Giter Club home page Giter Club logo

Comments (12)

qwerttvv avatar qwerttvv commented on June 11, 2024

又试了半天,确定了一个参数引起,就是cache的开关

cache-size 0就没有问题了,cache-size 11111就有问题

打开cache重启服务之后,还有个细节,就是第一次打开网址,是可以打开的,会正常跳转到aws.amazon.com/cn/s3 然后等一会儿再打开就不行了,就彻底打不开了,抓图就和上边一样,但就是打不开网站

配置如下

bind 127.0.0.1:53@lo  -force-https-soa
server-name smartdns
prefetch-domain yes
serve-expired yes
cache-persist no
cache-size 0
cache-file /usr/local/bin/smartdns.cache
response-mode first-ping
speed-check-mode tcp:443,tcp:80,ping
max-reply-ip-num 33
server-tls 8.8.8.8  -no-check-certificate
server-tls 1.1.1.1  -no-check-certificate
server-tls 208.67.222.222  -no-check-certificate
server-tls 9.9.9.9  -no-check-certificate
server-tls 103.2.57.5  -no-check-certificate
server-tls 94.140.14.140  -no-check-certificate
server-tls 185.222.222.222  -no-check-certificate
server-tls 101.101.101.101  -no-check-certificate
server-tls 77.88.8.8  -no-check-certificate
server-tls 74.82.42.42  -no-check-certificate
server 172.31.255.2:53

smartdns.log
smartdns.log-20240204-143258.gz
smartdns-audit.log
日志和审计都开了,传上来了

我一共手工在浏览器刷新了仨网址
s3-us-west-1.amazonaws.com
s3.amazonaws.com
assets.msn.com

日志看不太懂……没看出啥来……

@PikuZheng @pymumu

我在另一台vps也复现了,一样的情况……

我现在把cache关了,强制走代理试了半天了,还是可以的……

from smartdns.

PikuZheng avatar PikuZheng commented on June 11, 2024

还没看内容,先说一下aws是概率墙,比如新加坡和日本一般是被墙,欧洲大概率是通的

from smartdns.

PikuZheng avatar PikuZheng commented on June 11, 2024

cache-size 0就没有问题了,cache-size 11111就有问题

打开cache重启服务之后,还有个细节,就是第一次打开网址,是可以打开的,会正常跳转到aws.amazon.com/cn/s3 然后等一会儿再打开就不行了,就彻底打不开了,抓图就和上边一样,但就是打不开网站

你设了 response-mode first-ping,所以首次查询结果是首个应答上游的结果。cache是全部上游结果的合并。说明首个应答上游给出的ip是可以通的,但全部上游结果中,测速最快的是不通的。考虑到你使用tcp测速,很可能是代理软件抢答导致的测速虚快问题。

我自己到aws一律翻,没办法研究它走哪个服务器,通还是不通

from smartdns.

qwerttvv avatar qwerttvv commented on June 11, 2024

cache-size 0就没有问题了,cache-size 11111就有问题
打开cache重启服务之后,还有个细节,就是第一次打开网址,是可以打开的,会正常跳转到aws.amazon.com/cn/s3 然后等一会儿再打开就不行了,就彻底打不开了,抓图就和上边一样,但就是打不开网站

你设了 response-mode first-ping,所以首次查询结果是首个应答上游的结果。cache是全部上游结果的合并。说明首个应答上游给出的ip是可以通的,但全部上游结果中,测速最快的是不通的。考虑到你使用tcp测速,很可能是代理软件抢答导致的测速虚快问题。

我自己到aws一律翻,没办法研究它走哪个服务器,通还是不通

大佬,我就是翻才打不开,强制代理去访问,代理工具log里出现

ERROR tcp tunnel 【ip地址】 -> s3.amazonaws.com:443 connect failed, error: dns resolve s3.amazonaws.com:443 error: no record found for Query { name: Name("s3.amazonaws.com."), query_type: AAAA, query_class: IN }

实际表现就是浏览器打不开了

代理抢答是啥意思?我查询在vps上进行的,没通过代理软件,因为我smartdns装在vps上了,要测速也是vps上smartdns在进行啊,我本地的路由器装了smartdns,但是我浏览器开了强制代理,没有走路由器,直接走代理软件,加密后就和vps去通信了

from smartdns.

qwerttvv avatar qwerttvv commented on June 11, 2024

删了测速模式那一行,用默认的测速,好像是ping 80 443吧,结果一样的,这里是代理工具的报错抓图

image

from smartdns.

PikuZheng avatar PikuZheng commented on June 11, 2024

你开了双栈ip优选,但你的代理不支持ipv6

from smartdns.

qwerttvv avatar qwerttvv commented on June 11, 2024

你开了双栈ip优选,但你的代理不支持ipv6

嗯?vps有v6啊
image

没v6是s3.amazonaws.com
image

from smartdns.

qwerttvv avatar qwerttvv commented on June 11, 2024

不开缓存的话,应答模式first-ping应该就是一直只有一个最快的dns返回结果里测速了。

我改完全测速的那个first-ip试试,搞不好是哪个ip打不开?

from smartdns.

qwerttvv avatar qwerttvv commented on June 11, 2024

解决了,但是仍旧不知道问题出在哪里

我尝试了好多次,确实只要改动smartdns的参数就会挂,但是从审计看,给的ip都是v4,而且直接访问审计给的ip也没问题,但是通过浏览器强制走代理100%有问题,代理软件服务端会提示什么v6一类的东西

最后我发现,max-reply-ip-num 只要改大,比如33,那肯定挂了……改到·20,看审计最后只给了几个ip结果发到客户端了,这时候浏览器同样强制代理,就不会挂

这里我不知道为什么,33的时候给了33个ip结果,20的时候就给了几个ip结果。

也不知道33个ip结果的时候浏览器强制代理为什么会挂,我胡乱猜测是代理软件写死了返回ip是多少个字节?然后返回33个超了数了,然后识别错误?瞎猜的,没细看代理软件日志,反正问题解决了,我把参数改成10了,保险起见……

总之来回来去试了这么久,结论就是这样……

我把日志拿出来,二位大佬研究研究 @PikuZheng @pymumu 两次的改动只有 max-reply-ip-num 20,其余的都没变,之前fastest-ping第一次能访问也是dns返回了1个,后边测速之后返回33个就挂了,现在设置20,但一直返回1个了,反而一直没事儿可以正常浏览……

good-max-reply-ip-num20.zip
no good-max-reply-ip-num33.zip

bind 127.0.0.1:53@lo  -force-https-soa
server-name smartdns
prefetch-domain yes
serve-expired yes
cache-persist no
cache-size 11111
cache-file /usr/local/bin/smartdns.cache
response-mode fastest-ip
speed-check-mode tcp:443,tcp:80,ping
max-reply-ip-num 20
log-num 9
log-level debug
audit-num 9
audit-enable yes
server-tls 8.8.8.8  -no-check-certificate
server-tls 1.1.1.1  -no-check-certificate
server-tls 208.67.222.222  -no-check-certificate
server-tls 9.9.9.9  -no-check-certificate
server-tls 103.2.57.5  -no-check-certificate
server-tls 185.222.222.222  -no-check-certificate
server 172.31.255.2

from smartdns.

qwerttvv avatar qwerttvv commented on June 11, 2024

破案了,www.bing.com这个域名v4足够多,v6也不少,我设置到33,返回了33个v4和十来个v6,vps确信已经返回足够多的ip了不是第一次响应了,本地客户端浏览器强制代理打开www.bing.com,需要等很久很久才能打开,猜测是浏览器把v4遍历了一下发现没有能使的然后转到v6最终打开了吧……

from smartdns.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.