search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.29k stars 8.94k forks source link

使用“dokodemo-door”解析DNS时遇到的问题 #1129

Closed flukaxkx closed 5 years ago

flukaxkx commented 6 years ago

1) 你正在使用哪个版本的 V2Ray? 3.23

2) 你的使用场景是什么? 在路由器上做透明代理,目前只用iptables代理了tcp,udp部分还没弄明白。 同时用dnsmasq配合做dns查询与缓存。 采用黑名单模式,只有黑名单中的网站用 8.8.8.8解析,并走代理, 默认是 freedom模式,用114.114.114.114解析,并直接访问。

3) 你看到的不正常的现象是什么? iplocation.net在黑名单中,长时间不访问后的第一次访问,显示的是本机的真实ip, 此后刷新才会显示vps的ip。 类似的,一些黑名单中的网站,第一次访问都会出现解析不到dns的问题, 等一下再刷新就好了。

4) 你期待看到的正确表现是怎样的? 我想请教的问题是: 1,上述问题出在何处,如何能够更正。 2,在iptables不设置udp转发的情况下,按照我的客户端配置,把gfwlist中的网站直接用8.8.8.8解析和用127.0.0.1#5353解析有什么区别(如下述的两行设置),

server=/iplocation.net/8.8.8.8#53  //将dns请求通过rules代理至8.8.8.8
server=/iplocation.net/127.0.0.1#5353  //将dns请求转制dokodemo-door,再转至8.8.8.8

会不会有一种配置导致解析过程没有通过v2ray而导致结果被污染。

5) 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。 客户端配置:

"inbound": {
    "port": 1080,
    "listen": "0.0.0.0",
    "protocol": "socks",
    "settings": {
      "auth": "noauth",
      "udp": true,
      "ip": "127.0.0.1",
      "clients": null
    },
    "streamSettings": null
  },

  "inboundDetour": [
    {
         "domainOverride": ["tls","http"],
         "port": 8010,
         "network": "tcp,udp",
         "protocol": "dokodemo-door",
         "settings": {
             "followRedirect": true
         }
    },
    {
         "protocol": "dokodemo-door",
         "port": 5353,
         "listen": "127.0.0.1",
         "settings": {
         "address": "8.8.8.8",
         "port": 53,
         "network": "udp",
         "timeout": 0
         }
    },
    {
         "protocol": "dokodemo-door",
         "port": 53535,
         "listen": "127.0.0.1",
         "settings": {
         "address": "114.114.114.114",
         "port": 53,
         "network": "udp",
         "timeout": 0
         }
    }
  ],

  "outbound": 
    {
      "protocol": "freedom",
      "settings": {
        "response": null
      },
      "tag": "direct"
    },

  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      },
      "tag": "blockout"
    },
    {
    "tag": "proxy",
    "protocol": "vmess",
    "settings": {
      "vnext": [
        {
          "address": "*",
          "port": 443,
          "users": [
            {
              "id": "*",
              "alterId": 64,
              "security": "aes-128-cfb"
            }
          ]
        }
      ],
      "servers": null
    },
    "streamSettings": {
      "network": "ws",
      "security": "tls",
      "tcpSettings": null,
      "kcpSettings": null,
      "tlsSettings":{
        "serverName":"*",
        "allowInsecure":true
      },
      "wsSettings": {
        "connectionReuse": true,
        "path": "*",
        "headers": null
      }
    },
    "mux": {
      "enabled": false
    }
  }
  ],

  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  },
  "routing": {
    "strategy": "rules",
    "settings": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
           "type":"field",
           "outboundTag":"proxy",
           "ip": [
             "8.8.8.8/32",
             "8.8.4.4/32"
           ]
        },
        {
           "type": "field",
           "outboundTag": "proxy",
           "domain": [
              "iplocation.net",
              "GFWlist"
           ]
        },
        {
          "type": "field",
          "port": null,
          "outboundTag": "direct",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "domain": null
        }
      ]
    }
  }
}

6) 请附上出错时软件输出的错误日志。

2018/05/31 21:37:18 [Info] [3927517055] App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > Proxy|Dokodemo: failed to transport request > read tcp 192.168.1.1:1082->192.168.1.144:51696: read: connection reset by peer
2018/05/31 21:37:18 [Info] [3927517055] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:18 [Debug] [4207643963] Proxy|Dokodemo: processing connection from: 192.168.1.144:51699
2018/05/31 21:37:18 [Debug] [3333923665] Proxy|Dokodemo: processing connection from: 192.168.1.144:51700
2018/05/31 21:37:18 [Info] [3333923665] App|Dispatcher: sniffed domain: ade.googlesyndication.com
2018/05/31 21:37:18 [Info] App|Router: looking for IP for domain: ade.googlesyndication.com
2018/05/31 21:37:18 [Info] [3333923665] App|Dispatcher: default route for tcp:ade.googlesyndication.com:443
2018/05/31 21:37:18 [Info] [3333923665] Proxy|Freedom: opening connection to tcp:ade.googlesyndication.com:443
2018/05/31 21:37:18 [Info] [3333923665] Transport|Internet|TCP: dialing TCP to tcp:ade.googlesyndication.com:443
2018/05/31 21:37:18 [Info] [4207945041] App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > context canceled
2018/05/31 21:37:18 [Info] [4207945041] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > context canceled
2018/05/31 21:37:18 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:18 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:18 [Info] [1863648632] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:18 [Info] [2139671153] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:18 [Info] [4051297100] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > Proxy|Freedom: failed to process response > read tcp 192.168.8.54:60948->204.2.250.100:443: read: connection reset by peer
2018/05/31 21:37:18 [Info] [4051297100] App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > Proxy|Dokodemo: failed to transport response > io: read/write on closed pipe
2018/05/31 21:37:18 [Debug] [452050103] Proxy|Dokodemo: processing connection from: 192.168.1.144:51701
2018/05/31 21:37:18 [Info] [452050103] App|Dispatcher: sniffed domain: www.iplocation.net
2018/05/31 21:37:18 [Debug] [1517751999] Proxy|Dokodemo: processing connection from: 192.168.1.121:63995
2018/05/31 21:37:18 [Info] [452050103] App|Dispatcher: taking detour [proxy] for [tcp:www.iplocation.net:443]
2018/05/31 21:37:18 [Info] [452050103] Transport|Internet|WebSocket: creating connection to tcp:myproxy.com:443
2018/05/31 21:37:18 [Info] [1517751999] App|Dispatcher: sniffed domain: cm.masky.biddingx.com
2018/05/31 21:37:18 [Info] App|Router: looking for IP for domain: cm.masky.biddingx.com
2018/05/31 21:37:18 [Debug] App|DNS: add pending request id 3452
2018/05/31 21:37:18 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:18 [Info] [2223422540] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] [2289898689] Proxy|Dokodemo: processing connection from: 192.168.1.148:52188
2018/05/31 21:37:19 [Info] [4219196627] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] [477721402] Proxy|Dokodemo: processing connection from: 192.168.1.121:63996
2018/05/31 21:37:19 [Info] [582252765] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.8.8:53 via tcp:myproxy.com:443
2018/05/31 21:37:19 [Info] [3014295111] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Info] [477721402] App|Dispatcher: sniffed domain: api.weibo.com
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: api.weibo.com
2018/05/31 21:37:19 [Debug] App|DNS: add pending request id 40653
2018/05/31 21:37:19 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:19 [Info] [131777625] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] [3636982717] Proxy|Dokodemo: processing connection from: 192.168.1.121:63998
2018/05/31 21:37:19 [Debug] [3127253849] Proxy|Dokodemo: processing connection from: 192.168.1.121:63997
2018/05/31 21:37:19 [Info] [3127253849] App|Dispatcher: sniffed domain: saxn.sina.com.cn
2018/05/31 21:37:19 [Debug] [840052394] Proxy|Dokodemo: processing connection from: 192.168.1.121:63999
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: saxn.sina.com.cn
2018/05/31 21:37:19 [Info] [3127253849] App|Dispatcher: default route for tcp:saxn.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3127253849] Proxy|Freedom: opening connection to tcp:saxn.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3127253849] Transport|Internet|TCP: dialing TCP to tcp:saxn.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3636982717] App|Dispatcher: sniffed domain: sax.sina.com.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: sax.sina.com.cn
2018/05/31 21:37:19 [Info] [3636982717] App|Dispatcher: default route for tcp:sax.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3636982717] Proxy|Freedom: opening connection to tcp:sax.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3636982717] Transport|Internet|TCP: dialing TCP to tcp:sax.sina.com.cn:80
2018/05/31 21:37:19 [Info] [840052394] App|Dispatcher: sniffed domain: d6.sinaimg.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: d6.sinaimg.cn
2018/05/31 21:37:19 [Info] [840052394] App|Dispatcher: default route for tcp:d6.sinaimg.cn:80
2018/05/31 21:37:19 [Info] [840052394] Proxy|Freedom: opening connection to tcp:d6.sinaimg.cn:80
2018/05/31 21:37:19 [Info] [840052394] Transport|Internet|TCP: dialing TCP to tcp:d6.sinaimg.cn:80
2018/05/31 21:37:19 [Debug] [3390072693] Proxy|Dokodemo: processing connection from: 127.0.0.1:39362
2018/05/31 21:37:19 [Info] [3390072693] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3390072693] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Debug] [2347590359] Proxy|Dokodemo: processing connection from: 127.0.0.1:39308
2018/05/31 21:37:19 [Info] [2347590359] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [2347590359] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3636982717] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 49378 content: ;; opcode: QUERY, status: NOERROR, id: 49378
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;current.sina.com.cn.   IN   A

;; ANSWER SECTION:
current.sina.com.cn.    26  IN  CNAME   w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn.  26  IN  A   123.125.29.138

2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 41985 content: ;; opcode: QUERY, status: NOERROR, id: 41985
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;current.sina.com.cn.   IN   A

;; ANSWER SECTION:
current.sina.com.cn.    26  IN  CNAME   w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn.  26  IN  A   123.125.29.138

2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 49378 content: ;; opcode: QUERY, status: NOERROR, id: 49378
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;current.sina.com.cn.   IN   A

;; ANSWER SECTION:
current.sina.com.cn.    26  IN  CNAME   w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn.  26  IN  A   123.125.29.138

2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 41985 content: ;; opcode: QUERY, status: NOERROR, id: 41985
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;current.sina.com.cn.   IN   A

;; ANSWER SECTION:
current.sina.com.cn.    26  IN  CNAME   w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn.  26  IN  A   123.125.29.138

2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain current.sina.com.cn.
2018/05/31 21:37:19 [Info] [2179628403] App|Dispatcher: default route for tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2179628403] Proxy|Freedom: opening connection to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2179628403] Transport|Internet|TCP: dialing TCP to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain current.sina.com.cn.
2018/05/31 21:37:19 [Info] [2728311107] App|Dispatcher: default route for tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2728311107] Proxy|Freedom: opening connection to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2728311107] Transport|Internet|TCP: dialing TCP to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 10195 content: ;; opcode: QUERY, status: NOERROR, id: 10195
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hq.sinajs.cn.  IN   A

;; ANSWER SECTION:
hq.sinajs.cn.   31  IN  CNAME   idc-hq-hk.sinajs.cn.
idc-hq-hk.sinajs.cn.    44  IN  A   203.90.242.126

2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain hq.sinajs.cn.
2018/05/31 21:37:19 [Info] [361377501] App|Dispatcher: default route for tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [361377501] Proxy|Freedom: opening connection to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [361377501] Transport|Internet|TCP: dialing TCP to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 40653 content: ;; opcode: QUERY, status: NOERROR, id: 40653
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;api.weibo.com. IN   A

;; ANSWER SECTION:
api.weibo.com.  57  IN  A   180.149.135.230

2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain api.weibo.com.
2018/05/31 21:37:19 [Info] [477721402] App|Dispatcher: default route for tcp:api.weibo.com:443
2018/05/31 21:37:19 [Info] [477721402] Proxy|Freedom: opening connection to tcp:api.weibo.com:443
2018/05/31 21:37:19 [Info] [477721402] Transport|Internet|TCP: dialing TCP to tcp:api.weibo.com:443
2018/05/31 21:37:19 [Debug] [3265333965] Proxy|Dokodemo: processing connection from: 127.0.0.1:63987
2018/05/31 21:37:19 [Info] [3265333965] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3265333965] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Debug] [3530362242] Proxy|Dokodemo: processing connection from: 192.168.1.148:52189
2018/05/31 21:37:19 [Info] [3530362242] App|Dispatcher: sniffed domain: q.rising.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: q.rising.cn
2018/05/31 21:37:19 [Info] [3530362242] App|Dispatcher: default route for tcp:q.rising.cn:80
2018/05/31 21:37:19 [Info] [3530362242] Proxy|Freedom: opening connection to tcp:q.rising.cn:80
2018/05/31 21:37:19 [Info] [3530362242] Transport|Internet|TCP: dialing TCP to tcp:q.rising.cn:80
2018/05/31 21:37:19 [Info] [2289898689] App|Dispatcher: default route for tcp:111.13.100.91:80
2018/05/31 21:37:19 [Info] [2289898689] Proxy|Freedom: opening connection to tcp:111.13.100.91:80
2018/05/31 21:37:19 [Info] [2289898689] Transport|Internet|TCP: dialing TCP to tcp:111.13.100.91:80
2018/05/31 21:37:19 [Debug] [926618329] Proxy|Dokodemo: processing connection from: 192.168.1.121:64000
2018/05/31 21:37:19 [Info] [926618329] App|Dispatcher: sniffed domain: hq.sinajs.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: hq.sinajs.cn
2018/05/31 21:37:19 [Info] [926618329] App|Dispatcher: default route for tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [926618329] Proxy|Freedom: opening connection to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [926618329] Transport|Internet|TCP: dialing TCP to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 3452 content: ;; opcode: QUERY, status: NOERROR, id: 3452
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cm.masky.biddingx.com. IN   A

;; ANSWER SECTION:
cm.masky.biddingx.com.  599 IN  CNAME   hkbj.biddingx.com.
hkbj.biddingx.com.  9   IN  A   112.73.28.70
hkbj.biddingx.com.  9   IN  A   112.73.28.69

2018/05/31 21:37:19 [Info] [452050103] Proxy|VMess|Outbound: tunneling request to tcp:www.iplocation.net:443 via tcp:myproxy.com:443
2018/05/31 21:37:19 [Debug] App|DNS: returning 2 IPs for domain cm.masky.biddingx.com.
2018/05/31 21:37:19 [Info] [1517751999] App|Dispatcher: default route for tcp:cm.masky.biddingx.com:80
2018/05/31 21:37:19 [Info] [1517751999] Proxy|Freedom: opening connection to tcp:cm.masky.biddingx.com:80
2018/05/31 21:37:19 [Info] [1517751999] Transport|Internet|TCP: dialing TCP to tcp:cm.masky.biddingx.com:80
2018/05/31 21:37:19 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 30450 content: ;; opcode: QUERY, status: NOERROR, id: 30450
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;d6.sina.com.cn.    IN   A

;; ANSWER SECTION:
d6.sina.com.cn. 59  IN  CNAME   ad4.sina.com.cn.
ad4.sina.com.cn.    59  IN  CNAME   i3.sina.com.cn.
i3.sina.com.cn. 59  IN  CNAME   adiwlbs.gslb.sinaedge.com.
adiwlbs.gslb.sinaedge.com.  31  IN  CNAME   jtpool.grid.sinaedge.com.
jtpool.grid.sinaedge.com.   33  IN  CNAME   d.sinaimg.cn.edgekey.net.
d.sinaimg.cn.edgekey.net.   253 IN  CNAME   e4141.dscb.akamaiedge.net.
e4141.dscb.akamaiedge.net.  19  IN  A   23.209.179.150

2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain d6.sina.com.cn.
2018/05/31 21:37:19 [Info] [3783014700] App|Dispatcher: default route for tcp:d6.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3783014700] Proxy|Freedom: opening connection to tcp:d6.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3783014700] Transport|Internet|TCP: dialing TCP to tcp:d6.sina.com.cn:80
2018/05/31 21:37:19 [Debug] [1427369034] Proxy|Dokodemo: processing connection from: 127.0.0.1:19303
2018/05/31 21:37:19 [Info] [1427369034] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [1427369034] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Debug] [3707287667] Proxy|Dokodemo: processing connection from: 127.0.0.1:1722
2018/05/31 21:37:19 [Info] [3707287667] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3707287667] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [4207643963] App|Dispatcher: default route for tcp:172.217.4.130:443
2018/05/31 21:37:19 [Info] [4207643963] Proxy|Freedom: opening connection to tcp:172.217.4.130:443
2018/05/31 21:37:19 [Info] [4207643963] Transport|Internet|TCP: dialing TCP to tcp:172.217.4.130:443
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 30450 content: ;; opcode: QUERY, status: NOERROR, id: 30450
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;d6.sina.com.cn.    IN   A

;; ANSWER SECTION:
d6.sina.com.cn. 59  IN  CNAME   ad4.sina.com.cn.
ad4.sina.com.cn.    59  IN  CNAME   i3.sina.com.cn.
i3.sina.com.cn. 59  IN  CNAME   adiwlbs.gslb.sinaedge.com.
adiwlbs.gslb.sinaedge.com.  30  IN  CNAME   jtpool.grid.sinaedge.com.
jtpool.grid.sinaedge.com.   59  IN  CNAME   d.sinaimg.cn.edgekey.net.
d.sinaimg.cn.edgekey.net.   262 IN  CNAME   e4141.dscb.akamaiedge.net.
e4141.dscb.akamaiedge.net.  19  IN  A   23.209.179.150

2018/05/31 21:37:20 [Info] [1017183813] Proxy|Freedom: opening connection to tcp:111.26.155.246:80

8) 其它相关的配置文件(如 Nginx)和相关日志。 dnsmasq.conf

port=53
no-resolv
no-poll
server=114.114.114.114
listen-address=192.168.1.1,127.0.0.1
dhcp-range=192.168.1.100,192.168.1.199,255.255.255.0,12h
cache-size=131072
log-queries
log-dhcp
log-facility=/var/log/dnsmasq/dnsmasq.log
conf-dir=/etc/dnsmasq.d/,*.conf

/etc/dnsmasq.d/gfwlist.conf

server=/iplocation.net/127.0.0.1#5353
server=/google.com/127.0.0.1#5353
flukaxkx commented 6 years ago

另一个域名的dns查询记录,我删掉了有关其他域名的log。开始的时候很慢。

May 31 23:10:14 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:10:14 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:10:15 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:10:15 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:10:16 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:10:16 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:23 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:23 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:30 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:30 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:31 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:31 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:32 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:32 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:34 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:34 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:36 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:36 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:37 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:37 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:38 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:38 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:38 dnsmasq[5883]: reply www.vpsrb.com is 116.196.67.254
May 31 23:13:43 dnsmasq[5883]: query[A] vpsrb.com from 192.168.1.144
May 31 23:13:43 dnsmasq[5883]: forwarded vpsrb.com to 127.0.0.1
May 31 23:13:44 dnsmasq[5883]: query[A] vpsrb.com from 192.168.1.144
May 31 23:13:44 dnsmasq[5883]: forwarded vpsrb.com to 127.0.0.1
May 31 23:13:44 dnsmasq[5883]: reply vpsrb.com is 116.196.67.254
Dakai commented 6 years ago

你和我开始搞的配置简直一模一样,不过我不在路由上,而是局域网上的一个虚拟机做软路由。DNS解析的问题困扰了我很久,经常在DNS解析这里V2ray就死火了,这样什么网站都看不了,在dnsmasq fowarded的时候看看v2ray的error.log是否有断开的提示,我的v2ray服务端是websocket+tls+web方式,理论上应该不会被墙盯上,可是还是有大量failed to dial websocket的错误提示,后来我感觉这个错误提示对网页浏览没影响,因为很快就重连上了,可是dns查询的时候一旦出现这个错误,浏览器就会收到dns timeout错误,于是彻底翻不了墙。

于是我改成不用v2ray来转发dns查询了,改成用dns-over-https的方式来,项目网站在 http://dns-over-https.com/ 。远端dns服务器使用Cloudflare的服务:https://cloudflare-dns.com/dns-query ,直连不走V2ray通道,分流依然用dnsmasq,目前这个方案运行了两天,没有再出现dns timeout的错误。

flukaxkx commented 6 years ago

这个好啊,可以通过tcp来解析dns了。

flukaxkx commented 6 years ago

我现在换了一种类似的思路了,可以直接在linux盒子上做透明网关,实现路由、分流、upnp等各种功能了。 还是黑名单模式,基本思路是:

  1. 安装v2ray。v2ray的inbound为socks入口,虽然用不上但还是留着吧,不改了;inboundDetour为科学上网(port:8010)和科学dns的入口(port:5353),和上面的设置一样。outboard默认改为科学出口;outboardDetour,为直连出口,其实也用不上了。routing里面的科学网站也不需要了,我加了8.8.8.8和8.8.4.4走proxy,貌似不加是不是也可以。
  2. dnsmasq+ipset。dnsmasq中设置也同上,不向上查询dns,把需要科学上网的网站通过 /etc/dnsmasq.d/scisites.conf 统统转到127.0.0.1#5353去,并记录进ipset scisites记录,其他统统走144.144.144.144解析。
  3. iptables。将匹配ipset scisites记录的ip的tcp和udp流量统统转到127.0.0.1的8010端口,其他的默认。这样就不用建立什么V2RAY链。内外网之间用SNAT联通,如果内网有NAS什么的,可以再写几个DNAT进行端口映射,就和普通路由器中的“虚拟服务器”一样的写法。
  4. 安装miniupnpd,建立upnp。
  5. 现在可以说科学是无国界的了,当然科学家是有国籍的哈。

这样做的好处:

  1. 简单。iptables严重的超出我的智力范围,尤其是mangle表,还是杀了我吧。
  2. 快速一点点。通过dnsmasq+ipset+iptables分流,比原来用v2ray的routing分流感觉上快一点点,毕竟信息走的路径简单了,而且v2ray也可以专心干她最拿手的事。
  3. 稳定,省电。把科学网站名单放进v2ray的config.json,v2ary占用的内存和cpu暴涨,对于没有风扇的盒子来说负担还是太重了。
  4. 减小科学流量,在战略上还是要重视伟大的华尔。
  5. 对于要有大量p2p下载流量的场景,可以保证国外的p2p节点不会走vps流量。

这样做的缺点和注意事项:

  1. 长时间不上的科学网站,首次上的时候解析会比较慢,但是不会有解析错误的问题了,只是会显示解析超时,等几秒刷一次就好了。
  2. 黑名单维护起来比较费事。建议黑名单使用gfwlist2dnsmasq.sh来做,有网友把它加到rc.local里面,每次重启都会更新,我还是选择手动了。建议在/etc/dnsmasq.d目录下再建一个othersites.conf,把自己常用的,没有被墙的,但在墙内上又比较慢的网站加进去,提升上网体验。
  3. 不知道是不是pppoe的缘故,每次启动的时候iptables-persistent都不能restore规则,于是我只好在rc.local里面重新加载一遍(iptables-restore < /etc/iptables/rules.v4)。
  4. ipset记录每次重启都会消失,在rc.local里面重建(ipset -N scisites hash:ip)
  5. 生命在于折腾。折腾完之后才发现自己并没有多少科学上网的需求,当没有什么可折腾的时候非常非常空虚,比如现在。
Dakai commented 6 years ago

真是够复杂的…太厉害了,折腾好了之后的空虚感,hmm…握手!