0000:0000:0000:9a5c:1061
* Trying 199.59.149.136:80...
* TCP_NODELAY set
* Connected to www.google.com (199.59.149.136) port 80 (#0)
> GET / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/7.68.0
> Accept: */*
>
```
jinliming2
2020-11-22 00:37:03 +08:00
DoH 手动测试几个常见被那啥的域名解析结果:
google.com. 300 IN A 172.217.27.142
www.google.com. 153 IN A 31.13.64.49
www.google.com. 88 IN AAAA 2001::1f0d:5520
facebook.com. 68 IN A 173.252.88.133
facebook.com. 77 IN AAAA 2001::45ab:e025
www.facebook.com. 138 IN A 199.59.149.244
www.facebook.com. 104 IN AAAA 2001::1f0d:440e
fb.com. 300 IN A 157.240.28.35
fb.com. 298 IN AAAA 2a03:2880:f141:82:face:b00c:0:25de
twitter.com. 162 IN A 31.13.69.129
twitter.com. 244 IN AAAA 2001::6ca0:aa2e
www.twitter.com. 158 IN A 69.171.248.128
www.twitter.com. 85 IN AAAA 2001::45ab:e614
reddit.com. 115 IN A 128.242.240.20
reddit.com. 106 IN AAAA 2001::40e9:bdc7
www.reddit.com. 66 IN A 108.160.167.147
www.reddit.com. 72 IN AAAA 2001::42dc:9e01
wikipedia.org. 178 IN A 202.160.128.205
wikipedia.org. 76 IN AAAA 2001::4a75:b24f
en.wikipedia.org. 90 IN A 67.15.100.252
en.wikipedia.org. 143 IN AAAA 2001::453f:b50c
zh.wikipedia.org. 182 IN A 67.230.169.182
zh.wikipedia.org. 174 IN AAAA 2001::48e9:4882
www.v2ray.com. 131 IN A 202.160.128.14
www.v2ray.com. 174 IN AAAA 2001::42ab:ea50

所有请求都只返回一条记录,DoT 的返回结果略有不同,应该是多条记录随机返回一条的。
在测试过程中发现他们的这个服务可能还不太稳定,一些域名他们可能还没有缓存,在前几次请求的时候会返回 502 Bad Gateway,过几秒再请求就好了。
leido
2020-11-22 00:43:10 +08:00
国内备选方案
谷歌 DoT(安卓测试可无视墙) dns.google
腾讯 DoT dns.pub
阿里 DoT dns.alidns.com
jinliming2
2020-11-22 00:45:57 +08:00
上面的结果可以看出,几乎所有都是被污染的
autogen
2020-11-22 00:46:49 +08:00
下一代互联网不是 ipv9 吗? [狗头]
lpts007
2020-11-22 01:17:39 +08:00
技术原理我了解,但是国内搞这玩意有什么作用呢?
Whalko
2020-11-22 01:22:29 +08:00
还是老老实实阿里吧
ncepuzs
2020-11-22 01:33:21 +08:00
SSL 证书经费没批下来吗?
12101111
2020-11-22 01:40:40 +08:00
下一代互联网国家工程中心( CFIEC,全称“下一代互联网关键技术和评测国家地方联合工程研究中心”)是天地互连公司承建,由北京市发改委于 2012 年认定的北京市工程研究中心,并于 2015 年由国家发改委批复升级为国家地方联合工程研究中心。工程中心作为领先的第三方 IPv6 基础设施服务商,以 IPv6 下一代互联网、DNS 根服务器、SDN 软件定义网络、NFV 网络功能虚拟化以及区块链、人工智能网络等先进网络技术为研究重心,参与全球网络技术标准化和市场化工作,建设运营关键信息基础设施,开展网络安全、性能、一致性等第三方测试认证业务,推动全球网络互联互通。

领导介绍
刘东
下一代互联网国家工程中心主任
北京天地互连信息技术有限公司董事长


@pmispig 所以就是个私企了
parametrix
2020-11-22 02:22:47 +08:00
@jim9606 有被笑到,谢谢 😂
wql
2020-11-22 07:58:18 +08:00
@pmispig 下一代中心现在就是私企……
micean
2020-11-22 09:38:21 +08:00
这公司名称起的跟有家客栈一样……

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/727932

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX