New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

加上-m后无法处理某些ISP的DNS劫持(劫持到国内IP) #24

Closed
cokebar opened this Issue Sep 5, 2015 · 19 comments

Comments

9 participants
@cokebar

cokebar commented Sep 5, 2015

加了-m,chinadns取了国内ip结果
去掉,有delay后,chinadns采用了国外的结果。
现在 @aa65535 你的luci-app里面已经没了-m的开关了,默认是打开的。之前我用了gwflist生成的dnsmasq规则,本来就没有这个问题,不过昨天重刷路由发现了。目前继续将dnsmasq规则添上去解决。另一种方式是把init.d里面的-m去了,不过相信不少人还是不大会改的吧,好多人都是看着别人写的步骤依葫芦画瓢来的。

dig @192.168.1.1 -p 35352 www.google.com

root@OpenWrt:/tmp# chinadns -c /etc/ignore.list -b 0.0.0.0 -p 35352 -v -s 211.138.24.66,127.0.0.1:5311
Fri Sep  4 02:50:54 2015 request www.google.com
Fri Sep  4 02:50:54 2015 response www.google.com from 211.138.24.66:53 - 211.138.21.142, delay
Fri Sep  4 02:50:54 2015 response www.google.com from 127.0.0.1:5311 - 216.58.221.132, delay

root@OpenWrt:/tmp# chinadns -c /etc/ignore.list -b 0.0.0.0 -p 35352 -m -v -s 211.138.24.66,127.0.0.1:5311
Fri Sep  4 02:52:00 2015 request www.google.com
Fri Sep  4 02:52:00 2015 response www.google.com from 211.138.24.66:53 - 211.138.21.142, pass
Fri Sep  4 02:52:00 2015 response www.google.com from 127.0.0.1:5311 - 216.58.221.132, pass

如上所示 加了-m时候 国内dns结果是pass

这情况不知道好解决不。
PS:clowwindy现在这状况的情况下,chinadns还有人维护么?

@aa65535

This comment has been minimized.

Show comment
Hide comment
@aa65535

aa65535 Sep 5, 2015

Owner

127.0.0.1:5311 是什么提供的?有没有缓存?
实际查询时国内DNS不使用压缩指针。

Owner

aa65535 commented Sep 5, 2015

127.0.0.1:5311 是什么提供的?有没有缓存?
实际查询时国内DNS不使用压缩指针。

@cokebar

This comment has been minimized.

Show comment
Hide comment
@cokebar

cokebar Sep 5, 2015

127.0.0.1:5311是ss-tunnel的 指向8.8.8.8
应该是-m以后 delay没了导致的吧
去了-m 是默认0.3的delay 吧
记得之前GFW刚变污染策略 chinadns刚加上delay策略 没加压缩指针变异时候 我曾经把delay设置到0 结果就出现过类似现象
没看过代码 估计我也看不懂 也不清楚chinadns的具体对国内国外结果的选择策略是啥

cokebar commented Sep 5, 2015

127.0.0.1:5311是ss-tunnel的 指向8.8.8.8
应该是-m以后 delay没了导致的吧
去了-m 是默认0.3的delay 吧
记得之前GFW刚变污染策略 chinadns刚加上delay策略 没加压缩指针变异时候 我曾经把delay设置到0 结果就出现过类似现象
没看过代码 估计我也看不懂 也不清楚chinadns的具体对国内国外结果的选择策略是啥

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 6, 2015

我一直想知道压缩指针到底是干什么用的。

2015-09-05 21:58 GMT+08:00 Cokebar Chi notifications@github.com:

127.0.0.1:5311是ss-tunnel的 指向8.8.8.8
应该是-m以后 delay没了导致的吧


Reply to this email directly or view it on GitHub
#24 (comment)
.

ghost commented Sep 6, 2015

我一直想知道压缩指针到底是干什么用的。

2015-09-05 21:58 GMT+08:00 Cokebar Chi notifications@github.com:

127.0.0.1:5311是ss-tunnel的 指向8.8.8.8
应该是-m以后 delay没了导致的吧


Reply to this email directly or view it on GitHub
#24 (comment)
.

@w18g

This comment has been minimized.

Show comment
Hide comment
@w18g

w18g Nov 4, 2015

why does this time out so often? I already set the delay to 2.0sec

root@OpenWrt:~# dig github.com

; <<>> DiG 9.9.4 <<>> github.com
;; global options: +cmd
;; connection timed out; no servers could be reached
root@OpenWrt:#
root@OpenWrt:
# ps -w | grep china
4633 root 844 S /usr/bin/chinadns -p 5353 -s 202.96.134.133,8.8.4.4 -c /etc/chinadns_chnroute.txt -d -m -y 2.0
4717 root 1356 S grep china
root@OpenWrt:~#

w18g commented Nov 4, 2015

why does this time out so often? I already set the delay to 2.0sec

root@OpenWrt:~# dig github.com

; <<>> DiG 9.9.4 <<>> github.com
;; global options: +cmd
;; connection timed out; no servers could be reached
root@OpenWrt:#
root@OpenWrt:
# ps -w | grep china
4633 root 844 S /usr/bin/chinadns -p 5353 -s 202.96.134.133,8.8.4.4 -c /etc/chinadns_chnroute.txt -d -m -y 2.0
4717 root 1356 S grep china
root@OpenWrt:~#

@aa65535

This comment has been minimized.

Show comment
Hide comment
@aa65535
Owner

aa65535 commented Nov 8, 2015

try v1.3.2-2

@ccxp

This comment has been minimized.

Show comment
Hide comment
@ccxp

ccxp Nov 11, 2015

#define ID_ADDR_QUEUE_LEN 128
#define DELAY_QUEUE_LEN 128

queue太小了,会不会是网络比较慢时,堵塞超过128个后就不停更新这个queue,没有一个命中。

ccxp commented Nov 11, 2015

#define ID_ADDR_QUEUE_LEN 128
#define DELAY_QUEUE_LEN 128

queue太小了,会不会是网络比较慢时,堵塞超过128个后就不停更新这个queue,没有一个命中。

@ccxp

This comment has been minimized.

Show comment
Hide comment
@ccxp

ccxp Nov 11, 2015

static void dns_handle_remote()的最下面一个else,没有free(src_addr);
dns_handle_local也是最后个else没有free

ccxp commented Nov 11, 2015

static void dns_handle_remote()的最下面一个else,没有free(src_addr);
dns_handle_local也是最后个else没有free

@mysteriouss

This comment has been minimized.

Show comment
Hide comment
@mysteriouss

mysteriouss Nov 12, 2015

更新到最新后,最近看iOS上的Instagram的图片加载也不正常了,发现得到的是114.114.114.114的结果,所以只好停了ChinaDNS,改用pdnsd直接+tcp HK的DNS,以下是scontent.cdninstagram.com的

dig @114.114.114.114 scontent.cdninstagram.com

; <<>> DiG 9.9.4 <<>> @114.114.114.114 scontent.cdninstagram.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38133
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;scontent.cdninstagram.com. IN A

;; AUTHORITY SECTION:
cdninstagram.com. 30 IN NS b.ns.igcdn.com.
cdninstagram.com. 30 IN NS a.ns.igcdn.com.

;; ADDITIONAL SECTION:
a.ns.igcdn.com. 30 IN A 69.171.239.11
b.ns.igcdn.com. 30 IN A 69.171.255.11

;; Query time: 20 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)

dig @202.45.84.58 scontent.cdninstagram.com

; <<>> DiG 9.9.4 <<>> scontent.cdninstagram.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47585
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;scontent.cdninstagram.com. IN A

;; ANSWER SECTION:
scontent.cdninstagram.com. 90 IN A 31.13.95.48

;; Query time: 85 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

mysteriouss commented Nov 12, 2015

更新到最新后,最近看iOS上的Instagram的图片加载也不正常了,发现得到的是114.114.114.114的结果,所以只好停了ChinaDNS,改用pdnsd直接+tcp HK的DNS,以下是scontent.cdninstagram.com的

dig @114.114.114.114 scontent.cdninstagram.com

; <<>> DiG 9.9.4 <<>> @114.114.114.114 scontent.cdninstagram.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38133
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;scontent.cdninstagram.com. IN A

;; AUTHORITY SECTION:
cdninstagram.com. 30 IN NS b.ns.igcdn.com.
cdninstagram.com. 30 IN NS a.ns.igcdn.com.

;; ADDITIONAL SECTION:
a.ns.igcdn.com. 30 IN A 69.171.239.11
b.ns.igcdn.com. 30 IN A 69.171.255.11

;; Query time: 20 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)

dig @202.45.84.58 scontent.cdninstagram.com

; <<>> DiG 9.9.4 <<>> scontent.cdninstagram.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47585
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;scontent.cdninstagram.com. IN A

;; ANSWER SECTION:
scontent.cdninstagram.com. 90 IN A 31.13.95.48

;; Query time: 85 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

@ohyeah521

This comment has been minimized.

Show comment
Hide comment
@ohyeah521

ohyeah521 Nov 13, 2015

最近chinadns确实好多问题的,不知道是不是gfw变化了策略导致的,经常github解析不了。

ohyeah521 commented Nov 13, 2015

最近chinadns确实好多问题的,不知道是不是gfw变化了策略导致的,经常github解析不了。

@thank243

This comment has been minimized.

Show comment
Hide comment
@thank243

thank243 Nov 20, 2015

有点怀疑是这个包的问题,现在换回c大的试试效果。

thank243 commented Nov 20, 2015

有点怀疑是这个包的问题,现在换回c大的试试效果。

@lixingcong

This comment has been minimized.

Show comment
Hide comment
@lixingcong

lixingcong Nov 21, 2015

去本项目release页面看看1.3.2-2版本使用说明,也许有收获:
https://github.com/aa65535/openwrt-chinadns/releases
使用【境外自建dns】填入chinadns可信列表

lixingcong commented Nov 21, 2015

去本项目release页面看看1.3.2-2版本使用说明,也许有收获:
https://github.com/aa65535/openwrt-chinadns/releases
使用【境外自建dns】填入chinadns可信列表

@thank243

This comment has been minimized.

Show comment
Hide comment
@thank243

thank243 Nov 21, 2015

感觉还是只有chinadns加unbound来防污染,dnscrypt用了2天,感觉不太稳定,几个小时必然故障10分钟

thank243 commented Nov 21, 2015

感觉还是只有chinadns加unbound来防污染,dnscrypt用了2天,感觉不太稳定,几个小时必然故障10分钟

@hero18688

This comment has been minimized.

Show comment
Hide comment
@hero18688

hero18688 Dec 3, 2015

Redsocks2 UDP_relay适合加入可信DNS吗

hero18688 commented Dec 3, 2015

Redsocks2 UDP_relay适合加入可信DNS吗

@hero18688

This comment has been minimized.

Show comment
Hide comment
@hero18688

hero18688 Dec 3, 2015

现在是redsocks2+chinadns,当开网变得很卡时,重启openwrt可以改善,会是什么原因呢

hero18688 commented Dec 3, 2015

现在是redsocks2+chinadns,当开网变得很卡时,重启openwrt可以改善,会是什么原因呢

@lixingcong

This comment has been minimized.

Show comment
Hide comment
@lixingcong

lixingcong Jan 22, 2016

我也遇到这种情况了。

得到国内dns结果是pass,具体表现为解析i.ytimg.com,上游的dns:221.131.143.69迅速返回一个183.207.229.202,最后pass给我的电脑了,比8.8.8.8返回的结果快很多!!
然后Youtube的首页所有图片都空白了

所以要考虑旧版本的带有 -d 0.3 延时+黑名单 了。。新版都阉割掉了
无奈

lixingcong commented Jan 22, 2016

我也遇到这种情况了。

得到国内dns结果是pass,具体表现为解析i.ytimg.com,上游的dns:221.131.143.69迅速返回一个183.207.229.202,最后pass给我的电脑了,比8.8.8.8返回的结果快很多!!
然后Youtube的首页所有图片都空白了

所以要考虑旧版本的带有 -d 0.3 延时+黑名单 了。。新版都阉割掉了
无奈

@thank243

This comment has been minimized.

Show comment
Hide comment
@thank243

thank243 Jan 22, 2016

使用sstunnel,加上ipset完美

发自我的 iPhone

在 2016年1月22日,21:49,Lixingcong notifications@github.com 写道:

我也遇到这种情况了。

得到国内dns结果是pass,具体表现为解析i.ytimg.com,上游的dns:221.131.143.69迅速返回一个183.207.229.202,最后pass给我的电脑了,比8.8.8.8返回的结果快很多!!
然后Youtube的首页所有图片都空白了

所以要考虑旧版本的带有 -d 0.3 延时+黑名单 了。。新版都阉割掉了
无奈


Reply to this email directly or view it on GitHub.

thank243 commented Jan 22, 2016

使用sstunnel,加上ipset完美

发自我的 iPhone

在 2016年1月22日,21:49,Lixingcong notifications@github.com 写道:

我也遇到这种情况了。

得到国内dns结果是pass,具体表现为解析i.ytimg.com,上游的dns:221.131.143.69迅速返回一个183.207.229.202,最后pass给我的电脑了,比8.8.8.8返回的结果快很多!!
然后Youtube的首页所有图片都空白了

所以要考虑旧版本的带有 -d 0.3 延时+黑名单 了。。新版都阉割掉了
无奈


Reply to this email directly or view it on GitHub.

@lixingcong

This comment has been minimized.

Show comment
Hide comment
@lixingcong

lixingcong Jan 23, 2016

没办法,我是需要使用222开头的ISP的dns完成校园网的账号认证,只要验证完毕后,可以自定义上游dns为114.114.114.114,8.8.8.8即可解决问题:
写了一个脚本,放到openwrt运行,然后完成账号登陆,再按Ctrl+c还原初始chinadns

#! /bin/sh
# 221开头的是我校园网账号的认证dns
UP1=221.131.143.69
UP2=8.8.8.8
echo_dns()
{
    echo $(ps | grep chinadns | head -1 | awk '{print $9}')
}
kill_dns()
{
    echo ''
    echo killing chinadns:$UP1,$UP2...
    /etc/init.d/chinadns start
    sleep 1
    echo -n starting:
    echo_dns
    exit 0
}
trap 'kill_dns' 2
if [ -n $(pgrep chinadns) ]; then
    echo -n stopping:
    echo_dns
    /etc/init.d/chinadns stop
    echo running:$UP1,$UP2
fi
/usr/bin/chinadns -p 5353 -s $UP1,$UP2 -c /etc/chinadns_chnroute.txt -m -v

lixingcong commented Jan 23, 2016

没办法,我是需要使用222开头的ISP的dns完成校园网的账号认证,只要验证完毕后,可以自定义上游dns为114.114.114.114,8.8.8.8即可解决问题:
写了一个脚本,放到openwrt运行,然后完成账号登陆,再按Ctrl+c还原初始chinadns

#! /bin/sh
# 221开头的是我校园网账号的认证dns
UP1=221.131.143.69
UP2=8.8.8.8
echo_dns()
{
    echo $(ps | grep chinadns | head -1 | awk '{print $9}')
}
kill_dns()
{
    echo ''
    echo killing chinadns:$UP1,$UP2...
    /etc/init.d/chinadns start
    sleep 1
    echo -n starting:
    echo_dns
    exit 0
}
trap 'kill_dns' 2
if [ -n $(pgrep chinadns) ]; then
    echo -n stopping:
    echo_dns
    /etc/init.d/chinadns stop
    echo running:$UP1,$UP2
fi
/usr/bin/chinadns -p 5353 -s $UP1,$UP2 -c /etc/chinadns_chnroute.txt -m -v
@thank243

This comment has been minimized.

Show comment
Hide comment
@thank243

thank243 Jan 23, 2016

何必这样麻烦,dnsmasq可以指定域名或者IP走指定dns服务器。

发自我的 iPhone

在 2016年1月23日,14:13,Lixingcong notifications@github.com 写道:

没办法,我是需要使用222开头的ISP的dns完成校园网的账号认证,只要验证完毕后,可以自定义上游dns为114.114.114.114,8.8.8.8即可解决问题:
写了一个脚本,放到openwrt运行,然后完成账号登陆,再按Ctrl+c还原初始chinadns

#! /bin/sh

221开头的是我校园网账号的认证dns

UP1=221.131.143.69
UP2=8.8.8.8
echo_dns()
{
echo $(ps | grep chinadns | head -1 | awk '{print $9}')
}
kill_dns()
{
echo ''
echo killing chinadns:$UP1,$UP2...
/etc/init.d/chinadns start
sleep 1
echo -n starting:
echo_dns
exit 0
}
trap 'kill_dns' 2
if [ -n $(pgrep chinadns) ]; then
echo -n stopping:
echo_dns
/etc/init.d/chinadns stop
echo running:$UP1,$UP2
fi
/usr/bin/chinadns -p 5353 -s $UP1,$UP2 -c /etc/chinadns_chnroute.txt -m -v

Reply to this email directly or view it on GitHub.

thank243 commented Jan 23, 2016

何必这样麻烦,dnsmasq可以指定域名或者IP走指定dns服务器。

发自我的 iPhone

在 2016年1月23日,14:13,Lixingcong notifications@github.com 写道:

没办法,我是需要使用222开头的ISP的dns完成校园网的账号认证,只要验证完毕后,可以自定义上游dns为114.114.114.114,8.8.8.8即可解决问题:
写了一个脚本,放到openwrt运行,然后完成账号登陆,再按Ctrl+c还原初始chinadns

#! /bin/sh

221开头的是我校园网账号的认证dns

UP1=221.131.143.69
UP2=8.8.8.8
echo_dns()
{
echo $(ps | grep chinadns | head -1 | awk '{print $9}')
}
kill_dns()
{
echo ''
echo killing chinadns:$UP1,$UP2...
/etc/init.d/chinadns start
sleep 1
echo -n starting:
echo_dns
exit 0
}
trap 'kill_dns' 2
if [ -n $(pgrep chinadns) ]; then
echo -n stopping:
echo_dns
/etc/init.d/chinadns stop
echo running:$UP1,$UP2
fi
/usr/bin/chinadns -p 5353 -s $UP1,$UP2 -c /etc/chinadns_chnroute.txt -m -v

Reply to this email directly or view it on GitHub.

@aa65535

This comment has been minimized.

Show comment
Hide comment
Owner

aa65535 commented Aug 22, 2016

@aa65535 aa65535 closed this Aug 29, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment