wolf-joe / ts-dns Goto Github PK
View Code? Open in Web Editor NEWTelescope DNS,灵活快速的DNS分组转发器
License: MIT License
ts-dns's People
Contributors
Stargazers
Watchers
Forkers
zxc135781 beidoucloudplatform fbion luckypoem daiooo holokeholoke453 h1d3r majiayeah hamjin waahaa cindymao56 rampagex qingchen1984 genuinenp chinnkarahoi josh-chan liuzipeng cslily swoiow fox85 vwel linexjlin xbox10086 blog2i2j fiend1019 johnpoint ren-lh yin-zt hongjie7202 lindianfengts-dns's Issues
关于 ecs 和 缓存的问题
这个应该是 0.10 就开始引入的问题:
- 在 clean 和 dirty 组指定不同的 ecs 地址,但是查询时,都是使用了 clean 组的 ecs;
- 缓存失效;
我的配置文件:
# Telescope DNS Configure File
# https://github.com/wolf-joe/ts-dns
listen = ":53" # 监听端口,支持指定tcp/udp
gfwlist = "gfwlist.txt" # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
gfwlist_b64 = true # 是否使用base64解码gfwlist文件,默认为true
cnip = "cnip.txt" # **ip网段列表,用于辅助域名分组
disable_ipv6 = true # 禁用IPv6地址解析,默认为false
#hosts_files = [""] # hosts文件路径,支持多hosts
[hosts] # 自定义域名映射
"example.com" = "8.8.8.8"
"cloudflare-dns.com" = "1.0.0.1" # 防止下文提到的DoH递归解析
"dns.google" = "8.8.4.4" # 防止下文提到的DoH递归解析
"dns11.quad9.net" = "9.9.9.11"
"dns.alidns.com" = "223.6.6.6"
[query_log]
file = "" # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"] # 不记录指定类型的dns请求,默认为空
ignore_cache = false # 不记录命中缓存的dns请求,默认为false
ignore_hosts = false # 不记录命中hosts的dns请求,默认为false
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒
[groups] # 对域名进行分组
[groups.clean] # 必选分组,默认域名所在分组
ecs = "202.96.134.133" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
dns = ["223.5.5.5", "106.54.204.98:5353"] # DNS服务器列表,默认使用53端口
dot = ["223.6.6.6:[email protected]"]
doh = ["https://dns.alidns.com/dns-query"]
concurrent = true # 并发请求dns服务器列表
# rules = ["qq.com", ".baidu.com", "*.taobao.com"] # "qq.com"规则可匹配"test.qq.com"、"qq.com"两种域名,".qq.com"和"*.qq.com"规则无法匹配"qq.com"
rules_file = "" # 规则文件,每行一个规则 domain_acclist_lite.txt
fastest_v4 = false # 选择ping值最低的ipv4地址作为响应,启用且使用icmp ping时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
[groups.dirty] # 必选分组,匹配GFWList的域名会归类到该组
# socks5 = "127.0.0.1:7575" # 当使用国外53端口dns解析时推荐用socks5代理解析
ecs = "202.67.222.222" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
# dns = ["8.8.8.8", "8.8.4.4"] # 如不想用socks5代理解析时推荐使用国外非53端口dns,或自建dnscrypt-proxy
dns = ["9.9.9.11:9953", "149.112.112.11:9953"]
dot = ["8.8.4.4:[email protected]", "9.9.9.11:[email protected]"] # dns over tls服务器
# 警告:如果本机的dns指向ts-dns自身,且DoH地址中的域名被归类到该组,则会出现递归解析的情况,此时需要在上面的hosts中指定对应IP
doh = ["https://dns11.quad9.net/dns-query", "https://dns.google/dns-query"]
# rules = ["google.com"] # 官方gfwlist里只有".google.com"规则,无法匹配"google.com",所以手动加上
# 警告:进程启动时会覆盖已有同名IPSet
ipset = "" # 目标IPSet名称,该组所有域名的ipv4解析结果将加入到该IPSet中
ipset_ttl = 86400 # ipset记录超时时间,单位为秒,推荐设置以避免ipset记录过多
# 以下为自定义分组,用于其它情况
# 比如办公网内,内外域名(company.com)用内网dns(10.1.1.1)解析
[groups.work]
dns = ["192.168.0.1"]
rules = ["yd.mail"]
相关截图:
查询结果
查询日志
rules文件没有匹配adblock规则
试了你说的自定义广告组,发现只有rules支持,rules文件不支持。adblock规则只支持@@和||匹配符。希望能匹配rules文件,不然你说的这个没有多大用处,那么大的广告域名写在配置文件里不利于修改配置文件。
支持Linux 格式的hosts 文件?
Linux 里的hosts 文件格式长下面这样,和windows 反着呢。
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
Log to file
Like:
Log to file:
$ ./ts-dns -l /path/to/log.log
建议增加SIGHUP处理
使用过程中,如果发现了GFW list 不支持的域名,就会修改config文件,修改完,希望能够通过kill -SIGHUP的方式使配置重新加载。
rules的值采用读取路径txt的内容
如默认为 rules = ["company.com"]
改为 rules = "./xx.txt"
xx.txt里面的内容格式为
Baidu.com
qq.com
youku.com
www.google.com
......
这样好处就是减少配置文件的大小,方便编辑,看起来也没那么乱。
默认ttl为什么
`~
lines 1-18/18 (END)...skipping...
● ts-dns.service - ts-dns
Loaded: loaded (/etc/systemd/system/ts-dns.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-04-20 17:36:15 CST; 59s ago
Main PID: 12497 (ts-dns)
Tasks: 7 (limit: 4915)
CGroup: /system.slice/ts-dns.service
└─12497 /root/ts-dns/ts-dns -c /root/ts-dns/ts-dns-full.toml
Apr 20 17:36:15 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:15+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:36:18 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:18+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:36:18 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:18+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:36:37 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:37+08:00" level=error msg="query dns error: read udp 127.0.0.1:33367->127.0.0.1:5301: i/o timeout"
Apr 20 17:37:07 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:07+08:00" level=error msg="query dns error: read udp 127.0.0.1:46867->127.0.0.1:5301: i/o timeout"
Apr 20 17:37:08 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:08+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:09 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:09+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:09 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:09+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:13 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:13+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:13 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:13+08:00" level=error msg="find fastest ipv4 failed"
~
~ `
win10下重新加载配置文件命令报错
操作系统WINDOWS 10 VER 2004
当已经运行一个实例后,修改配置文件,使用,\ts-dns.exe -r 后报错:
D:\u1008\ts-dns_run>ts-dns -r time="2020-07-07T15:01:02+08:00" level=warning msg="enable concurrent dns in group clean" time="2020-07-07T15:01:02+08:00" level=warning msg="auto reload ts-dns.toml" time="2020-07-07T15:01:02+08:00" level=warning msg="listen on :53/tcp" time="2020-07-07T15:01:02+08:00" level=warning msg="listen on :53/udp" time="2020-07-07T15:01:02+08:00" level=error msg="listen udp :53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted."
此时,可以看到运行了两个ts-dns.exe
当已经运行一个实例后,修改配置文件,使用,\ts-dns.exe -r -c ts-dns-user.toml 后报错:
D:\u1008\ts-dns_run>ts-dns -r -c ts-dns-users.toml time="2020-07-07T15:04:38+08:00" level=warning msg="disable ipv6 resolve" time="2020-07-07T15:04:38+08:00" level=warning msg="enable concurrent dns in group clean" time="2020-07-07T15:04:38+08:00" level=warning msg="find fastest ipv4 in group clean" time="2020-07-07T15:04:38+08:00" level=warning msg="auto reload ts-dns-users.toml" time="2020-07-07T15:04:38+08:00" level=warning msg="listen on :53/udp" time="2020-07-07T15:04:38+08:00" level=error msg="listen udp :53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted." time="2020-07-07T15:04:38+08:00" level=info msg="ts-dns exited."
烦请大佬告知是否哪里操作错误还是程序有BUG?
我印象中V13.0的时候,直接 .\ts-dns.exe -r就可以直接重新加载配置文件的。
等一个路由器的luci-all-TSDNS
提个建议,希望作者能把最近新的DNS TYPE65请求屏蔽功能增加上,谢谢
鉴于最近ios升级了14之后,会默认发出qtype 65的DNS请求,这样的话有可能令使用翻墙的我们带来了不希望的CDN解析的结果,希望大佬能采纳,谢谢!
dirty组配置IPSET后运行报错
版本V13 V14都报同一直错误。
报错内容如下:
D:\u1008\ts-dns-run>ts-dns.exe -c ts-dns_user.toml
time="2020-05-11T00:07:39+08:00" level=warning msg="disable ipv6 resolve"
time="2020-05-11T00:07:39+08:00" level=warning msg="enable concurrent dns in group clean"
time="2020-05-11T00:07:39+08:00" level=warning msg="find fastest ipv4 in group clean"
time="2020-05-11T00:07:39+08:00" level=warning msg="find fastest ipv4 in group dirty"
time="2020-05-11T00:07:39+08:00" level=error msg="read group config error: Ipset utility not found"
配置文件如下:
Telescope DNS Configure File
https://github.com/wolf-joe/ts-dns
listen = ":53" # 监听端口
gfwlist = "gfwlist.txt" # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
cnip = "cnip.txt" # **ip网段列表,用于辅助域名分组
disable_ipv6 = true # 禁用IPv6地址解析
hosts_files = ["C:\Windows\System32\drivers\etc\hosts"] # hosts文件路径,支持多hosts
[hosts] # 自定义域名映射
"example.com" = "8.8.8.8"
"cloudflare-dns.com" = "1.0.0.1" # 防止下文提到的DoH递归解析
"dns.google" = "8.8.4.4" # 防止下文提到的DoH递归解析
"dns11.quad9.net" = "9.9.9.11"
"dns.alidns.com" = "223.6.6.6"
[query_log]
file = "D:\u1008\ts-dns-run\query.log" # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"] # 不记录指定类型的dns请求
ignore_cache = true # 不记录命中缓存的dns请求
ignore_hosts = true # 不记录命中hosts的dns请求
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 3600 # 最大ttl,单位为秒
[groups]
[groups.clean]
dns = ["61.139.2.69","202.98.96.68","119.29.29.29", "223.5.5.5", "114.114.114.114", "106.54.204.98:5353"]
ecs = "61.139.2.69" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
dot = ["223.6.6.6:[email protected]"]
doh = ["https://dns.alidns.com/dns-query"]
concurrent = true # 并发请求dns服务器列表
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
[groups.dirty]
socks5 = "127.0.0.1:10808"
ecs = "202.98.96.68" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
dns = ["8.8.8.8", "1.1.1.1","9.9.9.11:9953", "149.112.112.11:9953"]
dot = ["1.0.0.1:[email protected]","8.8.4.4:[email protected]", "9.9.9.11:[email protected]"] # dns over tls服务器
doh = ["https://cloudflare-dns.com/dns-query","https://dns11.quad9.net/dns-query", "https://dns.google/dns-query"] # dns over https服务器
rules = ["pt.im"]
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用时建议以root权限允许本程序
ipset = "blocked" # 目标IPSet名称,该组所有域名的ipv4解析结果将加入到该IPSet中
ipset_ttl = 86400 # ipset记录超时时间,单位为秒,推荐设置以避免ipset记录过多
支持对指定group禁用ipv6查询
如何屏闭广告域名?
ipset提前创建好时,会遇到问题
这个ipset是我提前创建好的。但文档提到,ts-dns启动时会覆盖已有的ipset的。这个行为好象和说明不一致。请问会是什么原因?有什么方法可以绕过吗?
/data/myapps/ts_dns # /data/myapps/ts_dns/ts-dns -c /data/myapps/ts_dns/ts-dns.toml &
/data/myapps/ts_dns #
/data/myapps/ts_dns # WARN[0003] enable concurrent dns in group clean
WARN[0003] enable concurrent dns in group dirty
ERRO[0006] read group config error: error creating ipset redsocks_blacklist_net with type hash:ip: exit status 1 (ipset v6.29: Set cannot be created: set with the same name already exists
)
[1]+ Done(1) /data/myapps/ts_dns/ts-dns -c /data/myapps/ts_dns/ts-dns.toml
/data/myapps/ts_dns #
"fastest_v4 = true"功能是不是有bug
我是把软件专门放在一个机器上做网关用的,自己PC访问。
部署中发现,"fastest_v4 = true"之后所有网页都打不开,注释以后正常。不知道是不是个例
还有个疑问就是,如果返回的某国外IP不在gfw名单里,是走直连还是代理?prdns那个判断是否被墙的**挺先进的,希望我们也能做成那样,智能判断黑名单
0.13.0 关于监听 udp/tcp 的问题
现在的逻辑是只能单独监听 udp 或者 tcp? 因为我试过 listen 并不允许指定两次,如果不指定默认也只是监听 udp。
按照常规做法,应该是无论如何都监听 udp,而 tcp 可选,比如增加一个选项:
listen = ":53"
listen_tcp = true
或者不指定就默认同时监听 udp 和 tcp。
Lost CNAME record when answering dns requests?
I'm a new user for ts-dns, it's really a useful tool, but I meet a problem.
Request results from 114.114.114.114, you can see there is an CNAME record.
$ dig @114.114.114.114 www.baidu.com (base) 193ms Mon May 18 11:57:48 2020
; <<>> DiG 9.10.6 <<>> @114.114.114.114 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5539
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 42 IN CNAME www.a.shifen.com.
www.a.shifen.com. 126 IN A 220.181.38.150
www.a.shifen.com. 126 IN A 220.181.38.149
;; Query time: 26 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon May 18 11:58:29 CST 2020
;; MSG SIZE rcvd: 101
Results from ts-dns, the CNAME record lost.
$ dig @127.0.0.1 www.baidu.com (base) Mon May 18 11:58:29 2020
; <<>> DiG 9.10.6 <<>> @127.0.0.1 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14184
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.a.shifen.com. 220 IN A 220.181.38.150
;; Query time: 62 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 18 11:58:36 CST 2020
;; MSG SIZE rcvd: 74
Here is my config, are there something wrong with my config? version 0.14.0 on MACOS.
listen = ":53/udp" # 监听端口,支持指定tcp/udp,不指定时默认同时监听tcp&udp
gfwlist = "gfwlist.txt" # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
gfwlist_b64 = true # 是否使用base64解码gfwlist文件,默认为true
cnip = "cn-cidrs.txt" # **ip网段列表,用于辅助域名分组
disable_ipv6 = true # 禁用IPv6地址解析,默认为false
hosts_files = ["/etc/hosts"] # hosts文件路径,支持多hosts
[query_log]
file = "/dev/null" # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"] # 不记录指定类型的dns请求,默认为空
ignore_cache = false # 不记录命中缓存的dns请求,默认为false
ignore_hosts = true # 不记录命中hosts的dns请求,默认为false
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒
[groups] # 对域名进行分组
[groups.clean] # 必选分组,默认域名所在分组
dns = ["223.5.5.5:53", "114.114.114.114/tcp"] # DNS服务器列表,默认使用53端口
concurrent = true # 并发请求dns服务器列表
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用且使用icmp ping时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
[groups.dirty] # 必选分组,匹配GFWList的域名会归类到该组
dns = ["8.8.8.8", "1.1.1.1"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
create ipset error: Ipset utility not found
环境: MacOS 10.14.6
错误: create ipset error: Ipset utility not found
➜ ./ts-dns -c ./ts-dns-full.toml -r
WARN[0000] enable concurrent dns in group clean
WARN[0000] enable fastest ipv4 in group clean
ERRO[0000] create ipset error: Ipset utility not found
How do run in the background in win10?
Hi,
I use a cmd.exe to run the ts-dns.exe(Not closing the cmd window) and then use a cmd.exe to do a domain lookup using nslookup, I found that it is using the local DNS, how do verify the ts-dns in win10?
win10 Version 10.0.18363
ts-dns Windows_x86_64 Version 0.14.1
dirty组的ecs存在问题
我将github.com这个域名使用dirty组解析,然后在该组中添加ecs参数,使用wget获取tsdns压缩包的时候回提示未知的服务,在去掉ecs参数后能正常下载。
wget https://github.com/wolf-joe/ts-dns/releases/download/v0.13.1/ts-dns_0.13.1_Linux_x86_64.tar.gz --2020-05-09 21:54:38-- https://github.com/wolf-joe/ts-dns/releases/download/v0.13.1/ts-dns_0.13.1_Linux_x86_64.tar.gz 正在解析主机 github.com (github.com)... 失败:未知的名称或服务。 wget: 无法解析主机地址 “github.com”
dirty组参数
[groups.dirty] # 必选分组,匹配GFWList的域名会归类到该组
ecs = "1.2.3.0/24"
dns = ["8.8.8.8", "1.1.1.1"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
dot = ["1.0.0.1:[email protected]"] # dns over tls服务器
rules = [""]
能否解释下min_ttl、max_ttl含义
摘自配置文件
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒我不太理解最小和最大是怎么回事,不应该是一个固定值么,表示ts-dns本身将会缓存该解析多长时间
可以将查询结果中的IPv6地址也添加至IPSet中吗
能否添加指定域名和子域名指向一个ip
能不能添加一个匹配域名和子域名指向一个ip这样的功能,例如格式127.0.0.1 sska.com,不仅sska.com指向127.0.0.1这个ip,cc.sska.com和ss.sska.com等等这样的子域名也指向127.0.0.1,这样在广告屏蔽的时候对于某些网站整个域名屏蔽掉。
DoH 格式更改?
0.8.2 修改了 DoH 格式,我看了下配置文件:
如果 1.0.0.1:[email protected] 对应 https://cloudflare-dns.com/dns-query ,那么类似 https://commons.host, https://doh.dnswarden.com/adblock 该怎么写?之前的格式并没有任何问题啊,我看过所有的支持 DoH 的客户端都是维持 https 开头那个格式嘛。
systemd 和 缓冲最大值
1. systemd 单元文件
写了一个 systemd 的单元文件,在我电脑上运行正常,大家测试一下,然后考虑放到 README 或者是 Wiki 里面?另外不太会写这个,如果有好的建议请补充!
[Unit]
Description=Telescope DNS - A simple but useful DNS diverter and forwarder
Requires=network.target
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target
[Service]
Type=simple
PIDFile=/run/ts-dns.pid
WorkingDirectory=/root/ts
ExecStart=/root/ts/ts-dns
[Install]
WantedBy=multi-user.target
2. 缓冲最大值
请问 DNS 缓冲值最高能设为多少?
无法以服务或守护进程方式工作,略有遗憾,但效果很不错,已经弃用smartdns
dns请求超时
请教下,不知道为什么偶尔会出现设置的dns出现请求超时情况,错误格式query dns error: read udp 172.20.250.225:53190->xxx.xxx.xxx.xx:5353: i/o timeout,想问下这是什么情况造成的。反馈一下最新版出现query dns error: dns: buffer size too small 这个错误,缓存大小设置的是你提供的全面配置文件里的值,在0.9.1版本没有这种情况
0.3.0 移除污染检测模块后ipset的意义?
如果只是 GFWList 则开始就可以完全加载,这样动态添加除了省点内存貌似就没什么意义了?
fastest ipv4 报错。
DEBIAN 10 X64。
root运行。
一直在报错 。
ERRO[0023] find fastest ipv4 failed。
偶尔还会有这个错误。
->223.5.5.5:53: i/o timeout LOCATION="server.go:45" LOG_ID=3859
rules在最新版失效
版本:0.15
配置文件:
ts-dns.txt
问题描述:配置文件中dirty组``rules设置的地址全部没有匹配上,匹配到clean组
运行截图:
日志打印的请求地址我感觉还是显示出来吧,我测试时都不确定哪个地址,只能把其他设备关了再请求测试。
自定义分组可以无限量添加吗?
例如默认的自定义分组为:
[groups.work]
dns = ["119.29.29.29"]
rules = ["qq.com", ".qq.com"]
我可以这样填写吗?
[groups.work-2]
dns = ["114.114.114.114"]
rules = ["baidu.com", ".baidu.com"]
[groups.work-3]
dns = ["223.5.5.5"]
rules = ["taobao.com", "*.taobao.com"]
panic when timeout
time="2022-12-22T03:40:12+08:00" level=warning msg="group clean call DNSCaller<223.5.5.5:53/udp> failed: read udp 192.168.1.10:44390->223.5.5.5:53: i/o timeout"
time="2022-12-22T03:40:12+08:00" level=info answer=nil cost=2006ms group=_clean q_type=AAAA question=xxx. remote="127.0.0.1:47836"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0x758664]
goroutine 86050 [running]:
github.com/wolf-joe/ts-dns/redirector.(*cidrRedirector).Redirect(0xc0001a6000, 0xc00046bdd0, 0x0, 0x5, 0xc00012c1a8)
/home/worker/git/ts-dns/redirector/redirector.go:93 +0x44
github.com/wolf-joe/ts-dns/redirector.NewRedirector.func1(0x880940, 0xc000121180, 0xc00046bdd0, 0x0, 0x0, 0x0)
/home/worker/git/ts-dns/redirector/redirector.go:55 +0xca
github.com/wolf-joe/ts-dns/inbound.(*handlerImpl).handle(0xc000128410, 0x8808e8, 0xc0000b8300, 0xc00046bdd0, 0x0)
/home/worker/git/ts-dns/inbound/handler.go:244 +0x475
github.com/wolf-joe/ts-dns/inbound.(*handlerImpl).ServeDNS(0xc000128410, 0x8808e8, 0xc0000b8300, 0xc00046bdd0)
/home/worker/git/ts-dns/inbound/handler.go:149 +0x4d
github.com/wolf-joe/ts-dns/inbound.(*handlerWrapper).ServeDNS(0xc000102058, 0x8808e8, 0xc0000b8300, 0xc00046bdd0)
/home/worker/git/ts-dns/inbound/handler.go:71 +0x4c
github.com/miekg/dns.(*Server).serveDNS(0xc00052e000, 0xc0001ba600, 0x29, 0x200, 0xc0000b8300)
/home/worker/go/pkg/mod/github.com/miekg/[email protected]/server.go:659 +0x2fd
github.com/miekg/dns.(*Server).serveUDPPacket(0xc00052e000, 0xc000673200, 0xc0001ba600, 0x29, 0x200, 0x87e8a8, 0xc0004c4008, 0xc000676ea0, 0x0, 0x0)
/home/worker/go/pkg/mod/github.com/miekg/[email protected]/server.go:603 +0x125
created by github.com/miekg/dns.(*Server).serveUDP
/home/worker/go/pkg/mod/github.com/miekg/[email protected]/server.go:533 +0x395
对 IPv6 AAAA 记录的归类有问题?
查询 AAAA
; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.0.103 -p5302 www.google.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19996
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 600 IN AAAA 2001::4a56:8e37
查询 A
; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.0.103 -p5302 www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51649
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 299 IN A 172.217.160.100
ts-dns 日志显示,因为 AAAA 类型查询不返回 ipv4,所以被当做 clean 处理,即使域名符合 gfwlist 也不会再次进行查询
INFO[0001] [0x4e1c] [server.go:238] cn/empty ipv4, group: clean QUESTION=www.google.com. Q_TYPE=AAAA SRC="192.168.0.95:53871"
INFO[0003] [0xc9c1] [server.go:244] match gfwlist, group: dirty QUESTION=www.google.com. Q_TYPE=A SRC="192.168.0.95:60054"
希望dns支持tcp
希望dns支持tcp端口,因为布署DoT需要tcp端口,不然没有办法布署。
v0.12.0
升级到0.12.0 , 发现好多错误, 例如 www.taobao.com 都无法解析,什么原因?我改如何排查
网络是ok的.谢谢
- groups.clean 组的全部无法解析, 配置用了默认的
- groups.dirty 组, 解析正常
我临时改成这样:
[groups.clean] # 必选分组,默认域名所在分组
socks5 = "127.0.0.1:7891" # 当使用国外53端口dns解析时推荐用socks5代理解析
dns = ["114.114.114.114", "223.5.5.5"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
dot = ["1.0.0.1:[email protected]"] # dns over tls服务器
# 警告:如果本机的dns指向ts-dns自身,且DoH地址中的域名被归类到该组,则会出现回环解析的情况,此时需要在上面的hosts中指定对应IP
doh = ["https://dns.rubyfish.cn/dns-query"] # dns over https服务器
请完善文件路径问题,
就是命令模式:gwlis那些文件都没办法加载,本人在配置上给这些文件配置路径,也没办法运行
只能cd进文件夹才能运行
麻烦修复下文件路径的问题
能否增加选项:clean组dns返回IP中包含非CN IP时,直接转发到dirty组dns(略过gfwlist判断步骤)?
能否增加一个选项:clean组dns返回IP中包含非CN IP时,直接转发到dirty组dns(略过gfwlist判断步骤)?
为了配合上面选项,建议查询时,clean组dns(筛选出来的最快的那一个)和dirty组dns能进行并发查询,这样,如果解析中包含国外IP,可以直接采用dirty组dns 返回结果。
原有的基于gfwlist的也继续保留,这样配置起来更灵活。
最后,问个配置的问题
[groups.dirty] 这一项下面支持不支持concurrent,rules,rules_file啊?因为看到ts-dns-full.toml中没有写,只是[groups.clean]中有。
谢谢。
gfwlist.txt的配置有问题
在最新版中提供了gfwlist.txt是否要base64解码,我将gfwlist.txt文件先使用base64解码后,在配置文件里面配置gfwlist_b64 = false,但是拿gfwlist.txt里面的域名使用dig测试发现没有匹配上,如果设置为需要解码正常匹配上。
配置文件图
gfwlist.txt文件图
测试图
gfwlist.txt设置解码的测试图
Commit fc7f2cc 运行一段时间就出错退出
退回 6da1a6f 没问题. 日志见附件.
ts-dns.log
请提供FreeBSD arm64.aarch64下的程序
FreeBSD官方的13版本开始正式支持arm64.aarch64,用下来还不错,请作者提供一下arm64.aarch64下的程序,懒得搭建GO平台自己编译了,谢谢!
判定域名是否被污染的几个方法供作者参考
以下是目前还“存活”的判断域名是否被污染的方法(截至2020.5.23有效),作者可以参考作为实验功能加入 ts-dns,可以免维护 cnip & gfwlist。由于移动网络还自带 DNS 劫持污染,与电信会有不同。
方法一:(只适用于电信网络)
向境外 DNS 服务器发送对某个域名的 NS 请求,如果直接返回 A 记录,则被查询的域名被污染。
例如,查询 jd.com 和 www.jd.com, 只会返回 NS, CNAME 或者 SOA 记录:
dig +tries=1 +time=1 @1.0.0.1 jd.com NS
; <<>> DiG 9.12.4 <<>> +tries=1 +time=1 @1.0.0.1 jd.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33685
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;jd.com. IN NS
;; ANSWER SECTION:
jd.com. 120 IN NS ns2.jdcache.com.
jd.com. 120 IN NS ns3.jd.com.
jd.com. 120 IN NS ns1.jdcache.com.
jd.com. 120 IN NS ns4.jd.com.
jd.com. 120 IN NS ns3.jdcache.com.
jd.com. 120 IN NS ns4.jdcache.com.
jd.com. 120 IN NS ns2.jd.com.
jd.com. 120 IN NS ns1.jd.com.
;; Query time: 598 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat May 23 10:26:21 CST 2020
;; MSG SIZE rcvd: 193
dig +tries=1 +time=1 @1.0.0.1 www.jd.com NS
; <<>> DiG 9.12.4 <<>> +tries=1 +time=1 @1.0.0.1 www.jd.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23270
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.jd.com. IN NS
;; ANSWER SECTION:
www.jd.com. 120 IN CNAME www.jd.com.gslb.qianxun.com.
www.jd.com.gslb.qianxun.com. 60 IN CNAME jd-abroad.cdn20.com.
;; AUTHORITY SECTION:
cdn20.com. 60 IN SOA dns1.cdn20.org. webmaster.glb0.lxdns.com. 1422577239 10800 3600 604800 60
;; Query time: 611 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat May 23 10:26:26 CST 2020
;; MSG SIZE rcvd: 188
而查询 twitter.com, www.twitter.com 这种被污染的域名则直接返回 A 记录:
dig +tries=1 +time=1 @1.0.0.1 www.twitter.com NS
; <<>> DiG 9.12.4 <<>> +tries=1 +time=1 @1.0.0.1 www.twitter.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57132
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.twitter.com. IN NS
;; ANSWER SECTION:
www.twitter.com. 252 IN A 69.171.246.9
;; Query time: 3 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat May 23 10:46:54 CST 2020
;; MSG SIZE rcvd: 49
方法二:(适用于移动和电信网络,但稍有不同)
向一个不存在 DNS 服务的服务器(境外)查询某域名的 MX 记录:
- 在移动网络,若返回状态
status: SERVFAIL则域名被污染;
dig +nocookie +tries=1 +time=1 www.twitter.com MX @example.com
; <<>> DiG 9.12.4 <<>> +nocookie +tries=1 +time=1 www.twitter.com MX @example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2660
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.twitter.com. IN MX
;; Query time: 305 msec
;; SERVER: 93.184.216.34#53(93.184.216.34)
;; WHEN: Sat May 23 10:50:34 CST 2020
;; MSG SIZE rcvd: 44
- 在电信网络,若查询的域名有返回,则域名被污染,正常域名一定是超时:
dig +nocookie +tries=1 +time=1 twitter.com MX @example.com
; <<>> DiG 9.12.4 <<>> +nocookie +tries=1 +time=1 twitter.com MX @example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com. IN MX
;; ANSWER SECTION:
twitter.com. 225 IN A 174.36.196.242
;; Query time: 2 msec
;; SERVER: 93.184.216.34#53(93.184.216.34)
;; WHEN: Sat May 23 10:55:19 CST 2020
;; MSG SIZE rcvd: 45
如果作者有兴趣把这个功能做进 ts-dns 用来自动分流,我的建议是:
- 作为实验性的可选功能,启用时需要选择自己的 ISP 是电信还是移动;
- 缓存(内存+文件)被程序判断为“被污染”的域名,可以调试输出(到 stdout 或者是 文件);
- 测试用的境外 DNS 服务器应该作为可自定义项,这个服务器要可以访问而且延迟尽量小;
- 逻辑上,可选作为 cnip & gfwlist 的补充,也可以单独使用(完全跳过 cnip 或者 gfwlist 的判定,或者两者都跳过)
目前只有条件测试电信和移动网络,其它未知。
哪里有cnip.txt文件?
hi。
yudeMacBook-Air:~ brite$ sudo ts-dns -c ts-dns.toml
Password:
2020/03/15 11:28:01 [CRITICAL] read cnip error: open cnip.txt: no such file or directory
yudeMacBook-Air:~ brite$
tks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.