klzgrad
commented
2 weeks ago What do you mean DNS leak?
What is the expected? The actual?
Closed dgp970 closed 1 week ago
klzgrad
commented
2 weeks ago What do you mean DNS leak?
What is the expected? The actual?
dgp970
commented
2 weeks ago There is DNS resolution for both ISP and server, and while accessing the website, the ISP's DNS resolution is used firstly.
How to correctly configure iptables rules to enable DNS resolution through the server?
dgp970
commented
1 week ago After enabling https-dns-proxy, while maintaining the above configuration, you can access google.com normally, but accessing youtube is extremely slow.
[INFO:redirect_resolver.cc] Malformed DNS query from 192.168.1.138:54798 [INFO:redirect_resolver.cc] OnRecv: ignoring error ERR_INVALID_ARGUMENT [INFO:redirect_resolver.cc] OnRecv: ignoring error ERR_MSG_TOO_BIG
klzgrad
commented
1 week ago I recommend not using the fakeip resolver at all as it pollutes DNS cache all around.
You can redirect tcp port 53 to port 1080 and use this as a proxied remote DNS server and cache it for latency performance. This way you resolve host names remotely and save RTT.
For naive: "listen": "redir://0.0.0.0:1080"
For iptables: iptables -t nat -A PREROUTING -p udp -j REDIRECT --to-ports 1080 iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080
With the above configuration, there is a DNS leak. Seeking a help for configuring correct rules, thank you.