search

shawn1m / overture

A customized DNS relay server
MIT License
1.79k stars 284 forks source link

如何排除指定的AlternativeDNS结果 #158

Open ATErBion opened 5 years ago

ATErBion commented 5 years ago

遇到一个特殊的场景,当AlternativeDNS的出口线路处出现问题,该设备不断重试连接中时,该线路的所有DNS请求都会直接返回一个相同的IP“192.0.2.132”(估计其策略是当外部线路不正常时阻断并重定向所有请求到设备设置页面之类),Overture会舍弃PrimaryDNS的结果,采用AlternativeDNS的结果,有没有办法可以让Overture在此时采用PrimaryDNS的结果呢?

尝试过IPNetworkFile ip_network_primary貌似不适用(解析的IP地址落在ip_network_sample范围内,就直接返回解析结果,否则返回AlternativeDNS解析的结果) ip_network_alternative测试了下,无效(解析的IP地址落在ip_network_alternative_sample范围内,就直接返回解析结果,否则返回PrimaryDNS解析的结果???)

如果实在不行,估计只能把一些常用的国外正常域名(例如amazon.com),添加到domain_primary_sample里面了

日志如下:

INFO[2019-06-27 04:24:10] Overture v1.5 INFO[2019-06-27 04:24:10] If you need any help, please visit the project repository: https://github.com/shawn1m/overture ERRO[2019-06-27 04:24:10] Open file ./domain_ttl_sample failed: open ./domain_ttl_sample: no such file or directory ERRO[2019-06-27 04:24:10] Open file ./domain_primary_sample failed: open ./domain_primary_sample: no such file or directory ERRO[2019-06-27 04:24:10] Open file ./domain_alternative_sample failed: open ./domain_alternative_sample: no such file or directory INFO[2019-06-27 04:24:10] Load /home/pi/overture/ip_network_primary_sample successful INFO[2019-06-27 04:24:10] Load /home/pi/overture/ip_network_alternative_sample successful INFO[2019-06-27 04:24:10] Minimum TTL is disabled INFO[2019-06-27 04:24:10] Cache is disabled INFO[2019-06-27 04:24:10] Load hosts file failed: open ./hosts_sample: no such file or directory INFO[2019-06-27 04:24:10] Start overture on :53 DEBU[2019-06-27 04:24:21] Question from 192.168.XXX.XXX: ;www.amazon.com. IN A DEBU[2019-06-27 04:24:21] Domain Primary match fail

DEBU[2019-06-27 04:24:21] Domain Alternative match fail DEBU[2019-06-27 04:24:21] Answer from ns3.gd.cnmobile.net: www.amazon.com. 1264 IN CNAME www.cdn.amazon.com. DEBU[2019-06-27 04:24:21] Answer from ns3.gd.cnmobile.net: www.cdn.amazon.com. 238 IN CNAME d3ag4hukkh62yn.cloudfront.net. DEBU[2019-06-27 04:24:21] Answer from ns3.gd.cnmobile.net: d3ag4hukkh62yn.cloudfront.net. 238 IN A 54.182.1.104 DEBU[2019-06-27 04:24:21] Try to match response ip address with IP network DEBU[2019-06-27 04:24:21] Try to match response ip address with IP network DEBU[2019-06-27 04:24:21] Try to match response ip address with IP network DEBU[2019-06-27 04:24:21] IP network match failed, finally use alternative DNS DEBU[2019-06-27 04:24:21] Answer from GoogleDNS2: www.amazon.com. 0 IN A 192.0.2.132 DEBU[2019-06-27 04:24:21] Answer from GoogleDNS1: www.amazon.com. 0 IN A 192.0.2.132 DEBU[2019-06-27 04:24:21] Answer from ns6.gd.cnmobile.net: www.amazon.com. 1413 IN CNAME www.cdn.amazon.com. DEBU[2019-06-27 04:24:21] Answer from ns6.gd.cnmobile.net: www.cdn.amazon.com. 600 IN CNAME d3ag4hukkh62yn.cloudfront.net. DEBU[2019-06-27 04:24:21] Answer from ns6.gd.cnmobile.net: d3ag4hukkh62yn.cloudfront.net. 600 IN A 54.182.1.104 DEBU[2019-06-27 04:24:21] Answer from ns4.gd.cnmobile.net: www.amazon.com. 436 IN CNAME www.cdn.amazon.com. DEBU[2019-06-27 04:24:21] Answer from ns4.gd.cnmobile.net: www.cdn.amazon.com. 30 IN CNAME d3ag4hukkh62yn.cloudfront.net. DEBU[2019-06-27 04:24:21] Answer from ns4.gd.cnmobile.net: d3ag4hukkh62yn.cloudfront.net. 30 IN A 99.84.21.244 DEBU[2019-06-27 04:24:21] Answer from ns5.gd.cnmobile.net: www.amazon.com. 1264 IN CNAME www.cdn.amazon.com. DEBU[2019-06-27 04:24:21] Answer from ns5.gd.cnmobile.net: www.cdn.amazon.com. 600 IN CNAME d3ag4hukkh62yn.cloudfront.net. DEBU[2019-06-27 04:24:21] Answer from ns5.gd.cnmobile.net: d3ag4hukkh62yn.cloudfront.net. 600 IN A 54.182.1.104 ^C

ysc3839 commented 5 years ago

看看配置文件以及 ip_network_sample?

shawn1m commented 5 years ago

这相当于要支持当前 DNS 失败 fallback 到上一个 DNS,并且对失败还可以自定义(比如返回了某个 IP),可以考虑。

ATErBion commented 5 years ago

用v1.6-rc6测试了 还是一样,更新了本页的配置文件 config.json

{
  "BindAddress": ":53",
  "DebugHTTPAddress": "127.0.0.1:5555",
  "PrimaryDNS": [
    {
      "Name": "PrimaryDNS-1",
      "Address": "XXX.XXX.XXX.XXX:53",
      "Protocol": "udp",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
     "NoCookie": true
      }
    },
    {
      "Name": "PrimaryDNS-2",
      "Address": "XXX.XXX.XXX.XXX:53",
      "Protocol": "udp",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
     "NoCookie": true
      }
    }
  ],
  "AlternativeDNS": [
    {
      "Name": "AlternativeDNS-1",
      "Address": "XXX.XXX.XXX.XXX:53",
      "Protocol": "udp",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
        "NoCookie": true
      }
    }
  ],
  "OnlyPrimaryDNS": false,
  "IPv6UseAlternativeDNS": false,
  "WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
  "IPNetworkFile": {
    "Primary": "/home/pi/overture/ip_network_primary_test",
    "Alternative": "/home/pi/overture/ip_network_alternative_test"
  },
  "DomainFile": {
    "Primary": "/home/pi/overture/domain_primary_test",
    "Alternative": "/home/pi/overture/domain_alternative_test",
    "Matcher":  "regex-list"
  },
  "HostsFile": "/home/pi/overture/hosts_test",
  "MinimumTTL": 0,
  "DomainTTLFile" : "/home/pi/overture/domain_ttl_test",
  "CacheSize" : 0,
  "RejectQType": [255]
}

ip_network_alternative_test

127.0.0.10/32
192.0.2.132/32

其他配置文件都是默认

comzyh commented 5 years ago

直接把 192.0.2.132 放到 ip_network_alternative 理论上应该是能解决问题的。

你试过不行的话,能分享下细节(比如日志)吗?

ATErBion commented 4 years ago

这个问题现在看起来,感觉是该线路的一种保护机制,也不强求overture来处理了^_^ 日志内容是线路正常时先查询两次,重现线路故障时再查询两次

overture.log

time="09:21:43" level=info msg="Overture v1.6-rc6"
time="09:21:43" level=info msg="If you need any help, please visit the project repository: https://github.com/shawn1m/overture"
time="09:21:43" level=debug msg="Reading domain TTL file /home/pi/overture/domain_ttl_test reached EOF"
time="09:21:43" level=info msg="Domain TTL file /home/pi/overture/domain_ttl_test has been loaded with 1 records (0 failed)"
time="09:21:43" level=debug msg="Reading domain file /home/pi/overture/domain_primary_test reached EOF"
time="09:21:43" level=info msg="Domain file /home/pi/overture/domain_primary_test has been loaded with 1 records (regex-list)"
time="09:21:43" level=debug msg="Reading domain file /home/pi/overture/domain_alternative_test reached EOF"
time="09:21:43" level=info msg="Domain file /home/pi/overture/domain_alternative_test has been loaded with 1 records (regex-list)"
time="09:21:43" level=debug msg="Reading IP network file /home/pi/overture/ip_network_primary_test has reached EOF"
time="09:21:43" level=warning msg="No element has been loaded from IP network file: /home/pi/overture/ip_network_primary_test"
time="09:21:43" level=debug msg="Reading IP network file /home/pi/overture/ip_network_alternative_test has reached EOF"
time="09:21:43" level=info msg="IP network file /home/pi/overture/ip_network_alternative_test has been loaded with 2 records"
time="09:21:43" level=info msg="Minimum TTL is disabled"
time="09:21:43" level=info msg="Cache is disabled"
time="09:21:43" level=debug msg="Reading hosts file reached EOF"
time="09:21:43" level=debug msg="Load hosts took 1.719µs"
time="09:21:43" level=info msg="Hosts file has been loaded successfully"
time="09:21:43" level=info msg="Overture is listening on :53"
time="09:21:55" level=debug msg="Question from 192.168.1.100: ;amzon.com.\tIN\t A"
time="09:21:55" level=debug msg="Domain Primary match fail"
time="09:21:55" level=debug msg="Domain Alternative match fail"
time="09:21:55" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5525\tIN\tA\t207.171.166.22"
time="09:21:55" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5525\tIN\tA\t72.21.206.80"
time="09:21:55" level=debug msg="Try to match response ip address with IP network"
time="09:21:55" level=debug msg="Try to match response ip address with IP network"
time="09:21:55" level=debug msg="IP network match failed, finally use alternative DNS"
time="09:21:55" level=debug msg="Answer from AlternativeDNS-1: amzon.com.\t6197\tIN\tA\t207.171.166.22"
time="09:21:55" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t5523\tIN\tA\t207.171.166.22"
time="09:21:55" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t5523\tIN\tA\t72.21.206.80"
time="09:21:55" level=debug msg="Answer from AlternativeDNS-1: amzon.com.\t6197\tIN\tA\t72.21.206.80"
time="09:21:58" level=debug msg="Question from 192.168.1.100: ;amzon.com.\tIN\t A"
time="09:21:58" level=debug msg="Domain Primary match fail"
time="09:21:58" level=debug msg="Domain Alternative match fail"
time="09:21:58" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5522\tIN\tA\t72.21.206.80"
time="09:21:58" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5522\tIN\tA\t207.171.166.22"
time="09:21:58" level=debug msg="Try to match response ip address with IP network"
time="09:21:58" level=debug msg="Try to match response ip address with IP network"
time="09:21:58" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t6409\tIN\tA\t207.171.166.22"
time="09:21:58" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t6409\tIN\tA\t72.21.206.80"
time="09:21:58" level=debug msg="IP network match failed, finally use alternative DNS"
time="09:21:58" level=debug msg="Answer from AlternativeDNS-1: amzon.com.\t6194\tIN\tA\t72.21.206.80"
time="09:21:58" level=debug msg="Answer from AlternativeDNS-1: amzon.com.\t6194\tIN\tA\t207.171.166.22"
time="09:50:15" level=debug msg="Question from 192.168.1.100: ;amzon.com.\tIN\t A"
time="09:50:15" level=debug msg="Domain Primary match fail"
time="09:50:15" level=debug msg="Domain Alternative match fail"
time="09:50:15" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5505\tIN\tA\t207.171.166.22"
time="09:50:15" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5505\tIN\tA\t72.21.206.80"
time="09:50:15" level=debug msg="Try to match response ip address with IP network"
time="09:50:15" level=debug msg="Try to match response ip address with IP network"
time="09:50:15" level=debug msg="IP network match failed, finally use alternative DNS"
time="09:50:15" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t5504\tIN\tA\t72.21.206.80"
time="09:50:15" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t5504\tIN\tA\t207.171.166.22"
time="09:50:15" level=debug msg="Answer from AlternativeDNS-1: amzon.com.\t0\tIN\tA\t192.0.2.132"
time="09:50:16" level=debug msg="Question from 192.168.1.100: ;amzon.com.\tIN\t A"
time="09:50:16" level=debug msg="Domain Primary match fail"
time="09:50:16" level=debug msg="Domain Alternative match fail"
time="09:50:16" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5504\tIN\tA\t72.21.206.80"
time="09:50:16" level=debug msg="Answer from PrimaryDNS-1: amzon.com.\t5504\tIN\tA\t207.171.166.22"
time="09:50:16" level=debug msg="Try to match response ip address with IP network"
time="09:50:16" level=debug msg="Try to match response ip address with IP network"
time="09:50:16" level=debug msg="IP network match failed, finally use alternative DNS"
time="09:50:16" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t5502\tIN\tA\t207.171.166.22"
time="09:50:16" level=debug msg="Answer from PrimaryDNS-2: amzon.com.\t5502\tIN\tA\t72.21.206.80"
time="09:50:16" level=debug msg="Answer from AlternativeDNS-1: amzon.com.\t0\tIN\tA\t192.0.2.132"