search

compassd / dcompass

A high-performance programmable DNS component aiming at robustness, speed, and flexibility
GNU General Public License v3.0
283 stars 23 forks source link

[FEAT] EDNS Client Subnet Support #72

Closed LEXUGE closed 3 years ago

LEXUGE commented 3 years ago

Currently dcompass has no action/matcher on ECS. To fully support ECS under different scenarios, following considerations are ought to be implemented:

  1. dcompass as the local stub resolver. In this case, all the incoming queries are from local host (i.e. 127.0.0.1 or its IPv6 equivalence). Simply using client IP will not help.
  2. dcompass as the local subnet resolver (e.g. on routers). Same as above, merely including query origin will not help.
  3. dcompass as the remote resolver (e.g. on a public server). Query IP should work perfectly.

Under the previous two scenarios, normally through some APIs, getting public IP of the subnet is demanded. However, that leads to two questions:

  1. What if the local network is dual-stack (i.e. has both IPv6 and IPv4 addresses). Which one should be preferred?
  2. Which public API to use? available options include icanhazip.com, ipinfo.io/ip, and more.
  3. What if the local networking condition changes (e.g. from Wi-Fi to 4G)? How often should dcompass refetch? How?
linusxiong commented 3 years ago

It's can give a choice to user, to allow them open or close this function, and give some option like auto(it's means that to get user address automatically, like from addition RRs area), and manual(to add some specific ip address), and to change the address mask to prevent their privacy, and i think use the api to get user is necessary, When the user is in the local environment, their did't need the dcompass to get their ip to support DNSECS, because the remote dns server can get it.

linusxiong commented 3 years ago

There is such a scene, Adguard Home also have the EDNS option, when user to deploy the Adguard Home to Intranet environment they can close it, and dns lookup data will throught by the available network to access remote dns, it will carry user ip address to make EDNS lookup, but when this application installed at remote server, it must to open DNSECS option to carry user ip forward to public dns service.

LEXUGE commented 3 years ago

I don’t see how DNSSEC relates to ENS Client Subnet here.

linusxiong commented 3 years ago

I don’t see how DNSSEC relates to ENS Client Subnet here.

EDNS Client Subnet (ECS) DNS ECS

linusxiong commented 3 years ago

ECS开启之后,缓存不会根据用户ip去缓存,而替换了全局缓存,例如我先在上海查询了www.zhihu.com返回IP A,但是我再其他地区查询www.zhihu.com,还会返回这个地址。

rampageX commented 3 years ago

ECS开启之后,缓存不会根据用户ip去缓存,而替换了全局缓存,例如我先在上海查询了www.zhihu.com返回IP A,但是我再其他地区查询www.zhihu.com,还会返回这个地址。

这个看程序怎么处理,做得好的不会这么傻,比如 unbound,mosdns,它会根据子网来缓存,Google public DNS 是 /24

linusxiong commented 3 years ago

ECS开启之后,缓存不会根据用户ip去缓存,而替换了全局缓存,例如我先在上海查询了www.zhihu.com返回IP A,但是我再其他地区查询www.zhihu.com,还会返回这个地址。

这个看程序怎么处理,做得好的不会这么傻,比如 unbound,mosdns,它会根据子网来缓存,Google public DNS 是 /24

我现在反馈的就是dcompass的呀,但是貌似不是缓存问题,即使关闭了缓存还是这样

LEXUGE commented 3 years ago

应该就是缓存的问题,缓存只区分了first question 和tag

LEXUGE commented 3 years ago

https://github.com/compassd/dcompass/releases/tag/build-20210923_1018

linusxiong commented 3 years ago

https://github.com/compassd/dcompass/releases/tag/build-20210923_1018

还是昨天那种配置文件格式吗,还是- ecs: Auto("http://ip.sb")

LEXUGE commented 3 years ago

auto

linusxiong commented 3 years ago

auto

貌似不行,- ecs: auto("http://ip.sb")

LEXUGE commented 3 years ago

不是这样的

ecs:
    auto: “url”
linusxiong commented 3 years ago 
2021-09-23 01:39:58,456 INFO [dcompass] dcompass ready!
2021-09-23 01:40:14,131 INFO [droute::router::table::rule] domain "www.zhihu.com" matches at rule `start`
2021-09-23 01:40:14,131 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:40:14,131 DEBUG [reqwest::connect] starting new connection: https://ifconfig.me/
2021-09-23 01:40:14,193 DEBUG [rustls::client::hs] No cached session for DNSNameRef("ifconfig.me")
2021-09-23 01:40:14,193 DEBUG [rustls::client::hs] Not resuming any session
2021-09-23 01:40:14,223 DEBUG [rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
2021-09-23 01:40:14,223 DEBUG [rustls::client::tls13] Not resuming
2021-09-23 01:40:14,223 DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [Protocols([PayloadU8([104, 50])])]
2021-09-23 01:40:14,223 DEBUG [rustls::client::hs] ALPN protocol is Some(b"h2")
2021-09-23 01:40:14,253 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 01:40:14,253 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 01:40:14,451 DEBUG [reqwest::async_impl::client] response '200 OK' for https://ifconfig.me/
2021-09-23 01:40:14,452 INFO [droute::router::table::rule::actions::ecs] got external IP: 45.251.xx.xx
2021-09-23 01:40:14,452 INFO [droute::router::upstreams::upstream] querying with upstream: aliDNS
2021-09-23 01:40:14,452 INFO [droute::router::upstreams::upstream] querying with upstream: ali1DNS
2021-09-23 01:40:14,452 DEBUG [rustls::session] Sending warning alert CloseNotify
2021-09-23 01:40:14,596 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_option
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_option
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_option
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_option
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_option
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,596 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 DEBUG [maxminddb::decoder] deserialize_any
2021-09-23 01:40:14,597 INFO [droute::router::table::rule::matchers::geoip] IP `117.41.226.127` has ISO country code `CN`
2021-09-23 01:40:14,597 INFO [droute::router::table::rule] domain "www.zhihu.com" matches at rule `check_secure`
2021-09-23 01:40:14,597 INFO [droute::router::table] domain "www.zhihu.com" has finished routing
2021-09-23 01:40:14,597 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:54804 successfully.

1.在dcompass前置一个routedns来实现dot,doh,和doq,并且routedns向dcompass传递/32或者/24的子网ecs(两个都试过,效果一致),测试均可返回正确ecs地址,但是貌似缓存中储存的并不是ECS传送过来的地址,而是用户实际请求IP,所以处于我这个环境下,cache缓存了请求IP地址127.0.0.1。

2.由于routedns向dcompass传递了ECS信息,dcompass不应当再去请求api获取外部IP。

3.好像如果不配置ecs,dcompass会默认启用ecs,只是内网dns解析不会成功,因为未设置API,不知道是不是bug。

2021-09-23 01:42:57,398 INFO [droute::cache] ECS external IP cache hit for private IP 127.0.0.1

routedns ECS实现见 https://github.com/folbricht/routedns/blob/master/ecs-modifier.go

4.当处于内网环境请求时,会出现空解析现象,根据dig返回数据看,是没有携带subnet的原因,(配置了API)。

5.腾讯dnspod貌似不支持您这种方式实现的ECS

dcompass日志

2021-09-23 01:52:08,261 INFO [dcompass] dcompass ready!
2021-09-23 01:52:11,115 INFO [droute::router::table::rule] domain "www.zhihu.com" matches at rule `start`
2021-09-23 01:52:11,115 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:52:11,115 DEBUG [reqwest::connect] starting new connection: https://ifconfig.me/
2021-09-23 01:52:11,173 DEBUG [rustls::client::hs] No cached session for DNSNameRef("ifconfig.me")
2021-09-23 01:52:11,173 DEBUG [rustls::client::hs] Not resuming any session
2021-09-23 01:52:11,217 DEBUG [rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
2021-09-23 01:52:11,217 DEBUG [rustls::client::tls13] Not resuming
2021-09-23 01:52:11,217 DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [Protocols([PayloadU8([104, 50])])]
2021-09-23 01:52:11,217 DEBUG [rustls::client::hs] ALPN protocol is Some(b"h2")
2021-09-23 01:52:11,246 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 01:52:11,246 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 01:52:11,444 DEBUG [reqwest::async_impl::client] response '200 OK' for https://ifconfig.me/
2021-09-23 01:52:11,444 INFO [droute::router::table::rule::actions::ecs] got external IP: 45.251.107.70
2021-09-23 01:52:11,444 DEBUG [rustls::session] Sending warning alert CloseNotify
2021-09-23 01:52:11,444 INFO [droute::router::upstreams::upstream] querying with upstream: aliDNS
2021-09-23 01:52:11,444 INFO [droute::router::upstreams::upstream] querying with upstream: ali1DNS
2021-09-23 01:52:11,588 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:52:11,588 INFO [droute::router::table::rule] Domain "www.zhihu.com" doesn't match at rule `check_secure`
2021-09-23 01:52:11,588 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:52:11,588 DEBUG [reqwest::connect] starting new connection: https://ifconfig.me/
2021-09-23 01:52:11,645 DEBUG [rustls::client::hs] No cached session for DNSNameRef("ifconfig.me")
2021-09-23 01:52:11,646 DEBUG [rustls::client::hs] Not resuming any session
2021-09-23 01:52:11,688 DEBUG [rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
2021-09-23 01:52:11,688 DEBUG [rustls::client::tls13] Not resuming
2021-09-23 01:52:11,688 DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [Protocols([PayloadU8([104, 50])])]
2021-09-23 01:52:11,688 DEBUG [rustls::client::hs] ALPN protocol is Some(b"h2")
2021-09-23 01:52:11,717 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 01:52:11,717 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 01:52:11,916 DEBUG [reqwest::async_impl::client] response '200 OK' for https://ifconfig.me/
2021-09-23 01:52:11,916 INFO [droute::router::table::rule::actions::ecs] got external IP: 45.251.xxx.xx
2021-09-23 01:52:11,916 INFO [droute::router::upstreams::upstream] querying with upstream: oneDNS
2021-09-23 01:52:11,916 INFO [droute::router::upstreams::upstream] querying with upstream: googleDNS
2021-09-23 01:52:11,916 DEBUG [rustls::session] Sending warning alert CloseNotify
2021-09-23 01:52:11,970 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:52:11,970 INFO [droute::router::table] domain "www.zhihu.com" has finished routing
2021-09-23 01:52:11,970 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:59919 successfully.
2021-09-23 01:52:16,378 INFO [droute::router::table::rule] domain "www.zhihu.com" matches at rule `start`
2021-09-23 01:52:16,378 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:52:16,378 INFO [droute::cache] ECS external IP cache hit for private IP 127.0.0.1
2021-09-23 01:52:16,378 INFO [droute::router::upstreams::upstream] querying with upstream: aliDNS
2021-09-23 01:52:16,378 INFO [droute::router::upstreams::upstream] querying with upstream: ali1DNS
2021-09-23 01:52:16,521 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:52:16,521 INFO [droute::router::table::rule] Domain "www.zhihu.com" doesn't match at rule `check_secure`
2021-09-23 01:52:16,521 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:52:16,521 INFO [droute::cache] ECS external IP cache hit for private IP 127.0.0.1
2021-09-23 01:52:16,521 INFO [droute::router::upstreams::upstream] querying with upstream: oneDNS
2021-09-23 01:52:16,521 INFO [droute::router::upstreams::upstream] querying with upstream: googleDNS
2021-09-23 01:52:16,550 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:52:16,550 INFO [droute::router::table] domain "www.zhihu.com" has finished routing
2021-09-23 01:52:16,550 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:59919 successfully.
2021-09-23 01:52:19,382 INFO [droute::router::table::rule] domain "www.zhihu.com" matches at rule `start`
2021-09-23 01:52:19,382 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:52:19,382 INFO [droute::cache] ECS external IP cache hit for private IP 127.0.0.1
2021-09-23 01:52:19,382 INFO [droute::router::upstreams::upstream] querying with upstream: aliDNS
2021-09-23 01:52:19,382 INFO [droute::router::upstreams::upstream] querying with upstream: ali1DNS
2021-09-23 01:52:19,526 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:52:19,526 INFO [droute::router::table::rule] Domain "www.zhihu.com" doesn't match at rule `check_secure`
2021-09-23 01:52:19,526 DEBUG [droute::router::table::rule::actions::ecs] trying to obtain external IP address for local query IP
2021-09-23 01:52:19,526 INFO [droute::cache] ECS external IP cache hit for private IP 127.0.0.1
2021-09-23 01:52:19,526 INFO [droute::router::upstreams::upstream] querying with upstream: oneDNS
2021-09-23 01:52:19,526 INFO [droute::router::upstreams::upstream] querying with upstream: googleDNS
2021-09-23 01:52:19,555 INFO [droute::cache] response errored, not caching erroneous upstream response.
2021-09-23 01:52:19,555 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 01:52:19,555 INFO [droute::router::table] domain "www.zhihu.com" has finished routing
2021-09-23 01:52:19,555 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:59919 successfully.

dig日志

root@debian:~# dig www.zhihu.com @127.0.0.1 -p60170

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.zhihu.com @127.0.0.1 -p60170
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 59043
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.zhihu.com.                 IN      A

;; Query time: 174 msec
;; SERVER: 127.0.0.1#60170(127.0.0.1)
;; WHEN: Thu Sep 23 01:54:49 EDT 2021
;; MSG SIZE  rcvd: 42
LEXUGE commented 3 years ago
  1. DNS response cache 和用户的请求 IP 无关。如果是 ECS external IP 的 cache, 缓存和用户请求 IP 无关,只要是 private IP 都会 hit。我不明白你的 expected behavior 是什么。
  2. 传递了 ECS 信息就不需要配置 ECS 插件了。ecs 插件会在 additional section append 一个 OPT pseudo record。
  3. 不开启 ecs 插件不会插入 ecs 信息,也不会请求 API 
    Using the config file specified: ../config.yaml
2021-09-23 14:46:57,363 INFO [dcompass] dcompass ready!
2021-09-23 14:46:59,994 INFO [droute::router::table::rule] rule `start` starts with domain "www.baidu.com"
2021-09-23 14:46:59,994 INFO [droute::router::upstreams::upstream] querying with upstream: secure
2021-09-23 14:46:59,995 DEBUG [reqwest::connect] starting new connection: https://dns.google/
2021-09-23 14:46:59,996 DEBUG [rustls::client::hs] No cached session for DNSNameRef("dns.google")
2021-09-23 14:46:59,996 DEBUG [rustls::client::hs] Not resuming any session
2021-09-23 14:47:00,266 DEBUG [rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
2021-09-23 14:47:00,268 DEBUG [rustls::client::tls13] Not resuming
2021-09-23 14:47:00,268 DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [Protocols([PayloadU8([104, 50])])]
2021-09-23 14:47:00,269 DEBUG [rustls::client::hs] ALPN protocol is Some(b"h2")
2021-09-23 14:47:00,521 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 14:47:00,522 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 14:47:00,529 DEBUG [reqwest::async_impl::client] response '200 OK' for https://dns.google/dns-query
2021-09-23 14:47:00,529 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 14:47:00,530 INFO [droute::router::table::rule] rule `start` ends with domain "www.baidu.com"
2021-09-23 14:47:00,530 INFO [droute::router::table] domain "www.baidu.com" has finished routing
2021-09-23 14:47:00,530 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:37513 successfully.
  4. 根据 dig 的结果显示有 FORMERROR, 但是没有提供 dcompass 的配置,没有办法复现。
  5. ECS 根据 RFC 只有一种 specification
linusxiong commented 3 years ago
  1. DNS response cache 和用户的请求 IP 无关。如果是 ECS external IP 的 cache, 缓存和用户请求 IP 无关,只要是 private IP 都会 hit。我不明白你的 expected behavior 是什么。
  2. 传递了 ECS 信息就不需要配置 ECS 插件了。ecs 插件会在 additional section append 一个 OPT pseudo record。
  3. 不开启 ecs 插件不会插入 ecs 信息,也不会请求 API
Using the config file specified: ../config.yaml
2021-09-23 14:46:57,363 INFO [dcompass] dcompass ready!
2021-09-23 14:46:59,994 INFO [droute::router::table::rule] rule `start` starts with domain "www.baidu.com"
2021-09-23 14:46:59,994 INFO [droute::router::upstreams::upstream] querying with upstream: secure
2021-09-23 14:46:59,995 DEBUG [reqwest::connect] starting new connection: https://dns.google/
2021-09-23 14:46:59,996 DEBUG [rustls::client::hs] No cached session for DNSNameRef("dns.google")
2021-09-23 14:46:59,996 DEBUG [rustls::client::hs] Not resuming any session
2021-09-23 14:47:00,266 DEBUG [rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
2021-09-23 14:47:00,268 DEBUG [rustls::client::tls13] Not resuming
2021-09-23 14:47:00,268 DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [Protocols([PayloadU8([104, 50])])]
2021-09-23 14:47:00,269 DEBUG [rustls::client::hs] ALPN protocol is Some(b"h2")
2021-09-23 14:47:00,521 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 14:47:00,522 DEBUG [rustls::client::tls13] Ticket saved
2021-09-23 14:47:00,529 DEBUG [reqwest::async_impl::client] response '200 OK' for https://dns.google/dns-query
2021-09-23 14:47:00,529 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-09-23 14:47:00,530 INFO [droute::router::table::rule] rule `start` ends with domain "www.baidu.com"
2021-09-23 14:47:00,530 INFO [droute::router::table] domain "www.baidu.com" has finished routing
2021-09-23 14:47:00,530 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:37513 successfully.
  1. 根据 dig 的结果显示有 FORMERROR, 但是没有提供 dcompass 的配置,没有办法复现。
  2. ECS 根据 RFC 只有一种 specification

经过测试,dnspod当dcompass未配置ecs插件但是传递ecs信息查询时正常,但是配置了ecs插件之后,查询就失败了

LEXUGE commented 3 years ago

https://github.com/compassd/dcompass/releases/tag/build-20210923_1936

之前的复写规则没有完全遵守 RFC 规范

linusxiong commented 3 years ago

https://github.com/compassd/dcompass/releases/tag/build-20210923_1936

之前的复写规则没有完全遵守 RFC 规范

这个是在前置routedns的情况下发生的。 貌似不配置ecs插件的时候,传递ecs信息查询是正常的,但是配置了ecs插件的时候,再查询就忽略掉了用户传递的ecs信息,去使用got external IP查询了

如果不前置,直接使用的话,程序能get到,并且可以添加,但是实际返回的查询数据并没有ecs appending global IP xxxx to the ECS info

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11030
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.zhihu.com.         IN  A

;; ANSWER SECTION:
www.zhihu.com.      387 IN  CNAME   www.zhihu.com.dsa.dnsv1.com.
www.zhihu.com.dsa.dnsv1.com. 387 IN CNAME   bxjbqj09.e0.sched.ovscdns.com.
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.137.87
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.136.159
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.137.55
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.137.26
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.137.27
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.136.176
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.137.241
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.137.219
bxjbqj09.e0.sched.ovscdns.com. 60 IN    A   203.205.136.87

;; Query time: 32 msec
LEXUGE commented 3 years ago

首先 ECS option 应该是不能重复的,所以默认覆盖 其次,你并不可以按照返回的 OPT section 来判断有没有生效,你可以这么来判断 dig edns-client-sub.net TXT

LEXUGE commented 3 years ago

Closing now as no further problems were reported. Feel free to reopen or file a new issue if needed.