V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
Loyalsoldier
V2EX  ›  问与答

检测 DNS leak 的原理是什么?

  •  
  •   Loyalsoldier · 2019-01-20 00:04:53 +08:00 · 4657 次点击
    这是一个创建于 2129 天前的主题,其中的信息可能已经有所发展或是发生改变。

    https://www.astrill.com/zh/dns-leak-test

    https://www.dnsleaktest.com

    我本地用了 Pcap_DNSProxy 客户端,开了中国大陆白名单代理。检测结果如下:有 Google、OpenDNS 和 Cloudflare 这三个是正常的,其他就不太清楚怎么测出来的……

    有人知道检测原理?

    检测结果一

    检测结果二

    5 条回复    2024-02-18 14:06:05 +08:00
    xfspace
        1
    xfspace  
       2019-01-20 02:04:44 +08:00 via Android
    $("#imgpark").append('<img src="https://'+sessions[tested]+'.dnsleak.astrill.net" height="0" width="0"/>');


    # dig xx.dnsleak.astrill.net +trace

    ; <<>> DiG 9.11.5-P1-1-Debian <<>> xx.dnsleak.astrill.net +trace
    ;; global options: +cmd
    . 448916 IN NS l.root-servers.net.
    . 448916 IN NS k.root-servers.net.
    . 448916 IN NS g.root-servers.net.
    . 448916 IN NS i.root-servers.net.
    . 448916 IN NS e.root-servers.net.
    . 448916 IN NS c.root-servers.net.
    . 448916 IN NS j.root-servers.net.
    . 448916 IN NS m.root-servers.net.
    . 448916 IN NS h.root-servers.net.
    . 448916 IN NS f.root-servers.net.
    . 448916 IN NS b.root-servers.net.
    . 448916 IN NS a.root-servers.net.
    . 448916 IN NS d.root-servers.net.
    . 490594 IN RRSIG NS 8 0 518400 20190201050000 20190119040000 16749 . kCuIr4upZWr9JPrQFFinhA2op2fUxhWjg1OVSHpGOeCa6ZOb3OQVcnoQ boGkE4YJiGxdr+/IzsBpnFnlzqvRYGOClLxeWpnlSIWG9IhX4tHfDY9F iEGirceGaxV6j58zxcly80fkBR6OH2C8OlCatm6STAUbl5RnRtB3hfSd Topb5/lqRszlCts279K+3mvpQhWKM1qi0GXhEeKwSFxKn2HcSvPy67zK rLW+qCrLZ7ccWyT/d1d28B0LFqXWxY9xl9sfycy4uXnYsksa1yNq21kW 7PQeD5O2V3FIryDcg3nCctR4h5zHK1DDgKrWeM/AWzlWO5OKpPbZjeCa UnJJ4w==
    ;; Received 1097 bytes from 210.2.4.8#53(210.2.4.8) in 33 ms

    net. 172800 IN NS f.gtld-servers.net.
    net. 172800 IN NS d.gtld-servers.net.
    net. 172800 IN NS c.gtld-servers.net.
    net. 172800 IN NS e.gtld-servers.net.
    net. 172800 IN NS b.gtld-servers.net.
    net. 172800 IN NS m.gtld-servers.net.
    net. 172800 IN NS h.gtld-servers.net.
    net. 172800 IN NS l.gtld-servers.net.
    net. 172800 IN NS i.gtld-servers.net.
    net. 172800 IN NS k.gtld-servers.net.
    net. 172800 IN NS a.gtld-servers.net.
    net. 172800 IN NS j.gtld-servers.net.
    net. 172800 IN NS g.gtld-servers.net.
    net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
    net. 86400 IN RRSIG DS 8 1 86400 20190201050000 20190119040000 16749 . FO0vnVngIMXkUVvsaYrx26Br/YyeydERikybxzaukVX70tXYG/zOD4hv iRn2K+yT7QhzTjIi//u+AYeMoMXYjSR7WruylVKpoR4pIOfBjDby2EEs 9UB59xhzBgr5jG9oMIWx2yh0Thct9pe4G7zEFWLnMpA/RdUBG+4Tpm2h dGz4vNIxDw4QGviRwt37DbFtsoa8jo8ex8Wk82KSVEEHy1AYaEGA0dTn qijOjxPqKzBoyRWPoh2rSdsgVOhdzrZ+l4QYmMfbGfBcmaoKg87ro2Jq AGToBgdU4N408KQZ/es7pClB5lxGeXuWDD+UaMux8BxmG4b6uQrtZVTa xTy9JA==
    ;; Received 1208 bytes from 199.9.14.201#53(b.root-servers.net) in 237 ms

    astrill.net. 172800 IN NS ns01.astrill.net.
    astrill.net. 172800 IN NS ns02.astrill.net.
    astrill.net. 172800 IN NS ns03.astrill.net.
    A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
    A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20190123063539 20190116052539 51638 net. eBBi58orqud9eZ32+dugUrAFdyw3FBw5/jZ4MUh90NJzRvSOKn+3Dt4d U2PQnLSmcZUq+xzc6r4hK3xO3nSSc4S6LSt+5zsb/g1a/KoBXNMC2yhO 41QA3BScy5NtOeZEPWpZIoP/wF8xlPFTrZV0dsUkaxveadUkZ9FlqHAm K7Y=
    3ND9M5511C86ELU6BQ79AEP1NMGBPVKB.net. 86400 IN NSEC3 1 1 0 - 3NDLS0BB02C91RMJ5M1I3TGCF8DFBTDT NS DS RRSIG
    3ND9M5511C86ELU6BQ79AEP1NMGBPVKB.net. 86400 IN RRSIG NSEC3 8 2 86400 20190123063058 20190116052058 51638 net. pkvApX6Ok+rqMpuo6YItBuo3qsNFUC6QPm304qpkD/2APWPI/X/H1LA4 bLaaHrAQABmdHwuIR+mTuCWL8nAH12QgCQc9UaRa+EBlpR7K7lc/o51T y8gxkoAIHoAdo3yxUgjLk4EaST4m8Dw6uynvn9V70AjGn5bP3UFfNUxQ Tmk=
    ;; Received 642 bytes from 192.55.83.30#53(m.gtld-servers.net) in 297 ms
    ;; expected opt record in response
    astrill.net. 60 IN SOA ns01.astrill.net. admin.astrill.net. 2019011918 3600 600 1209600 60
    ;; Received 121 bytes from 104.156.49.107#53(ns02.astrill.net) in 321 ms


    NS 记录 client IP

    问问题何必加粗
    ZRS
        2
    ZRS  
       2019-01-20 02:39:21 +08:00 via iPhone
    大概的思路就是生成大量域名,喂给不同地区的 DNS 服务器,你去测试的时候对比解析结果吧
    gamexg
        3
    gamexg  
       2019-01-20 11:04:43 +08:00   ❤️ 3
    dns 泄露检测原理应该是自建 dns 服务器,然后将 自己的域名 NS 记录设置为自己的 dns 服务器。

    检测时的操作是,js 等方式访问 http://随机编号.自己域名.com 。isp 等 dns 服务器会去访问 检测网站自建的 dns 服务器,dns 服务器根据随机编号就能够对应到具体客户。
    catalina
        4
    catalina  
       2019-01-20 14:01:09 +08:00
    看 dnsleaktest 下面的说明啊:

    The servers identified above receive a request to resolve a domain name (e.g. www.eff.org) to an IP address everytime you enter a website address in your browser.

    The owners of the servers above have the ability to associate your personal IP address with the names of all the sites you connect to and store this data indefinitely. This does not mean that they do log or store it indefinitely but they may and you need to trust whatever their policy says.

    If you are connected to a VPN service and ANY of the servers listed above are not provided by the VPN service then you have a DNS leak and are choosing to trust the owners of the above servers with your private data.
    shuiguomayi
        5
    shuiguomayi  
       273 天前
    @gamexg ,今天正好遇到这个问题,有幸看到了正确的解答,感谢。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   924 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 18ms · UTC 20:45 · PVG 04:45 · LAX 12:45 · JFK 15:45
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.