Closed lepz0r closed 2 months ago
OMG! Yes, I also was about to make the same feature request!
is this like the same request as #32 ?
is this like the same request as #32 ?
I think it's different, #32 allows you to specify DoH's resolver template while this request allows you to completely disable DoH & use system's DNS
so, do you guys locally have your own dns severs ?
should i add an option like --use-system-proxy or what kinda option would it be?
should i add an option like --use-system-proxy or what kinda option would it be?
--use-system-dns would be good for this feature
i meant it either. just mistyped
okay, then let me take a look on it
A simple hack in the meantime. Replace the dns.go
file contents in the doh
folder with this:
package doh
import (
dns "github.com/Focinfi/go-dns-resolver"
"errors"
"regexp"
)
func Init() {
dns.Config.SetTimeout(uint(5))
dns.Config.RetryTimes = uint(2)
}
func Lookup(domain string) (string, error) {
ipRegex := "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
if r, _ := regexp.MatchString(ipRegex, domain); r {
return domain, nil
}
if results, err := dns.Exchange(domain, "127.0.0.1:53", dns.TypeA); err == nil {
if len(results) < 1 {
return "", errors.New(" couldn't resolve the domain")
}
return results[0].Content, nil
} else {
return "", err
}
}
N.B. change '127.0.0.1:53' to point to your local DNS server.
How can I disable DOH and use a local DNS server on port 53?
Please add an option for this. I too use dnscrpyt-proxy with a custom configuration and blocklist/whitelist and I can't get this and it to work together. Something like a --use-system-dns
switch would be great.
Yeah, an option to specify some custom plain text DNS would be much welcome.
But making it support any address:port
for plain text DNS as opposed to system DNS exclusively would be more flexible and thus preferable.
Although system DNS would much be simpler to implement: net.LookupHost("www.youtube.com")
.
BTW, Updated doh/dns.go
like the above, but now it works fine with www.youtube.com
and everything else that returns CNAME and a bunch of ips with it. It also now respects the --dns
argument.
```go // replace ./doh/dns.go with this package doh import ( "errors" "fmt" "net" "regexp" // NOTE: This library has some issues with CNAMEs // repro: // try to resolve `www.youtube.com` with both this and `dog www.youtube.com A` // // go-dns-resolver: first A record is empty string // dog: first A record is actually CNAME youtube-ui.l.google.com. // the rest is the same DNS "github.com/Focinfi/go-dns-resolver" ) var plainDnsAddr string func Init(dns string) { // honor the provided dns, just avoid DoH plainDnsAddr = dns DNS.Config.SetTimeout(uint(5)) DNS.Config.RetryTimes = uint(2) } func Lookup(domain string) (string, error) { ipRegex := "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" if r, _ := regexp.MatchString(ipRegex, domain); r { return domain, nil } if results, err := DNS.Exchange(domain, fmt.Sprintf("%s:53", plainDnsAddr), DNS.TypeA); err == nil { if len(results) < 1 { return "", errors.New(" couldn't resolve the domain") } for _, r := range results { // return first valid ip address if net.ParseIP(r.Content) != nil { return r.Content, nil } } return "", errors.New(" BUG: resolved the domain, but no ip records found (all CNAMEs?)") } else { return "", err } } ```
Wait, what was even wrong with it?
```go package main import ( "fmt" dns "github.com/Focinfi/go-dns-resolver" ) func main() { dns.Config.SetTimeout(uint(2)) dns.Config.RetryTimes = uint(4) if results, err := dns.Exchange("www.youtube.com", "1.1.1.1:53", dns.TypeA); err == nil { for _, r := range results { fmt.Println(r.Record, r.Type, r.Ttl, r.Priority, r.Content) } fmt.Printf("results[0].Content = `%s`\n", results[0].Content) } else { panic(err) } } ``` Results in ``` ❯ go run ./main.go www.youtube.com A 0s 0 www.youtube.com A 0s 0 www.youtube.com A 4m53s 0 74.125.131.198 results[0].Content = `` ``` Notice how first record is an empty string (**proxy would fail to connect to it!**). That's because it's a CNAME! ``` ❯ dog @1.1.1.1 www.youtube.com CNAME www.youtube.com. 5m00s "youtube-ui.l.google.com." CNAME youtube-ui.l.google.com. 5m00s "wide-youtube.l.google.com." A wide-youtube.l.google.com. 5m00s 142.251.1.198 ``` Why is it in A records is a question for github.com/Focinfi/go-dns-resolver.
With the updated code instead of using the first element which is presumed (incorrectly) to be a valid A record we look for first valid ip instead and return that.
As a side note:
Holy shit the dependencies of this repo are so outdated.
Okay guys I got some time to maintain this repository now.
I think i should two options that is like
--dns-addr
--dns-port
Would these two options meet you guys' requirements?
And thanks to @MahouShoujoMivutilde, i will take a look at the issue that you talked about and I'll upgrade the dependencies :)
Closed as completed
Thank you!
For users that already use encrypted DNS resolver like dnscrypt-proxy & stubby