search

URenko / Accesser

🌏一个解决SNI RST导致维基百科、Pixiv等站点无法访问的工具 | A tool for solving SNI RST
GNU General Public License v3.0
873 stars 77 forks source link

EDNS 的问题 #185

Closed moi-si closed 4 weeks ago

moi-si commented 1 month ago

移动,配置里的 DoH、DoQ 都超时了,DoT 没问题,AdGuard DoH(https://94.140.15.15/dns-query) 也超时,但浏览器自带的 DoH 用 AdGuard DoH 正常。

URenko commented 1 month ago

暂时缺乏测试环境(真不行本地开个 DNSCrypt)。

但浏览器自带的 DoH 用 AdGuard DoH 正常。

是用的同样的 IP 形式的 URL 吗,以及使用的是何种浏览器?(HTTP/3? 能抓包看一下就好了)

moi-si commented 1 month ago

是,Edge(已知 Chromium 内核浏览器都只支持 DoH),不会抓包,但补些日志吧。

dns.resolver.LifetimeTimeout: The resolution lifetime expired after 5.142 seconds: Server https://94.140.15.15/dns-query answered DNS over HTTPS (DOH) was requested but the httpx module is not available.; Server https://94.140.15.15/dns-query answered DNS over HTTPS (DOH) was requested but the httpx module is not available.; Server https://94.140.15.15/dns-query answered DNS over HTTPS (DOH) was requested but the httpx module is not available.; Server https://94.140.15.15/dns-query answered DNS over HTTPS (DOH) was requested but the httpx module is not available.; Server https://94.140.15.15/dns-query answered DNS over HTTPS (DOH) was requested but the httpx module is not available.; Server https://94.140.15.15/dns-query answered DNS over HTTPS (DOH) was requested but the httpx module is not available.

以下都是默认配置里的,也是这样,但在浏览器可用。

https://185.222.222.222/dns-query
https://45.11.45.11/dns-query
https://149.112.112.112/dns-query
https://149.112.112.10/dns-query

tls://dot.sb有域名的 DoT,IP 形式的都没问题(所以我现在全用这种 DoT 了):

dns.resolver.LifetimeTimeout: The resolution lifetime expired after 6.351 seconds: Server DoT:dot.sb@853 answered ; Server DoT:dot.sb@853 answered ; Server DoT:dot.sb@853 answered ; Server DoT:dot.sb@853 answered ; Server DoT:dot.sb@853 answered

唯一的 DoQ quic://dns.adguard-dns.com(改成 IP 形式也不行):

dns.resolver.LifetimeTimeout: The resolution lifetime expired after 5.176 seconds: Server DoQ:dns.adguard-dns.com@853 answered DNS-over-QUIC is not available.; Server DoQ:dns.adguard-dns.com@853 answered DNS-over-QUIC is not available.; Server DoQ:dns.adguard-dns.com@853 answered DNS-over-QUIC is not available.; Server DoQ:dns.adguard-dns.com@853 answered DNS-over-QUIC is not available.; Server DoQ:dns.adguard-dns.com@853 answered DNS-over-QUIC is not available.; Server DoQ:dns.adguard-dns.com@853 answered
URenko commented 1 month ago

从日志来看,怎么像是没安装 DoH, DoQ 所需的包。 安装时带[doh,doq]了吗,或者 Windows 自动构建的话,确认不是 windows-lite 吗?

它们(目前)所需的包分别是:

doh = ["httpcore>=1.0.0", "httpx>=0.26.0", "h2>=4.1.0"]
doq = ["aioquic>=1.0.0"]
moi-si commented 1 month ago

Windows 自动构建一键程序,非 lite 版。

URenko commented 1 month ago

应该是 dnspython 2.6.0 的更改

Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

URenko commented 1 month ago

可能是 pyinstaller 的 bug,有空再看看

moi-si commented 1 month ago

可能是 pyinstaller 的 bug,有空再看看

https://github.com/URenko/Accesser/blob/fba9ef930102035e911eca8619ce51834f29e980/.github/workflows/build.yml#L22

改成==2.5就没问题了,一切正常,但tls://dot.sb应该是 DNS 自己的问题。 日志:

dns.resolver.NoNameservers: All nameservers failed to answer the query avatars.githubusercontent.com. IN A: Server DoT:185.222.222.222@853 answered [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)