Dns
使用 dnscrypt-proxy 解析子域會返回一個 IP 地址,但聲稱該域不存在
我
dnscrpyt-proxy用作使用 DoH 的本地存根。解析子域聲稱它們“可能”不存在或被代理阻止,但返回的 IP 是正確的。我不確定這是可以預期的還是表明某些問題。如何解釋以下兩個範例的輸出?
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve docs.google.com Resolving [docs.google.com] Domain exists: probably not, or blocked by the proxy Canonical name: docs.google.com. IP addresses: 216.58.200.14, 2404:6800:4005:805::200e TXT records: google-site-verification=Ea9DtyEruwUPQhZm6VkAeu8Ww7RdLyfV-ounIdQlkuY Resolver IP: 104.238.170.136 (104.238.170.136.vultr.com.) generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve drive.google.com Resolving [drive.google.com] Domain exists: probably not, or blocked by the proxy Canonical name: drive.google.com. IP addresses: 172.217.16.142, 2404:6800:4005:802::200e TXT records: google-site-verification=pGMCXdTAsGW_L3o1ks9eToJ4g1R-l3r8TcXdkcA9RqY Resolver IP: 185.95.216.116generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve eric.mink.li Resolving [eric.mink.li] Domain exists: probably not, or blocked by the proxy Canonical name: eric.mink.li. IP addresses: 80.74.154.155 TXT records: - Resolver IP: 185.95.216.116 generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve mink.li Resolving [mink.li] Domain exists: yes, 3 name servers found Canonical name: mink.li. IP addresses: 80.74.154.155 TXT records: - Resolver IP: 185.95.216.116值得注意的是,並非所有子域都表現出這種行為。例如這個其他網站:
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve eric.mink.com Resolving [eric.mink.com] Domain exists: yes, 2 name servers found Canonical name: eric.mink.com. IP addresses: 69.172.201.153 TXT records: - Resolver IP: 185.95.216.116這些子域都可以在瀏覽器中訪問(
eric.mink.com儘管範例是重定向)。
當然,
Domain exists: probably not, or blocked by the proxy這有點令人困惑。這實際上意味著對該名稱的查詢返回的響應不包括任何名稱伺服器。
對實際域(不是主機名)的查詢,例如
google.com將返回一組名稱伺服器:Domain exists: yes, 4 name servers found一些解析器可能總是返回名稱伺服器,而一些可能會返回最少的響應。因此,
Domain exists:當名稱是域時,此行正確返回伺服器的數量,但當它是完全限定的主機名時,則不可靠。