HTTP代理DNS解析
对于 HTTP/HTTPS 类型的代理服务器而言,请求的域名会作为 HTTP 协议的一部分直接发往代理服务器,不会在本地进行任何解析操作 。也就是说,域名的解析与连接目标服务器,是代理服务器的职责。浏览器本身甚至无须知道最终服务器的 IP 地址。据我所知,此行为无法通过浏览器选项等更改。^1
也就是说,理论上使用 HTTP/HTTPS 类型的代理服务器时,本地的 DNS 解析、缓存、 hosts 文件等都不使用,与本地设置的 DNS 服务器地址无关。DNS 解析完全在代理服务器上进行。
socks代理不是,DNS解析和连接目标服务器(IP地址,而非域名)是两个环节,所以有使用远程代理做DNS解析(并作结果)的选项。
DNS on Windows(useless)
查看域名 github.com的DNS(chinaz or ipaddress )。
国内一般默认dns是20.205.243.166 [新加坡 微软云]
修改 windows 目录C:\Windows\System32\drivers\etc\下的hosts文件
1 140.82.113.3 github.com # 美国的
问题:dial tcp: lookup xxx read: connection refused 1 2 3 4 5 [root@localhost ~]# docker pull ubuntu:18.04 Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:37221->[::1]:53: read : connection refused > docker pull quay.io/pypa/manylinux2014_aarch64@sha256:220844dc110ddb26e451572a08212659146f89ed91b076494a85e2947816aae8 Error response from daemon: Get https://quay.io/v2/: dial tcp: lookup quay.io on [::1]:53: read udp [::1]:54946->[::1]:53: read : connection refused
无法ping通阿里云的DNS服务器223.5.5.5, ip route显示的网关也不提供DNS。
1 2 > nslookup baidu.com ;; connection timed out; no servers could be reached
简单方案:修改Host
dns-over-https (DoH) DoH 是一种通过 HTTPS 协议发送 DNS 请求的方法,适合通过 HTTP 代理来转发 DNS 请求。
1 2 3 4 wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflaredsudo chmod +x /usr/local/bin/cloudflared
测试时nslookup -port=5053 baidu.com 127.0.0.1如下报错:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 > cloudflare proxy-dns --address 127.0.0.1 --port 5053 --upstream https://1.12.12.12/dns-query 2024-08-20T16:04:27Z INF Adding DNS upstream url=https://1.12.12.12/dns-query 2024-08-20T16:04:27Z INF Starting DNS over HTTPS proxy server address=dns://127.0.0.1:5053 2024-08-20T16:04:27Z INF Starting metrics server on 127.0.0.1:37445/metrics 2024-08-20T16:04:35Z ERR failed to connect to an HTTPS backend "https://1.12.12.12/dns-query" error="failed to perform an HTTPS request: Post \"https://1.12.12.12/dns-query\": context deadline exceeded" > set_http_proxy > cloudflare proxy-dns --address 127.0.0.1 --port 5053 --upstream https://1.12.12.12/dns-query 2024-08-20T15:48:38Z INF Adding DNS upstream url=https://1.12.12.12/dns-query 2024-08-20T15:48:38Z INF Starting DNS over HTTPS proxy server address=dns://127.0.0.1:5053 2024-08-20T15:48:38Z INF Starting metrics server on 127.0.0.1:41793/metrics 2024-08-20T15:48:40Z ERR failed to connect to an HTTPS backend "https://1.12.12.12/dns-query" error="failed to perform an HTTPS request: Post \"https://1.12.12.12/dns-query\": tls: failed to verify certificate: x509: certificate signed by unknown authority"
问题:网页无法打开
查看DNS地址 在DNS索引网站 查看域名的中国服务器IP地址
实际ping速度,修改win10的hosts文件在C:\WINDOWS\system32\drivers\etc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 ipconfig /all Ethernet adapter 以太网: Connection-specific DNS Suffix . : ustc.edu.cn Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller Physical Address. . . . . . . . . : 00-2B-67-7D-A7-93 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:da8:d800:336:c9a6:8e7f:7035:cd (Preferred) Link-local IPv6 Address . . . . . : fe80::c9a6:8e7f:7035:cd %5(Preferred) IPv4 Address. . . . . . . . . . . : 202.38.78.133(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 2022年9月3日 15:03:56 Lease Expires . . . . . . . . . . : 2022年9月11日 19:58:06 Default Gateway . . . . . . . . . : fe80::e683:26ff:fea3:e107%5 202.38.78.254 DHCP Server . . . . . . . . . . . : 202.38.64.7 DHCPv6 IAID . . . . . . . . . . . : 100674407 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-96-E5-7D-00-2B-67-7D-A7-93 DNS Servers . . . . . . . . . . . : 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled
ping 百度 B站没有问题
浏览器F12 1 2 3 4 Unchecked runtime.lastError: The message port closed before a response was received. Failed to load resource: net::ERR_PROXY_CONNECTION_FAILED Failed to load resource: net::ERR_CONNECTION_CLOSED Failed to load resource: net::ERR_CONNECTION_RESET
解决办法 网络重置
问题 github.com无法访问 ping失败,原因是某些github关闭了。
1 2 3 4 5 6 7 8 //Windows D:\PowerShell> nslookup github.com 223.5.5.5 Server: public1.alidns.com Address: 223.5.5.5 Non-authoritative answer: Name: github.com Address: 20.205.243.166
最不济修改host文件,https://ipaddress.com/website/github.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 \\Ubuntu $ cat /run/systemd/resolve/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4 nameserver 202.38.64.1 $ cat /etc/resolv.conf nameserver 127.0.0.53 options edns0 trust-ad $ nmcli device show eno0 GENERAL.DEVICE: eno0 GENERAL.TYPE: ethernet GENERAL.HWADDR: AC:1F:6B:8A:E4:BA GENERAL.MTU: 1500 GENERAL.STATE: 10 (unmanaged) GENERAL.CONNECTION: -- GENERAL.CON-PATH: -- WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 202.38.73.217/24 IP4.GATEWAY: -- IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 202.38.73.254, mt = 0, table=1 IP4.ROUTE[2]: dst = 202.38.73.0/24, nh = 0.0.0.0, mt = 0 IP6.ADDRESS[1]: 2001:da8:d800:730::217/64 IP6.ADDRESS[2]: fe80::ae1f:6bff:fe8a:e4ba/64 IP6.GATEWAY: 2001:da8:d800:730::1 IP6.ROUTE[1]: dst = 2001:da8:d800:112::23/128, nh = 2001:da8:d800:730::1, mt = 1024 IP6.ROUTE[2]: dst = 2001:da8:d800:730::/64, nh = ::, mt = 256 IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 256 IP6.ROUTE[4]: dst = ::/0, nh = 2001:da8:d800:730::1, mt = 1024 $ dig www.baidu.com ; <<>> DiG 9.16.1-Ubuntu <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47773 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 604 IN CNAME www.a.shifen.com. www.a.shifen.com. 159 IN A 14.215.177.39 www.a.shifen.com. 159 IN A 14.215.177.38 ;; Query time: 91 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Oct 10 19:43:01 CST 2022 ;; MSG SIZE rcvd: 101
参考文献 
