Skip to content

google DNS服务器会拒绝特定的ECS请求 #621

New issue
New issue
Open
Open
google DNS服务器会拒绝特定的ECS请求#621
@zhaibin18

Description

@zhaibin18
zhaibin18
opened on Feb 21, 2023

在提交之前,请确认

  • 我已经尝试搜索过 Issue ,但没有找到相关问题。
  • 我正在使用最新的 mosdns 版本(或者最新的 commit),问题依旧存在。
  • 我仔细看过 wiki 后仍然无法自行解决该问题。
  • 我非常确定这是 mosdns 核心的问题。(如果是通过第三方衍生软件使用 mosdns 核心,不确定问题源头时,请先向衍生软件开发者提交问题。)

mosdns 版本

v4.5.3-0-g760a660

操作系统

openwrt

Bug 描述和复现步骤

google DNS服务器会拒绝特定的ECS请求

dig e2490.dscf.akamaiedge.net
; <<>> DiG 9.18.7 <<>> e2490.dscf.akamaiedge.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: **REFUSED**, id: 59697
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;e2490.dscf.akamaiedge.net.     IN      A

;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Feb 21 23:07:47 CST 2023
;; MSG SIZE  rcvd: 54

使用的配置文件

- tag: 'ecs0'
    type: 'ecs'
    args:
      auto: false
      ipv4: '193.110.202.3'
      force_overwrite: true
      mask4: 24


        - forward_local
        - if: response_has_local_ip
          exec:
            - _return
        - ecs0
        - forward_remote

mosdns 的 log 记录

Frame 14: 109 bytes on wire (872 bits), 109 bytes captured (872 bits)
Linux cooked capture v1
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 123.123.100.103
User Datagram Protocol, Src Port: 53, Dst Port: 38020
Domain Name System (response)
    Transaction ID: 0x3099
    Flags: 0x8185 Standard query response, Refused
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0101 = Reply code: Refused (5)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        e2490.dscf.akamaiedge.net: type A, class IN
            Name: e2490.dscf.akamaiedge.net
            [Name Length: 25]
            [Label Count: 4]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 512
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 11
            Option: CSUBNET - Client subnet
                Option Code: CSUBNET - Client subnet (8)
                Option Length: 7
                Option Data: 00011800677566
                Family: IPv4 (1)
                Source Netmask: 24
                Scope Netmask: 0
                Client Subnet: 103.117.102.0
    [Request In: 9]
    [Time: 0.055988000 seconds]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions