Error996
commented
2 years ago 因为目前outside dns的ip会被connection reset 而worker是cdn的ip
Open Error996 opened 2 years ago
Error996
commented
2 years ago 因为目前outside dns的ip会被connection reset 而worker是cdn的ip
LEXUGE
commented
2 years ago https模块应该可以自己指定IP吧,我看不出搭建worker和正常的HTTPS连接有什么区别,应该是可以连接的?
如果IP是CDN的,那么证书也应该是对CDN有效的才是。
Error996
commented
2 years ago 提示错误,主要是ip没法填。。。空着报错,填ping后的cdn ip吧还不行。。。
Error996
commented
2 years ago config:
---
verbosity: "debug"
address: 0.0.0.0:53
table:
start:
if: "qtype([AAAA])"
then:
# A list of actions is allowed here
- blackhole
# The next tag to go
- end
else:
- dispatch
dispatch:
- query: domestic
- check_secure
check_secure:
if: |
geoip(codes: ["CN"])
else:
- query: secure
- end
upstreams:
114DNS:
udp:
addr: 114.114.114.114:53
Ali:
udp:
addr: 223.6.6.6:53
domestic:
hybrid:
- 114DNS
- Ali
cloudflare:
https:
uri: https://dns1.****.workers.dev/dns-query-****-just-get-out //对应https://dns.google/dns-query
ratelimit: 3000
addr: 172.67.139.220 //cdn ip
quad9:
https:
uri: https://dns2.****.workers.dev/dns-query-****-just-get-out //对应https://cloudflare-dns.com/dns-query
ratelimit: 3000
addr: 104.21.65.24 //cdn ip
secure:
hybrid:
- cloudflare
- quad9debug日志:
Using the config file specified: 123.yaml
2022-04-04T02:58:32.160Z INFO [dcompass] dcompass ready!
2022-04-04T02:58:32.572Z INFO [droute::router::table::rule] Domain "onedscolprduks02.uksouth.cloudapp.azure.com" doesn't match at rule `start`
2022-04-04T02:58:32.572Z INFO [droute::router::table::rule] rule `dispatch` starts with domain "onedscolprduks02.uksouth.cloudapp.azure.com"
2022-04-04T02:58:32.572Z INFO [droute::router::upstreams::upstream] querying with upstream: 114DNS
2022-04-04T02:58:32.572Z DEBUG [droute::router::upstreams::upstream::qhandle] got connection from pool; recycled 0 times
2022-04-04T02:58:32.572Z INFO [droute::router::upstreams::upstream] querying with upstream: Ali
2022-04-04T02:58:32.572Z DEBUG [droute::router::upstreams::upstream::qhandle] got connection from pool; recycled 0 times
2022-04-04T02:58:32.594Z INFO [droute::router::upstreams::upstream] query successfully completed.
2022-04-04T02:58:32.595Z INFO [droute::router::table::rule] rule `dispatch` ends with domain "onedscolprduks02.uksouth.cloudapp.azure.com"
2022-04-04T02:58:32.595Z INFO [droute::router::table::rule] Domain "onedscolprduks02.uksouth.cloudapp.azure.com" doesn't match at rule `check_secure`
2022-04-04T02:58:32.595Z INFO [droute::router::upstreams::upstream] querying with upstream: cloudflare
2022-04-04T02:58:32.595Z DEBUG [droute::router::upstreams::upstream::qhandle] got connection from pool; recycled 0 times
2022-04-04T02:58:32.595Z DEBUG [reqwest::connect] starting new connection: https://dns1.****.workers.dev/
2022-04-04T02:58:32.595Z INFO [droute::router::upstreams::upstream] querying with upstream: quad9
2022-04-04T02:58:32.595Z DEBUG [droute::router::upstreams::upstream::qhandle] got connection from pool; recycled 0 times
2022-04-04T02:58:32.595Z DEBUG [reqwest::connect] starting new connection: https://dns2.****.workers.dev/
2022-04-04T02:58:32.890Z DEBUG [rustls::client::hs] No cached session for DnsName(DnsName(DnsName("dns1.****.workers.dev")))
2022-04-04T02:58:32.890Z DEBUG [rustls::client::hs] Not resuming any session
2022-04-04T02:58:32.898Z DEBUG [rustls::client::hs] No cached session for DnsName(DnsName(DnsName("dns2.****.workers.dev")))
2022-04-04T02:58:32.898Z DEBUG [rustls::client::hs] Not resuming any session
2022-04-04T02:58:33.200Z ERROR [rustls::conn] TLS alert received: AlertMessagePayload {
level: Fatal,
description: HandshakeFailure,
}应该是脚本中只接受application/dns-message类型,防止扫描器爬虫之类的
async function handleRequestPost(request, clientUrl) {
if (request.headers.get('content-type') != 'application/dns-message') {
return new Response('bad request header', { status: 400 });
}
const upstreamRequest = new Request(upstream, {
method: 'POST',
headers: {
'accept': 'application/dns-message',
'content-type': 'application/dns-message',
},
body: await request.arrayBuffer()
});
return await fetch(upstreamRequest);
}但是droute/src/router/upstreams/upstream/qhandle/https.rs中,156行又定义了 .header("content-type", "application/dns-message")
我也不知道问题出在哪里了
LEXUGE
commented
2 years ago hmmmmm,似乎在TLS握手时就挂了,和 header 无关
LEXUGE
commented
2 years ago 应该是默认不发送 SNI 所致 你可以尝试在每个upstream下填写 sni: true 试试
Error996
commented
2 years ago sni :true之后
2022-04-04T03:40:18.533Z DEBUG [reqwest::connect] starting new connection: https://dns2.****.workers.dev/
2022-04-04T03:40:18.833Z DEBUG [rustls::client::hs] No cached session for DnsName(DnsName(DnsName("dns1.****.workers.dev")))
2022-04-04T03:40:18.833Z DEBUG [rustls::client::hs] Not resuming any session
2022-04-04T03:40:19.138Z DEBUG [rustls::client::hs] Using ciphersuite Tls13(Tls13CipherSuite { suite: TLS13_AES_256_GCM_SHA384, bulk: Aes256Gcm })
2022-04-04T03:40:19.138Z DEBUG [rustls::client::tls13] Not resuming
2022-04-04T03:40:19.139Z DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [ServerNameAck]
2022-04-04T03:40:19.139Z DEBUG [rustls::client::hs] ALPN protocol is None
2022-04-04T03:40:19.875Z DEBUG [rustls::client::hs] No cached session for DnsName(DnsName(DnsName("dns1.****.workers.dev")))
2022-04-04T03:40:19.875Z DEBUG [rustls::client::hs] Not resuming any session
2022-04-04T03:40:19.888Z DEBUG [rustls::client::hs] No cached session for DnsName(DnsName(DnsName("dns2.****.workers.dev")))
2022-04-04T03:40:19.889Z DEBUG [rustls::client::hs] Not resuming any session
2022-04-04T03:40:20.185Z DEBUG [rustls::client::hs] Using ciphersuite Tls13(Tls13CipherSuite { suite: TLS13_AES_256_GCM_SHA384, bulk: Aes256Gcm })
2022-04-04T03:40:20.185Z DEBUG [rustls::client::tls13] Not resuming
2022-04-04T03:40:20.186Z DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [ServerNameAck]
2022-04-04T03:40:20.186Z DEBUG [rustls::client::hs] ALPN protocol is None
2022-04-04T03:40:20.218Z DEBUG [rustls::client::hs] Using ciphersuite Tls13(Tls13CipherSuite { suite: TLS13_AES_256_GCM_SHA384, bulk: Aes256Gcm })
2022-04-04T03:40:20.218Z DEBUG [rustls::client::tls13] Not resuming
2022-04-04T03:40:20.219Z DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: [ServerNameAck]
2022-04-04T03:40:20.219Z DEBUG [rustls::client::hs] ALPN protocol is None
2022-04-04T03:40:20.804Z DEBUG [rustls::client::tls13] Ticket saved
2022-04-04T03:40:20.804Z DEBUG [rustls::client::tls13] Ticket saved
2022-04-04T03:40:20.804Z DEBUG [reqwest::async_impl::client] response '404 Not Found' for https://dns1.****.workers.dev/dns-query-****-just-get-out
2022-04-04T03:40:20.804Z DEBUG [rustls::conn] Sending warning alert CloseNotify
2022-04-04T03:40:21.535Z WARN [droute::router] upstream encountered error: error sending request for url (https://dns2.****.workers.dev/dns-query-****-just-get-out): error trying to connect: operation timed out, returning SERVFAIL能解析了倒是,但是反复这一段,一直提示,尤其是response '404 Not Found' for https://dns1.****.workers.dev/dns-query-****-just-get-out
对应脚本中
async function handleRequest(request) {
const clientUrl = new URL(request.url);
if (clientUrl.pathname != endpointPath) {
return new Response('Hello World!', { status: 404 });
}要是ip能自动就好了,反正也得从223这种获取,不过目前优选ip反而更快。。。
LEXUGE
commented
2 years ago 我不是很懂反复404出错是什么意思,有log吗。
手动IP的原因是为了保证能够bootstrap,不会依赖其他软件或者libc来获取所需的域名地址(因为没法保证这些来源获得的IP是不受污染的而且dcompass作为dns解析器却需要依赖其他的解析途径就不太合适)
Error996
commented
2 years ago https://github.com/compassd/dcompass/issues/81#issuecomment-1087077297
循环出现,倒数第三行,有个404not found
我猜啊,和TLS1.3有关
Error996
commented
2 years ago 实际不影响使用,强迫症只是~~~~
LEXUGE
commented
2 years ago 我有空尝试复现修复一下
Is your feature request related to a problem? Please describe. 目前不支持CloudFlare Worker的dns转发查询
Describe the solution you'd like 参考下面链接
Describe alternatives you've considered Null
Additional context Null