DNS
导言
遇到的DNS相关的问题
HTTP代理DNS解析¶
- 对于 HTTP/HTTPS 类型的代理服务器而言,请求的域名会作为 HTTP 协议的一部分直接发往代理服务器,不会在本地进行任何解析操作。也就是说,域名的解析与连接目标服务器,是代理服务器的职责。浏览器本身甚至无须知道最终服务器的 IP 地址。据我所知,此行为无法通过浏览器选项等更改。1
- 也就是说,理论上使用 HTTP/HTTPS 类型的代理服务器时,本地的 DNS 解析、缓存、 hosts 文件等都不使用,与本地设置的 DNS 服务器地址无关。DNS 解析完全在代理服务器上进行。
- socks代理不是,DNS解析和连接目标服务器(IP地址,而非域名)是两个环节,所以有使用远程代理做DNS解析(并作结果)的选项。
DNS on Windows(useless)¶
修改 windows 目录C:\Windows\System32\drivers\etc\下的hosts文件
问题:dial tcp: lookup xxx read: connection refused¶
[root@localhost ~]# docker pull ubuntu:18.04
Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:37221->[::1]:53: read: connection refused
> docker pull quay.io/pypa/manylinux2014_aarch64@sha256:220844dc110ddb26e451572a08212659146f89ed91b076494a85e2947816aae8
Error response from daemon: Get https://quay.io/v2/: dial tcp: lookup quay.io on [::1]:53: read udp [::1]:54946->[::1]:53: read: connection refused
内网机器网络封闭,并且DNS解析混乱
无法ping通阿里云的DNS服务器223.5.5.5, ip route显示的网关也不提供DNS。
简单方案:修改Host¶
怎么保证你修改的IP是正确的
dns-over-https (DoH)¶
DoH 是一种通过 HTTPS 协议发送 DNS 请求的方法,适合通过 HTTP 代理来转发 DNS 请求。
# Install
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
测试时nslookup -port=5053 baidu.com 127.0.0.1如下报错:
> cloudflare proxy-dns --address 127.0.0.1 --port 5053 --upstream https://1.12.12.12/dns-query
2024-08-20T16:04:27Z INF Adding DNS upstream url=https://1.12.12.12/dns-query
2024-08-20T16:04:27Z INF Starting DNS over HTTPS proxy server address=dns://127.0.0.1:5053
2024-08-20T16:04:27Z INF Starting metrics server on 127.0.0.1:37445/metrics
2024-08-20T16:04:35Z ERR failed to connect to an HTTPS backend "https://1.12.12.12/dns-query" error="failed to perform an HTTPS request: Post \"https://1.12.12.12/dns-query\": context deadline exceeded"
# cloudflared确实感知到了proxy的环境变量
> set_http_proxy
> cloudflare proxy-dns --address 127.0.0.1 --port 5053 --upstream https://1.12.12.12/dns-query
2024-08-20T15:48:38Z INF Adding DNS upstream url=https://1.12.12.12/dns-query
2024-08-20T15:48:38Z INF Starting DNS over HTTPS proxy server address=dns://127.0.0.1:5053
2024-08-20T15:48:38Z INF Starting metrics server on 127.0.0.1:41793/metrics
2024-08-20T15:48:40Z ERR failed to connect to an HTTPS backend "https://1.12.12.12/dns-query" error="failed to perform an HTTPS request: Post \"https://1.12.12.12/dns-query\": tls: failed to verify certificate: x509: certificate signed by unknown authority"
问题:网页无法打开¶
查看DNS地址¶
在DNS索引网站查看域名的中国服务器IP地址
实际ping速度,修改win10的hosts文件在C:\WINDOWS\system32\drivers\etc
ipconfig /all
Ethernet adapter 以太网:
Connection-specific DNS Suffix . : ustc.edu.cn
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 00-2B-67-7D-A7-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:da8:d800:336:c9a6:8e7f:7035:cd(Preferred)
Link-local IPv6 Address . . . . . : fe80::c9a6:8e7f:7035:cd%5(Preferred)
IPv4 Address. . . . . . . . . . . : 202.38.78.133(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2022年9月3日 15:03:56
Lease Expires . . . . . . . . . . : 2022年9月11日 19:58:06
Default Gateway . . . . . . . . . : fe80::e683:26ff:fea3:e107%5
202.38.78.254
DHCP Server . . . . . . . . . . . : 202.38.64.7
DHCPv6 IAID . . . . . . . . . . . : 100674407
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-96-E5-7D-00-2B-67-7D-A7-93
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
浏览器F12¶
Unchecked runtime.lastError: The message port closed before a response was received.
Failed to load resource: net::ERR_PROXY_CONNECTION_FAILED
Failed to load resource: net::ERR_CONNECTION_CLOSED
Failed to load resource: net::ERR_CONNECTION_RESET
解决办法¶
网络重置
问题 github.com无法访问¶
ping失败,原因是某些github关闭了。
//Windows
D:\PowerShell> nslookup github.com 223.5.5.5
Server: public1.alidns.com
Address: 223.5.5.5
Non-authoritative answer:
Name: github.com
Address: 20.205.243.166
最不济修改host文件,https://ipaddress.com/website/github.com
\\Ubuntu
# shaojiemike @ node5 in ~ [19:30:39]
$ cat /run/systemd/resolve/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 202.38.64.1
# shaojiemike @ node5 in ~ [19:30:12]
$ cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
# shaojiemike @ node5 in ~ [19:30:16]
$ nmcli device show eno0
GENERAL.DEVICE: eno0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: AC:1F:6B:8A:E4:BA
GENERAL.MTU: 1500
GENERAL.STATE: 10 (unmanaged)
GENERAL.CONNECTION: --
GENERAL.CON-PATH: --
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 202.38.73.217/24
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 202.38.73.254, mt = 0, table=1
IP4.ROUTE[2]: dst = 202.38.73.0/24, nh = 0.0.0.0, mt = 0
IP6.ADDRESS[1]: 2001:da8:d800:730::217/64
IP6.ADDRESS[2]: fe80::ae1f:6bff:fe8a:e4ba/64
IP6.GATEWAY: 2001:da8:d800:730::1
IP6.ROUTE[1]: dst = 2001:da8:d800:112::23/128, nh = 2001:da8:d800:730::1, mt = 1024
IP6.ROUTE[2]: dst = 2001:da8:d800:730::/64, nh = ::, mt = 256
IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[4]: dst = ::/0, nh = 2001:da8:d800:730::1, mt = 1024
# shaojiemike @ node5 in ~ [19:41:53]
$ dig www.baidu.com
; <<>> DiG 9.16.1-Ubuntu <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47773
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 604 IN CNAME www.a.shifen.com.
www.a.shifen.com. 159 IN A 14.215.177.39
www.a.shifen.com. 159 IN A 14.215.177.38
;; Query time: 91 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 10 19:43:01 CST 2022
;; MSG SIZE rcvd: 101