关于dns转发的疑问 about nekit HOT 15 CLOSED

chenfengfeng commented on August 17, 2024

关于dns转发的疑问

from nekit.

Comments (15)

zhuhaow commented on August 17, 2024

你的路由表什么配置

On 30 Sep 2019, at 18:47, iOS还有人要吗? ***@***.***> wrote:

先说下我目前的配置情况： proxySettings，没有配置，不走http代理 NEDNSSettings(servers: ["8.8.8.8"])设置了dns配置 TUNInterface只配置了udp和tcp，没有配置DNSServer udp类是改的一个类，这个类可以发送udp数据到代理服务器，然后代理服务器返回数据写入在iOS 目前的情况：打开网页的时候，需要解析域名，那么就需要通过dns，dns会发送udp包，这个时候，udp类会收到包并且做了代理服务器的握手协议，转发到代理服务器，代理服务器再发送udp给APP，写入到iOS中按照情况来说dns解析了域名拿到IP，开始走tcp包来访问，但是目前的情况是没有走。 ps：在进行udp的普通转发，比如游戏使用了udp，是正常的，能够正常转发接收并且应用也能解析。目前不清楚问题出在哪里，希望大佬能够给点思路或者探讨下，我不清楚是否我的这个流程有没有问题 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

from nekit.

chenfengfeng commented on August 17, 2024

抱歉没看到，我目前的路由配置如下：

let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
ipv4Settings.excludedRoutes = [
NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
]
networkSettings.ipv4Settings = ipv4Settings

from nekit.

zhuhaow commented on August 17, 2024

你的整个表述我根本搞不清你做了什么。DNS能够成功代理么，你如果dig一下能返回结果么？

…

On Oct 1, 2019, at 10:12 PM, iOS还有人要吗? ***@***.***> wrote: 抱歉没看到，我目前的路由配置如下： let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"]) ipv4Settings.includedRoutes = [NEIPv4Route.default()] ipv4Settings.excludedRoutes = [ NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"), NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"), NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"), ] networkSettings.ipv4Settings = ipv4Settings — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#272?email_source=notifications&email_token=AAJ2MLDHHB2DXQ3WYZRS7HLQMNLDRA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEABNCUQ#issuecomment-537055570>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJ2MLFULC5YTGHFFXUSCBLQMNLDRANCNFSM4I3ZG6IA>.

from nekit.

chenfengfeng commented on August 17, 2024

这是我startTunnel方法的实现代码：

override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
        
        let s5AdapterFactory = SOCKS5AdapterFactory(serverHost: "192.168.1.111", serverPort: 9287)
        let allRule = AllRule(adapterFactory: s5AdapterFactory)
        RuleManager.currentManager = RuleManager(fromRules: [allRule], appendDirect: false)

        let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
        networkSettings.mtu = 1500

        let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
        ipv4Settings.includedRoutes = [NEIPv4Route.default()]
        ipv4Settings.excludedRoutes = [
            NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
            NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
            NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
            NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
            NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
            NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
            NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
        ]
        networkSettings.ipv4Settings = ipv4Settings


        if enablePacketProcessing {
            let DNSSettings = NEDNSSettings(servers: ["8.8.8.8"])
            DNSSettings.matchDomains = [""]
            DNSSettings.matchDomainsNoSearch = false
            networkSettings.dnsSettings = DNSSettings
            
            RawSocketFactory.TunnelProvider = self
        }

        setTunnelNetworkSettings(networkSettings) { error in
            guard error == nil else {
                completionHandler(error)
                return
            }

            if !self.started {
                // 下面的观察者要检查网络变化并重启服务
//                self.addObserver(self, forKeyPath: "defaultPath", options: .initial, context: nil)
                if #available(iOSApplicationExtension 10.0, *) {
                    DDLog.add(DDOSLogger.sharedInstance, with: DDLogLevel.verbose)
                    DDOSLogger.sharedInstance.logFormatter = LogFormatter()
                }
                Opt.MAXNWTCPSocketReadDataSize = 60 * 1024 - 1
            }

            if self.started {
                self.httpProxy.stop()
                try! self.httpProxy.start()
            } else {
                self.httpProxy = GCDHTTPProxyServer(address: IPAddress(fromString: "127.0.0.1"), port: 6152)
                try! self.httpProxy.start()
            }

            completionHandler(nil)

            if self.enablePacketProcessing {
                if self.started {
                    self.interface.stop()
                }
                if !self.started {
                    self.interface = TUNInterface(packetFlow: self.packetFlow)

                    let udpStack = UDPAssociateStack(serverHost: "192.168.1.111", serverPort: 9287)
                    self.interface.register(stack: udpStack)

                    let tcpStack = TCPStack.stack
                    tcpStack.proxyServer = self.httpProxy
                    self.interface.register(stack:tcpStack)

                    self.interface.start()
                }
            }
            self.started = true
        }
    }

我能够在udp的input方法，收到dns要发送的udp包，我把包转发到代理服务器，代理服务器也返回udp包了。

from nekit.

zhuhaow commented on August 17, 2024

你能dig么？

…

On Oct 1, 2019, at 11:31 PM, iOS还有人要吗? ***@***.***> wrote: 这是我startTunnel方法的实现代码： override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let s5AdapterFactory = SOCKS5AdapterFactory(serverHost: "192.168.1.111", serverPort: 9287) let allRule = AllRule(adapterFactory: s5AdapterFactory) RuleManager.currentManager = RuleManager(fromRules: [allRule], appendDirect: false) let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8") networkSettings.mtu = 1500 let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"]) ipv4Settings.includedRoutes = [NEIPv4Route.default()] ipv4Settings.excludedRoutes = [ NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"), NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"), NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"), ] networkSettings.ipv4Settings = ipv4Settings if enablePacketProcessing { let DNSSettings = NEDNSSettings(servers: ["8.8.8.8"]) DNSSettings.matchDomains = [""] DNSSettings.matchDomainsNoSearch = false networkSettings.dnsSettings = DNSSettings RawSocketFactory.TunnelProvider = self } setTunnelNetworkSettings(networkSettings) { error in guard error == nil else { completionHandler(error) return } if !self.started { // 下面的观察者要检查网络变化并重启服务 // self.addObserver(self, forKeyPath: "defaultPath", options: .initial, context: nil) if #available(iOSApplicationExtension 10.0, *) { DDLog.add(DDOSLogger.sharedInstance, with: DDLogLevel.verbose) DDOSLogger.sharedInstance.logFormatter = LogFormatter() } Opt.MAXNWTCPSocketReadDataSize = 60 * 1024 - 1 } if self.started { self.httpProxy.stop() try! self.httpProxy.start() } else { self.httpProxy = GCDHTTPProxyServer(address: IPAddress(fromString: "127.0.0.1"), port: 6152) try! self.httpProxy.start() } completionHandler(nil) if self.enablePacketProcessing { if self.started { self.interface.stop() } if !self.started { self.interface = TUNInterface(packetFlow: self.packetFlow) let udpStack = UDPAssociateStack(serverHost: "192.168.1.111", serverPort: 9287) self.interface.register(stack: udpStack) let tcpStack = TCPStack.stack tcpStack.proxyServer = self.httpProxy self.interface.register(stack:tcpStack) self.interface.start() } } self.started = true } } 我能够在udp的input方法，收到dns要发送的udp包，我把包转发到代理服务器，代理服务器也返回udp包了。 — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#272?email_source=notifications&email_token=AAJ2MLFZLWK46RN4ZR5UPSTQMNUMLA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEABWEXA#issuecomment-537092700>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJ2MLEX375XQ27C27YXV2LQMNUMLANCNFSM4I3ZG6IA>.

from nekit.

chenfengfeng commented on August 17, 2024

你是说用电脑的dig命令吗？

fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A

; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		145	IN	A	31.13.85.16

;; Query time: 62 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 03 14:07:35 CST 2019
;; MSG SIZE  rcvd: 48

from nekit.

zhuhaow commented on August 17, 2024

你的代理会返回污染过的结果？

…

On Oct 3, 2019, at 2:11 PM, iOS还有人要吗? ***@***.***> wrote: 你是说用电脑的dig命令吗？ fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A ; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 145 IN A 31.13.85.16 ;; Query time: 62 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 03 14:07:35 CST 2019 ;; MSG SIZE rcvd: 48 — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#272?email_source=notifications&email_token=AAJ2MLHV62FW5XGDQBE3Q3DQMWEHPA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAHDP2A#issuecomment-537802728>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJ2MLD6UM34GLOPPCF7FWDQMWEHPANCNFSM4I3ZG6IA>.

from nekit.

zhuhaow commented on August 17, 2024

你手机上下个网络调试的软件，有很多，或者命令行的软

On 3 Oct 2019, at 14:11, iOS还有人要吗? ***@***.***> wrote:

你是说用电脑的dig命令吗？ fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A ; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 145 IN A 31.13.85.16 ;; Query time: 62 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 03 14:07:35 CST 2019 ;; MSG SIZE rcvd: 48 — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

from nekit.

chenfengfeng commented on August 17, 2024

好～我先试试

from nekit.

chenfengfeng commented on August 17, 2024

from nekit.

zhuhaow commented on August 17, 2024

不要指定8.8.8.8

from nekit.

chenfengfeng commented on August 17, 2024

dig没有指定8.8.8.8，但是NEDNSSettings有设定

from nekit.

chenfengfeng commented on August 17, 2024

大佬，我有几个关于dns的疑问，先抛开之前说的，希望能够解惑。

1.NEDNSSettings的作用是不是起到了把系统的dns更改为我设定的dns？如果不是的话，是用来干嘛？

2.如果我设置了NEProxySettings，也就是http代理，并且TUNInterface里面注册了DNSServer，那么我访问网页连接请求的时候，域名解析的dns会走系统的dns还是会被TUNInterface劫持，用DNSServer的设定去解析呢？

3.如果我用了DNSServer但是不用ip池，会有什么影响吗？文档上说的是为了进行反向查找，但是我想知道如果不用的话会有什么影响。
代码是这样的：

self.interface = TUNInterface(packetFlow: self.packetFlow)
let dnsServer = DNSServer(address: IPAddress(fromString: "198.18.0.1")!, port: NEKit.Port(port: 53))
let resolver = UDPDNSResolver(address: IPAddress(fromString: "8.8.8.8")!, port: NEKit.Port(port: 53))
dnsServer.registerResolver(resolver)
self.interface.register(stack: dnsServer)

from nekit.

qyb commented on August 17, 2024

请参考 https://forums.developer.apple.com/thread/35027 ，这里是最权威的回答了

from nekit.

stale commented on August 17, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from nekit.

关于dns转发的疑问 about nekit HOT 15 CLOSED

Comments (15)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent