Comments (13)
# root @ rpi in ~ [9:52:11]
$ dig @127.0.0.1 -p53 mirrors.aliyuncs.com
; <<>> DiG 9.18.12 <<>> @127.0.0.1 -p53 mirrors.aliyuncs.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33936
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mirrors.aliyuncs.com. IN A
;; ANSWER SECTION:
mirrors.aliyuncs.com. 3541 IN CNAME mirrors.aliyuncs.com.gds.alibabadns.com.
mirrors.aliyuncs.com.gds.alibabadns.com. 3541 IN A 10.157.200.6
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Jun 05 09:52:28 CST 2023
;; MSG SIZE rcvd: 118
# root @ rpi in ~ [9:52:28]
$ dig @127.0.0.1 -p65353 mirrors.aliyuncs.com
; <<>> DiG 9.18.12 <<>> @127.0.0.1 -p65353 mirrors.aliyuncs.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13092
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mirrors.aliyuncs.com. IN A
;; ANSWER SECTION:
mirrors.aliyuncs.com. 1 IN CNAME mirrors.aliyuncs.com.gds.alibabadns.com.
mirrors.aliyuncs.com.gds.alibabadns.com. 1 IN A 10.157.200.6
;; Query time: 9 msec
;; SERVER: 127.0.0.1#65353(127.0.0.1) (UDP)
;; WHEN: Mon Jun 05 09:52:34 CST 2023
;; MSG SIZE rcvd: 115
没问题呀,53端口是dnsmasq(开了缓存,上游是chinadns-ng),65353是chinadns-ng,都测了正常。
from chinadns-ng.
麻烦给出 chinadns-ng 版本、启动参数、nslookup/dig 时的日志(chinadns-ng的日志,verbose)。
from chinadns-ng.
$ chinadns-ng -V
ChinaDNS-NG v1.0-beta.25 <https://github.com/zfl9/chinadns-ng>
$ dig @127.0.0.1 -p53 mirrors.aliyuncs.com
; <<>> DiG 9.18.1 <<>> @127.0.0.1 -p53 mirrors.aliyuncs.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54953
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 15 (Blocked)
;; QUESTION SECTION:
;mirrors.aliyuncs.com. IN A
;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Jun 05 11:40:11 CST 2023
;; MSG SIZE rcvd: 55
$ nslookup mirrors.aliyuncs.com
Server: 127.0.0.1
Address: 127.0.0.1:53
** server can't find mirrors.aliyuncs.com: REFUSED
Non-authoritative answer:
/usr/bin/chinadns-ng -b 0.0.0.0 -l 5353 -c 223.5.5.5 -t 127.0.0.1#5300 -g /etc/chinadns-ng/gfwlist.txt -m /etc/chinadns-ng/chinalist.txt -o 3 -p 4 -r -N
from chinadns-ng.
你 dig 测试是 53,但是 chinadns-ng 是 5353 ??
from chinadns-ng.
dig @127.0.0.1 -p5353 看看
from chinadns-ng.
另外,建议更新下 chinadns-ng 二进制(去 releases 页面下载,替换原有 binary 文件)
老版本的 no-ipv6 有点兼容性问题,主要是 rcode = REFUSED,新版改为 rcode = NO ERROR 了。
from chinadns-ng.
更新之后
# root @ OpenWrt in /tmp [12:16:01]
$ chinadns-ng -V
ChinaDNS-NG 2023.06.01 <https://github.com/zfl9/chinadns-ng>
# root @ OpenWrt in /tmp [12:16:04]
$ dig @127.0.0.1 -p5353
; <<>> DiG 9.18.1 <<>> @127.0.0.1 -p5353
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18555
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 261 IN NS a.root-servers.net.
. 261 IN NS b.root-servers.net.
. 261 IN NS c.root-servers.net.
. 261 IN NS d.root-servers.net.
. 261 IN NS e.root-servers.net.
. 261 IN NS f.root-servers.net.
. 261 IN NS g.root-servers.net.
. 261 IN NS h.root-servers.net.
. 261 IN NS i.root-servers.net.
. 261 IN NS j.root-servers.net.
. 261 IN NS k.root-servers.net.
. 261 IN NS l.root-servers.net.
. 261 IN NS m.root-servers.net.
;; Query time: 4 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1) (UDP)
;; WHEN: Mon Jun 05 12:16:14 CST 2023
;; MSG SIZE rcvd: 239
# root @ OpenWrt in /tmp [12:16:15]
$ nslookup mirrors.aliyuncs.com
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
Non-authoritative answer:
from chinadns-ng.
你 53 端口是什么进程,从结果看,dig 完全没问题,nslookup 我也不怎么熟悉。
from chinadns-ng.
# root @ OpenWrt in /tmp [12:16:47]
$ dig @127.0.0.1 -p5353 mirrors.aliyuncs.com
; <<>> DiG 9.18.1 <<>> @127.0.0.1 -p5353 mirrors.aliyuncs.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19914
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mirrors.aliyuncs.com. IN A
;; ANSWER SECTION:
mirrors.aliyuncs.com. 99 IN CNAME mirrors.aliyuncs.com.gds.alibabadns.com.
mirrors.aliyuncs.com.gds.alibabadns.com. 99 IN A 10.157.200.6
;; Query time: 8 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1) (UDP)
;; WHEN: Mon Jun 05 12:19:39 CST 2023
;; MSG SIZE rcvd: 115
from chinadns-ng.
# root @ OpenWrt in /tmp [12:16:47] $ dig @127.0.0.1 -p5353 mirrors.aliyuncs.com ; <<>> DiG 9.18.1 <<>> @127.0.0.1 -p5353 mirrors.aliyuncs.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19914 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;mirrors.aliyuncs.com. IN A ;; ANSWER SECTION: mirrors.aliyuncs.com. 99 IN CNAME mirrors.aliyuncs.com.gds.alibabadns.com. mirrors.aliyuncs.com.gds.alibabadns.com. 99 IN A 10.157.200.6 ;; Query time: 8 msec ;; SERVER: 127.0.0.1#5353(127.0.0.1) (UDP) ;; WHEN: Mon Jun 05 12:19:39 CST 2023 ;; MSG SIZE rcvd: 115
这不是完全正常吗。。
from chinadns-ng.
你 53 端口是什么进程,从结果看,dig 完全没问题,nslookup 我也不怎么熟悉。
# root @ OpenWrt in /tmp [12:45:25] C:127
$ netstat -tlunp|grep 53
udp 0 0 192.168.2.1:53 0.0.0.0:* 6214/dnsmasq
udp 0 0 fd00:ab:cd::1:53 :::* 6214/dnsmasq
from chinadns-ng.
现在感觉是dnsmasq的问题,但是不知道为啥解析不到记录
from chinadns-ng.
@zfl9
破案:
前面的老版本是因为你说的IPV6的问题导致的,
当然dnsmasq也有问题,查询dnsmasq日志得知:
Mon Jun 5 11:36:55 2023 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: mirrors.aliyuncs.com.gds.alibabadns.com
关闭dnsmasq重定向保护就行,网络->DHCP/DNS->一般设置->重绑定保护(丢弃RFC1918上行响应数据)
from chinadns-ng.
Related Issues (20)
- [增强] tcp pipeline 长连接支持 HOT 6
- [Feature Request]: 希望能手动指定监听协议 HOT 2
- 建议可在上游地址前加上 udp:// 来强制使用 UDP DNS HOT 8
- 请教该下哪个版本合适? HOT 3
- 添加 ip 到 ipset/nftset 时,支持指定元素级别的 timeout 参数
- 关于新版本的使用方法 HOT 20
- `--no-ipv6` 修改: 不过滤、过滤所有、按域名tag过滤、按ip测试结果过滤 HOT 5
- 新版本(2024.03.27)的 udp 似乎有问题 HOT 5
- [ipset.c:606 test_res_ipset] error when querying ip: (2) No such file or directory HOT 2
- [增强] 支持 `udp://` 上游 HOT 37
- tag 的说明和功能的例子是混淆了? HOT 2
- --add-tagchn-ip 选项可否设置黑名单 HOT 17
- 对于不支持tcp查询的上游,请带上`udp://`限定 HOT 12
- 是否个例:域名层级问题 HOT 3
- 使用 chinadns-ng 替代 dnsmasq 时,需要注意的事项 HOT 81
- 环境有问题,DNS解析存在“污染” HOT 60
- 24.4.13版本用不了 ,是改变什么吗 HOT 3
- 增加-Dwolfssl编译不过去 HOT 7
- wolfssl 在某些平台上无法正确校验 SSL 证书 HOT 10
- tag有可能支持geosite吗 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chinadns-ng.