关于dns转发的疑问 #272
Comments
你的路由表什么配置
On 30 Sep 2019, at 18:47, iOS还有人要吗? ***@***.***> wrote:
先说下我目前的配置情况:
proxySettings,没有配置,不走http代理
NEDNSSettings(servers: ["8.8.8.8"])设置了dns配置
TUNInterface只配置了udp和tcp,没有配置DNSServer
udp类是改的一个类,这个类可以发送udp数据到代理服务器,然后代理服务器返回数据写入在iOS
目前的情况:
打开网页的时候,需要解析域名,那么就需要通过dns,dns会发送udp包,这个时候,udp类会收到包并且做了代理服务器的握手协议,转发到代理服务器,代理服务器再发送udp给APP,写入到iOS中
按照情况来说dns解析了域名拿到IP,开始走tcp包来访问,但是目前的情况是没有走。
ps:在进行udp的普通转发,比如游戏使用了udp,是正常的,能够正常转发接收并且应用也能解析。
目前不清楚问题出在哪里,希望大佬能够给点思路或者探讨下,我不清楚是否我的这个流程有没有问题
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
抱歉没看到,我目前的路由配置如下: let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"]) |
你的整个表述我根本搞不清你做了什么。DNS能够成功代理么,你如果dig一下能返回结果么?
… On Oct 1, 2019, at 10:12 PM, iOS还有人要吗? ***@***.***> wrote:
抱歉没看到,我目前的路由配置如下:
let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
ipv4Settings.excludedRoutes = [
NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
]
networkSettings.ipv4Settings = ipv4Settings
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#272?email_source=notifications&email_token=AAJ2MLDHHB2DXQ3WYZRS7HLQMNLDRA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEABNCUQ#issuecomment-537055570>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJ2MLFULC5YTGHFFXUSCBLQMNLDRANCNFSM4I3ZG6IA>.
|
这是我startTunnel方法的实现代码: override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
let s5AdapterFactory = SOCKS5AdapterFactory(serverHost: "192.168.1.111", serverPort: 9287)
let allRule = AllRule(adapterFactory: s5AdapterFactory)
RuleManager.currentManager = RuleManager(fromRules: [allRule], appendDirect: false)
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
networkSettings.mtu = 1500
let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
ipv4Settings.excludedRoutes = [
NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
]
networkSettings.ipv4Settings = ipv4Settings
if enablePacketProcessing {
let DNSSettings = NEDNSSettings(servers: ["8.8.8.8"])
DNSSettings.matchDomains = [""]
DNSSettings.matchDomainsNoSearch = false
networkSettings.dnsSettings = DNSSettings
RawSocketFactory.TunnelProvider = self
}
setTunnelNetworkSettings(networkSettings) { error in
guard error == nil else {
completionHandler(error)
return
}
if !self.started {
// 下面的观察者要检查网络变化并重启服务
// self.addObserver(self, forKeyPath: "defaultPath", options: .initial, context: nil)
if #available(iOSApplicationExtension 10.0, *) {
DDLog.add(DDOSLogger.sharedInstance, with: DDLogLevel.verbose)
DDOSLogger.sharedInstance.logFormatter = LogFormatter()
}
Opt.MAXNWTCPSocketReadDataSize = 60 * 1024 - 1
}
if self.started {
self.httpProxy.stop()
try! self.httpProxy.start()
} else {
self.httpProxy = GCDHTTPProxyServer(address: IPAddress(fromString: "127.0.0.1"), port: 6152)
try! self.httpProxy.start()
}
completionHandler(nil)
if self.enablePacketProcessing {
if self.started {
self.interface.stop()
}
if !self.started {
self.interface = TUNInterface(packetFlow: self.packetFlow)
let udpStack = UDPAssociateStack(serverHost: "192.168.1.111", serverPort: 9287)
self.interface.register(stack: udpStack)
let tcpStack = TCPStack.stack
tcpStack.proxyServer = self.httpProxy
self.interface.register(stack:tcpStack)
self.interface.start()
}
}
self.started = true
}
} 我能够在udp的input方法,收到dns要发送的udp包,我把包转发到代理服务器,代理服务器也返回udp包了。 |
你能dig么?
… On Oct 1, 2019, at 11:31 PM, iOS还有人要吗? ***@***.***> wrote:
这是我startTunnel方法的实现代码:
override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
let s5AdapterFactory = SOCKS5AdapterFactory(serverHost: "192.168.1.111", serverPort: 9287)
let allRule = AllRule(adapterFactory: s5AdapterFactory)
RuleManager.currentManager = RuleManager(fromRules: [allRule], appendDirect: false)
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
networkSettings.mtu = 1500
let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
ipv4Settings.excludedRoutes = [
NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
]
networkSettings.ipv4Settings = ipv4Settings
if enablePacketProcessing {
let DNSSettings = NEDNSSettings(servers: ["8.8.8.8"])
DNSSettings.matchDomains = [""]
DNSSettings.matchDomainsNoSearch = false
networkSettings.dnsSettings = DNSSettings
RawSocketFactory.TunnelProvider = self
}
setTunnelNetworkSettings(networkSettings) { error in
guard error == nil else {
completionHandler(error)
return
}
if !self.started {
// 下面的观察者要检查网络变化并重启服务
// self.addObserver(self, forKeyPath: "defaultPath", options: .initial, context: nil)
if #available(iOSApplicationExtension 10.0, *) {
DDLog.add(DDOSLogger.sharedInstance, with: DDLogLevel.verbose)
DDOSLogger.sharedInstance.logFormatter = LogFormatter()
}
Opt.MAXNWTCPSocketReadDataSize = 60 * 1024 - 1
}
if self.started {
self.httpProxy.stop()
try! self.httpProxy.start()
} else {
self.httpProxy = GCDHTTPProxyServer(address: IPAddress(fromString: "127.0.0.1"), port: 6152)
try! self.httpProxy.start()
}
completionHandler(nil)
if self.enablePacketProcessing {
if self.started {
self.interface.stop()
}
if !self.started {
self.interface = TUNInterface(packetFlow: self.packetFlow)
let udpStack = UDPAssociateStack(serverHost: "192.168.1.111", serverPort: 9287)
self.interface.register(stack: udpStack)
let tcpStack = TCPStack.stack
tcpStack.proxyServer = self.httpProxy
self.interface.register(stack:tcpStack)
self.interface.start()
}
}
self.started = true
}
}
我能够在udp的input方法,收到dns要发送的udp包,我把包转发到代理服务器,代理服务器也返回udp包了。
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#272?email_source=notifications&email_token=AAJ2MLFZLWK46RN4ZR5UPSTQMNUMLA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEABWEXA#issuecomment-537092700>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJ2MLEX375XQ27C27YXV2LQMNUMLANCNFSM4I3ZG6IA>.
|
你是说用电脑的dig命令吗?
|
你的代理会返回污染过的结果?
… On Oct 3, 2019, at 2:11 PM, iOS还有人要吗? ***@***.***> wrote:
你是说用电脑的dig命令吗?
fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A
; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 145 IN A 31.13.85.16
;; Query time: 62 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 03 14:07:35 CST 2019
;; MSG SIZE rcvd: 48
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#272?email_source=notifications&email_token=AAJ2MLHV62FW5XGDQBE3Q3DQMWEHPA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAHDP2A#issuecomment-537802728>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJ2MLD6UM34GLOPPCF7FWDQMWEHPANCNFSM4I3ZG6IA>.
|
你手机上下个网络调试的软件,有很多,或者命令行的软
On 3 Oct 2019, at 14:11, iOS还有人要吗? ***@***.***> wrote:
你是说用电脑的dig命令吗?
fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A
; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 145 IN A 31.13.85.16
;; Query time: 62 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 03 14:07:35 CST 2019
;; MSG SIZE rcvd: 48
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
好~我先试试 |
不要指定8.8.8.8 |
大佬,我有几个关于dns的疑问,先抛开之前说的,希望能够解惑。 1.NEDNSSettings的作用是不是起到了把系统的dns更改为我设定的dns?如果不是的话,是用来干嘛? 2.如果我设置了NEProxySettings,也就是http代理,并且TUNInterface里面注册了DNSServer,那么我访问网页连接请求的时候,域名解析的dns会走系统的dns还是会被TUNInterface劫持,用DNSServer的设定去解析呢? 3.如果我用了DNSServer但是不用ip池,会有什么影响吗?文档上说的是为了进行反向查找,但是我想知道如果不用的话会有什么影响。
|
请参考 https://forums.developer.apple.com/thread/35027 ,这里是最权威的回答了 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
先说下我目前的配置情况:
proxySettings,没有配置,不走http代理
NEDNSSettings(servers: ["8.8.8.8"])设置了dns配置
TUNInterface只配置了udp和tcp,没有配置DNSServer
udp类是改的一个类,这个类可以发送udp数据到代理服务器,然后代理服务器返回数据写入在iOS
目前的情况:
打开网页的时候,需要解析域名,那么就需要通过dns,dns会发送udp包,这个时候,udp类会收到包并且做了代理服务器的握手协议,转发到代理服务器,代理服务器再发送udp给APP,写入到iOS中
按照情况来说dns解析了域名拿到IP,开始走tcp包来访问,但是目前的情况是没有走。
ps:在进行udp的普通转发,比如游戏使用了udp,是正常的,能够正常转发接收并且应用也能解析。
目前不清楚问题出在哪里,希望大佬能够给点思路或者探讨下,我不清楚是否我的这个流程有没有问题
The text was updated successfully, but these errors were encountered: