是否可添加WhenAlternativeDNSAnswerNoneUse或添加不缓存空DNS响应的参数?

Question

是否可添加WhenAlternativeDNSAnswerNoneUse或添加不缓存空DNS响应的参数?

gubiao opened this issue 4 years ago · comments

1. 配置文件:
{
"BindAddress": "127.0.0.1:53",
"DebugHTTPAddress": "127.0.0.1:5555",
"PrimaryDNS": [
{
"Name": "Baidu",
"Address": "180.76.76.76:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 5,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
}
],
"AlternativeDNS": [
{
"Name": "Bypass-GFW",
"Address": "127.0.0.1:1081",
"Protocol": "tcp",
"SOCKS5Address": "",
"Timeout": 10,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
}
],
"OnlyPrimaryDNS": false,
"IPv6UseAlternativeDNS": false,
"AlternativeDNSConcurrent": false,
"PoolIdleTimeout": 15,
"PoolMaxCapacity": 15,
"WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
"IPNetworkFile": {
"Primary": "./ip_network_primary",
"Alternative": "./ip_network_alternative"
},
"DomainFile": {
"Primary": "./domain_primary",
"Alternative": "./domain_alternative",
"Matcher": "full-map"
},
"HostsFile": {
"HostsFile": "./hosts",
"Finder": "full-map"
},
"MinimumTTL": 3600,
"DomainTTLFile" : "./domain_ttl",
"CacheSize" : 5000,
"RejectQType": [255]
}

2. 问题场景描述:
PrimaryDNS为国内DNS, ip_network_primary文件中存放国内所有IP段信息, 如果PrimaryDNS返回的查询结果IP不在ip_network_primary文件中的国内地址段范围内则继续使用AlternativeDNS通过加密通道向国外DNS服务器进行查询, 通常情况下此方式能工作的很好.
但加密通道如果偶尔抽风不稳恰巧在这时发起了DNS查询请求, 则AlternativeDNS会返回空的DNS响应, 如果同时启用了cache的话会导致这个空的DNS结果被一直缓存导致后续对这个域名的DNS请求永远返回空, 这时只能手工重启overturn使缓存失效才行.

3. 可能的解决办法:
实际场景中虽然PrimaryDNS返回的IP不在ip_network_primary文件的国内IP地址段中, 但绝大多数并不是被污染的DNS结果, 只是国外网站没有大陆服务器IP而已, 毕竟被污染的域名是屈指可数的, 也就是说大多数其实都是正确的国外IP地址.
a. 如果支持WhenAlternativeDNSAnswerNoneUse=“PrimaryDNS”选项, 在由于加密通道不稳导致AlternativeDNS返回空的DNS响应时降级为允许忽略ip_network_primary规则直接使用PrimaryDNS返回的结果则此问题可很大程度上缓解.
b. 如果支持CacheNoneUseAnswer=false类似的参数, 可以对DNS响应中不包含ANSWER SECTION的结果缓存策略进行控制, 则可完美解决此问题.

4. 以下为由于加密通道不稳导致空的DNS响应被缓存时查询的结果, 此时只能重启overture清除缓存:
$ dig lowendtalk.com

; <<>> DiG 9.10.6 <<>> lowendtalk.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45866
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lowendtalk.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 27 22:36:56 CST 2020
;; MSG SIZE rcvd: 32

shu wang · Answer 1 · Sun May 03 2020 22:08:46 GMT+0800 (China Standard Time)

支持，可惜不懂代码

NyaMisty · Answer 2 · Thu Jan 07 2021 18:47:52 GMT+0800 (China Standard Time)

为啥会有这种情况？信道再怎么不稳定，也不可能会返回空的记录啊