search

zfl9 / chinadns-ng

chinadns 重构增强版,支持域名分流、ipset/nftset、UDP/TCP/DoT
GNU Affero General Public License v3.0
1.14k stars 188 forks source link

请教:是否支持单纯的dns转发 #185

Closed lwb1978 closed 4 months ago

lwb1978 commented 4 months ago

如果不需要域名分流等功能的话,是否可以类似dns2tcp这样只设置bind-addr、bind-port、china-dns这几个参数,直接将本地的dns udp请求转发到上游的tcp或dot上?谢谢。

zfl9 commented 4 months ago

当然可以,例如这个参数,将启动一个类似 dns2tcp 的转发器 (监听 udp dns,转发至 tcp dns):

chinadns-ng -b 127.0.0.1 -l 5454@udp -c 'tcp://127.0.0.1#5656' -d chn udp -> tcp chinadns-ng -b 127.0.0.1 -l 5454@udp -c tls://223.5.5.5 -d chn udp -> DoT chinadns-ng -b 127.0.0.1 -l 5454 -c tls://1.1.1.1 -d chn tcp/udp -> DoT

精髓就在于 -d chn,由于未指定任何域名列表,然后又默认 chn 组,因此等于“全部走 chn 组”,即 -c 指定的上游

lwb1978 commented 4 months ago

当然可以,例如这个参数,将启动一个类似 dns2tcp 的转发器 (监听 udp dns,转发至 tcp dns):

chinadns-ng -b 127.0.0.1 -l 5454@udp -c 'tcp://127.0.0.1#5656' -d chn udp -> tcp chinadns-ng -b 127.0.0.1 -l 5454@udp -c tls://223.5.5.5 -d chn udp -> DoT chinadns-ng -b 127.0.0.1 -l 5454 -c tls://1.1.1.1 -d chn tcp/udp -> DoT

精髓就在于 -d chn,由于未指定任何域名列表,然后又默认 chn 组,因此等于“全部走 chn 组”,即 -c 指定的上游

非常感谢老大的回复。

lwb1978 commented 3 months ago

@zfl9 我在openwrt中测试用chinadns-ng -b 127.0.0.1 -l 5454@udp -c 'tcp://223.5.5.5' -d chn这样测试,发现每次启动进程后大概30秒左右5454端口可以解析域名,过后就无法解析了,排除5454端口冲突。 chinadns-ng为0721 chinadns-ng+wolfssl@x86_64-linux-musl@x86_64@fast+lto

zfl9 commented 3 months ago

被 223.5.5.5 限流了?同时期使用 dig @223.5.5.5 +tcp 测试看是否正常,如果也不正常,说明与 chinadns-ng 无关。

lwb1978 commented 3 months ago

dig qq.com @223.5.5.5 +tcp 是通的,而 dig qq.com @127.0.0.1 -p 5454就超时

;; communications error to 127.0.0.1#5454: timed out ;; communications error to 127.0.0.1#5454: timed out ;; communications error to 127.0.0.1#5454: timed out ; <<>> DiG 9.18.27 <<>> qq.com @127.0.0.1 -p 5454 ;; global options: +cmd ;; no servers could be reached

zfl9 commented 3 months ago

verbose 日志发一下。

lwb1978 commented 3 months ago

观察了一个上午,感觉像是处理大量dns访问时出现的,我运行: chinadns-ng -b 127.0.0.1 -l 55353 -c tls://dot.pub@1.12.12.12 -d chn -v 将路由器的dns端口重定向到55353,开始运行时少量dns请求可以正常返回,当量大的时候就出现了问题。下面的出错的时候的两段日志片段:

2024-08-06 11:57:37 I [Upstream.zig:946 Group.send] forward query(qid:2670, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 11:57:37 I [server.zig:309 QueryLog.query] query(id:3552, tag:chn, qtype:1, 'broker.mina.mi.com') from 127.0.0.1#48724
2024-08-06 11:57:37 I [server.zig:383 QueryLog.forward] forward query(qid:2671, from:udp, 'broker.mina.mi.com') to china group
2024-08-06 11:57:37 I [Upstream.zig:946 Group.send] forward query(qid:2671, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 11:57:37 I [server.zig:309 QueryLog.query] query(id:3553, tag:chn, qtype:1, 'www.mi.com') from 127.0.0.1#48724
2024-08-06 11:57:37 I [server.zig:383 QueryLog.forward] forward query(qid:2672, from:udp, 'www.mi.com') to china group
2024-08-06 11:57:37 I [Upstream.zig:946 Group.send] forward query(qid:2672, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2640, id:3521, tag:chn) from udp://127.0.0.1#48724 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2641, id:3522, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2642, id:3523, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2643, id:3524, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2644, id:3525, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2645, id:3526, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2646, id:3527, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2647, id:3528, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2648, id:3529, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2649, id:3530, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2650, id:3531, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2651, id:3532, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2652, id:3533, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2653, id:3534, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2654, id:3535, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2655, id:3536, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2656, id:3537, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2657, id:3538, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2658, id:3539, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 12:22:43 I [server.zig:598 ReplyLog.reply] reply(qid:905, tag:(null), qtype:1, 'www.visa.com.sg') from tls://dot.pub@1.12.12.12 [ignore]
2024-08-06 12:23:06 I [server.zig:309 QueryLog.query] query(id:46626, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#37639
2024-08-06 12:23:06 I [server.zig:383 QueryLog.forward] forward query(qid:1035, from:udp, 'qq.com') to china group
2024-08-06 12:23:06 I [Upstream.zig:946 Group.send] forward query(qid:1035, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:11 W [server.zig:891 on_timeout] query(qid:1035, id:46626, tag:chn) from udp://127.0.0.1#37639 [timeout]
2024-08-06 12:23:11 I [server.zig:309 QueryLog.query] query(id:46626, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#36016
2024-08-06 12:23:11 I [server.zig:383 QueryLog.forward] forward query(qid:1036, from:udp, 'qq.com') to china group
2024-08-06 12:23:11 I [Upstream.zig:946 Group.send] forward query(qid:1036, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:16 W [server.zig:891 on_timeout] query(qid:1036, id:46626, tag:chn) from udp://127.0.0.1#36016 [timeout]
2024-08-06 12:23:16 I [server.zig:309 QueryLog.query] query(id:46626, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#60586
2024-08-06 12:23:16 I [server.zig:383 QueryLog.forward] forward query(qid:1037, from:udp, 'qq.com') to china group
2024-08-06 12:23:16 I [Upstream.zig:946 Group.send] forward query(qid:1037, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:21 W [server.zig:891 on_timeout] query(qid:1037, id:46626, tag:chn) from udp://127.0.0.1#60586 [timeout]
2024-08-06 12:23:24 I [server.zig:309 QueryLog.query] query(id:55916, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#35975
2024-08-06 12:23:24 I [server.zig:383 QueryLog.forward] forward query(qid:1038, from:udp, 'qq.com') to china group
2024-08-06 12:23:24 I [Upstream.zig:946 Group.send] forward query(qid:1038, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:29 W [server.zig:891 on_timeout] query(qid:1038, id:55916, tag:chn) from udp://127.0.0.1#35975 [timeout]
2024-08-06 12:23:29 I [server.zig:309 QueryLog.query] query(id:55916, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#36221
2024-08-06 12:23:29 I [server.zig:383 QueryLog.forward] forward query(qid:1039, from:udp, 'qq.com') to china group
2024-08-06 12:23:29 I [Upstream.zig:946 Group.send] forward query(qid:1039, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:34 W [server.zig:891 on_timeout] query(qid:1039, id:55916, tag:chn) from udp://127.0.0.1#36221 [timeout]
2024-08-06 12:23:34 I [server.zig:309 QueryLog.query] query(id:55916, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#39795
2024-08-06 12:23:34 I [server.zig:383 QueryLog.forward] forward query(qid:1040, from:udp, 'qq.com') to china group
2024-08-06 12:23:34 I [Upstream.zig:946 Group.send] forward query(qid:1040, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:39 W [server.zig:891 on_timeout] query(qid:1040, id:55916, tag:chn) from udp://127.0.0.1#39795 [timeout]
2024-08-06 12:23:43 I [Upstream.zig:592 TCP.do_connect] tls://dot.pub@1.12.12.12 | TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | full
2024-08-06 12:23:43 I [server.zig:598 ReplyLog.reply] reply(qid:1039, tag:(null), qtype:1, 'qq.com') from tls://dot.pub@1.12.12.12 [ignore]
2024-08-06 12:23:43 I [server.zig:598 ReplyLog.reply] reply(qid:1035, tag:(null), qtype:1, 'qq.com') from tls://dot.pub@1.12.12.12 [ignore]
zfl9 commented 3 months ago

手动编译一个 no-lto 的版本试试

zig build -Dlto=false -Dwolfssl -Dtarget=x86_64-linux-musl -Dcpu=x86_64

另外,换其他tls上游是否正常,或者同时使用两个上游:

-c tls://223.5.5.5 -c tls://1.12.12.12

也许和 pipeline 查询有关(在单个 tcp/tls 连接中执行多个查询),因为你这个看起来像是 tcp/tls 连接被限速了。也许应该给单个 tcp/tls 连接设置一个限额,比如设置为 10,表示单个连接最多服务 10 次 dns 查询,超过这个限额,就关闭此连接,下次有新的 dns 查询时,再与服务器建立一个新的连接。如果限额为 1,则行为类似 dns2tcp,每个查询都与服务器建立单独的 tcp/tls 连接。

lwb1978 commented 3 months ago

感谢,经过测试,确实受到了dns限速,我改用运营商的dns和字节的dns后可以正常查询。

zfl9 commented 3 months ago

来 #189 这里讨论吧。