search

shawn1m / overture

A customized DNS relay server
MIT License
1.79k stars 284 forks source link

是否可添加WhenAlternativeDNSAnswerNoneUse或添加不缓存空DNS响应的参数? #229

Open gubiao opened 4 years ago

gubiao commented 4 years ago

1. 配置文件: { "BindAddress": "127.0.0.1:53", "DebugHTTPAddress": "127.0.0.1:5555", "PrimaryDNS": [ { "Name": "Baidu", "Address": "180.76.76.76:53", "Protocol": "udp", "SOCKS5Address": "", "Timeout": 5, "EDNSClientSubnet": { "Policy": "disable", "ExternalIP": "", "NoCookie": true } } ], "AlternativeDNS": [ { "Name": "Bypass-GFW", "Address": "127.0.0.1:1081", "Protocol": "tcp", "SOCKS5Address": "", "Timeout": 10, "EDNSClientSubnet": { "Policy": "disable", "ExternalIP": "", "NoCookie": true } } ], "OnlyPrimaryDNS": false, "IPv6UseAlternativeDNS": false, "AlternativeDNSConcurrent": false, "PoolIdleTimeout": 15, "PoolMaxCapacity": 15, "WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS", "IPNetworkFile": { "Primary": "./ip_network_primary", "Alternative": "./ip_network_alternative" }, "DomainFile": { "Primary": "./domain_primary", "Alternative": "./domain_alternative", "Matcher": "full-map" }, "HostsFile": { "HostsFile": "./hosts", "Finder": "full-map" }, "MinimumTTL": 3600, "DomainTTLFile" : "./domain_ttl", "CacheSize" : 5000, "RejectQType": [255] }

2. 问题场景描述: PrimaryDNS为国内DNS, ip_network_primary文件中存放国内所有IP段信息, 如果PrimaryDNS返回的查询结果IP不在ip_network_primary文件中的国内地址段范围内则继续使用AlternativeDNS通过加密通道向国外DNS服务器进行查询, 通常情况下此方式能工作的很好. 但加密通道如果偶尔抽风不稳恰巧在这时发起了DNS查询请求, 则AlternativeDNS会返回空的DNS响应, 如果同时启用了cache的话会导致这个空的DNS结果被一直缓存导致后续对这个域名的DNS请求永远返回空, 这时只能手工重启overturn使缓存失效才行.

3. 可能的解决办法: 实际场景中虽然PrimaryDNS返回的IP不在ip_network_primary文件的国内IP地址段中, 但绝大多数并不是被污染的DNS结果, 只是国外网站没有大陆服务器IP而已, 毕竟被污染的域名是屈指可数的, 也就是说大多数其实都是正确的国外IP地址. a. 如果支持WhenAlternativeDNSAnswerNoneUse=“PrimaryDNS”选项, 在由于加密通道不稳导致AlternativeDNS返回空的DNS响应时降级为允许忽略ip_network_primary规则直接使用PrimaryDNS返回的结果则此问题可很大程度上缓解. b. 如果支持CacheNoneUseAnswer=false类似的参数, 可以对DNS响应中不包含ANSWER SECTION的结果缓存策略进行控制, 则可完美解决此问题.

4. 以下为由于加密通道不稳导致空的DNS响应被缓存时查询的结果, 此时只能重启overture清除缓存: $ dig lowendtalk.com

; <<>> DiG 9.10.6 <<>> lowendtalk.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45866 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;lowendtalk.com. IN A

;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Apr 27 22:36:56 CST 2020 ;; MSG SIZE rcvd: 32

wangmice commented 4 years ago

支持,可惜不懂代码

NyaMisty commented 3 years ago

为啥会有这种情况?信道再怎么不稳定,也不可能会返回空的记录啊