GithubHelp home page GithubHelp logo

Comments (16)

zfl9 avatar zfl9 commented on June 16, 2024 1

自己处理一下自动更新脚本的逻辑就行了。每次更新后,追加edu.cn到chnlist.txt里面,最简单的方式。

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

描述不清晰,逻辑前后矛盾。请重新组织语言。你上游既然都只能返回A记录,chinadns-ng难道还能凭空给变一个AAAA响应出来?这说的都是啥跟啥。

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

没写清楚。。上游可信dns只能返回A,禁止AAAA。。。国内dns正常返回A和AAAA

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

按照公平模式来的话,实测最终只返回了211.69.16.31这个结果。

测试过程呢。我需要更多细节。另外,A查询和AAAA查询是独立的,所以A响应和AAAA响应也是独立的,它们之间的判断关系根本搞不到一块去。请把你的测试过程以及详细日志输出发来。

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

测试过程呢。我需要更多细节。另外,A查询和AAAA查询是独立的,所以A响应和AAAA响应也是独立的,它们之间的判断关系根本搞不到一块去。请把你的测试过程以及详细日志输出发来。

chinadns-ng设置,始终不变

-v -f -n -b 0.0.0.0 -c 127.0.0.1#18051 -t 127.0.0.1#18052 --chnlist-first -m /opt/app/chinadns_ng/chnlist.txt -g /opt/app/chinadns_ng/gfwlist.txt

上游是smartdns,设置如下,

bind 0.0.0.0:18051 -group china //国内dns分组
bind 0.0.0.0:18052 -group office -force-aaaa-soa //可信dns分组,禁止AAAA记录返回
server 223.5.5.5 -group china //阿里
server 2400:3200::1 -group china //阿里
server 180.76.76.76 -group china //百度
server 2400:da00::6666 -group china //百度
server-https https://dns.google/dns-query -group office //可信dns为google,走只有ipv4的ss
prefetch-domain yes //预读取打开
speed-check-mode tcp:443,tcp:80 //测速打开,先测tcp的443,再80
dualstack-ip-selection no //关闭双栈优选,默认是关闭的,这里我单独写了no

浏览器访问iptv.pdsu.edu.cn,打不开页面,软件日志如下

Mar 25 16:37:49 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#52568
Mar 25 16:37:49 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#34216
Mar 25 16:37:49 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 25 16:37:49 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#22612
Mar 25 16:37:49 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: ignore
Mar 25 16:37:49 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:49 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: accept
Mar 25 16:37:50 【chinadns_ng】:  ^[[1;32m2020-03-25 16:37:50 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: ignore

nslookup结果如下

PS C:\WINDOWS\system32> nslookup iptv.pdsu.edu.cn
服务器:  Newifi3_D2.lan
Address:  2408:8207:2467:38a0:2276:93ff:fe56:4213

非权威应答:
名称:    iptv.pdsu.edu.cn
Address:  211.69.16.31

nslookup查询时软件日志如下

Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#21636
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: accept
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#61285
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18052, result: accept
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: ignore
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#27679
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 25 16:41:33 【chinadns_ng】:  ^[[1;32m2020-03-25 16:41:33 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18052, result: ignore

chinadns-ng设置不变,上游smartdns设置允许可信dns返回AAAA,其余不变,设置如下

bind 0.0.0.0:18051 -group china
bind 0.0.0.0:18052 -group office //可以返回AAAA了
server 223.5.5.5 -group china
server 2400:3200::1 -group china
server 180.76.76.76 -group china
server 2400:da00::6666 -group china
server-https https://dns.google/dns-query -group office
prefetch-domain yes
speed-check-mode tcp:443,tcp:80
dualstack-ip-selection NO

此时再浏览器访问iptv.pdsu.edu.cn可以正常打开,软件日志如下

Mar 25 16:48:36 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#62628
Mar 25 16:48:36 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#47253
Mar 25 16:48:36 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:48:36 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:36 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: accept
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#18252
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: ignore
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 127.0.0.1#47253
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: filter
Mar 25 16:48:37 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:37 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept

nslookup结果如下

PS C:\WINDOWS\system32> nslookup iptv.pdsu.edu.cn
服务器:  Newifi3_D2.lan
Address:  2408:8207:2467:38a0:2276:93ff:fe56:4213

非权威应答:
名称:    iptv.pdsu.edu.cn
Addresses:  2001:250:4814:1::200
          211.69.16.31

nslookup时,软件日志如下

Mar 25 16:48:51 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#29109
Mar 25 16:48:51 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: accept
Mar 25 16:48:51 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn.lan] from 127.0.0.1#64378
Mar 25 16:48:51 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:51 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18051, result: accept
Mar 25 16:48:53 【chinadns_ng】:  ^[[1;32m2020-03-25 16:48:53 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn.lan] from 127.0.0.1#18052, result: ignore

因为ss只有ipv4,如果可信dns返回a和aaaa,那纽约时报一类的被xx的双栈的网站都打不开,只能把可信dns禁止返回aaaa,禁了,那些网站就能打开了

但是禁止可信dns返回AAAA的话,比如这个iptv.pdsu.edu.cn,就会有如上的问题

这个iptv.pdsu.edu.cn,ipv4的地址是不在ipset列表里的,ipv6的在。

(另外,这个iptv.pdsu.edu.cn我估计是不是ipv4的禁止校外公众访问,然后只能ipv6的可以公开校外访问?反正只返回a的时候,网站打不开)

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

bind 0.0.0.0:18052 -group office -force-aaaa-soa //可信dns分组,禁止AAAA记录返回

我简单看了下smartdns的文档,还是没明白,这究竟是禁止aaaa查询还是禁止aaaa返回。我认为文档并没有清晰的告诉我。

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

你这个测试虽然很详细,但是很遗憾,对这个问题的解决没有帮助。我给你提供一个思路。测试过程大概如下。你有时间就按照流程测试一下,把相关过程和日志带上来。

  1. 首先我还是要告诉你,A查询和AAAA查询是两个完全独立的dns query,请务必记住这点。
  2. 然后我建议你使用 dig 来测试,我看你都是在Windows下面测试的,dig也有win32版本的。
  3. 在路由器上运行 chinadns-ng 以及 smartdns,参数以及配置就用你现在的,记得带-v选项。
  4. 让他们都监听0.0.0.0这个地址(我看你贴出来的配置已经是这样的了),便于你在win上测试。
  5. 然后下载安装win32版本的dig(google一搜就有,纯绿色),准备好后,请按照如下流程测试:
  • 执行 dig @192.168.1.1 -p18051 iptv.pdsu.edu.cn A,向smartdns的china-group查询该域名的A记录,把dig以及smartdns的输出贴出来。
  • 执行 dig @192.168.1.1 -p18051 iptv.pdsu.edu.cn AAAA,向smartdns的china-group查询该域名的AAAA记录,把dig以及smartdns的输出贴出来。
  • 执行 dig @192.168.1.1 -p18052 iptv.pdsu.edu.cn A,向smartdns的office-group查询该域名的A记录,把dig以及smartdns的输出贴出来。
  • 执行 dig @192.168.1.1 -p18052 iptv.pdsu.edu.cn AAAA,向smartdns的office-group查询该域名的AAAA记录,把dig以及smartdns的输出贴出来。
  • 执行 dig @192.168.1.1 -p65353 iptv.pdsu.edu.cn A,向chinadns-ng查询该域名的A记录,把dig以及chinadns-ng的输出贴出来。
  • 执行 dig @192.168.1.1 -p65353 iptv.pdsu.edu.cn AAAA,向chinadns-ng查询该域名的AAAA记录,把dig以及chinadns-ng的输出贴出来。
  • 最后提示一下,因为你说这个域名既不在gfwlist.txt也不在chnlist.txt,所以它的分流判断单纯就是靠chnroute和chnroute6这两个ipset集合来判定的。如有必要,请在路由器上,执行ipset指令测试smartdns返回的相关ipv4/ipv6地址是否在对应的chnroute/chnroue6集合中。

指令是:ipset test chnroute IPv4地址ipset test chnroute6 IPv6地址

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

bind 0.0.0.0:18052 -group office -force-aaaa-soa //可信dns分组,禁止AAAA记录返回

我简单看了下smartdns的文档,还是没明白,这究竟是禁止aaaa查询还是禁止aaaa返回。我认为文档并没有清晰的告诉我。

pymumu/smartdns@5f9167c
pymumu/smartdns@f68e4ed

关于是禁止查询还是返回,希望这两个commit能提供帮助

然后那个测试,我有环境了就去弄

那个ipv4的地址不在chnroute,ipv6的地址在chnroue6

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

这…我这个列表…前几天看的时候是反的,不过反正以现在为准……

[Newifi3_D2 /opt/home/admin]# ipset test chnroute 211.69.16.31
211.69.16.31 is in set chnroute.
[Newifi3_D2 /opt/home/admin]# ipset test chnroute6 2001:250:4814:1::200
2001:250:4814:1::200 is NOT in set chnroute6.
[Newifi3_D2 /opt/home/admin]#

设置禁止AAAA

bind 0.0.0.0:18052 -group office -force-aaaa-soa

dig @192.168.123.1 -p18051 iptv.pdsu.edu.cn A

; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18051 iptv.pdsu.edu.cn A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12491
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;iptv.pdsu.edu.cn.              IN      A

;; ANSWER SECTION:
iptv.pdsu.edu.cn.       1       IN      A       211.69.16.31

;; Query time: 61 msec
;; SERVER: 192.168.123.1#18051(192.168.123.1)
;; WHEN: Sun Mar 29 16:30:13 **标准时间 2020
;; MSG SIZE  rcvd: 66

[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,773][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:1 IP: 211.69.16.31
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1649] recv udp packet from 2408:8000:1010:2::8, len: 50, ttl: 56
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,773][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:323 IP: 211.69.16.31
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1649] recv udp packet from 2408:8000:1010:1::8, len: 50, ttl: 56
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,773][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:323 IP: 211.69.16.31
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1649] recv udp packet from 101.6.6.6, len: 45, ttl: 51
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 45, id = 19, tc = 0, rd = 1, ra = 0, rcode = 5, payloadsize = 4096
[2020-03-29 16:30:12,773][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,774][DEBUG][     dns_server.c:1430] inquery failed, iptv.pdsu.edu.cn, rcode = 5, id = 19
[2020-03-29 16:30:12,775][DEBUG][     dns_client.c:1649] recv udp packet from 2400:da00::6666, len: 130, ttl: 47
[2020-03-29 16:30:12,775][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 2, nrcount = 2, len = 130, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:30:12,775][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,775][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:178 IP: 211.69.16.31
[2020-03-29 16:30:12,775][DEBUG][     dns_server.c:1466] NS: pdsu.edu.cn ttl:178 cname: dns2.pdsu.edu.cn
[2020-03-29 16:30:12,775][DEBUG][     dns_server.c:1466] NS: pdsu.edu.cn ttl:178 cname: dns.pdsu.edu.cn
[2020-03-29 16:30:12,775][DEBUG][     dns_server.c:1287] domain: dns.pdsu.edu.cn TTL:156074 IP: 211.69.16.8
[2020-03-29 16:30:12,775][DEBUG][     dns_server.c:1287] domain: dns2.pdsu.edu.cn TTL:156074 IP: 211.69.16.18
[2020-03-29 16:30:12,777][DEBUG][     dns_client.c:1649] recv udp packet from 119.29.29.29, len: 61, ttl: 237
[2020-03-29 16:30:12,777][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 2048
[2020-03-29 16:30:12,777][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,777][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:1416 IP: 211.69.16.31
[2020-03-29 16:30:12,783][DEBUG][     dns_client.c:1649] recv udp packet from 180.76.76.76, len: 61, ttl: 46
[2020-03-29 16:30:12,783][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:30:12,784][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,784][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:188 IP: 211.69.16.31
[2020-03-29 16:30:12,815][DEBUG][     dns_client.c:1649] recv udp packet from 2400:3200::1, len: 50, ttl: 116
[2020-03-29 16:30:12,815][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,815][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,815][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:126 IP: 211.69.16.31
[2020-03-29 16:30:12,825][DEBUG][     dns_client.c:1649] recv udp packet from 2001:da8::666, len: 61, ttl: 46
[2020-03-29 16:30:12,825][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:30:12,825][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,825][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:169 IP: 211.69.16.31
[2020-03-29 16:30:12,829][DEBUG][     dns_client.c:1649] recv udp packet from 223.5.5.5, len: 50, ttl: 119
[2020-03-29 16:30:12,829][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 50, id = 19, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:30:12,829][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:30:12,829][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:1800 IP: 211.69.16.31
[2020-03-29 16:30:12,829][ INFO][     dns_server.c:699 ] result: iptv.pdsu.edu.cn, rcode: 0,  211.69.16.31

dig @192.168.123.1 -p18051 iptv.pdsu.edu.cn AAAA

; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18051 iptv.pdsu.edu.cn AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;iptv.pdsu.edu.cn.              IN      AAAA

;; ANSWER SECTION:
iptv.pdsu.edu.cn.       1       IN      AAAA    2001:250:4814:1::200

;; Query time: 78 msec
;; SERVER: 192.168.123.1#18051(192.168.123.1)
;; WHEN: Sun Mar 29 16:32:13 **标准时间 2020
;; MSG SIZE  rcvd: 78

[2020-03-29 16:32:12,580][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28  qclass: 1
[2020-03-29 16:32:12,580][DEBUG][     dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,583][DEBUG][     dns_client.c:1649] recv udp packet from 119.29.29.29, len: 73, ttl: 237
[2020-03-29 16:32:12,583][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 73, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 2048
[2020-03-29 16:32:12,583][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28  qclass: 1
[2020-03-29 16:32:12,583][DEBUG][     dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1358 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,607][DEBUG][     dns_client.c:1649] recv udp packet from 180.76.76.76, len: 73, ttl: 46
[2020-03-29 16:32:12,607][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 73, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:32:12,607][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28  qclass: 1
[2020-03-29 16:32:12,607][DEBUG][     dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 3620 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,631][DEBUG][     dns_client.c:1649] recv udp packet from 2001:da8::666, len: 73, ttl: 46
[2020-03-29 16:32:12,631][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 73, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2020-03-29 16:32:12,632][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28  qclass: 1
[2020-03-29 16:32:12,632][DEBUG][     dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1358 IP: 2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,638][DEBUG][     dns_server.c:1060] from [2001:0250:4814:0001:0000:0000:0000:0200]:80: seq=1 time=585
[2020-03-29 16:32:12,638][ INFO][     dns_server.c:735 ] result: iptv.pdsu.edu.cn, rcode: 0,  2001:0250:4814:0001:0000:0000:0000:0200
[2020-03-29 16:32:12,638][DEBUG][      fast_ping.c:386 ] ping end, id 27
[2020-03-29 16:32:12,673][DEBUG][     dns_client.c:1649] recv udp packet from 2400:3200::1, len: 62, ttl: 116
[2020-03-29 16:32:12,673][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 62, id = 23, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 0
[2020-03-29 16:32:12,673][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 28  qclass: 1
[2020-03-29 16:32:12,674][DEBUG][     dns_server.c:1358] domain: iptv.pdsu.edu.cn TTL: 1800 IP: 2001:0250:4814:0001:0000:0000:0000:0200

dig @192.168.123.1 -p18052 iptv.pdsu.edu.cn A

; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18052 iptv.pdsu.edu.cn A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24504
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;iptv.pdsu.edu.cn.              IN      A

;; ANSWER SECTION:
iptv.pdsu.edu.cn.       3328    IN      A       211.69.16.31

;; Query time: 171 msec
;; SERVER: 192.168.123.1#18052(192.168.123.1)
;; WHEN: Sun Mar 29 16:34:43 **标准时间 2020
;; MSG SIZE  rcvd: 66

[2020-03-29 16:34:42,036][ INFO][     dns_server.c:2305] query server iptv.pdsu.edu.cn from 192.168.123.233, qtype = 1
[2020-03-29 16:34:42,036][DEBUG][     dns_client.c:402 ] send query to group office
[2020-03-29 16:34:42,037][ INFO][     dns_client.c:2616] send request iptv.pdsu.edu.cn, qtype 1, id 33
[2020-03-29 16:34:42,193][DEBUG][     dns_client.c:1857] recv tcp packet from 8.8.8.8, len = 615
[2020-03-29 16:34:42,194][DEBUG][     dns_client.c:1325] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 61, id = 33, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 512
[2020-03-29 16:34:42,194][DEBUG][     dns_client.c:1331] domain: iptv.pdsu.edu.cn qtype: 1  qclass: 1
[2020-03-29 16:34:42,194][DEBUG][     dns_server.c:1287] domain: iptv.pdsu.edu.cn TTL:3328 IP: 211.69.16.31
[2020-03-29 16:34:42,194][DEBUG][     dns_server.c:1106] ping 211.69.16.31:80 with tcp
[2020-03-29 16:34:42,194][DEBUG][      fast_ping.c:1057] ping 211.69.16.31:80, id = 30
[2020-03-29 16:34:42,195][ INFO][     dns_server.c:699 ] result: iptv.pdsu.edu.cn, rcode: 0,  211.69.16.31

dig @192.168.123.1 -p18052 iptv.pdsu.edu.cn AAAA

; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p18052 iptv.pdsu.edu.cn AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51769
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;iptv.pdsu.edu.cn.              IN      AAAA

;; AUTHORITY SECTION:
iptv.pdsu.edu.cn.       0       IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1800 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.123.1#18052(192.168.123.1)
;; WHEN: Sun Mar 29 16:36:37 **标准时间 2020
;; MSG SIZE  rcvd: 126

[2020-03-29 16:36:36,481][ INFO][     dns_server.c:2305] query server iptv.pdsu.edu.cn from 192.168.123.233, qtype = 28

dig @192.168.123.1 -p8053 iptv.pdsu.edu.cn A

; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p8053 iptv.pdsu.edu.cn A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29434
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;iptv.pdsu.edu.cn.              IN      A

;; ANSWER SECTION:
iptv.pdsu.edu.cn.       3091    IN      A       211.69.16.31

;; Query time: 166 msec
;; SERVER: 192.168.123.1#8053(192.168.123.1)
;; WHEN: Sun Mar 29 16:38:39 **标准时间 2020
;; MSG SIZE  rcvd: 66

Mar 29 16:38:38 【chinadns_ng】:  ^[[1;32m2020-03-29 16:38:38 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 192.168.123.233#50661
Mar 29 16:38:39 【chinadns_ng】:  ^[[1;32m2020-03-29 16:38:39 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 29 16:38:39 【chinadns_ng】:  ^[[1;32m2020-03-29 16:38:39 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: ignore

dig @192.168.123.1 -p8053 iptv.pdsu.edu.cn AAAA

; <<>> DiG 9.17.0 <<>> @192.168.123.1 -p8053 iptv.pdsu.edu.cn AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59559
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;iptv.pdsu.edu.cn.              IN      AAAA

;; AUTHORITY SECTION:
iptv.pdsu.edu.cn.       0       IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1800 1800 900 604800 86400

;; Query time: 15 msec
;; SERVER: 192.168.123.1#8053(192.168.123.1)
;; WHEN: Sun Mar 29 16:39:46 **标准时间 2020
;; MSG SIZE  rcvd: 126

Mar 29 16:39:45 【chinadns_ng】:  ^[[1;32m2020-03-29 16:39:45 INF:^[[0m [handle_local_packet] query [iptv.pdsu.edu.cn] from 192.168.123.233#50665
Mar 29 16:39:45 【chinadns_ng】:  ^[[1;32m2020-03-29 16:39:45 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18052, result: accept
Mar 29 16:39:45 【chinadns_ng】:  ^[[1;32m2020-03-29 16:39:45 INF:^[[0m [handle_remote_packet] reply [iptv.pdsu.edu.cn] from 127.0.0.1#18051, result: ignore

就这情况的话,能优化优化逻辑吗,或者是chnroute和chnroute6反过来也是类似的事儿

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

我寻思着,也没啥毛病,你的国内上游对应smartdns的china组,可信上游对应smartdns的office组。

  • 查询A记录:可信DNS和国内DNS返回的ip都是一样的,它们都在chnroute中,接受哪个都一样。
  • 查询AAAA记录:可信DNS和国内DNS返回的answer是不一样的,国内DNS返回了一个正常ipv6地址,但是它不在chnroute6中,于是被filter,那只好接受可信DNS返回的soa假记录了。

补充一点,我看你最后向chinadns-ng查询AAAA记录的时候,是trust-dns先返回china-dns后返回,默认情况下(未指定-n选项,但指定了-f选项),此时会等待china-dns返回后再做决定(因为trust-dns返回的answer里面没有任何ip地址,chinadns-ng默认会假设它是"国外ip",而又因为指定了-f选项,所以会等待china-dns返回后再判断,这个readme也说过),然后假设china-dns返回的这个v6地址在chnroute6里面,那么此次AAAA查询会得到正确的结果,但实际上他并不在chnroute6里面,所以这种情况下它还是会接收trust-dns的soa记录,这其实与指定了-n选项是一样的(我看你给出的参数中是带-n选项的,带这个选项产生的影响是:chinadns-ng认为trust-dns返回的这个soa记录是一个“国内ip”,所以就接收了trust-dns的解析结果,从而忽略后续的china-dns返回的结果)。

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

你不如直接将这个域名加入chnlist.txt列表,一点事都没有。或者加入chnroute6集合。都一样。

from chinadns-ng.

zfl9 avatar zfl9 commented on June 16, 2024

就这情况的话,能优化优化逻辑吗。

没法优化,因为程序本身就是只能靠chnroute/chnroute6/gfwlist/chnlist来判断。不知道你说的优化优化逻辑是啥意思,怎么优化。因为你这个域名不在gfwlist/chnlist里面,所以只能靠chnroute/chnroute6来判断,而又因为你这个v6地址不在chnroute6中,所以就是这个结果了。还不理解的话就仔细想想。

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

理解,我看https://github.com/zfl9/chinadns-ng#工作原理 具体逻辑部分,发帖时候就猜差不多了,但是可能表达不清楚吧…才把log都弄上来

然后主要就是因为这个,现在我chnroute和chnroute6是每天自动跟上游更新的,我手工添进去的话,一更新就覆盖了…

所以还是希望有什么办法能解决……问问大佬有什么招儿没有

因为比如自动更新了chnroute和chnroute6之后,我加个命令写入ip到更新以后的文件,也自动执行,那也才更新了这个别的ip而已,以后遇到类似情况,还是麻烦

要么我就给apnic发邮件试试?卧槽,我这感觉也没戏啊……

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

我去反馈一下chnlist.txt吧,看看能不能假一个*.edu.cn

from chinadns-ng.

felixonmars avatar felixonmars commented on June 16, 2024

A:211.69.16.31,不在chnroute

不知为何这么认为,chnroute规则里有 211.68.0.0/15

from chinadns-ng.

qwerttvv avatar qwerttvv commented on June 16, 2024

A:211.69.16.31,不在chnroute

不知为何这么认为,chnroute规则里有 211.68.0.0/15

是,,,那天夜里,不是夜里,凌晨五点多晕晕乎乎的,

from chinadns-ng.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.