Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

反馈一个问题,看看如何解决 #1211

Closed
LisonFan opened this issue Dec 21, 2022 · 16 comments
Closed

反馈一个问题,看看如何解决 #1211

LisonFan opened this issue Dec 21, 2022 · 16 comments

Comments

@LisonFan
Copy link

先说问题,api.smoot.apple.cn 没有结果

原因:
我给 china-site 配置了一个 domain-set,同时也定义了一个 nameserver,规则如下:domain-rules /domain-set:china-site/ -nameserver china -speed-check-mode ping,tcp:80,tcp:443

groupchina 的 DNS 设置了 whitelist-ipwhitelist-ip 为大陆 IP list

解析 api.smoot.apple.cn 这个域名命中了 china-site 规则,但是这个域名使用任何地方的 DNS 解析出来的都是非大陆 IP

groupchina 的 DNS 又设置了白名单,会丢弃非大陆 IP 的结果,导致解析结果是空的

这种情况是不是可以把这个域名交给默认组来解析?而不是直接空解析呢
@LisonFan LisonFan changed the title 反馈一个问题,看看如何解 反馈一个问题,看看如何解决 Dec 21, 2022
@LisonFan
Copy link
Author

#1022 问题应该是差不多

@LisonFan
Copy link
Author

@pymumu

@PikuZheng
Copy link
Contributor

没懂,额外添加一行将这个域名指向别的组可行不

@LisonFan
Copy link
Author

LisonFan commented Dec 21, 2022
edited
Loading

没懂,额外添加一行将这个域名指向别的组可行不

@PikuZheng
上规则应该好理解些

# 大陆域名列表
domain-set -name china-site -type list -file /etc/smartdns/sub-conf/china-site.list

# 大陆域名列表指定 china 组来解析
domain-rules /domain-set:china-site/ -nameserver china -speed-check-mode ping,tcp:80,tcp:443

# china 组的 DNS 只接受 whitelist-ip 内的结果,whitelist-ip 是大陆 ip list
server-https https://doh.pub/dns-query -group china -whitelist-ip -tls-host-verify
server-tls dot.pub -group china -whitelist-ip -tls-host-verify

api.smoot.apple.cn 在大陆域名列表内,但是通过 china 组的 DNS 解析出来的 IP 不在 whitelist-ip 内,结果就被丢弃了

所以我在想,这种情况是不是可以把 api.smoot.apple.cn 退回到默认组重新再解析一遍,而不是把结果丢弃返回

因为默认组肯定是配置了信任的 DNS 的

@PikuZheng
Copy link
Contributor

给默认组加个组名,比如 -group moren
然后将这个什么apple.cn指派给这个组,用domainhset或nameserver规则都行

@LisonFan
Copy link
Author

给默认组加个组名,比如 -group moren 然后将这个什么apple.cn指派给这个组,用domainhset或nameserver规则都行

这也不是个办法,因为不知道 china-site 规则里面有多少域名是这个情况的

@LisonFan
Copy link
Author

给默认组加个组名,比如 -group moren 然后将这个什么apple.cn指派给这个组,用domainhset或nameserver规则都行

我目前的解决方案是把 domain-rules /domain-set:china-site/ -nameserver china -speed-check-mode ping,tcp:80,tcp:443 给注释了

@LisonFan
Copy link
Author

给默认组加个组名,比如 -group moren 然后将这个什么apple.cn指派给这个组,用domainhset或nameserver规则都行

我目前的解决方案是把 domain-rules /domain-set:china-site/ -nameserver china -speed-check-mode ping,tcp:80,tcp:443 给注释了

不过还有单独的 gfwlist 让信任的 DNS 去解析,国内的 DNS 不解析 gfwlist

但是除了 gfwlist 外所有的域名都会交给默认组的 DNS 来解析

暂时没发现有影响效率,不过我认为更好的方式还是 #1211 (comment) <- 这里说的

@pymumu
Copy link
Owner

pymumu commented Dec 21, 2022

国外的server-tls, server-https不配置黑白名单。

@LisonFan
Copy link
Author

国外的server-tls, server-https不配置黑白名单。

海外的 DNS 没有配置黑白名单

# Cloudflare
server-https https://1.0.0.1/dns-query -host-name cloudflare-dns.com -tls-host-verify
server-tls 1.0.0.1:853 -host-name cloudflare-dns.com -tls-host-verify
server-https https://[2606:4700:4700::1001]/dns-query -host-name cloudflare-dns.com -tls-host-verify
server-tls [2606:4700:4700::1001]:853 -host-name cloudflare-dns.com -tls-host-verify

# Google
server-https https://8.8.4.4/dns-query -host-name dns.google -tls-host-verify
server-tls 8.8.4.4:853 -host-name dns.google -tls-host-verify
server-https https://[2001:4860:4860::8844]/dns-query -host-name dns.google -tls-host-verify
server-tls [2001:4860:4860::8844]:853 -host-name dns.google -tls-host-verify

# OpenDNS
server-https https://208.67.220.220/dns-query -host-name doh.opendns.com -tls-host-verify
server-tls 208.67.220.220:853 -host-name doh.opendns.com -tls-host-verify

# Quad9
server-https https://149.112.112.112/dns-query -host-name dns.quad9.net -tls-host-verify
server-tls 149.112.112.112:853 -host-name dns.quad9.net -tls-host-verify
server-https https://[2620:fe::fe]/dns-query -host-name dns.quad9.net -tls-host-verify
server-tls [2620:fe::fe]:853 -host-name dns.quad9.net -tls-host-verify

@pymumu
Copy link
Owner

pymumu commented Dec 21, 2022

感觉应该不会,黑白名单只对设置过的server生效,没设置过的是不会应用的。

@LisonFan
Copy link
Author

LisonFan commented Dec 21, 2022
edited
Loading

感觉应该不会,黑白名单只对设置过的server生效,没设置过的是不会应用的。

这是我完整的配置

server-name smartdns

bind [::]:53
bind-tcp [::]:53

cache-size 100000

rr-ttl-min 60
rr-ttl-max 600
rr-ttl-reply-max 60

# speed-check-mode ping,tcp:80,tcp:443
speed-check-mode none

# 日志 fatal error warn notice info debug
log-level debug
log-size 10G

# 审计
audit-enable yes
audit-size 10G

# 禁止 TYPE65 (Apple)
force-qtype-SOA 65

# 域名预获取功能
prefetch-domain yes

# 首次查询响应模式
response-mode first-ping

# 大陆域名列表 https://github.com/LisonFan/smartdns-rules/blob/release/china-site.list
domain-set -name china-site -type list -file /etc/smartdns/sub-conf/china-site.list

# 海外域名列表 https://github.com/LisonFan/smartdns-rules/blob/release/overseas-site.list
domain-set -name overseas-site -type list -file /etc/smartdns/sub-conf/overseas-site.list

domain-rules /domain-set:china-site/ -nameserver china -speed-check-mode ping,tcp:80,tcp:443
domain-rules /domain-set:overseas-site/ -nameserver overseas -speed-check-mode none

# ip list rules https://github.com/LisonFan/smartdns-rules/blob/release/whitelist-ip.conf
conf-file /etc/smartdns/sub-conf/whitelist-ip.conf

server 101.226.4.6 -group bootstrap -exclude-default-group
server 218.30.118.6 -group bootstrap -exclude-default-group
server 119.29.29.29 -group bootstrap -exclude-default-group
server 223.5.5.5 -group bootstrap -exclude-default-group
server 223.6.6.6 -group bootstrap -exclude-default-group
server 180.76.76.76 -group bootstrap -exclude-default-group
server 1.2.4.8 -group bootstrap -exclude-default-group
server 240c::6666 -group bootstrap -exclude-default-group
server 240c::6644 -group bootstrap -exclude-default-group
server 114.114.114.114 -group bootstrap -exclude-default-group
server 114.114.115.115 -group bootstrap -exclude-default-group

# --------------------------------------------------------------------------------------------------------------------------------- #

nameserver /dns.alidns.com/bootstrap
nameserver /doh.pub/bootstrap
nameserver /dot.pub/bootstrap
nameserver /doh.360.cn/bootstrap
nameserver /dot.360.cn/bootstrap

# --------------------------------------------------------------------------------------------------------------------------------- #

# DNSPod
# server-https https://1.12.12.12/dns-query -group china -exclude-default-group -host-name doh.pub -tls-host-verify
server-https https://doh.pub/dns-query -group china -whitelist-ip -tls-host-verify
server-tls dot.pub -group china -whitelist-ip -tls-host-verify

# AliDNS
# server-https https://223.5.5.5/dns-query -group china -exclude-default-group -host-name dns.alidns.com -tls-host-verify
# server-https https://[2400:3200::1]/dns-query -group china -exclude-default-group -host-name dns.alidns.com -tls-host-verify
server-https https://dns.alidns.com/dns-query -group china -whitelist-ip -tls-host-verify
server-tls dns.alidns.com -group china -whitelist-ip -tls-host-verify

# 360
server-https https://doh.360.cn/dns-query -group china -whitelist-ip -tls-host-verify
server-tls dot.360.cn -group china -whitelist-ip -tls-host-verify


# --------------------------------------------------------------------------------------------------------------------------------- #

# Cloudflare
server-https https://1.1.1.1/dns-query -group overseas -exclude-default-group -host-name cloudflare-dns.com -tls-host-verify
server-tls 1.1.1.1:853 -group overseas -exclude-default-group -host-name cloudflare-dns.com -tls-host-verify
server-https https://[2606:4700:4700::1111]/dns-query -group overseas -exclude-default-group -host-name cloudflare-dns.com -tls-host-verify
server-tls [2606:4700:4700::1111]:853 -group overseas -exclude-default-group -host-name cloudflare-dns.com -tls-host-verify

# Google
server-https https://8.8.8.8/dns-query -group overseas -exclude-default-group -host-name dns.google -tls-host-verify
server-tls 8.8.8.8:853 -group overseas -exclude-default-group -host-name dns.google -tls-host-verify
server-https https://[2001:4860:4860::8888]/dns-query -group overseas -exclude-default-group -host-name dns.google -tls-host-verify
server-tls [2001:4860:4860::8888]:853 -group overseas -exclude-default-group -host-name dns.google -tls-host-verify

# OpenDNS
server-https https://208.67.222.222/dns-query -group overseas -exclude-default-group -host-name doh.opendns.com -tls-host-verify
server-tls 208.67.222.222:853 -group overseas -exclude-default-group -host-name doh.opendns.com -tls-host-verify
server-https https://[2620:119:fc::2]/dns-query -group overseas -exclude-default-group -host-name doh.opendns.com -tls-host-verify
server-tls [2620:119:fc::2]:853 -group overseas -exclude-default-group -host-name doh.opendns.com -tls-host-verify

# Quad9
server-https https://9.9.9.9/dns-query -group overseas -exclude-default-group -host-name dns.quad9.net -tls-host-verify
server-tls 9.9.9.9:853 -group overseas -exclude-default-group -host-name dns.quad9.net -tls-host-verify
server-https https://[2620:fe::9]/dns-query -group overseas -exclude-default-group -host-name dns.quad9.net -tls-host-verify
server-tls [2620:fe::9]:853 -group overseas -exclude-default-group -host-name dns.quad9.net -tls-host-verify

# --------------------------------------------------------------------------------------------------------------------------------- #

# Cloudflare
server-https https://1.0.0.1/dns-query -host-name cloudflare-dns.com -tls-host-verify
server-tls 1.0.0.1:853 -host-name cloudflare-dns.com -tls-host-verify
server-https https://[2606:4700:4700::1001]/dns-query -host-name cloudflare-dns.com -tls-host-verify
server-tls [2606:4700:4700::1001]:853 -host-name cloudflare-dns.com -tls-host-verify

# Google
server-https https://8.8.4.4/dns-query -host-name dns.google -tls-host-verify
server-tls 8.8.4.4:853 -host-name dns.google -tls-host-verify
server-https https://[2001:4860:4860::8844]/dns-query -host-name dns.google -tls-host-verify
server-tls [2001:4860:4860::8844]:853 -host-name dns.google -tls-host-verify

# OpenDNS
server-https https://208.67.220.220/dns-query -host-name doh.opendns.com -tls-host-verify
server-tls 208.67.220.220:853 -host-name doh.opendns.com -tls-host-verify

# Quad9
server-https https://149.112.112.112/dns-query -host-name dns.quad9.net -tls-host-verify
server-tls 149.112.112.112:853 -host-name dns.quad9.net -tls-host-verify
server-https https://[2620:fe::fe]/dns-query -host-name dns.quad9.net -tls-host-verify
server-tls [2620:fe::fe]:853 -host-name dns.quad9.net -tls-host-verify

@pymumu
Copy link
Owner

pymumu commented Dec 21, 2022

用你发的配置。api.smoot.apple.cn这个域名可以解析。

@LisonFan
Copy link
Author

用你发的配置。api.smoot.apple.cn这个域名可以解析。

开了个新的 smartdns 测试了下,结果还是被丢弃了,您是不是没有下载这三个文件呢?

/etc/smartdns/sub-conf/china-site.list
/etc/smartdns/sub-conf/overseas-site.list
/etc/smartdns/sub-conf/whitelist-ip.conf

这三个文件的下载地址是:

https://github.com/LisonFan/smartdns-rules/blob/release/china-site.list
https://github.com/LisonFan/smartdns-rules/blob/release/overseas-site.list
https://github.com/LisonFan/smartdns-rules/blob/release/whitelist-ip.conf

image

smartdns.log

[2022-12-21 22:17:28,791][DEBUG][     dns_server.c:4418] recv query packet from 10.10.10.4, len = 36, type = 0
[2022-12-21 22:17:28,791][DEBUG][     dns_server.c:4430] request qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 36, id = 35587, tc = 0, rd = 1, ra = 0, rcode = 0
[2022-12-21 22:17:28,791][ INFO][     dns_server.c:4453] query server api.smoot.apple.cn from 10.10.10.4, qtype = 1
[2022-12-21 22:17:28,791][ INFO][     dns_server.c:3400] RULE-MATCH, type: 8, domain: api.smoot.apple.cn, rule: cn
[2022-12-21 22:17:28,791][ INFO][     dns_server.c:3400] RULE-MATCH, type: 9, domain: api.smoot.apple.cn, rule: cn
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:540 ] send query to group china
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:2851] send query to server 120.53.53.53
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1822] enable TCP fast open failed.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1874] tls server 120.53.53.53 connecting.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:2851] send query to server 120.53.53.53
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1822] enable TCP fast open failed.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1874] tls server 120.53.53.53 connecting.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:2851] send query to server 223.5.5.5
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1822] enable TCP fast open failed.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1874] tls server 223.5.5.5 connecting.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:2851] send query to server 223.5.5.5
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1822] enable TCP fast open failed.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1874] tls server 223.5.5.5 connecting.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:2851] send query to server 36.99.170.86
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1822] enable TCP fast open failed.
[2022-12-21 22:17:28,791][DEBUG][     dns_client.c:1874] tls server 36.99.170.86 connecting.
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 36.99.170.86
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:1822] enable TCP fast open failed.
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:1874] tls server 36.99.170.86 connecting.
[2022-12-21 22:17:28,792][ INFO][     dns_client.c:3147] send request api.smoot.apple.cn, qtype 1, id 11
[2022-12-21 22:17:28,792][ INFO][     dns_server.c:3400] RULE-MATCH, type: 8, domain: api.smoot.apple.cn, rule: cn
[2022-12-21 22:17:28,792][ INFO][     dns_server.c:3400] RULE-MATCH, type: 9, domain: api.smoot.apple.cn, rule: cn
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:540 ] send query to group china
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:1149] server 208.67.220.220 closed.
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2283] peer close, 208.67.220.220
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:1149] server 8.8.4.4 closed.
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2283] peer close, 8.8.4.4
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 120.53.53.53
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 120.53.53.53
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 223.5.5.5
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 223.5.5.5
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 36.99.170.86
[2022-12-21 22:17:28,792][DEBUG][     dns_client.c:2851] send query to server 36.99.170.86
[2022-12-21 22:17:28,792][ INFO][     dns_client.c:3147] send request api.smoot.apple.cn, qtype 28, id 12
[2022-12-21 22:17:28,834][DEBUG][     dns_client.c:2584] tls server 223.5.5.5 connected.
[2022-12-21 22:17:28,834][DEBUG][     dns_client.c:2589] new session
[2022-12-21 22:17:28,834][DEBUG][     dns_client.c:2459] peer CN: *.alidns.com
[2022-12-21 22:17:28,834][DEBUG][     dns_client.c:2510] cert SPKI pin(sha256): 67:04:76:D6:09:C2:31:3C:EC:33:A5:56:B6:76:FF:6B:3B:9F:81:87:A0:59:6B:A1:13:DA:DE:3F:9B:5A:99:65
[2022-12-21 22:17:28,837][DEBUG][     dns_client.c:2584] tls server 36.99.170.86 connected.
[2022-12-21 22:17:28,837][DEBUG][     dns_client.c:2589] new session
[2022-12-21 22:17:28,837][DEBUG][     dns_client.c:2459] peer CN: doh.360.cn
[2022-12-21 22:17:28,837][DEBUG][     dns_client.c:2510] cert SPKI pin(sha256): 24:D3:4D:8D:13:51:41:41:41:18:1C:88:47:0F:42:5D:4F:F9:E6:00:71:B3:55:32:54:02:16:A3:82:27:AE:B2
[2022-12-21 22:17:28,842][DEBUG][     dns_client.c:2584] tls server 36.99.170.86 connected.
[2022-12-21 22:17:28,842][DEBUG][     dns_client.c:2589] new session
[2022-12-21 22:17:28,842][DEBUG][     dns_client.c:2459] peer CN: doh.360.cn
[2022-12-21 22:17:28,842][DEBUG][     dns_client.c:2510] cert SPKI pin(sha256): 24:D3:4D:8D:13:51:41:41:41:18:1C:88:47:0F:42:5D:4F:F9:E6:00:71:B3:55:32:54:02:16:A3:82:27:AE:B2
[2022-12-21 22:17:28,852][DEBUG][     dns_client.c:2208] recv tcp packet from 223.5.5.5, len = 454
[2022-12-21 22:17:28,852][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,852][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 236, id = 11, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,852][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 1  qclass: 1
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:3015] query result from server 223.5.5.5: 443, type: 3
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2653] name:  ttl: 162 cname: api.smoot.apple.com
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2653] name:  ttl: 162 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2450] domain: bag-smoot.v.aaplimg.com TTL: 162 IP: 13.114.154.168
[2022-12-21 22:17:28,852][DEBUG][     dns_client.c:2208] recv tcp packet from 223.5.5.5, len = 511
[2022-12-21 22:17:28,852][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,852][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 3, nscount = 1, nrcount = 0, len = 294, id = 12, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,852][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 28  qclass: 1
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:3015] query result from server 223.5.5.5: 443, type: 3
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2885] name: api.smoot.apple.cn ttl: 13 cname: api.smoot.apple.com
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2885] name: api.smoot.apple.com ttl: 13 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2902] domain: api.smoot.apple.cn, qtype: 28, SOA: mname: a.gslb.aaplimg.com, rname: hostmaster.apple.com, serial: 1671557785, refresh: 1800, retry: 300, expire: 60480, minimum: 300
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:2986] dualstack result: domain: api.smoot.apple.cn, ip: , type: 28, ping: -1
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:1058] cache api.smoot.apple.cn qtype: 28 ttl: 300
[2022-12-21 22:17:28,852][DEBUG][     dns_server.c:1206] Cache CNAME: bag-smoot.v.aaplimg.com, qtype: 28, speed: -1
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:2584] tls server 223.5.5.5 connected.
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:2589] new session
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:2459] peer CN: *.alidns.com
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:2510] cert SPKI pin(sha256): 67:04:76:D6:09:C2:31:3C:EC:33:A5:56:B6:76:FF:6B:3B:9F:81:87:A0:59:6B:A1:13:DA:DE:3F:9B:5A:99:65
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:2208] recv tcp packet from 36.99.170.86, len = 295
[2022-12-21 22:17:28,862][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 144, id = 11, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,862][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 1  qclass: 1
[2022-12-21 22:17:28,862][DEBUG][     dns_server.c:3015] query result from server 36.99.170.86: 443, type: 3
[2022-12-21 22:17:28,862][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,862][DEBUG][     dns_server.c:2653] name:  ttl: 106 cname: api.smoot.apple.com
[2022-12-21 22:17:28,862][DEBUG][     dns_server.c:2653] name:  ttl: 106 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,862][DEBUG][     dns_server.c:2450] domain: bag-smoot.v.aaplimg.com TTL: 106 IP: 3.115.3.213
[2022-12-21 22:17:28,866][DEBUG][     dns_client.c:2208] recv tcp packet from 36.99.170.86, len = 146
[2022-12-21 22:17:28,866][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,866][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 144, id = 11, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,866][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 1  qclass: 1
[2022-12-21 22:17:28,866][DEBUG][     dns_server.c:3015] query result from server 36.99.170.86: 853, type: 2
[2022-12-21 22:17:28,866][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,866][DEBUG][     dns_server.c:2653] name:  ttl: 106 cname: api.smoot.apple.com
[2022-12-21 22:17:28,866][DEBUG][     dns_server.c:2653] name:  ttl: 106 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,866][DEBUG][     dns_server.c:2450] domain: bag-smoot.v.aaplimg.com TTL: 106 IP: 3.115.3.213
[2022-12-21 22:17:28,880][DEBUG][     dns_client.c:2584] tls server 120.53.53.53 connected.
[2022-12-21 22:17:28,880][DEBUG][     dns_client.c:2589] new session
[2022-12-21 22:17:28,880][DEBUG][     dns_client.c:2459] peer CN: *.doh.pub
[2022-12-21 22:17:28,880][DEBUG][     dns_client.c:2510] cert SPKI pin(sha256): 43:52:51:A8:6D:FB:F4:D6:D9:60:3E:8A:70:0F:A3:97:C7:28:F7:0B:90:36:18:3F:62:63:78:74:B2:26:42:93
[2022-12-21 22:17:28,884][DEBUG][     dns_client.c:2208] recv tcp packet from 36.99.170.86, len = 344
[2022-12-21 22:17:28,884][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,884][DEBUG][            dns.c:1880] opt type 8
[2022-12-21 22:17:28,884][DEBUG][            dns.c:1664] ECS: family:1, source_prefix:24, scope_prefix:0, len:3
[2022-12-21 22:17:28,884][DEBUG][            dns.c:1666] 113.218.218.0
[2022-12-21 22:17:28,884][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 3, nscount = 1, nrcount = 0, len = 193, id = 12, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,884][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 28  qclass: 1
[2022-12-21 22:17:28,884][DEBUG][     dns_server.c:3015] query result from server 36.99.170.86: 443, type: 3
[2022-12-21 22:17:28,884][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,884][DEBUG][     dns_server.c:2653] name:  ttl: 106 cname: api.smoot.apple.com
[2022-12-21 22:17:28,884][DEBUG][     dns_server.c:2653] name:  ttl: 106 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,884][DEBUG][     dns_server.c:2661] domain: api.smoot.apple.cn, qtype: 28, SOA: mname: a.gslb.aaplimg.com, rname: hostmaster.apple.com, serial: 1671557785, refresh: 1800, retry: 300, expire: 60480, minimum: 300
[2022-12-21 22:17:28,884][DEBUG][     dns_server.c:2673] bag-smoot.v.aaplimg.com, qtype: 8
[2022-12-21 22:17:28,888][DEBUG][     dns_client.c:2584] tls server 120.53.53.53 connected.
[2022-12-21 22:17:28,888][DEBUG][     dns_client.c:2589] new session
[2022-12-21 22:17:28,888][DEBUG][     dns_client.c:2459] peer CN: 120.53.53.53
[2022-12-21 22:17:28,889][DEBUG][     dns_client.c:2510] cert SPKI pin(sha256): E5:32:0C:8E:0C:8C:84:0D:2A:98:F7:4A:F8:03:3D:2D:7E:AF:34:8F:FD:10:F0:72:76:1F:D9:5D:D7:DC:62:62
[2022-12-21 22:17:28,896][DEBUG][     dns_client.c:2208] recv tcp packet from 223.5.5.5, len = 238
[2022-12-21 22:17:28,896][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,896][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 236, id = 11, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,896][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 1  qclass: 1
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:3015] query result from server 223.5.5.5: 853, type: 2
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2653] name:  ttl: 163 cname: api.smoot.apple.com
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2653] name:  ttl: 163 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2450] domain: bag-smoot.v.aaplimg.com TTL: 163 IP: 13.114.154.168
[2022-12-21 22:17:28,896][DEBUG][     dns_client.c:2208] recv tcp packet from 36.99.170.86, len = 184
[2022-12-21 22:17:28,896][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,896][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 3, nscount = 1, nrcount = 0, len = 182, id = 12, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,896][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 28  qclass: 1
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:3015] query result from server 36.99.170.86: 853, type: 2
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2653] name:  ttl: 246 cname: api.smoot.apple.com
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2653] name:  ttl: 246 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,896][DEBUG][     dns_server.c:2661] domain: api.smoot.apple.cn, qtype: 28, SOA: mname: a.gslb.aaplimg.com, rname: hostmaster.apple.com, serial: 1671557785, refresh: 1800, retry: 300, expire: 60480, minimum: 300
[2022-12-21 22:17:28,909][DEBUG][     dns_client.c:2208] recv tcp packet from 120.53.53.53, len = 623
[2022-12-21 22:17:28,909][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,909][DEBUG][            dns.c:1880] opt type 12
[2022-12-21 22:17:28,909][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 468, id = 11, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,909][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 1  qclass: 1
[2022-12-21 22:17:28,909][DEBUG][     dns_server.c:3015] query result from server 120.53.53.53: 443, type: 3
[2022-12-21 22:17:28,909][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,909][DEBUG][     dns_server.c:2653] name:  ttl: 86140 cname: api.smoot.apple.com
[2022-12-21 22:17:28,909][DEBUG][     dns_server.c:2653] name:  ttl: 40 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,909][DEBUG][     dns_server.c:2450] domain: bag-smoot.v.aaplimg.com TTL: 40 IP: 13.114.154.168
[2022-12-21 22:17:28,910][DEBUG][     dns_client.c:2208] recv tcp packet from 120.53.53.53, len = 623
[2022-12-21 22:17:28,910][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,910][DEBUG][            dns.c:1880] opt type 12
[2022-12-21 22:17:28,910][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 3, nscount = 0, nrcount = 0, len = 468, id = 12, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,910][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 28  qclass: 1
[2022-12-21 22:17:28,910][DEBUG][     dns_server.c:3015] query result from server 120.53.53.53: 443, type: 3
[2022-12-21 22:17:28,910][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,910][DEBUG][     dns_server.c:2653] name:  ttl: 86228 cname: api.smoot.apple.com
[2022-12-21 22:17:28,910][DEBUG][     dns_server.c:2653] name:  ttl: 128 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,913][DEBUG][     dns_client.c:2208] recv tcp packet from 223.5.5.5, len = 296
[2022-12-21 22:17:28,913][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,913][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 3, nscount = 1, nrcount = 0, len = 294, id = 12, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2022-12-21 22:17:28,913][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 28  qclass: 1
[2022-12-21 22:17:28,913][DEBUG][     dns_server.c:3015] query result from server 223.5.5.5: 853, type: 2
[2022-12-21 22:17:28,913][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,913][DEBUG][     dns_server.c:2653] name:  ttl: 20 cname: api.smoot.apple.com
[2022-12-21 22:17:28,913][DEBUG][     dns_server.c:2653] name:  ttl: 20 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,913][DEBUG][     dns_server.c:2661] domain: api.smoot.apple.cn, qtype: 28, SOA: mname: a.gslb.aaplimg.com, rname: hostmaster.apple.com, serial: 1671557785, refresh: 1800, retry: 300, expire: 60480, minimum: 300
[2022-12-21 22:17:28,920][DEBUG][     dns_client.c:2208] recv tcp packet from 120.53.53.53, len = 161
[2022-12-21 22:17:28,920][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:28,920][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 159, id = 11, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2022-12-21 22:17:28,920][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 1  qclass: 1
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:3015] query result from server 120.53.53.53: 853, type: 2
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:2653] name:  ttl: 0 cname: api.smoot.apple.com
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:2653] name:  ttl: 189 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:2450] domain: bag-smoot.v.aaplimg.com TTL: 189 IP: 13.114.154.168
[2022-12-21 22:17:28,920][DEBUG][     dns_client.c:1401] result: api.smoot.apple.cn, qtype: 1, hasresult: 1, id 11
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:1533] reply api.smoot.apple.cn qtype: 1, rcode: 0, reply: 1
[2022-12-21 22:17:28,920][DEBUG][     dns_server.c:1058] cache api.smoot.apple.cn qtype: 1 ttl: 60
[2022-12-21 22:17:29,070][DEBUG][     dns_client.c:2208] recv tcp packet from 120.53.53.53, len = 199
[2022-12-21 22:17:29,070][DEBUG][            dns.c:2225] DNS type = 39 not supported
[2022-12-21 22:17:29,070][DEBUG][     dns_client.c:1611] qdcount = 1, ancount = 3, nscount = 1, nrcount = 0, len = 197, id = 12, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2022-12-21 22:17:29,070][DEBUG][     dns_client.c:1622] domain: api.smoot.apple.cn qtype: 28  qclass: 1
[2022-12-21 22:17:29,070][DEBUG][     dns_server.c:3015] query result from server 120.53.53.53: 853, type: 2
[2022-12-21 22:17:29,070][DEBUG][     dns_server.c:2673] , qtype: 39
[2022-12-21 22:17:29,070][DEBUG][     dns_server.c:2653] name:  ttl: 0 cname: api.smoot.apple.com
[2022-12-21 22:17:29,070][DEBUG][     dns_server.c:2653] name:  ttl: 300 cname: bag-smoot.v.aaplimg.com
[2022-12-21 22:17:29,070][DEBUG][     dns_server.c:2661] domain: api.smoot.apple.cn, qtype: 28, SOA: mname: a.gslb.aaplimg.com, rname: hostmaster.apple.com, serial: 1671557785, refresh: 1800, retry: 300, expire: 60480, minimum: 300
[2022-12-21 22:17:29,070][DEBUG][     dns_client.c:1401] result: api.smoot.apple.cn, qtype: 28, hasresult: 1, id 12

@pymumu
Copy link
Owner

pymumu commented Dec 21, 2022
edited
Loading

最简单就是从CN组里面忽略 nameserver /xxx.com/-
其他方案还有待讨论。

@LisonFan LisonFan mentioned this issue Jan 13, 2023
Open
@LisonFan
Copy link
Author

LisonFan commented Jun 1, 2023

最简单就是从CN组里面忽略 nameserver /xxx.com/- 其他方案还有待讨论。

前两天突然想到是不是可以加一个类似 fallback 的功能(想法来自于 Clash

一个简单的示例

server 1.2.3.4 -whitelist-ip
server 5.6.7.8 -whitelist-ip

serevr 1.1.1.1 fallback
serevr 8.8.8.8 fallback

fallback 必须和 -whitelist-ip 搭配使用,被标记为 fallbackDNS不会主动发起请求

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pymumu @LisonFan @PikuZheng