Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

是否可添加WhenAlternativeDNSAnswerNoneUse或添加不缓存空DNS响应的参数? #229

Open
gubiao opened this issue Apr 27, 2020 · 2 comments
Open

是否可添加WhenAlternativeDNSAnswerNoneUse或添加不缓存空DNS响应的参数? #229

gubiao opened this issue Apr 27, 2020 · 2 comments
Labels
enhancement

Comments

@gubiao
Copy link

gubiao commented Apr 27, 2020
edited
Loading

1. 配置文件:
{
"BindAddress": "127.0.0.1:53",
"DebugHTTPAddress": "127.0.0.1:5555",
"PrimaryDNS": [
{
"Name": "Baidu",
"Address": "180.76.76.76:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 5,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
}
],
"AlternativeDNS": [
{
"Name": "Bypass-GFW",
"Address": "127.0.0.1:1081",
"Protocol": "tcp",
"SOCKS5Address": "",
"Timeout": 10,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
}
],
"OnlyPrimaryDNS": false,
"IPv6UseAlternativeDNS": false,
"AlternativeDNSConcurrent": false,
"PoolIdleTimeout": 15,
"PoolMaxCapacity": 15,
"WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
"IPNetworkFile": {
"Primary": "./ip_network_primary",
"Alternative": "./ip_network_alternative"
},
"DomainFile": {
"Primary": "./domain_primary",
"Alternative": "./domain_alternative",
"Matcher": "full-map"
},
"HostsFile": {
"HostsFile": "./hosts",
"Finder": "full-map"
},
"MinimumTTL": 3600,
"DomainTTLFile" : "./domain_ttl",
"CacheSize" : 5000,
"RejectQType": [255]
}

2. 问题场景描述:
PrimaryDNS为国内DNS, ip_network_primary文件中存放国内所有IP段信息, 如果PrimaryDNS返回的查询结果IP不在ip_network_primary文件中的国内地址段范围内则继续使用AlternativeDNS通过加密通道向国外DNS服务器进行查询, 通常情况下此方式能工作的很好.
但加密通道如果偶尔抽风不稳恰巧在这时发起了DNS查询请求, 则AlternativeDNS会返回空的DNS响应, 如果同时启用了cache的话会导致这个空的DNS结果被一直缓存导致后续对这个域名的DNS请求永远返回空, 这时只能手工重启overturn使缓存失效才行.

3. 可能的解决办法:
实际场景中虽然PrimaryDNS返回的IP不在ip_network_primary文件的国内IP地址段中, 但绝大多数并不是被污染的DNS结果, 只是国外网站没有大陆服务器IP而已, 毕竟被污染的域名是屈指可数的, 也就是说大多数其实都是正确的国外IP地址.
a. 如果支持WhenAlternativeDNSAnswerNoneUse=“PrimaryDNS”选项, 在由于加密通道不稳导致AlternativeDNS返回空的DNS响应时降级为允许忽略ip_network_primary规则直接使用PrimaryDNS返回的结果则此问题可很大程度上缓解.
b. 如果支持CacheNoneUseAnswer=false类似的参数, 可以对DNS响应中不包含ANSWER SECTION的结果缓存策略进行控制, 则可完美解决此问题.

4. 以下为由于加密通道不稳导致空的DNS响应被缓存时查询的结果, 此时只能重启overture清除缓存:
$ dig lowendtalk.com

; <<>> DiG 9.10.6 <<>> lowendtalk.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45866
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lowendtalk.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 27 22:36:56 CST 2020
;; MSG SIZE rcvd: 32
@wangmice
Copy link

wangmice commented May 3, 2020

支持,可惜不懂代码

@NyaMisty
Copy link
Contributor

NyaMisty commented Jan 7, 2021

为啥会有这种情况?信道再怎么不稳定,也不可能会返回空的记录啊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gubiao @NyaMisty @shawn1m @wangmice