我有一个自定义 dns 服务器应用程序,现在我正在尝试实施 DoH。 但是我遇到了响应问题,它没有将正确的数据发送回客户端。
这是我得到的转储响应:
{
header: {
id: 0,
qr: 1,
opcode: 0,
aa: 0,
tc: 0,
rd: 1,
ra: 0,
res1: 0,
res2: 0,
res3: 0,
rcode: 0
},
question: [ { name: 'google.com', type: 28, class: 1 } ],
answer: [
{
name: 'google.com',
type: 28,
class: 1,
ttl: 299,
address: '2a00:1450:4001:829:0:0:0:200e'
}
],
authority: [],
additional: [],
edns_options: [],
payload: undefined,
address: undefined,
_socket: EventEmitter {
_socket: TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: 'doh.mydns.com',
alpnProtocol: 'http/1.1',
authorized: false,
authorizationError: null,
encrypted: true,
_events: [Object: null prototype],
_eventsCount: 10,
connecting: false,
_hadError: false,
_parent: [Socket],
_host: null,
_readableState: [ReadableState],
readable: true,
_maxListeners: undefined,
_writableState: [WritableState],
writable: true,
allowHalfOpen: false,
_sockname: null,
_pendingData: null,
_pendingEncoding: '',
server: [Server],
_server: null,
ssl: [TLSWrap],
_requestCert: false,
_rejectUnauthorized: true,
timeout: 120000,
parser: [HTTPParser],
on: [Function: socketListenerWrap],
addListener: [Function: socketListenerWrap],
prependListener: [Function: socketListenerWrap],
_paused: false,
_httpMessage: [ServerResponse],
_peername: [Object],
[Symbol(res)]: [TLSWrap],
[Symbol(asyncId)]: 479,
[Symbol(kHandle)]: [TLSWrap],
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: Timeout {
_idleTimeout: 120000,
_idlePrev: [TimersList],
_idleNext: [TimersList],
_idleStart: 7291,
_onTimeout: [Function: bound ],
_timerArgs: undefined,
_repeat: null,
_destroyed: false,
[Symbol(refed)]: false,
[Symbol(asyncId)]: 486,
[Symbol(triggerId)]: 479
},
[Symbol(kBuffer)]: null,
[Symbol(kBufferCb)]: null,
[Symbol(kBufferGen)]: null,
[Symbol(kBytesRead)]: 0,
[Symbol(kBytesWritten)]: 0,
[Symbol(error-emitted)]: false
},
_remote: undefined,
_buff: undefined,
base_size: 4096,
bound: false,
unref: undefined,
ref: undefined,
_rest: undefined
}
}
如您所见,答案是正确的,但我的 curl 返回了:
* Found bundle for host doh.mydns.com: 0x7fc527c1ccd0 [serially]
* Server doesn't support multi-use (yet)
* Trying 127.0.0.1...
* TCP_NODELAY set
* Hostname 'doh.mydns.com' was found in DNS cache
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to doh.mydns.com (127.0.0.1) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* Connected to doh.mydns.com (127.0.0.1) port 443 (#2)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.mydns.com
* start date: Feb 15 00:00:00 2021 GMT
* expire date: Feb 15 23:59:59 2022 GMT
* subjectAltName: host "doh.mydns.com" matched cert's "*.mydns.com"
* issuer: [redacted]
* SSL certificate verify ok.
> POST / HTTP/1.1
Host: doh.mydns.com
Accept: */*
Content-Type: application/dns-message
Content-Length: 28
* upload completely sent off: 28 out of 28 bytes
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.mydns.com
* start date: Feb 15 00:00:00 2021 GMT
* expire date: Feb 15 23:59:59 2022 GMT
* subjectAltName: host "doh.mydns.com" matched cert's "*.mydns.com"
* issuer: [redacted]
* SSL certificate verify ok.
> POST / HTTP/1.1
Host: doh.mydns.com
Accept: */*
Content-Type: application/dns-message
Content-Length: 28
* upload completely sent off: 28 out of 28 bytes
< HTTP/1.1 200 OK
< Content-Type: application/dns-message; charset=utf-8
< Content-Length: 277
< ETag: W/"115-IoroRQ/FDUoJVudu7+piXeX1d2I"
< Date: Fri, 19 Mar 2021 09:34:01 GMT
< Connection: keep-alive
<
* Connection #1 to host doh.mydns.com left intact
* a DOH request is completed, 1 to go
< HTTP/1.1 200 OK
< Content-Type: application/dns-message; charset=utf-8
< Content-Length: 294
< ETag: W/"126-lDS0ifO+cxwEm7Oa4ImUtNYNiPw"
< Date: Fri, 19 Mar 2021 09:34:01 GMT
< Connection: keep-alive
<
* Connection #2 to host doh.mydns.com left intact
* a DOH request is completed, 0 to go
* DOH: Bad ID type A for google.com
* DOH: Bad ID type AAAA for google.com
* Closing connection 0
curl: (6) Couldn't resolve host name
* Closing connection 1
* Closing connection 2
现在某处出现错误,因为我获得了 google.com 的 AAAA,我也正确地获得了 A 类响应,但我没有将其发送给请求的客户端。
这是我的 curl 请求:
curl -v --doh-url https://doh.mydns.com google.com
也许比我更聪明的人可以帮助我解决我的问题。
万一有人问:由于遗留原因,我使用 https://www.npmjs.com/package/native-dns 作为 dns 模块,并且因为我也使用 API 并提供网站而使用 Express。
提前致谢!