wolf-joe / ts-dns Goto Github PK
View Code? Open in Web Editor NEWTelescope DNS,灵活快速的DNS分组转发器
License: MIT License
Telescope DNS,灵活快速的DNS分组转发器
License: MIT License
这个应该是 0.10 就开始引入的问题:
我的配置文件:
# Telescope DNS Configure File
# https://github.com/wolf-joe/ts-dns
listen = ":53" # 监听端口,支持指定tcp/udp
gfwlist = "gfwlist.txt" # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
gfwlist_b64 = true # 是否使用base64解码gfwlist文件,默认为true
cnip = "cnip.txt" # **ip网段列表,用于辅助域名分组
disable_ipv6 = true # 禁用IPv6地址解析,默认为false
#hosts_files = [""] # hosts文件路径,支持多hosts
[hosts] # 自定义域名映射
"example.com" = "8.8.8.8"
"cloudflare-dns.com" = "1.0.0.1" # 防止下文提到的DoH递归解析
"dns.google" = "8.8.4.4" # 防止下文提到的DoH递归解析
"dns11.quad9.net" = "9.9.9.11"
"dns.alidns.com" = "223.6.6.6"
[query_log]
file = "" # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"] # 不记录指定类型的dns请求,默认为空
ignore_cache = false # 不记录命中缓存的dns请求,默认为false
ignore_hosts = false # 不记录命中hosts的dns请求,默认为false
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒
[groups] # 对域名进行分组
[groups.clean] # 必选分组,默认域名所在分组
ecs = "202.96.134.133" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
dns = ["223.5.5.5", "106.54.204.98:5353"] # DNS服务器列表,默认使用53端口
dot = ["223.6.6.6:[email protected]"]
doh = ["https://dns.alidns.com/dns-query"]
concurrent = true # 并发请求dns服务器列表
# rules = ["qq.com", ".baidu.com", "*.taobao.com"] # "qq.com"规则可匹配"test.qq.com"、"qq.com"两种域名,".qq.com"和"*.qq.com"规则无法匹配"qq.com"
rules_file = "" # 规则文件,每行一个规则 domain_acclist_lite.txt
fastest_v4 = false # 选择ping值最低的ipv4地址作为响应,启用且使用icmp ping时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
[groups.dirty] # 必选分组,匹配GFWList的域名会归类到该组
# socks5 = "127.0.0.1:7575" # 当使用国外53端口dns解析时推荐用socks5代理解析
ecs = "202.67.222.222" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
# dns = ["8.8.8.8", "8.8.4.4"] # 如不想用socks5代理解析时推荐使用国外非53端口dns,或自建dnscrypt-proxy
dns = ["9.9.9.11:9953", "149.112.112.11:9953"]
dot = ["8.8.4.4:[email protected]", "9.9.9.11:[email protected]"] # dns over tls服务器
# 警告:如果本机的dns指向ts-dns自身,且DoH地址中的域名被归类到该组,则会出现递归解析的情况,此时需要在上面的hosts中指定对应IP
doh = ["https://dns11.quad9.net/dns-query", "https://dns.google/dns-query"]
# rules = ["google.com"] # 官方gfwlist里只有".google.com"规则,无法匹配"google.com",所以手动加上
# 警告:进程启动时会覆盖已有同名IPSet
ipset = "" # 目标IPSet名称,该组所有域名的ipv4解析结果将加入到该IPSet中
ipset_ttl = 86400 # ipset记录超时时间,单位为秒,推荐设置以避免ipset记录过多
# 以下为自定义分组,用于其它情况
# 比如办公网内,内外域名(company.com)用内网dns(10.1.1.1)解析
[groups.work]
dns = ["192.168.0.1"]
rules = ["yd.mail"]
相关截图:
试了你说的自定义广告组,发现只有rules支持,rules文件不支持。adblock规则只支持@@和||匹配符。希望能匹配rules文件,不然你说的这个没有多大用处,那么大的广告域名写在配置文件里不利于修改配置文件。
Linux 里的hosts 文件格式长下面这样,和windows 反着呢。
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
Like:
Log to file:
$ ./ts-dns -l /path/to/log.log
使用过程中,如果发现了GFW list 不支持的域名,就会修改config文件,修改完,希望能够通过kill -SIGHUP的方式使配置重新加载。
如默认为 rules = ["company.com"]
改为 rules = "./xx.txt"
xx.txt里面的内容格式为
Baidu.com
qq.com
youku.com
www.google.com
......
这样好处就是减少配置文件的大小,方便编辑,看起来也没那么乱。
`~
lines 1-18/18 (END)...skipping...
● ts-dns.service - ts-dns
Loaded: loaded (/etc/systemd/system/ts-dns.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-04-20 17:36:15 CST; 59s ago
Main PID: 12497 (ts-dns)
Tasks: 7 (limit: 4915)
CGroup: /system.slice/ts-dns.service
└─12497 /root/ts-dns/ts-dns -c /root/ts-dns/ts-dns-full.toml
Apr 20 17:36:15 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:15+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:36:18 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:18+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:36:18 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:18+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:36:37 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:36:37+08:00" level=error msg="query dns error: read udp 127.0.0.1:33367->127.0.0.1:5301: i/o timeout"
Apr 20 17:37:07 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:07+08:00" level=error msg="query dns error: read udp 127.0.0.1:46867->127.0.0.1:5301: i/o timeout"
Apr 20 17:37:08 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:08+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:09 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:09+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:09 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:09+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:13 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:13+08:00" level=error msg="find fastest ipv4 failed"
Apr 20 17:37:13 iZwz9d1rjhrzzxa4lsoi93Z ts-dns[12497]: time="2020-04-20T17:37:13+08:00" level=error msg="find fastest ipv4 failed"
~
~ `
操作系统WINDOWS 10 VER 2004
当已经运行一个实例后,修改配置文件,使用,\ts-dns.exe -r 后报错:
D:\u1008\ts-dns_run>ts-dns -r time="2020-07-07T15:01:02+08:00" level=warning msg="enable concurrent dns in group clean" time="2020-07-07T15:01:02+08:00" level=warning msg="auto reload ts-dns.toml" time="2020-07-07T15:01:02+08:00" level=warning msg="listen on :53/tcp" time="2020-07-07T15:01:02+08:00" level=warning msg="listen on :53/udp" time="2020-07-07T15:01:02+08:00" level=error msg="listen udp :53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted."
当已经运行一个实例后,修改配置文件,使用,\ts-dns.exe -r -c ts-dns-user.toml 后报错:
D:\u1008\ts-dns_run>ts-dns -r -c ts-dns-users.toml time="2020-07-07T15:04:38+08:00" level=warning msg="disable ipv6 resolve" time="2020-07-07T15:04:38+08:00" level=warning msg="enable concurrent dns in group clean" time="2020-07-07T15:04:38+08:00" level=warning msg="find fastest ipv4 in group clean" time="2020-07-07T15:04:38+08:00" level=warning msg="auto reload ts-dns-users.toml" time="2020-07-07T15:04:38+08:00" level=warning msg="listen on :53/udp" time="2020-07-07T15:04:38+08:00" level=error msg="listen udp :53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted." time="2020-07-07T15:04:38+08:00" level=info msg="ts-dns exited."
烦请大佬告知是否哪里操作错误还是程序有BUG?
我印象中V13.0的时候,直接 .\ts-dns.exe -r就可以直接重新加载配置文件的。
鉴于最近ios升级了14之后,会默认发出qtype 65的DNS请求,这样的话有可能令使用翻墙的我们带来了不希望的CDN解析的结果,希望大佬能采纳,谢谢!
版本V13 V14都报同一直错误。
报错内容如下:
D:\u1008\ts-dns-run>ts-dns.exe -c ts-dns_user.toml
time="2020-05-11T00:07:39+08:00" level=warning msg="disable ipv6 resolve"
time="2020-05-11T00:07:39+08:00" level=warning msg="enable concurrent dns in group clean"
time="2020-05-11T00:07:39+08:00" level=warning msg="find fastest ipv4 in group clean"
time="2020-05-11T00:07:39+08:00" level=warning msg="find fastest ipv4 in group dirty"
time="2020-05-11T00:07:39+08:00" level=error msg="read group config error: Ipset utility not found"
配置文件如下:
listen = ":53" # 监听端口
gfwlist = "gfwlist.txt" # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
cnip = "cnip.txt" # **ip网段列表,用于辅助域名分组
disable_ipv6 = true # 禁用IPv6地址解析
hosts_files = ["C:\Windows\System32\drivers\etc\hosts"] # hosts文件路径,支持多hosts
[hosts] # 自定义域名映射
"example.com" = "8.8.8.8"
"cloudflare-dns.com" = "1.0.0.1" # 防止下文提到的DoH递归解析
"dns.google" = "8.8.4.4" # 防止下文提到的DoH递归解析
"dns11.quad9.net" = "9.9.9.11"
"dns.alidns.com" = "223.6.6.6"
[query_log]
file = "D:\u1008\ts-dns-run\query.log" # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"] # 不记录指定类型的dns请求
ignore_cache = true # 不记录命中缓存的dns请求
ignore_hosts = true # 不记录命中hosts的dns请求
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 3600 # 最大ttl,单位为秒
[groups]
[groups.clean]
dns = ["61.139.2.69","202.98.96.68","119.29.29.29", "223.5.5.5", "114.114.114.114", "106.54.204.98:5353"]
ecs = "61.139.2.69" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
dot = ["223.6.6.6:[email protected]"]
doh = ["https://dns.alidns.com/dns-query"]
concurrent = true # 并发请求dns服务器列表
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
[groups.dirty]
socks5 = "127.0.0.1:10808"
ecs = "202.98.96.68" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
dns = ["8.8.8.8", "1.1.1.1","9.9.9.11:9953", "149.112.112.11:9953"]
dot = ["1.0.0.1:[email protected]","8.8.4.4:[email protected]", "9.9.9.11:[email protected]"] # dns over tls服务器
doh = ["https://cloudflare-dns.com/dns-query","https://dns11.quad9.net/dns-query", "https://dns.google/dns-query"] # dns over https服务器
rules = ["pt.im"]
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用时建议以root权限允许本程序
ipset = "blocked" # 目标IPSet名称,该组所有域名的ipv4解析结果将加入到该IPSet中
ipset_ttl = 86400 # ipset记录超时时间,单位为秒,推荐设置以避免ipset记录过多
这个ipset是我提前创建好的。但文档提到,ts-dns启动时会覆盖已有的ipset的。这个行为好象和说明不一致。请问会是什么原因?有什么方法可以绕过吗?
/data/myapps/ts_dns # /data/myapps/ts_dns/ts-dns -c /data/myapps/ts_dns/ts-dns.toml &
/data/myapps/ts_dns #
/data/myapps/ts_dns # WARN[0003] enable concurrent dns in group clean
WARN[0003] enable concurrent dns in group dirty
ERRO[0006] read group config error: error creating ipset redsocks_blacklist_net with type hash:ip: exit status 1 (ipset v6.29: Set cannot be created: set with the same name already exists
)
[1]+ Done(1) /data/myapps/ts_dns/ts-dns -c /data/myapps/ts_dns/ts-dns.toml
/data/myapps/ts_dns #
我是把软件专门放在一个机器上做网关用的,自己PC访问。
部署中发现,"fastest_v4 = true"之后所有网页都打不开,注释以后正常。不知道是不是个例
还有个疑问就是,如果返回的某国外IP不在gfw名单里,是走直连还是代理?prdns那个判断是否被墙的**挺先进的,希望我们也能做成那样,智能判断黑名单
现在的逻辑是只能单独监听 udp 或者 tcp? 因为我试过 listen 并不允许指定两次,如果不指定默认也只是监听 udp。
按照常规做法,应该是无论如何都监听 udp,而 tcp 可选,比如增加一个选项:
listen = ":53"
listen_tcp = true
或者不指定就默认同时监听 udp 和 tcp。
I'm a new user for ts-dns
, it's really a useful tool, but I meet a problem.
Request results from 114.114.114.114
, you can see there is an CNAME
record.
$ dig @114.114.114.114 www.baidu.com (base) 193ms Mon May 18 11:57:48 2020
; <<>> DiG 9.10.6 <<>> @114.114.114.114 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5539
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 42 IN CNAME www.a.shifen.com.
www.a.shifen.com. 126 IN A 220.181.38.150
www.a.shifen.com. 126 IN A 220.181.38.149
;; Query time: 26 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon May 18 11:58:29 CST 2020
;; MSG SIZE rcvd: 101
Results from ts-dns
, the CNAME record lost.
$ dig @127.0.0.1 www.baidu.com (base) Mon May 18 11:58:29 2020
; <<>> DiG 9.10.6 <<>> @127.0.0.1 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14184
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.a.shifen.com. 220 IN A 220.181.38.150
;; Query time: 62 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 18 11:58:36 CST 2020
;; MSG SIZE rcvd: 74
Here is my config, are there something wrong with my config? version 0.14.0 on MACOS.
listen = ":53/udp" # 监听端口,支持指定tcp/udp,不指定时默认同时监听tcp&udp
gfwlist = "gfwlist.txt" # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
gfwlist_b64 = true # 是否使用base64解码gfwlist文件,默认为true
cnip = "cn-cidrs.txt" # **ip网段列表,用于辅助域名分组
disable_ipv6 = true # 禁用IPv6地址解析,默认为false
hosts_files = ["/etc/hosts"] # hosts文件路径,支持多hosts
[query_log]
file = "/dev/null" # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"] # 不记录指定类型的dns请求,默认为空
ignore_cache = false # 不记录命中缓存的dns请求,默认为false
ignore_hosts = true # 不记录命中hosts的dns请求,默认为false
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒
[groups] # 对域名进行分组
[groups.clean] # 必选分组,默认域名所在分组
dns = ["223.5.5.5:53", "114.114.114.114/tcp"] # DNS服务器列表,默认使用53端口
concurrent = true # 并发请求dns服务器列表
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用且使用icmp ping时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
[groups.dirty] # 必选分组,匹配GFWList的域名会归类到该组
dns = ["8.8.8.8", "1.1.1.1"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
环境: MacOS 10.14.6
错误: create ipset error: Ipset utility not found
➜ ./ts-dns -c ./ts-dns-full.toml -r
WARN[0000] enable concurrent dns in group clean
WARN[0000] enable fastest ipv4 in group clean
ERRO[0000] create ipset error: Ipset utility not found
Hi,
I use a cmd.exe to run the ts-dns.exe(Not closing the cmd window) and then use a cmd.exe to do a domain lookup using nslookup, I found that it is using the local DNS, how do verify the ts-dns in win10?
win10 Version 10.0.18363
ts-dns Windows_x86_64 Version 0.14.1
我将github.com
这个域名使用dirty组解析,然后在该组中添加ecs
参数,使用wget
获取tsdns压缩包的时候回提示未知的服务,在去掉ec
s参数后能正常下载。
wget https://github.com/wolf-joe/ts-dns/releases/download/v0.13.1/ts-dns_0.13.1_Linux_x86_64.tar.gz --2020-05-09 21:54:38-- https://github.com/wolf-joe/ts-dns/releases/download/v0.13.1/ts-dns_0.13.1_Linux_x86_64.tar.gz 正在解析主机 github.com (github.com)... 失败:未知的名称或服务。 wget: 无法解析主机地址 “github.com”
dirty组参数
[groups.dirty] # 必选分组,匹配GFWList的域名会归类到该组
ecs = "1.2.3.0/24"
dns = ["8.8.8.8", "1.1.1.1"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
dot = ["1.0.0.1:[email protected]"] # dns over tls服务器
rules = [""]
摘自配置文件
[cache] # dns缓存配置
size = 4096 # 缓存大小,为负数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒
我不太理解最小和最大是怎么回事,不应该是一个固定值么,表示ts-dns本身将会缓存该解析多长时间
能不能添加一个匹配域名和子域名指向一个ip这样的功能,例如格式127.0.0.1 sska.com,不仅sska.com指向127.0.0.1这个ip,cc.sska.com和ss.sska.com等等这样的子域名也指向127.0.0.1,这样在广告屏蔽的时候对于某些网站整个域名屏蔽掉。
0.8.2 修改了 DoH 格式,我看了下配置文件:
如果 1.0.0.1:[email protected]
对应 https://cloudflare-dns.com/dns-query
,那么类似 https://commons.host
, https://doh.dnswarden.com/adblock
该怎么写?之前的格式并没有任何问题啊,我看过所有的支持 DoH 的客户端都是维持 https 开头那个格式嘛。
写了一个 systemd 的单元文件,在我电脑上运行正常,大家测试一下,然后考虑放到 README 或者是 Wiki 里面?另外不太会写这个,如果有好的建议请补充!
[Unit]
Description=Telescope DNS - A simple but useful DNS diverter and forwarder
Requires=network.target
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target
[Service]
Type=simple
PIDFile=/run/ts-dns.pid
WorkingDirectory=/root/ts
ExecStart=/root/ts/ts-dns
[Install]
WantedBy=multi-user.target
请问 DNS 缓冲值最高能设为多少?
请教下,不知道为什么偶尔会出现设置的dns出现请求超时情况,错误格式query dns error: read udp 172.20.250.225:53190->xxx.xxx.xxx.xx:5353: i/o timeout,想问下这是什么情况造成的。反馈一下最新版出现query dns error: dns: buffer size too small 这个错误,缓存大小设置的是你提供的全面配置文件里的值,在0.9.1版本没有这种情况
如果只是 GFWList 则开始就可以完全加载,这样动态添加除了省点内存貌似就没什么意义了?
DEBIAN 10 X64。
root运行。
一直在报错 。
ERRO[0023] find fastest ipv4 failed。
偶尔还会有这个错误。
->223.5.5.5:53: i/o timeout LOCATION="server.go:45" LOG_ID=3859
版本:0.15
配置文件:
ts-dns.txt
问题描述:配置文件中dirty组``rules
设置的地址全部没有匹配上,匹配到clean组
运行截图:
日志打印的请求地址我感觉还是显示出来吧,我测试时都不确定哪个地址,只能把其他设备关了再请求测试。
例如默认的自定义分组为:
[groups.work]
dns = ["119.29.29.29"]
rules = ["qq.com", ".qq.com"]
我可以这样填写吗?
[groups.work-2]
dns = ["114.114.114.114"]
rules = ["baidu.com", ".baidu.com"]
[groups.work-3]
dns = ["223.5.5.5"]
rules = ["taobao.com", "*.taobao.com"]
time="2022-12-22T03:40:12+08:00" level=warning msg="group clean call DNSCaller<223.5.5.5:53/udp> failed: read udp 192.168.1.10:44390->223.5.5.5:53: i/o timeout"
time="2022-12-22T03:40:12+08:00" level=info answer=nil cost=2006ms group=_clean q_type=AAAA question=xxx. remote="127.0.0.1:47836"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0x758664]
goroutine 86050 [running]:
github.com/wolf-joe/ts-dns/redirector.(*cidrRedirector).Redirect(0xc0001a6000, 0xc00046bdd0, 0x0, 0x5, 0xc00012c1a8)
/home/worker/git/ts-dns/redirector/redirector.go:93 +0x44
github.com/wolf-joe/ts-dns/redirector.NewRedirector.func1(0x880940, 0xc000121180, 0xc00046bdd0, 0x0, 0x0, 0x0)
/home/worker/git/ts-dns/redirector/redirector.go:55 +0xca
github.com/wolf-joe/ts-dns/inbound.(*handlerImpl).handle(0xc000128410, 0x8808e8, 0xc0000b8300, 0xc00046bdd0, 0x0)
/home/worker/git/ts-dns/inbound/handler.go:244 +0x475
github.com/wolf-joe/ts-dns/inbound.(*handlerImpl).ServeDNS(0xc000128410, 0x8808e8, 0xc0000b8300, 0xc00046bdd0)
/home/worker/git/ts-dns/inbound/handler.go:149 +0x4d
github.com/wolf-joe/ts-dns/inbound.(*handlerWrapper).ServeDNS(0xc000102058, 0x8808e8, 0xc0000b8300, 0xc00046bdd0)
/home/worker/git/ts-dns/inbound/handler.go:71 +0x4c
github.com/miekg/dns.(*Server).serveDNS(0xc00052e000, 0xc0001ba600, 0x29, 0x200, 0xc0000b8300)
/home/worker/go/pkg/mod/github.com/miekg/[email protected]/server.go:659 +0x2fd
github.com/miekg/dns.(*Server).serveUDPPacket(0xc00052e000, 0xc000673200, 0xc0001ba600, 0x29, 0x200, 0x87e8a8, 0xc0004c4008, 0xc000676ea0, 0x0, 0x0)
/home/worker/go/pkg/mod/github.com/miekg/[email protected]/server.go:603 +0x125
created by github.com/miekg/dns.(*Server).serveUDP
/home/worker/go/pkg/mod/github.com/miekg/[email protected]/server.go:533 +0x395
查询 AAAA
; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.0.103 -p5302 www.google.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19996
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 600 IN AAAA 2001::4a56:8e37
查询 A
; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.0.103 -p5302 www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51649
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 299 IN A 172.217.160.100
ts-dns 日志显示,因为 AAAA 类型查询不返回 ipv4,所以被当做 clean 处理,即使域名符合 gfwlist 也不会再次进行查询
INFO[0001] [0x4e1c] [server.go:238] cn/empty ipv4, group: clean QUESTION=www.google.com. Q_TYPE=AAAA SRC="192.168.0.95:53871"
INFO[0003] [0xc9c1] [server.go:244] match gfwlist, group: dirty QUESTION=www.google.com. Q_TYPE=A SRC="192.168.0.95:60054"
希望dns支持tcp端口,因为布署DoT需要tcp端口,不然没有办法布署。
升级到0.12.0 , 发现好多错误, 例如 www.taobao.com 都无法解析,什么原因?我改如何排查
网络是ok的.谢谢
[groups.clean] # 必选分组,默认域名所在分组
socks5 = "127.0.0.1:7891" # 当使用国外53端口dns解析时推荐用socks5代理解析
dns = ["114.114.114.114", "223.5.5.5"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
dot = ["1.0.0.1:[email protected]"] # dns over tls服务器
# 警告:如果本机的dns指向ts-dns自身,且DoH地址中的域名被归类到该组,则会出现回环解析的情况,此时需要在上面的hosts中指定对应IP
doh = ["https://dns.rubyfish.cn/dns-query"] # dns over https服务器
能否增加一个选项:clean组dns返回IP中包含非CN IP时,直接转发到dirty组dns(略过gfwlist判断步骤)?
为了配合上面选项,建议查询时,clean组dns(筛选出来的最快的那一个)和dirty组dns能进行并发查询,这样,如果解析中包含国外IP,可以直接采用dirty组dns 返回结果。
原有的基于gfwlist的也继续保留,这样配置起来更灵活。
最后,问个配置的问题
[groups.dirty] 这一项下面支持不支持concurrent,rules,rules_file啊?因为看到ts-dns-full.toml中没有写,只是[groups.clean]中有。
谢谢。
退回 6da1a6f 没问题. 日志见附件.
ts-dns.log
FreeBSD官方的13版本开始正式支持arm64.aarch64,用下来还不错,请作者提供一下arm64.aarch64下的程序,懒得搭建GO平台自己编译了,谢谢!
以下是目前还“存活”的判断域名是否被污染的方法(截至2020.5.23有效),作者可以参考作为实验功能加入 ts-dns,可以免维护 cnip & gfwlist。由于移动网络还自带 DNS 劫持污染,与电信会有不同。
方法一:(只适用于电信网络)
向境外 DNS 服务器发送对某个域名的 NS 请求,如果直接返回 A 记录,则被查询的域名被污染。
例如,查询 jd.com 和 www.jd.com, 只会返回 NS, CNAME 或者 SOA 记录:
dig +tries=1 +time=1 @1.0.0.1 jd.com NS
; <<>> DiG 9.12.4 <<>> +tries=1 +time=1 @1.0.0.1 jd.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33685
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;jd.com. IN NS
;; ANSWER SECTION:
jd.com. 120 IN NS ns2.jdcache.com.
jd.com. 120 IN NS ns3.jd.com.
jd.com. 120 IN NS ns1.jdcache.com.
jd.com. 120 IN NS ns4.jd.com.
jd.com. 120 IN NS ns3.jdcache.com.
jd.com. 120 IN NS ns4.jdcache.com.
jd.com. 120 IN NS ns2.jd.com.
jd.com. 120 IN NS ns1.jd.com.
;; Query time: 598 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat May 23 10:26:21 CST 2020
;; MSG SIZE rcvd: 193
dig +tries=1 +time=1 @1.0.0.1 www.jd.com NS
; <<>> DiG 9.12.4 <<>> +tries=1 +time=1 @1.0.0.1 www.jd.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23270
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.jd.com. IN NS
;; ANSWER SECTION:
www.jd.com. 120 IN CNAME www.jd.com.gslb.qianxun.com.
www.jd.com.gslb.qianxun.com. 60 IN CNAME jd-abroad.cdn20.com.
;; AUTHORITY SECTION:
cdn20.com. 60 IN SOA dns1.cdn20.org. webmaster.glb0.lxdns.com. 1422577239 10800 3600 604800 60
;; Query time: 611 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat May 23 10:26:26 CST 2020
;; MSG SIZE rcvd: 188
而查询 twitter.com, www.twitter.com 这种被污染的域名则直接返回 A 记录:
dig +tries=1 +time=1 @1.0.0.1 www.twitter.com NS
; <<>> DiG 9.12.4 <<>> +tries=1 +time=1 @1.0.0.1 www.twitter.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57132
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.twitter.com. IN NS
;; ANSWER SECTION:
www.twitter.com. 252 IN A 69.171.246.9
;; Query time: 3 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat May 23 10:46:54 CST 2020
;; MSG SIZE rcvd: 49
方法二:(适用于移动和电信网络,但稍有不同)
向一个不存在 DNS 服务的服务器(境外)查询某域名的 MX 记录:
status: SERVFAIL
则域名被污染;dig +nocookie +tries=1 +time=1 www.twitter.com MX @example.com
; <<>> DiG 9.12.4 <<>> +nocookie +tries=1 +time=1 www.twitter.com MX @example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2660
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.twitter.com. IN MX
;; Query time: 305 msec
;; SERVER: 93.184.216.34#53(93.184.216.34)
;; WHEN: Sat May 23 10:50:34 CST 2020
;; MSG SIZE rcvd: 44
dig +nocookie +tries=1 +time=1 twitter.com MX @example.com
; <<>> DiG 9.12.4 <<>> +nocookie +tries=1 +time=1 twitter.com MX @example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com. IN MX
;; ANSWER SECTION:
twitter.com. 225 IN A 174.36.196.242
;; Query time: 2 msec
;; SERVER: 93.184.216.34#53(93.184.216.34)
;; WHEN: Sat May 23 10:55:19 CST 2020
;; MSG SIZE rcvd: 45
如果作者有兴趣把这个功能做进 ts-dns 用来自动分流,我的建议是:
目前只有条件测试电信和移动网络,其它未知。
hi。
yudeMacBook-Air:~ brite$ sudo ts-dns -c ts-dns.toml
Password:
2020/03/15 11:28:01 [CRITICAL] read cnip error: open cnip.txt: no such file or directory
yudeMacBook-Air:~ brite$
tks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.