Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

请教:是否支持单纯的dns转发 #185

Closed
lwb1978 opened this issue Jul 26, 2024 · 10 comments
Closed

请教:是否支持单纯的dns转发 #185

lwb1978 opened this issue Jul 26, 2024 · 10 comments
Labels
documentation Improvements or additions to documentation

Comments

@lwb1978
Copy link

lwb1978 commented Jul 26, 2024

如果不需要域名分流等功能的话,是否可以类似dns2tcp这样只设置bind-addr、bind-port、china-dns这几个参数,直接将本地的dns udp请求转发到上游的tcp或dot上?谢谢。
@zfl9
Copy link
Owner

zfl9 commented Jul 26, 2024
edited
Loading

当然可以,例如这个参数,将启动一个类似 dns2tcp 的转发器 (监听 udp dns,转发至 tcp dns):

chinadns-ng -b 127.0.0.1 -l 5454@udp -c 'tcp://127.0.0.1#5656' -d chn udp -> tcp
chinadns-ng -b 127.0.0.1 -l 5454@udp -c tls://223.5.5.5 -d chn udp -> DoT
chinadns-ng -b 127.0.0.1 -l 5454 -c tls://1.1.1.1 -d chn tcp/udp -> DoT

精髓就在于 -d chn,由于未指定任何域名列表,然后又默认 chn 组,因此等于“全部走 chn 组”,即 -c 指定的上游

@lwb1978
Copy link
Author

lwb1978 commented Jul 26, 2024

当然可以,例如这个参数,将启动一个类似 dns2tcp 的转发器 (监听 udp dns,转发至 tcp dns):

chinadns-ng -b 127.0.0.1 -l 5454@udp -c 'tcp://127.0.0.1#5656' -d chn udp -> tcp chinadns-ng -b 127.0.0.1 -l 5454@udp -c tls://223.5.5.5 -d chn udp -> DoT chinadns-ng -b 127.0.0.1 -l 5454 -c tls://1.1.1.1 -d chn tcp/udp -> DoT

精髓就在于 -d chn,由于未指定任何域名列表,然后又默认 chn 组,因此等于“全部走 chn 组”,即 -c 指定的上游

非常感谢老大的回复。

@zfl9 zfl9 added the documentation Improvements or additions to documentation label Jul 26, 2024
@lwb1978 lwb1978 closed this as completed Jul 29, 2024
@lwb1978
Copy link
Author

lwb1978 commented Aug 5, 2024

@zfl9 我在openwrt中测试用chinadns-ng -b 127.0.0.1 -l 5454@udp -c 'tcp://223.5.5.5' -d chn这样测试,发现每次启动进程后大概30秒左右5454端口可以解析域名,过后就无法解析了,排除5454端口冲突。
chinadns-ng为0721 chinadns-ng+wolfssl@x86_64-linux-musl@x86_64@fast+lto

@zfl9
Copy link
Owner

zfl9 commented Aug 6, 2024

被 223.5.5.5 限流了?同时期使用 dig @223.5.5.5 +tcp 测试看是否正常,如果也不正常,说明与 chinadns-ng 无关。

@lwb1978
Copy link
Author

lwb1978 commented Aug 6, 2024

dig qq.com @223.5.5.5 +tcp 是通的,而
dig qq.com @127.0.0.1 -p 5454就超时

;; communications error to 127.0.0.1#5454: timed out
;; communications error to 127.0.0.1#5454: timed out
;; communications error to 127.0.0.1#5454: timed out
; <<>> DiG 9.18.27 <<>> qq.com @127.0.0.1 -p 5454
;; global options: +cmd
;; no servers could be reached

@zfl9
Copy link
Owner

zfl9 commented Aug 6, 2024

verbose 日志发一下。

@lwb1978
Copy link
Author

lwb1978 commented Aug 6, 2024
edited
Loading

观察了一个上午,感觉像是处理大量dns访问时出现的,我运行:
chinadns-ng -b 127.0.0.1 -l 55353 -c tls://dot.pub@1.12.12.12 -d chn -v
将路由器的dns端口重定向到55353,开始运行时少量dns请求可以正常返回,当量大的时候就出现了问题。下面的出错的时候的两段日志片段:

2024-08-06 11:57:37 I [Upstream.zig:946 Group.send] forward query(qid:2670, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 11:57:37 I [server.zig:309 QueryLog.query] query(id:3552, tag:chn, qtype:1, 'broker.mina.mi.com') from 127.0.0.1#48724
2024-08-06 11:57:37 I [server.zig:383 QueryLog.forward] forward query(qid:2671, from:udp, 'broker.mina.mi.com') to china group
2024-08-06 11:57:37 I [Upstream.zig:946 Group.send] forward query(qid:2671, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 11:57:37 I [server.zig:309 QueryLog.query] query(id:3553, tag:chn, qtype:1, 'www.mi.com') from 127.0.0.1#48724
2024-08-06 11:57:37 I [server.zig:383 QueryLog.forward] forward query(qid:2672, from:udp, 'www.mi.com') to china group
2024-08-06 11:57:37 I [Upstream.zig:946 Group.send] forward query(qid:2672, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2640, id:3521, tag:chn) from udp://127.0.0.1#48724 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2641, id:3522, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2642, id:3523, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2643, id:3524, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2644, id:3525, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2645, id:3526, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2646, id:3527, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2647, id:3528, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2648, id:3529, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2649, id:3530, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2650, id:3531, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2651, id:3532, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2652, id:3533, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2653, id:3534, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2654, id:3535, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2655, id:3536, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2656, id:3537, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2657, id:3538, tag:chn) from udp://127.0.0.1#42511 [timeout]
2024-08-06 11:57:38 W [server.zig:891 on_timeout] query(qid:2658, id:3539, tag:chn) from udp://127.0.0.1#42511 [timeout]

2024-08-06 12:22:43 I [server.zig:598 ReplyLog.reply] reply(qid:905, tag:(null), qtype:1, 'www.visa.com.sg') from tls://dot.pub@1.12.12.12 [ignore]
2024-08-06 12:23:06 I [server.zig:309 QueryLog.query] query(id:46626, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#37639
2024-08-06 12:23:06 I [server.zig:383 QueryLog.forward] forward query(qid:1035, from:udp, 'qq.com') to china group
2024-08-06 12:23:06 I [Upstream.zig:946 Group.send] forward query(qid:1035, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:11 W [server.zig:891 on_timeout] query(qid:1035, id:46626, tag:chn) from udp://127.0.0.1#37639 [timeout]
2024-08-06 12:23:11 I [server.zig:309 QueryLog.query] query(id:46626, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#36016
2024-08-06 12:23:11 I [server.zig:383 QueryLog.forward] forward query(qid:1036, from:udp, 'qq.com') to china group
2024-08-06 12:23:11 I [Upstream.zig:946 Group.send] forward query(qid:1036, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:16 W [server.zig:891 on_timeout] query(qid:1036, id:46626, tag:chn) from udp://127.0.0.1#36016 [timeout]
2024-08-06 12:23:16 I [server.zig:309 QueryLog.query] query(id:46626, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#60586
2024-08-06 12:23:16 I [server.zig:383 QueryLog.forward] forward query(qid:1037, from:udp, 'qq.com') to china group
2024-08-06 12:23:16 I [Upstream.zig:946 Group.send] forward query(qid:1037, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:21 W [server.zig:891 on_timeout] query(qid:1037, id:46626, tag:chn) from udp://127.0.0.1#60586 [timeout]
2024-08-06 12:23:24 I [server.zig:309 QueryLog.query] query(id:55916, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#35975
2024-08-06 12:23:24 I [server.zig:383 QueryLog.forward] forward query(qid:1038, from:udp, 'qq.com') to china group
2024-08-06 12:23:24 I [Upstream.zig:946 Group.send] forward query(qid:1038, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:29 W [server.zig:891 on_timeout] query(qid:1038, id:55916, tag:chn) from udp://127.0.0.1#35975 [timeout]
2024-08-06 12:23:29 I [server.zig:309 QueryLog.query] query(id:55916, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#36221
2024-08-06 12:23:29 I [server.zig:383 QueryLog.forward] forward query(qid:1039, from:udp, 'qq.com') to china group
2024-08-06 12:23:29 I [Upstream.zig:946 Group.send] forward query(qid:1039, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:34 W [server.zig:891 on_timeout] query(qid:1039, id:55916, tag:chn) from udp://127.0.0.1#36221 [timeout]
2024-08-06 12:23:34 I [server.zig:309 QueryLog.query] query(id:55916, tag:chn, qtype:1, 'qq.com') from 127.0.0.1#39795
2024-08-06 12:23:34 I [server.zig:383 QueryLog.forward] forward query(qid:1040, from:udp, 'qq.com') to china group
2024-08-06 12:23:34 I [Upstream.zig:946 Group.send] forward query(qid:1040, from:udp) to upstream tls://dot.pub@1.12.12.12
2024-08-06 12:23:39 W [server.zig:891 on_timeout] query(qid:1040, id:55916, tag:chn) from udp://127.0.0.1#39795 [timeout]
2024-08-06 12:23:43 I [Upstream.zig:592 TCP.do_connect] tls://dot.pub@1.12.12.12 | TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | full
2024-08-06 12:23:43 I [server.zig:598 ReplyLog.reply] reply(qid:1039, tag:(null), qtype:1, 'qq.com') from tls://dot.pub@1.12.12.12 [ignore]
2024-08-06 12:23:43 I [server.zig:598 ReplyLog.reply] reply(qid:1035, tag:(null), qtype:1, 'qq.com') from tls://dot.pub@1.12.12.12 [ignore]

@zfl9
Copy link
Owner

zfl9 commented Aug 6, 2024
edited
Loading

手动编译一个 no-lto 的版本试试

zig build -Dlto=false -Dwolfssl -Dtarget=x86_64-linux-musl -Dcpu=x86_64

另外,换其他tls上游是否正常,或者同时使用两个上游:

-c tls://223.5.5.5 -c tls://1.12.12.12

也许和 pipeline 查询有关(在单个 tcp/tls 连接中执行多个查询),因为你这个看起来像是 tcp/tls 连接被限速了。也许应该给单个 tcp/tls 连接设置一个限额,比如设置为 10,表示单个连接最多服务 10 次 dns 查询,超过这个限额,就关闭此连接,下次有新的 dns 查询时,再与服务器建立一个新的连接。如果限额为 1,则行为类似 dns2tcp,每个查询都与服务器建立单独的 tcp/tls 连接。

@lwb1978
Copy link
Author

lwb1978 commented Aug 6, 2024

感谢,经过测试,确实受到了dns限速,我改用运营商的dns和字节的dns后可以正常查询。

@zfl9 zfl9 mentioned this issue Aug 6, 2024
Closed
@zfl9
Copy link
Owner

zfl9 commented Aug 6, 2024

#189 这里讨论吧。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zfl9 @lwb1978