search

Acris / shadowsocks-asuswrt-merlin

Shadowsock for Asuswrt-Merlin New Gen
MIT License
247 stars 43 forks source link

dnsmasq hijacked? #19

Closed stevenshea closed 5 years ago

stevenshea commented 5 years ago

Router: Netgear R7000 Firmware: Xwrt-Vortex 384.13.0

Frequently appeared in router's log:

Aug 26 17:03:15 dnsmasq[5076]: read /etc/hosts - 5 addresses
Aug 26 17:03:15 dnsmasq[5076]: read /etc/hosts.dnsmasq - 3 addresses
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 127.0.1.1#53
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzzmall.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzzhong.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzzaaaa.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzyx.xyz (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzyk.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzyit.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzyb.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzsxx.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzla.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzj.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzzhisou.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzz4.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyzphoto.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyzan.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyjsmba.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyjs.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyiquan.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyilou.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyftrade.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyedu.org (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzydb.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyb.org (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzyas.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzxw.net (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzxdc.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzx163.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzwyglxh.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzwro.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using nameserver 119.29.29.29#53 for domain zzwqqx.com (no DNSSEC)
Aug 26 17:03:15 dnsmasq[5076]: using 66241 more nameservers
Acris commented 5 years ago

All Chinese domain will be resolved by 119.29.29.29 which configured at ss-merlin.conf https://github.com/Acris/shadowsocks-asuswrt-merlin/blob/master/etc/ss-merlin.sample.conf#L20

Acris commented 5 years ago

Issue closed, feel free to re-open it if needed.