0

我有一个自定义 dns 服务器应用程序,现在我正在尝试实现 DoH。但是我遇到了响应问题,它没有将正确的数据发送回客户端。

这是我得到的转储响应:

{
  header: {
    id: 0,
    qr: 1,
    opcode: 0,
    aa: 0,
    tc: 0,
    rd: 1,
    ra: 0,
    res1: 0,
    res2: 0,
    res3: 0,
    rcode: 0
  },
  question: [ { name: 'google.com', type: 28, class: 1 } ],
  answer: [
    {
      name: 'google.com',
      type: 28,
      class: 1,
      ttl: 299,
      address: '2a00:1450:4001:829:0:0:0:200e'
    }
  ],
  authority: [],
  additional: [],
  edns_options: [],
  payload: undefined,
  address: undefined,
  _socket: EventEmitter {
    _socket: TLSSocket {
      _tlsOptions: [Object],
      _secureEstablished: true,
      _securePending: false,
      _newSessionPending: false,
      _controlReleased: true,
      _SNICallback: null,
      servername: 'doh.mydns.com',
      alpnProtocol: 'http/1.1',
      authorized: false,
      authorizationError: null,
      encrypted: true,
      _events: [Object: null prototype],
      _eventsCount: 10,
      connecting: false,
      _hadError: false,
      _parent: [Socket],
      _host: null,
      _readableState: [ReadableState],
      readable: true,
      _maxListeners: undefined,
      _writableState: [WritableState],
      writable: true,
      allowHalfOpen: false,
      _sockname: null,
      _pendingData: null,
      _pendingEncoding: '',
      server: [Server],
      _server: null,
      ssl: [TLSWrap],
      _requestCert: false,
      _rejectUnauthorized: true,
      timeout: 120000,
      parser: [HTTPParser],
      on: [Function: socketListenerWrap],
      addListener: [Function: socketListenerWrap],
      prependListener: [Function: socketListenerWrap],
      _paused: false,
      _httpMessage: [ServerResponse],
      _peername: [Object],
      [Symbol(res)]: [TLSWrap],
      [Symbol(asyncId)]: 479,
      [Symbol(kHandle)]: [TLSWrap],
      [Symbol(lastWriteQueueSize)]: 0,
      [Symbol(timeout)]: Timeout {
        _idleTimeout: 120000,
        _idlePrev: [TimersList],
        _idleNext: [TimersList],
        _idleStart: 7291,
        _onTimeout: [Function: bound ],
        _timerArgs: undefined,
        _repeat: null,
        _destroyed: false,
        [Symbol(refed)]: false,
        [Symbol(asyncId)]: 486,
        [Symbol(triggerId)]: 479
      },
      [Symbol(kBuffer)]: null,
      [Symbol(kBufferCb)]: null,
      [Symbol(kBufferGen)]: null,
      [Symbol(kBytesRead)]: 0,
      [Symbol(kBytesWritten)]: 0,
      [Symbol(error-emitted)]: false
    },
    _remote: undefined,
    _buff: undefined,
    base_size: 4096,
    bound: false,
    unref: undefined,
    ref: undefined,
    _rest: undefined
  }
}

如您所见,答案是正确的,但我的 curl 正在返回:

* Found bundle for host doh.mydns.com: 0x7fc527c1ccd0 [serially]
* Server doesn't support multi-use (yet)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Hostname 'doh.mydns.com' was found in DNS cache
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to doh.mydns.com (127.0.0.1) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* Connected to doh.mydns.com (127.0.0.1) port 443 (#2)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.mydns.com
*  start date: Feb 15 00:00:00 2021 GMT
*  expire date: Feb 15 23:59:59 2022 GMT
*  subjectAltName: host "doh.mydns.com" matched cert's "*.mydns.com"
*  issuer: [redacted]
*  SSL certificate verify ok.
> POST / HTTP/1.1
Host: doh.mydns.com
Accept: */*
Content-Type: application/dns-message
Content-Length: 28

* upload completely sent off: 28 out of 28 bytes
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.mydns.com
*  start date: Feb 15 00:00:00 2021 GMT
*  expire date: Feb 15 23:59:59 2022 GMT
*  subjectAltName: host "doh.mydns.com" matched cert's "*.mydns.com"
*  issuer: [redacted]
*  SSL certificate verify ok.
> POST / HTTP/1.1
Host: doh.mydns.com
Accept: */*
Content-Type: application/dns-message
Content-Length: 28

* upload completely sent off: 28 out of 28 bytes
< HTTP/1.1 200 OK
< Content-Type: application/dns-message; charset=utf-8
< Content-Length: 277
< ETag: W/"115-IoroRQ/FDUoJVudu7+piXeX1d2I"
< Date: Fri, 19 Mar 2021 09:34:01 GMT
< Connection: keep-alive
< 
* Connection #1 to host doh.mydns.com left intact
* a DOH request is completed, 1 to go
< HTTP/1.1 200 OK
< Content-Type: application/dns-message; charset=utf-8
< Content-Length: 294
< ETag: W/"126-lDS0ifO+cxwEm7Oa4ImUtNYNiPw"
< Date: Fri, 19 Mar 2021 09:34:01 GMT
< Connection: keep-alive
< 
* Connection #2 to host doh.mydns.com left intact
* a DOH request is completed, 0 to go
* DOH: Bad ID type A for google.com
* DOH: Bad ID type AAAA for google.com
* Closing connection 0
curl: (6) Couldn't resolve host name
* Closing connection 1
* Closing connection 2

现在某个地方出现了错误,因为我已经获得了 google.com 的 AAAA,我也正确地获得了 A 型响应,但我没有将它发送给请求的客户端。

这是我的卷曲请求:

curl -v --doh-url https://doh.mydns.com google.com

也许比我聪明的人可以帮助我解决我的问题。

万一有人问:由于遗留原因,我使用https://www.npmjs.com/package/native-dns作为 dns 模块并表达,因为我还使用 API 并提供网站。

提前致谢!

4

0 回答 0