Closed Kation closed 8 months ago
Thanks for the post. You need to explain the request in more details so that I can understand it better.
- If a domain is in a list then use specially forwarders to request dns configured by
Zone
.
Which list is this? What are special forwarders?
- If a domain resolved ip in a ipaddress list, go a second dns request using
1
.
Which IP address list is this? Which is the second DNS server?
- If a domain resolved ip not in a configured location ('CN' etc), go a second dns request using
1
.
How is the DNS server going to determine if an IP address belongs to CN especially when IP 2 location databases are expensive and they are not 100% accurate? Not all websites resolve to IP in CN so how does this work out?
Which list is this? What are special forwarders?
Zone
with Type Conditional Forwarder Zone
. But domain and Forwarder only support one record. Maybe it can set multiple
domain and forwarders to one Zone that I was missing?
Which IP address list is this? Which is the second DNS server?
A new configurable global IP address list. Using upper Zone
forwarder to request dns or a configurable forwarders and its proxy.
How is the DNS server going to determine if an IP address belongs to CN especially when IP 2 location databases are expensive and they are not 100% accurate? Not all websites resolve to IP in CN so how does this work out?
It doesn't matter that IP geo database are not 100% accurate. It's acceptable to request dns twice.
For example.
A
DNS server locate in CN, and it is default forwarder.
B
DNS server locate out of CN and it blocked, can not access without proxy. Configure a proxy to B
.
C
is a domain list which domain need to using B to resolve.
D
is a IP address list contains contaminating ip result.
Resolve www.baidu.com
, it is not include in C
. Using A
to resolve and get result 14.119.104.254
.
It's belong to CN
, return it directly to client.
Resolve www.github.com
, it is not include in C
. Using A
to resolve and get result 192.30.255.113
.
It's not belong to CN
, using B
to resolve again.
Resolve www.youtube.com
, it is not include in C
. Using A
to resolve and get result 192.18.25.132
.
It's contains in D
, using B
to resolve again.
Resolve www.google.com
, it is include in C
. Using B
to resolve it.
Thanks for the details. This feature request is very specific use-case for your scenario and not a generalized feature. This would require writing a completely independent DNS server to make it work which is not feasible for the current project. There is also cost of buying IP location database which is not addressed.
Maybe we can do these through App
?
These is some free IP location database and it can subscribe to.
If it was a general feature which everyone can use then it would have made sense to implement it. But, its highly specific requirement for your own scenario which wont be useful for anyone else. Its also not a simple implementation and will take a lot of time which is why its not feasible.
@ShreyasZare I write a app but have some questions.
How can I get ip address from IDnsServer.DirectQueryAsync(request)
?
@ShreyasZare I write a app but have some questions.
How can I get ip address from
IDnsServer.DirectQueryAsync(request)
?
The function returns DnsDatagram object which will have the IP address in the Answer property if it was received.
Also, you are using ECS in code which is not how its going to work. You need to read RFC 7871 to understand ECS before you attempt to use it.
@ShreyasZare Thanks, I have done this app. Going to testing for few days.
@ShreyasZare How do I know a response answer is handled by a Zone
in IDnsPostProcessor
?
@ShreyasZare How do I know a response answer is handled by a
Zone
inIDnsPostProcessor
?
Check for the AuthoritativeAnswer property of the response. Its set to true when answer is from a local zone. However, if answer is CNAME and the CNAME was expanded then it will be false.
So, there is no reliable way to know that.
Zone
.1
.1
.These features are helpful to resolve dns contaminating problem.