一个dnsmasq引发的问题 #181
Unanswered
stupidloud
asked this question in
Q&A
Replies: 1 comment 5 replies
-
|
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
mosdns放置在openwrt内作为dnsmasq上游使用,
配置的简单功能就是屏蔽非国内域名的aaaa记录,给解析到的外网ip打ipset
但是内网客户端在透过dnsmasq解析双栈域名的时候,
a记录迅速应答,aaaa记录会进入等待然后超时错误。
这个问题会导致浏览器解析双栈域名耗时非常长。。
用dig也可以复现这个问题
dig @192.168.100.1 -t aaaa unix.stackexchange.com (超时)
❯ time dig @192.168.100.1 -t aaaa bicycles.stackexchange.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @192.168.100.1 -t aaaa bicycles.stackexchange.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56939
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
;; QUESTION SECTION:
;bicycles.stackexchange.com. IN AAAA
;; AUTHORITY SECTION:
stackexchange.com. 3600 IN SOA ns-cloud-d1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
;; Query time: 209 msec
;; SERVER: 192.168.100.1#53(192.168.100.1)
;; WHEN: 六 10月 09 20:33:17 CST 2021
;; MSG SIZE rcvd: 145
dig @192.168.100.1 -t aaaa bicycles.stackexchange.com 0.00s user 0.01s system 0% cpu 10.220 total
dig @192.168.100.1 -p6553 -t aaaa unix.stackexchange.com (正确返回空记录应答)
❯ time dig @192.168.100.1 -p6553 -t aaaa bicycles.stackexchange.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @192.168.100.1 -p6553 -t aaaa bicycles.stackexchange.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39741
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;bicycles.stackexchange.com. IN AAAA
;; Query time: 2 msec
;; SERVER: 192.168.100.1#6553(192.168.100.1)
;; WHEN: 六 10月 09 20:33:02 CST 2021
;; MSG SIZE rcvd: 44
dig @192.168.100.1 -p6553 -t aaaa bicycles.stackexchange.com 0.01s user 0.00s system 72% cpu 0.010 total
尝试了_drop_response+end或者_block_with_servfail均不能阻止dnsmasq超时
_block_with_nxdomain可以但是有时会导致a记录解析也出错
附上我的dnsmasq配置档
Beta Was this translation helpful? Give feedback.
All reactions