gangzhuo / cleandns Goto Github PK

Non-polluting DNS. Forward DNS requests with ECS (edns-client-subnet) support.

License: GNU General Public License v3.0

Makefile 1.00% C 97.46% Shell 0.94% Batchfile 0.60%

cleandns's Introduction

CleanDNS

CleanDNS 用于在本地提供一个无污染的 DNS 服务，她通过 socks5 代理来转发 DNS 请求。CleanDNS 还支持 ECS, 这对需先获取 IP 然后根据 IP 选择是否需要通过代理访问的情况下非常有用，例如，与 http-proxy 结合使用。

参考使用说明。

Non-polluting DNS. Forward DNS requests with ECS (edns-client-subnet) support.

已知问题

c-ares 默认的缓存大小为 512 字节，他首先使用 UDP 查询，当返回的结果超过 512 字节时，c-ares 会使用 TCP 协议再次查询一次， CleanDNS 不支持 TCP 查询，因此会导致 c-ares 无法获取到查询结果。(可以尝试使用 https://github.com/GangZhuo/dohclient 替代 CleanDNS)

Appveyor

Travis CI

Install

Linux

git clone https://github.com/GangZhuo/CleanDNS.git

cd CleanDNS

make clean

make

OpenWRT

cd OpenWrt-SDK-***

git clone https://github.com/GangZhuo/CleanDNS.git package/CleanDNS

# Select Network/CleanDNS
make menuconfig

# Output file should be at OpenWrt-SDK-***/bin/packages/<arch>/base/CleanDNS-*.ipk
make V=99 package/CleanDNS/openwrt/{clean,compile}

# Install on OpenWrt
opkg install CleanDNS_*.ipk

# Edit your config file '/etc/config/cleandns', then restart '/etc/init.d/cleandns restart'.
vim /etc/config/cleandns

# Start|Stop|Restart|Enable|Disable
/etc/init.d/cleandns [start|stop|restart|enable|disable]

Android (Termux)

git clone https://github.com/GangZhuo/CleanDNS.git

cd CleanDNS

make clean

make LDFLAGS=-llog

Windows

1) Download source code from https://github.com/GangZhuo/CleanDNS.

2) Open CleanDNS/windows/cleandns.sln with visual studio 2019, build project.

3) Copy build result (cleandns.exe) with CleanDNS/windows/install_service.bat,
   CleanDNS/windows/uninstall_service.bat and chnroute.txt to target directory
   (e.g. D:\CleanDNS\).

4) Right click D:\CleanDNS\install_service.bat, and click Run as administrator
   to install CleanDNS as service.

5) Edit your config file D:\CleanDNS\cleandns.config， which should be generate
   automatic after installed service.

6) Press WIN+R, type 'services.msc', and press <Enter>， Start/Restart CleanDNS on right panel.

7) Right click D:\CleanDNS\uninstall_service.bat, and click Run as administrator to uninstall.

Usage

$>cleandns.exe -h

CleanDNS 0.4.2

Usage:

cleandns [-c CHNROUTE_FILE] [-l CHINA_IP] [-f FOREIGN_IP]
         [-b BIND_ADDR] [-p BIND_PORT] [-s DNS] [-t TIMEOUT] [-m]
         [--config=CONFIG_PATH] [--daemon] [--pid=PID_FILE_PATH]
         [--log=LOG_FILE_PATH] [--log-level=LOG_LEVEL]
         [--proxy=PROXY_URL] [-v] [-V] [-h]

Forward DNS requests with ECS (edns-client-subnet) support.

Options:

  -l CHINA_IP           China ip address, e.g. 114.114.114.114/24.
                        Use comma to separate IPv4 and IPv6,
                        e.g. 114.114.114.114/24,2405:2d80::/32.
  -f FOREIGN_IP         Foreign ip address, e.g. 8.8.8.8/24.
                        Use comma to separate IPv4 and IPv6,
                        e.g. 8.8.8.8/24,2001:df2:8300::/48.
  -c CHNROUTE_FILE      Path to china route file, default: chnroute.txt.
                        Use comma to separate multi files, e.g. chnroute_ipv4.txt,chnroute_ipv6.txt.
  -b BIND_ADDR          Address that listens, default: 0.0.0.0.
                        Use comma to separate multi addresses, e.g. 127.0.0.1:5354,[::1]:5354.
  -p BIND_PORT          Port that listen on, default: 5354.
                        The port specified in "-b" is priority .
  -s DNS                DNS server to use, default: 8.8.8.8:53,114.114.114.114:53.
                        tcp://IP[:PORT] means forward request to upstream by TCP protocol,
                        [udp://]IP[:PORT] means forward request to upstream by UDP protocol.
                        Forward by UDP protocol default, and default port of upstream is 53.
  -m                    Use DNS compression pointer mutation, only available on foreign dns server.
  -t TIMEOUT            Timeout, default: 5.
  --daemon              Daemonize.
  --pid=PID_FILE_PATH   pid file, default: /var/run/cleandns.pid, only available on daemonize.
  --log=LOG_FILE_PATH   Write log to a file.
  --log-level=LOG_LEVEL Log level, range: [0, 7], default: 5.
  --config=CONFIG_PATH  Config file, find sample at https://github.com/GangZhuo/CleanDNS.
  --lazy                Disable pollution detection.
  --proxy=PROXY_URL     Proxy server, e.g. socks5://127.0.0.1:1080, only available on foreign dns server.
                        Now, only socks5 with no authentication is supported.
  -v                    Verbose logging.
  -h                    Show this help message and exit.
  -V                    Print version and then exit.

Online help: <https://github.com/GangZhuo/CleanDNS>

Configuration Examples

IPv4

config cfg
	option bind_addr '0.0.0.0'
	option bind_port '5354'
	option chnroute '/etc/cleandns_chnroute.txt'
	option china_ip '203.208.32.0/24'
	option foreign_ip '172.217.12.0/24'
	option dns_server '8.8.8.8:53'
	option compression '1'
	option timeout '5'
	#option log_file '/var/log/cleandns.log'
	option log_level '5'
	option lazy '0'
	#option proxy 'socks5://127.0.0.1:1080'

IPv6

config cfg
	option bind_addr '[::1]'
	option bind_port '5354'
	option chnroute '/etc/cleandns_chnroute.txt,/etc/cleandns_chnroute6.txt'
	option china_ip '240e:3a1:4a51::/35'
	option foreign_ip '2607:8700:112:e65e::/35'
	option dns_server '[2001:4860:4860::8888]:53'
	option compression '1'
	option timeout '5'
	#option log_file '/var/log/cleandns.log'
	option log_level '5'
	option lazy '0'
	#option proxy 'socks5://[::1]:1080'

Dual Stacks

config cfg
	option bind_addr '[::0]'
	option bind_port '5354'
	option chnroute '/etc/cleandns_chnroute.txt,/etc/cleandns_chnroute6.txt'
	option china_ip '203.208.32.0/24,240e:3a1:4a51::/35'
	option foreign_ip '172.217.12.0/24,2607:8700:112:e65e::/35'
	option dns_server '8.8.8.8:53,[2001:4860:4860::8888]:53'
	option compression '1'
	option timeout '5'
	#option log_file '/var/log/cleandns.log'
	option log_level '5'
	option lazy '0'
	#option proxy 'socks5://127.0.0.1:1080'

Examples

cleandns -m -s 8.8.8.8 -l 202.108.22.5/24 -vvv

or

cleandns -m -s 8.8.8.8 -l 202.108.22.5/24 -f 172.217.24.4/24 -vvv

or

cleandns --config=/etc/config/cleandns

Remove -l and -f to disable "edns-client-subnet".

Test if it works:

$ dig @127.0.0.1 -p 5354 www.youtube.com
; <<>> DiG 9.11.1 <<>> www.youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14225
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: xxx.xxx.xxx.0/24/0
;; QUESTION SECTION:
;www.youtube.com.		IN	A

;; ANSWER SECTION:
www.youtube.com.	86315	IN	CNAME	youtube-ui.l.google.com.
youtube-ui.l.google.com. 815	IN	CNAME	youtube-ui-china.l.google.com.
youtube-ui-china.l.google.com. 95 IN	A	74.125.203.102
youtube-ui-china.l.google.com. 95 IN	A	74.125.203.100
youtube-ui-china.l.google.com. 95 IN	A	74.125.203.139
youtube-ui-china.l.google.com. 95 IN	A	74.125.203.113
youtube-ui-china.l.google.com. 95 IN	A	74.125.203.138
youtube-ui-china.l.google.com. 95 IN	A	74.125.203.101

;; Query time: 177 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 23 07:07:51 2017
;; MSG SIZE  rcvd: 443

Update chnroute (IPv4)

See About chnroute on ChinaDNS.

Update chnroute (IPv6)

You can generate latest chnroute6.txt using this command:

curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | \
grep ipv6 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, $5) }' > chnroute6.txt

References

License

Copyright (C) 2017-2019, Gang Zhuo <[email protected]>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

cleandns's People

Contributors

Stargazers

Watchers

Forkers

hamjin lazyzhu b81404324df7098a8e021232d7db macjiaoluo beyond-far mirrorfork pkron

cleandns's Issues

可以 release 一个新版本吗？

0.4.1 后面有太多的更新了

顺便一提：cleandns.config#L2 这里希望可以改成

-config cfg
+config cleandns

因为看了 openwrt 其它的配置，感觉改成这个更合适。
本来想提交个patch的，但是不会C, 不清楚这里怎么改 cleandns.c#L1943

会考虑添加 tls、https 等 DNS 查询模式么？

另外 Windows 下 option chnroute 这个支持相对路径么？（当前目录的子目录下）

希望把cleandns_chnroute.txt和cleandns_chnroute6.txt合并成一个文件

proxy 选项不能正常工作？

socks5://127.0.0.1:1080 是 ss-local 提供的，这是我的配置：

日志里总是显示 timeout, 而且 dig 也无法得到结果。

这个和ChinaDNS的区别是什么？除过支持ECS之外还有什么新特性么？

Thanks。

ECS发送及score得分问题

根据需要，将得分逻辑修改了下

if (chndns) {
	if (chnsubnet){
		if (chnip){
			score[i] = 100;
		}else{
			score[i] = 1;
		}
	}else{
		if (chnip){
			score[i] = 2;
		}else{
			score[i] = 3;
		}
	}
}else{
	if (!chnsubnet){
		if (!chnip){
			score[i] = 90;
		}else{
			score[i] = 4;
		}
	}else{
		if (!chnip){
			score[i] = 5;
		}else{
			score[i] = 6;
		}
	}
}
logi("chnip:%d chnsubnet:%d chndns:%d score:%d\n",chnip,chnsubnet,chndns,score[i]);

想让国内是**服务器、**ECS、**IP优先，服务器223.5.5.5:53
然后国外是国外服务器，VPS的ECS、外国IP优先，服务器8.8.8.8:53
正常情况下，应该是得到唯一的结果，但是经常得到的服务器结果是：
国外地址优选国内ECS的结果或国内地址优选国外ECS的结果
和设定的得分结果逻辑不符合

看了下日志，国外的是：
2020-08-21 14:37:42 chnip:0 chnsubnet:1 chndns:1 score:1
2020-08-21 14:37:42 chnip:0 chnsubnet:1 chndns:1 score:1
2020-08-21 14:37:42 chnip:0 chnsubnet:0 chndns:0 score:90
2020-08-21 14:37:42 chnip:0 chnsubnet:0 chndns:0 score:90
但是无论解析结果是正常的国外ECS返回，还是不正常的国内ECS返回，都是如上内容

国内的是：
2020-08-21 14:44:31 chnip:4 chnsubnet:1 chndns:1 score:100
2020-08-21 14:44:31 chnip:4 chnsubnet:1 chndns:1 score:100
2020-08-21 14:44:31 chnip:0 chnsubnet:0 chndns:0 score:90
2020-08-21 14:44:31 chnip:4 chnsubnet:0 chndns:0 score:4

感觉是在chnsubnet发送上有些问题，但是不确定，希望能确认解决下

能否添加一种 TCP 查询 DNS 的模式？

用 TCP 模式查询 DNS 不会被污染。

希望可以改成这样定义：

# 默认或者 udp:// 开头表示 UDP 查询
-s 8.8.8.8:53
-s udp://8.8.8.8:53

# tcp:// 开头表示 TCP 查询
-s tcp://8.8.8.8:53

# 多个上游
-s tcp://8.8.8.8:53,udp://114.114.114.114:53
-s udp://8.8.8.8:53,udp://114.114.114.114:53
-s 8.8.8.8:53,114.114.114.114:53
-s tcp://8.8.8.8:53,114.114.114.114:53

解析报错

$ sd ./cleandns -p 1053 -c /opt/CleanDNS/chnroute.txt -s 40.73.101.101:53 -m -v                                 
2019-04-01 23:43:25 listen on 0.0.0.0:1053
2019-04-01 23:43:25 dns server: 40.73.101.101:53
2019-04-01 23:43:25 chnroute: /opt/ChinaDNS/chnroute.txt
2019-04-01 23:43:25 china ip: (null)
2019-04-01 23:43:25 foreign ip: (null)
2019-04-01 23:43:25 compression: on
2019-04-01 23:43:25 timeout: 6
2019-04-01 23:45:17 request img.linux.net.cn. from 127.0.0.1:55149
2019-04-01 23:45:17 send msg to '40.73.101.101:53'
2019-04-01 23:45:18 [err] ns_read_domainname: truncated stream
2019-04-01 23:45:18 [err] ns_parse: read domain name
2019-04-01 23:45:18 [err] handle_remote_sock_recv: Can't parse package
2019-04-01 23:45:18 [err] handle_remote_sock: handle_remote_sock_recv()
2019-04-01 23:45:22 request img.linux.net.cn. from 127.0.0.1:55149
2019-04-01 23:45:22 send msg to '40.73.101.101:53'
2019-04-01 23:45:23 timeout: questions=img.linux.net.cn.
2019-04-01 23:45:23 [err] ns_read_domainname: truncated stream
2019-04-01 23:45:23 [err] ns_parse: read domain name
2019-04-01 23:45:23 [err] handle_remote_sock_recv: Can't parse package
2019-04-01 23:45:23 [err] handle_remote_sock: handle_remote_sock_recv()
2019-04-01 23:45:27 request img.linux.net.cn. from 127.0.0.1:55149
2019-04-01 23:45:27 send msg to '40.73.101.101:53'
2019-04-01 23:45:27 [err] ns_read_domainname: truncated stream
2019-04-01 23:45:27 [err] ns_parse: read domain name
2019-04-01 23:45:27 [err] handle_remote_sock_recv: Can't parse package
2019-04-01 23:45:27 [err] handle_remote_sock: handle_remote_sock_recv()
2019-04-01 23:45:28 timeout: questions=img.linux.net.cn.
2019-04-01 23:45:33 timeout: questions=img.linux.net.cn.

直接 dig img.linux.net.cn @40.73.101.101 完全ok，没有问题

一些建议和疑问

小建议

相应的日志能加上高亮显示吗？比如 warning 的日志能显示成橙色，error 日志为红色。

还有希望当 -v 级别的日志的时候，timeout 能显示出哪个上游超时了

[warning] timeout: questions=scontent-sin6-2.cdninstagram.com.

疑问

压缩指针是根据什么开启的？即使加上了 -m 参数，114 DNS 也是显示压缩指针关闭的

# -s 114.114.114.114,tcp://8.8.8.8:53 -m
2019-04-22 22:48:53 compression disabled on 114.114.114.114:53
2019-04-22 22:48:53 compression enabled on 8.8.8.8:53

# -s 1.1.1.1,tcp://8.8.8.8:53 -m
2019-04-22 22:49:16 compression enabled on 1.1.1.1:53
2019-04-22 22:49:16 compression enabled on 8.8.8.8:53

# -s 223.5.5.5,tcp://8.8.8.8:53 -m
2019-04-22 22:49:36 compression disabled on 223.5.5.5:53
2019-04-22 22:49:36 compression enabled on 8.8.8.8:53

EDIT:
看起来像是在路由表的范围里就会关闭压缩指针？

DNS 偶尔会被污染

下面贴上两个日志，一个是 CleanDNS 部署在路由器上的日志，另一个是在 Windows 上 dig 的日志。

root@OpenWrt:~# cleandns -c /etc/cleandns_chnroute.txt -l <我的IP>/24 -f <VPS的IP>/24 -s 8.8.8.8:53 -b 0.0.0.0 -p 5354 -m -vvv
listen on 0.0.0.0:5354
dns server: 8.8.8.8:53
chnroute: /etc/cleandns_chnroute.txt
china ip: <我的IP>/24
foreign ip: <VPS的IP>/24
compression: on
timeout: 5
loglevel: 8

compression enabled on 8.8.8.8:53

request data:
0000: d1 cf 01 20 00 01 00 00  ???.????
0008: 00 00 00 01 06 67 6f 6f  ?????goo
0010: 67 6c 65 03 63 6f 6d 00  gle?com?
0018: 00 01 00 01 00 00 29 10  ??????)?
0020: 00 00 00 00 00 00 0c 00  ????????
0028: 0a 00 08 1d 67 84 c4 6f  ????g??o
0030: 6d dd b7                 m??

request google.com. from 192.168.1.161:55526
request msg:
<<< MSG START >>>
ID: 0xd1cf, FLAGS: 0x120, QDCOUNT: 0x1, ANCOUNT: 0x0, NSCOUNT: 0x0, ARCOUNT: 0x1
QNAME: google.com., QTYPE: 0x1 (A), QCLASS: 0x1 (IN)
NAME: , TYPE: 0x29 (OPT), PAYLOAD: 0x1000, RCODE: 0x0, VERSION: 0x0, Z: 0x0, RDLEN: 0xc
OPTCOUNT: 0x1
OPT-CODE: 0xa, OPT-LEN: 0x8, OPT-DATA:
0000: 1d 67 84 c4 6f 6d dd b7  ?g??om??
<<< MSG END >>>

send msg to '8.8.8.8:53' with '<我的IP>/24'
send data:
0000: 2d 3c 01 20 00 01 00 00  -<?.????
0008: 00 00 00 01 06 67 6f 6f  ?????goo
0010: 67 6c 65 03 63 6f 6d c0  gle?com?
0018: 0a 00 01 00 01 00 00 29  ???????)
0020: 04 00 00 00 00 00 00 17  ????????
0028: 00 0a 00 08 1d 67 84 c4  ?????g??
0030: 6f 6d dd b7 00 08 00 07  om??????
0038: 00 01 18 00 78 55 39     ????xU9

send msg to '8.8.8.8:53' with '<VPS的IP>/24'
send data:
0000: 2d 3d 01 20 00 01 00 00  -=?.????
0008: 00 00 00 01 06 67 6f 6f  ?????goo
0010: 67 6c 65 03 63 6f 6d c0  gle?com?
0018: 0a 00 01 00 01 00 00 29  ???????)
0020: 04 00 00 00 00 00 00 17  ????????
0028: 00 0a 00 08 1d 67 84 c4  ?????g??
0030: 6f 6d dd b7 00 08 00 07  om??????
0038: 00 01 18 00 ca 2a a5     ?????*?

response data:
0000: 2d 3c 81 80 00 01 00 01  -<??????
0008: 00 00 00 01 06 67 6f 6f  ?????goo
0010: 67 6c 65 03 63 6f 6d 00  gle?com?
0018: 00 01 00 01 c0 0c 00 01  ????????
0020: 00 01 00 00 00 44 00 04  ?????D??
0028: d8 3a dc ce 00 00 29 02  ?:????)?
0030: 00 00 00 00 00 00 00     ???????

recv response google.com. from 8.8.8.8:53 (china): 216.58.220.206
response msg:
<<< MSG START >>>
ID: 0x2d3c, FLAGS: 0x8180, QDCOUNT: 0x1, ANCOUNT: 0x1, NSCOUNT: 0x0, ARCOUNT: 0x1
QNAME: google.com., QTYPE: 0x1 (A), QCLASS: 0x1 (IN)
NAME: google.com., TYPE: 0x1 (A), CLASS: 0x1 (IN), TTL: 0x44, RDLEN: 0x4
IPv4: 216.58.220.206
NAME: , TYPE: 0x29 (OPT), PAYLOAD: 0x200, RCODE: 0x0, VERSION: 0x0, Z: 0x0, RDLEN: 0x0
OPTCOUNT: 0x0
<<< MSG END >>>

response data:
0000: 2d 3d 81 80 00 01 00 01  -=??????
0008: 00 00 00 01 06 67 6f 6f  ?????goo
0010: 67 6c 65 03 63 6f 6d 00  gle?com?
0018: 00 01 00 01 c0 0c 00 01  ????????
0020: 00 01 00 00 00 44 00 04  ?????D??
0028: d8 3a dc ce 00 00 29 02  ?:????)?
0030: 00 00 00 00 00 00 00     ???????

recv response google.com. from 8.8.8.8:53 (foreign): 216.58.220.206
response msg:
<<< MSG START >>>
ID: 0x2d3d, FLAGS: 0x8180, QDCOUNT: 0x1, ANCOUNT: 0x1, NSCOUNT: 0x0, ARCOUNT: 0x1
QNAME: google.com., QTYPE: 0x1 (A), QCLASS: 0x1 (IN)
NAME: google.com., TYPE: 0x1 (A), CLASS: 0x1 (IN), TTL: 0x44, RDLEN: 0x4
IPv4: 216.58.220.206
NAME: , TYPE: 0x29 (OPT), PAYLOAD: 0x200, RCODE: 0x0, VERSION: 0x0, Z: 0x0, RDLEN: 0x0
OPTCOUNT: 0x0
<<< MSG END >>>

best answers come from '8.8.8.8:53'
send msg to '192.168.1.161:55526': questions=google.com., answers=216.58.220.206
send data:
0000: d1 cf 81 80 00 01 00 01  ????????
0008: 00 00 00 00 06 67 6f 6f  ?????goo
0010: 67 6c 65 03 63 6f 6d 00  gle?com?
0018: 00 01 00 01 06 67 6f 6f  ?????goo
0020: 67 6c 65 03 63 6f 6d 00  gle?com?
0028: 00 01 00 01 00 00 00 44  ???????D
0030: 00 04 d8 3a dc ce        ???:??

send answers to '192.168.1.161:55526'
request data:
0000: 3f cc 01 20 00 01 00 00  ???.????
0008: 00 00 00 01 03 77 77 77  ?????www
0010: 06 67 6f 6f 67 6c 65 03  ?google?
0018: 63 6f 6d 00 00 01 00 01  com?????
0020: 00 00 29 10 00 00 00 00  ??)?????
0028: 00 00 0c 00 0a 00 08 b6  ????????
0030: 12 1e 3a c6 41 4b f1     ??:?AK?

request www.google.com. from 192.168.1.161:55531
request msg:
<<< MSG START >>>
ID: 0x3fcc, FLAGS: 0x120, QDCOUNT: 0x1, ANCOUNT: 0x0, NSCOUNT: 0x0, ARCOUNT: 0x1
QNAME: www.google.com., QTYPE: 0x1 (A), QCLASS: 0x1 (IN)
NAME: , TYPE: 0x29 (OPT), PAYLOAD: 0x1000, RCODE: 0x0, VERSION: 0x0, Z: 0x0, RDLEN: 0xc
OPTCOUNT: 0x1
OPT-CODE: 0xa, OPT-LEN: 0x8, OPT-DATA:
0000: b6 12 1e 3a c6 41 4b f1  ???:?AK?
<<< MSG END >>>

send msg to '8.8.8.8:53' with '<我的IP>/24'
send data:
0000: 36 c2 01 20 00 01 00 00  6??.????
0008: 00 00 00 01 03 77 77 77  ?????www
0010: 06 67 6f 6f 67 6c 65 03  ?google?
0018: 63 6f 6d c0 0a 00 01 00  com?????
0020: 01 00 00 29 04 00 00 00  ???)????
0028: 00 00 00 17 00 0a 00 08  ????????
0030: b6 12 1e 3a c6 41 4b f1  ???:?AK?
0038: 00 08 00 07 00 01 18 00  ????????
0040: 78 55 39                 xU9

send msg to '8.8.8.8:53' with '<VPS的IP>/24'
send data:
0000: 36 c3 01 20 00 01 00 00  6??.????
0008: 00 00 00 01 03 77 77 77  ?????www
0010: 06 67 6f 6f 67 6c 65 03  ?google?
0018: 63 6f 6d c0 0a 00 01 00  com?????
0020: 01 00 00 29 04 00 00 00  ???)????
0028: 00 00 00 17 00 0a 00 08  ????????
0030: b6 12 1e 3a c6 41 4b f1  ???:?AK?
0038: 00 08 00 07 00 01 18 00  ????????
0040: ca 2a a5                 ?*?

response data:
0000: 36 c2 81 80 00 01 00 01  6???????
0008: 00 00 00 01 03 77 77 77  ?????www
0010: 06 67 6f 6f 67 6c 65 03  ?google?
0018: 63 6f 6d 00 00 01 00 01  com?????
0020: c0 0c 00 01 00 01 00 00  ????????
0028: 00 5a 00 04 45 ab eb 10  ?Z??E???
0030: 00 00 29 02 00 00 00 00  ??)?????
0038: 00 00 00                 ???

recv response www.google.com. from 8.8.8.8:53 (china): 69.171.235.16
response msg:
<<< MSG START >>>
ID: 0x36c2, FLAGS: 0x8180, QDCOUNT: 0x1, ANCOUNT: 0x1, NSCOUNT: 0x0, ARCOUNT: 0x1
QNAME: www.google.com., QTYPE: 0x1 (A), QCLASS: 0x1 (IN)
NAME: www.google.com., TYPE: 0x1 (A), CLASS: 0x1 (IN), TTL: 0x5a, RDLEN: 0x4
IPv4: 69.171.235.16
NAME: , TYPE: 0x29 (OPT), PAYLOAD: 0x200, RCODE: 0x0, VERSION: 0x0, Z: 0x0, RDLEN: 0x0
OPTCOUNT: 0x0
<<< MSG END >>>

response data:
0000: 36 c3 81 80 00 01 00 01  6???????
0008: 00 00 00 01 03 77 77 77  ?????www
0010: 06 67 6f 6f 67 6c 65 03  ?google?
0018: 63 6f 6d 00 00 01 00 01  com?????
0020: c0 0c 00 01 00 01 00 00  ????????
0028: 00 5a 00 04 45 ab eb 10  ?Z??E???
0030: 00 00 29 02 00 00 00 00  ??)?????
0038: 00 00 00                 ???

recv response www.google.com. from 8.8.8.8:53 (foreign): 69.171.235.16
response msg:
<<< MSG START >>>
ID: 0x36c3, FLAGS: 0x8180, QDCOUNT: 0x1, ANCOUNT: 0x1, NSCOUNT: 0x0, ARCOUNT: 0x1
QNAME: www.google.com., QTYPE: 0x1 (A), QCLASS: 0x1 (IN)
NAME: www.google.com., TYPE: 0x1 (A), CLASS: 0x1 (IN), TTL: 0x5a, RDLEN: 0x4
IPv4: 69.171.235.16
NAME: , TYPE: 0x29 (OPT), PAYLOAD: 0x200, RCODE: 0x0, VERSION: 0x0, Z: 0x0, RDLEN: 0x0
OPTCOUNT: 0x0
<<< MSG END >>>

best answers come from '8.8.8.8:53'
send msg to '192.168.1.161:55531': questions=www.google.com., answers=69.171.235.16
send data:
0000: 3f cc 81 80 00 01 00 01  ????????
0008: 00 00 00 00 03 77 77 77  ?????www
0010: 06 67 6f 6f 67 6c 65 03  ?google?
0018: 63 6f 6d 00 00 01 00 01  com?????
0020: 03 77 77 77 06 67 6f 6f  ?www?goo
0028: 67 6c 65 03 63 6f 6d 00  gle?com?
0030: 00 01 00 01 00 00 00 5a  ???????Z
0038: 00 04 45 ab eb 10        ??E???

send answers to '192.168.1.161:55531'
......

C:\Users\Administrator>dig google.com @192.168.1.1 -p 5354

; <<>> DiG 9.11.3 <<>> google.com @192.168.1.1 -p 5354
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53711
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             68      IN      A       216.58.220.206

;; Query time: 14 msec
;; SERVER: 192.168.1.1#5354(192.168.1.1)
;; WHEN: Sun Apr 14 20:10:14 **标准时间 2019
;; MSG SIZE  rcvd: 54


C:\Users\Administrator>dig www.google.com @192.168.1.1 -p 5354

; <<>> DiG 9.11.3 <<>> www.google.com @192.168.1.1 -p 5354
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16332
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         90      IN      A       69.171.235.16

;; Query time: 11 msec
;; SERVER: 192.168.1.1#5354(192.168.1.1)
;; WHEN: Sun Apr 14 20:10:24 **标准时间 2019
;; MSG SIZE  rcvd: 62

dig google.com 的结果没被污染，但是 dig www.google.com 的结果是被污染了的。