V2ray-core: 使用“dokodemo-door”解析DNS时遇到的问题
1) 你正在使用哪个版本的 V2Ray?
3.23
2) 你的使用场景是什么?
在路由器上做透明代理,目前只用iptables代理了tcp,udp部分还没弄明白。
同时用dnsmasq配合做dns查询与缓存。
采用黑名单模式,只有黑名单中的网站用 8.8.8.8解析,并走代理,
默认是 freedom模式,用114.114.114.114解析,并直接访问。
3) 你看到的不正常的现象是什么?
iplocation.net在黑名单中,长时间不访问后的第一次访问,显示的是本机的真实ip,
此后刷新才会显示vps的ip。
类似的,一些黑名单中的网站,第一次访问都会出现解析不到dns的问题,
等一下再刷新就好了。
4) 你期待看到的正确表现是怎样的?
我想请教的问题是:
1,上述问题出在何处,如何能够更正。
2,在iptables不设置udp转发的情况下,按照我的客户端配置,把gfwlist中的网站直接用8.8.8.8解析和用127.0.0.1#5353解析有什么区别(如下述的两行设置),
server=/iplocation.net/8.8.8.8#53 //将dns请求通过rules代理至8.8.8.8
server=/iplocation.net/127.0.0.1#5353 //将dns请求转制dokodemo-door,再转至8.8.8.8
会不会有一种配置导致解析过程没有通过v2ray而导致结果被污染。
5) 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。
* 客户端配置:*
"inbound": {
"port": 1080,
"listen": "0.0.0.0",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1",
"clients": null
},
"streamSettings": null
},
"inboundDetour": [
{
"domainOverride": ["tls","http"],
"port": 8010,
"network": "tcp,udp",
"protocol": "dokodemo-door",
"settings": {
"followRedirect": true
}
},
{
"protocol": "dokodemo-door",
"port": 5353,
"listen": "127.0.0.1",
"settings": {
"address": "8.8.8.8",
"port": 53,
"network": "udp",
"timeout": 0
}
},
{
"protocol": "dokodemo-door",
"port": 53535,
"listen": "127.0.0.1",
"settings": {
"address": "114.114.114.114",
"port": 53,
"network": "udp",
"timeout": 0
}
}
],
"outbound":
{
"protocol": "freedom",
"settings": {
"response": null
},
"tag": "direct"
},
"outboundDetour": [
{
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
},
"tag": "blockout"
},
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "*",
"port": 443,
"users": [
{
"id": "*",
"alterId": 64,
"security": "aes-128-cfb"
}
]
}
],
"servers": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tcpSettings": null,
"kcpSettings": null,
"tlsSettings":{
"serverName":"*",
"allowInsecure":true
},
"wsSettings": {
"connectionReuse": true,
"path": "*",
"headers": null
}
},
"mux": {
"enabled": false
}
}
],
"dns": {
"servers": [
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"strategy": "rules",
"settings": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type":"field",
"outboundTag":"proxy",
"ip": [
"8.8.8.8/32",
"8.8.4.4/32"
]
},
{
"type": "field",
"outboundTag": "proxy",
"domain": [
"iplocation.net",
"GFWlist"
]
},
{
"type": "field",
"port": null,
"outboundTag": "direct",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null
}
]
}
}
}
6) 请附上出错时软件输出的错误日志。
2018/05/31 21:37:18 [Info] [3927517055] App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > Proxy|Dokodemo: failed to transport request > read tcp 192.168.1.1:1082->192.168.1.144:51696: read: connection reset by peer
2018/05/31 21:37:18 [Info] [3927517055] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:18 [Debug] [4207643963] Proxy|Dokodemo: processing connection from: 192.168.1.144:51699
2018/05/31 21:37:18 [Debug] [3333923665] Proxy|Dokodemo: processing connection from: 192.168.1.144:51700
2018/05/31 21:37:18 [Info] [3333923665] App|Dispatcher: sniffed domain: ade.googlesyndication.com
2018/05/31 21:37:18 [Info] App|Router: looking for IP for domain: ade.googlesyndication.com
2018/05/31 21:37:18 [Info] [3333923665] App|Dispatcher: default route for tcp:ade.googlesyndication.com:443
2018/05/31 21:37:18 [Info] [3333923665] Proxy|Freedom: opening connection to tcp:ade.googlesyndication.com:443
2018/05/31 21:37:18 [Info] [3333923665] Transport|Internet|TCP: dialing TCP to tcp:ade.googlesyndication.com:443
2018/05/31 21:37:18 [Info] [4207945041] App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > context canceled
2018/05/31 21:37:18 [Info] [4207945041] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > context canceled
2018/05/31 21:37:18 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:18 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:18 [Info] [1863648632] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:18 [Info] [2139671153] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:18 [Info] [4051297100] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > Proxy|Freedom: failed to process response > read tcp 192.168.8.54:60948->204.2.250.100:443: read: connection reset by peer
2018/05/31 21:37:18 [Info] [4051297100] App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > Proxy|Dokodemo: failed to transport response > io: read/write on closed pipe
2018/05/31 21:37:18 [Debug] [452050103] Proxy|Dokodemo: processing connection from: 192.168.1.144:51701
2018/05/31 21:37:18 [Info] [452050103] App|Dispatcher: sniffed domain: www.iplocation.net
2018/05/31 21:37:18 [Debug] [1517751999] Proxy|Dokodemo: processing connection from: 192.168.1.121:63995
2018/05/31 21:37:18 [Info] [452050103] App|Dispatcher: taking detour [proxy] for [tcp:www.iplocation.net:443]
2018/05/31 21:37:18 [Info] [452050103] Transport|Internet|WebSocket: creating connection to tcp:myproxy.com:443
2018/05/31 21:37:18 [Info] [1517751999] App|Dispatcher: sniffed domain: cm.masky.biddingx.com
2018/05/31 21:37:18 [Info] App|Router: looking for IP for domain: cm.masky.biddingx.com
2018/05/31 21:37:18 [Debug] App|DNS: add pending request id 3452
2018/05/31 21:37:18 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:18 [Info] [2223422540] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] [2289898689] Proxy|Dokodemo: processing connection from: 192.168.1.148:52188
2018/05/31 21:37:19 [Info] [4219196627] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] [477721402] Proxy|Dokodemo: processing connection from: 192.168.1.121:63996
2018/05/31 21:37:19 [Info] [582252765] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.8.8:53 via tcp:myproxy.com:443
2018/05/31 21:37:19 [Info] [3014295111] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Info] [477721402] App|Dispatcher: sniffed domain: api.weibo.com
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: api.weibo.com
2018/05/31 21:37:19 [Debug] App|DNS: add pending request id 40653
2018/05/31 21:37:19 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:19 [Info] [131777625] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] [3636982717] Proxy|Dokodemo: processing connection from: 192.168.1.121:63998
2018/05/31 21:37:19 [Debug] [3127253849] Proxy|Dokodemo: processing connection from: 192.168.1.121:63997
2018/05/31 21:37:19 [Info] [3127253849] App|Dispatcher: sniffed domain: saxn.sina.com.cn
2018/05/31 21:37:19 [Debug] [840052394] Proxy|Dokodemo: processing connection from: 192.168.1.121:63999
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: saxn.sina.com.cn
2018/05/31 21:37:19 [Info] [3127253849] App|Dispatcher: default route for tcp:saxn.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3127253849] Proxy|Freedom: opening connection to tcp:saxn.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3127253849] Transport|Internet|TCP: dialing TCP to tcp:saxn.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3636982717] App|Dispatcher: sniffed domain: sax.sina.com.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: sax.sina.com.cn
2018/05/31 21:37:19 [Info] [3636982717] App|Dispatcher: default route for tcp:sax.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3636982717] Proxy|Freedom: opening connection to tcp:sax.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3636982717] Transport|Internet|TCP: dialing TCP to tcp:sax.sina.com.cn:80
2018/05/31 21:37:19 [Info] [840052394] App|Dispatcher: sniffed domain: d6.sinaimg.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: d6.sinaimg.cn
2018/05/31 21:37:19 [Info] [840052394] App|Dispatcher: default route for tcp:d6.sinaimg.cn:80
2018/05/31 21:37:19 [Info] [840052394] Proxy|Freedom: opening connection to tcp:d6.sinaimg.cn:80
2018/05/31 21:37:19 [Info] [840052394] Transport|Internet|TCP: dialing TCP to tcp:d6.sinaimg.cn:80
2018/05/31 21:37:19 [Debug] [3390072693] Proxy|Dokodemo: processing connection from: 127.0.0.1:39362
2018/05/31 21:37:19 [Info] [3390072693] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3390072693] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Debug] [2347590359] Proxy|Dokodemo: processing connection from: 127.0.0.1:39308
2018/05/31 21:37:19 [Info] [2347590359] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [2347590359] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3636982717] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 49378 content: ;; opcode: QUERY, status: NOERROR, id: 49378
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;current.sina.com.cn. IN A
;; ANSWER SECTION:
current.sina.com.cn. 26 IN CNAME w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn. 26 IN A 123.125.29.138
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 41985 content: ;; opcode: QUERY, status: NOERROR, id: 41985
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;current.sina.com.cn. IN A
;; ANSWER SECTION:
current.sina.com.cn. 26 IN CNAME w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn. 26 IN A 123.125.29.138
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 49378 content: ;; opcode: QUERY, status: NOERROR, id: 49378
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;current.sina.com.cn. IN A
;; ANSWER SECTION:
current.sina.com.cn. 26 IN CNAME w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn. 26 IN A 123.125.29.138
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 41985 content: ;; opcode: QUERY, status: NOERROR, id: 41985
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;current.sina.com.cn. IN A
;; ANSWER SECTION:
current.sina.com.cn. 26 IN CNAME w3b.dpool.sina.com.cn.
w3b.dpool.sina.com.cn. 26 IN A 123.125.29.138
2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain current.sina.com.cn.
2018/05/31 21:37:19 [Info] [2179628403] App|Dispatcher: default route for tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2179628403] Proxy|Freedom: opening connection to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2179628403] Transport|Internet|TCP: dialing TCP to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain current.sina.com.cn.
2018/05/31 21:37:19 [Info] [2728311107] App|Dispatcher: default route for tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2728311107] Proxy|Freedom: opening connection to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Info] [2728311107] Transport|Internet|TCP: dialing TCP to tcp:current.sina.com.cn:443
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 10195 content: ;; opcode: QUERY, status: NOERROR, id: 10195
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;hq.sinajs.cn. IN A
;; ANSWER SECTION:
hq.sinajs.cn. 31 IN CNAME idc-hq-hk.sinajs.cn.
idc-hq-hk.sinajs.cn. 44 IN A 203.90.242.126
2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain hq.sinajs.cn.
2018/05/31 21:37:19 [Info] [361377501] App|Dispatcher: default route for tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [361377501] Proxy|Freedom: opening connection to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [361377501] Transport|Internet|TCP: dialing TCP to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 40653 content: ;; opcode: QUERY, status: NOERROR, id: 40653
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;api.weibo.com. IN A
;; ANSWER SECTION:
api.weibo.com. 57 IN A 180.149.135.230
2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain api.weibo.com.
2018/05/31 21:37:19 [Info] [477721402] App|Dispatcher: default route for tcp:api.weibo.com:443
2018/05/31 21:37:19 [Info] [477721402] Proxy|Freedom: opening connection to tcp:api.weibo.com:443
2018/05/31 21:37:19 [Info] [477721402] Transport|Internet|TCP: dialing TCP to tcp:api.weibo.com:443
2018/05/31 21:37:19 [Debug] [3265333965] Proxy|Dokodemo: processing connection from: 127.0.0.1:63987
2018/05/31 21:37:19 [Info] [3265333965] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3265333965] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Debug] [3530362242] Proxy|Dokodemo: processing connection from: 192.168.1.148:52189
2018/05/31 21:37:19 [Info] [3530362242] App|Dispatcher: sniffed domain: q.rising.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: q.rising.cn
2018/05/31 21:37:19 [Info] [3530362242] App|Dispatcher: default route for tcp:q.rising.cn:80
2018/05/31 21:37:19 [Info] [3530362242] Proxy|Freedom: opening connection to tcp:q.rising.cn:80
2018/05/31 21:37:19 [Info] [3530362242] Transport|Internet|TCP: dialing TCP to tcp:q.rising.cn:80
2018/05/31 21:37:19 [Info] [2289898689] App|Dispatcher: default route for tcp:111.13.100.91:80
2018/05/31 21:37:19 [Info] [2289898689] Proxy|Freedom: opening connection to tcp:111.13.100.91:80
2018/05/31 21:37:19 [Info] [2289898689] Transport|Internet|TCP: dialing TCP to tcp:111.13.100.91:80
2018/05/31 21:37:19 [Debug] [926618329] Proxy|Dokodemo: processing connection from: 192.168.1.121:64000
2018/05/31 21:37:19 [Info] [926618329] App|Dispatcher: sniffed domain: hq.sinajs.cn
2018/05/31 21:37:19 [Info] App|Router: looking for IP for domain: hq.sinajs.cn
2018/05/31 21:37:19 [Info] [926618329] App|Dispatcher: default route for tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [926618329] Proxy|Freedom: opening connection to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Info] [926618329] Transport|Internet|TCP: dialing TCP to tcp:hq.sinajs.cn:80
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 3452 content: ;; opcode: QUERY, status: NOERROR, id: 3452
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cm.masky.biddingx.com. IN A
;; ANSWER SECTION:
cm.masky.biddingx.com. 599 IN CNAME hkbj.biddingx.com.
hkbj.biddingx.com. 9 IN A 112.73.28.70
hkbj.biddingx.com. 9 IN A 112.73.28.69
2018/05/31 21:37:19 [Info] [452050103] Proxy|VMess|Outbound: tunneling request to tcp:www.iplocation.net:443 via tcp:myproxy.com:443
2018/05/31 21:37:19 [Debug] App|DNS: returning 2 IPs for domain cm.masky.biddingx.com.
2018/05/31 21:37:19 [Info] [1517751999] App|Dispatcher: default route for tcp:cm.masky.biddingx.com:80
2018/05/31 21:37:19 [Info] [1517751999] Proxy|Freedom: opening connection to tcp:cm.masky.biddingx.com:80
2018/05/31 21:37:19 [Info] [1517751999] Transport|Internet|TCP: dialing TCP to tcp:cm.masky.biddingx.com:80
2018/05/31 21:37:19 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 30450 content: ;; opcode: QUERY, status: NOERROR, id: 30450
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;d6.sina.com.cn. IN A
;; ANSWER SECTION:
d6.sina.com.cn. 59 IN CNAME ad4.sina.com.cn.
ad4.sina.com.cn. 59 IN CNAME i3.sina.com.cn.
i3.sina.com.cn. 59 IN CNAME adiwlbs.gslb.sinaedge.com.
adiwlbs.gslb.sinaedge.com. 31 IN CNAME jtpool.grid.sinaedge.com.
jtpool.grid.sinaedge.com. 33 IN CNAME d.sinaimg.cn.edgekey.net.
d.sinaimg.cn.edgekey.net. 253 IN CNAME e4141.dscb.akamaiedge.net.
e4141.dscb.akamaiedge.net. 19 IN A 23.209.179.150
2018/05/31 21:37:19 [Debug] App|DNS: returning 1 IPs for domain d6.sina.com.cn.
2018/05/31 21:37:19 [Info] [3783014700] App|Dispatcher: default route for tcp:d6.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3783014700] Proxy|Freedom: opening connection to tcp:d6.sina.com.cn:80
2018/05/31 21:37:19 [Info] [3783014700] Transport|Internet|TCP: dialing TCP to tcp:d6.sina.com.cn:80
2018/05/31 21:37:19 [Debug] [1427369034] Proxy|Dokodemo: processing connection from: 127.0.0.1:19303
2018/05/31 21:37:19 [Info] [1427369034] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [1427369034] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Debug] [3707287667] Proxy|Dokodemo: processing connection from: 127.0.0.1:1722
2018/05/31 21:37:19 [Info] [3707287667] App|Dispatcher: default route for udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [3707287667] Proxy|Freedom: opening connection to udp:114.114.114.114:53
2018/05/31 21:37:19 [Info] [4207643963] App|Dispatcher: default route for tcp:172.217.4.130:443
2018/05/31 21:37:19 [Info] [4207643963] Proxy|Freedom: opening connection to tcp:172.217.4.130:443
2018/05/31 21:37:19 [Info] [4207643963] Transport|Internet|TCP: dialing TCP to tcp:172.217.4.130:443
2018/05/31 21:37:19 [Debug] App|DNS: handling response for id 30450 content: ;; opcode: QUERY, status: NOERROR, id: 30450
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;d6.sina.com.cn. IN A
;; ANSWER SECTION:
d6.sina.com.cn. 59 IN CNAME ad4.sina.com.cn.
ad4.sina.com.cn. 59 IN CNAME i3.sina.com.cn.
i3.sina.com.cn. 59 IN CNAME adiwlbs.gslb.sinaedge.com.
adiwlbs.gslb.sinaedge.com. 30 IN CNAME jtpool.grid.sinaedge.com.
jtpool.grid.sinaedge.com. 59 IN CNAME d.sinaimg.cn.edgekey.net.
d.sinaimg.cn.edgekey.net. 262 IN CNAME e4141.dscb.akamaiedge.net.
e4141.dscb.akamaiedge.net. 19 IN A 23.209.179.150
2018/05/31 21:37:20 [Info] [1017183813] Proxy|Freedom: opening connection to tcp:111.26.155.246:80
8) 其它相关的配置文件(如 Nginx)和相关日志。
dnsmasq.conf
port=53
no-resolv
no-poll
server=114.114.114.114
listen-address=192.168.1.1,127.0.0.1
dhcp-range=192.168.1.100,192.168.1.199,255.255.255.0,12h
cache-size=131072
log-queries
log-dhcp
log-facility=/var/log/dnsmasq/dnsmasq.log
conf-dir=/etc/dnsmasq.d/,*.conf
/etc/dnsmasq.d/gfwlist.conf
server=/iplocation.net/127.0.0.1#5353
server=/google.com/127.0.0.1#5353
flukaxkx
All 5 comments
另一个域名的dns查询记录,我删掉了有关其他域名的log。开始的时候很慢。
May 31 23:10:14 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:10:14 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:10:15 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:10:15 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:10:16 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:10:16 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:23 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:23 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:30 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:30 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:31 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:31 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:32 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:32 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:34 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:34 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:36 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:36 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:37 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:37 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:38 dnsmasq[5883]: query[A] www.vpsrb.com from 192.168.1.144
May 31 23:13:38 dnsmasq[5883]: forwarded www.vpsrb.com to 127.0.0.1
May 31 23:13:38 dnsmasq[5883]: reply www.vpsrb.com is 116.196.67.254
May 31 23:13:43 dnsmasq[5883]: query[A] vpsrb.com from 192.168.1.144
May 31 23:13:43 dnsmasq[5883]: forwarded vpsrb.com to 127.0.0.1
May 31 23:13:44 dnsmasq[5883]: query[A] vpsrb.com from 192.168.1.144
May 31 23:13:44 dnsmasq[5883]: forwarded vpsrb.com to 127.0.0.1
May 31 23:13:44 dnsmasq[5883]: reply vpsrb.com is 116.196.67.254
你和我开始搞的配置简直一模一样,不过我不在路由上,而是局域网上的一个虚拟机做软路由。DNS解析的问题困扰了我很久,经常在DNS解析这里V2ray就死火了,这样什么网站都看不了,在dnsmasq fowarded的时候看看v2ray的error.log是否有断开的提示,我的v2ray服务端是websocket+tls+web方式,理论上应该不会被墙盯上,可是还是有大量failed to dial websocket的错误提示,后来我感觉这个错误提示对网页浏览没影响,因为很快就重连上了,可是dns查询的时候一旦出现这个错误,浏览器就会收到dns timeout错误,于是彻底翻不了墙。
于是我改成不用v2ray来转发dns查询了,改成用dns-over-https的方式来,项目网站在 http://dns-over-https.com/ 。远端dns服务器使用Cloudflare的服务:https://cloudflare-dns.com/dns-query ,直连不走V2ray通道,分流依然用dnsmasq,目前这个方案运行了两天,没有再出现dns timeout的错误。
Dakai
on 6 Jun 2018
这个好啊,可以通过tcp来解析dns了。
flukaxkx
on 7 Jun 2018
我现在换了一种类似的思路了,可以直接在linux盒子上做透明网关,实现路由、分流、upnp等各种功能了。
还是黑名单模式,基本思路是:
- 安装v2ray。v2ray的inbound为socks入口,虽然用不上但还是留着吧,不改了;inboundDetour为科学上网(port:8010)和科学dns的入口(port:5353),和上面的设置一样。outboard默认改为科学出口;outboardDetour,为直连出口,其实也用不上了。routing里面的科学网站也不需要了,我加了8.8.8.8和8.8.4.4走proxy,貌似不加是不是也可以。
- dnsmasq+ipset。dnsmasq中设置也同上,不向上查询dns,把需要科学上网的网站通过 /etc/dnsmasq.d/scisites.conf 统统转到127.0.0.1#5353去,并记录进ipset scisites记录,其他统统走144.144.144.144解析。
- iptables。将匹配ipset scisites记录的ip的tcp和udp流量统统转到127.0.0.1的8010端口,其他的默认。这样就不用建立什么V2RAY链。内外网之间用SNAT联通,如果内网有NAS什么的,可以再写几个DNAT进行端口映射,就和普通路由器中的“虚拟服务器”一样的写法。
- 安装miniupnpd,建立upnp。
- 现在可以说科学是无国界的了,当然科学家是有国籍的哈。
这样做的好处:
- 简单。iptables严重的超出我的智力范围,尤其是mangle表,还是杀了我吧。
- 快速一点点。通过dnsmasq+ipset+iptables分流,比原来用v2ray的routing分流感觉上快一点点,毕竟信息走的路径简单了,而且v2ray也可以专心干她最拿手的事。
- 稳定,省电。把科学网站名单放进v2ray的config.json,v2ary占用的内存和cpu暴涨,对于没有风扇的盒子来说负担还是太重了。
- 减小科学流量,在战略上还是要重视伟大的华尔。
- 对于要有大量p2p下载流量的场景,可以保证国外的p2p节点不会走vps流量。
这样做的缺点和注意事项:
- 长时间不上的科学网站,首次上的时候解析会比较慢,但是不会有解析错误的问题了,只是会显示解析超时,等几秒刷一次就好了。
- 黑名单维护起来比较费事。建议黑名单使用gfwlist2dnsmasq.sh来做,有网友把它加到rc.local里面,每次重启都会更新,我还是选择手动了。建议在/etc/dnsmasq.d目录下再建一个othersites.conf,把自己常用的,没有被墙的,但在墙内上又比较慢的网站加进去,提升上网体验。
- 不知道是不是pppoe的缘故,每次启动的时候iptables-persistent都不能restore规则,于是我只好在rc.local里面重新加载一遍(iptables-restore < /etc/iptables/rules.v4)。
- ipset记录每次重启都会消失,在rc.local里面重建(ipset -N scisites hash:ip)
- 生命在于折腾。折腾完之后才发现自己并没有多少科学上网的需求,当没有什么可折腾的时候非常非常空虚,比如现在。
flukaxkx
on 7 Jun 2018
👍2
👎1
真是够复杂的…太厉害了,折腾好了之后的空虚感,hmm…握手!
Dakai
on 7 Jun 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
qnxsgwy
·
3Comments
sunsan05
·
3Comments
vonhezhou
·
4Comments
gzzchh
·
3Comments
TheWanderingCoel
·
3Comments
Most helpful comment
我现在换了一种类似的思路了,可以直接在linux盒子上做透明网关,实现路由、分流、upnp等各种功能了。
还是黑名单模式,基本思路是:
这样做的好处:
这样做的缺点和注意事项: