我将dnscrpyt-proxy其用作使用 DoH 的本地存根。解析子域名声称它们“可能”不存在或被代理阻止,但返回的 IP 是正确的。我不确定这是意料之中的还是表明存在某些问题。
如何解释以下两个示例的输出?
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve docs.google.com
Resolving [docs.google.com]
Domain exists: probably not, or blocked by the proxy
Canonical name: docs.google.com.
IP addresses: 216.58.200.14, 2404:6800:4005:805::200e
TXT records: google-site-verification=Ea9DtyEruwUPQhZm6VkAeu8Ww7RdLyfV-ounIdQlkuY
Resolver IP: 104.238.170.136 (104.238.170.136.vultr.com.)
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve drive.google.com
Resolving [drive.google.com]
Domain exists: probably not, or blocked by the proxy
Canonical name: drive.google.com.
IP addresses: 172.217.16.142, 2404:6800:4005:802::200e
TXT records: google-site-verification=pGMCXdTAsGW_L3o1ks9eToJ4g1R-l3r8TcXdkcA9RqY
Resolver IP: 185.95.216.116
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve eric.mink.li
Resolving [eric.mink.li]
Domain exists: probably not, or blocked by the proxy
Canonical name: eric.mink.li.
IP addresses: 80.74.154.155
TXT records: -
Resolver IP: 185.95.216.116
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve mink.li
Resolving [mink.li]
Domain exists: yes, 3 name servers found
Canonical name: mink.li.
IP addresses: 80.74.154.155
TXT records: -
Resolver IP: 185.95.216.116
有趣的是,并非所有子域都表现出这种行为。例如另一个网站:
generic@motorbrot:/etc$ /opt/dnscrypt-proxy-2.0.44/dnscrypt-proxy -resolve eric.mink.com
Resolving [eric.mink.com]
Domain exists: yes, 2 name servers found
Canonical name: eric.mink.com.
IP addresses: 69.172.201.153
TXT records: -
Resolver IP: 185.95.216.116
这些子域都可以在浏览器中访问(eric.mink.com尽管示例是重定向)。
答案1
当然,Domain exists: probably not, or blocked by the proxy有点令人困惑。
它实际上意味着对该名称的查询返回的响应不包含任何名称服务器。
对实际域(不是主机名)的查询将google.com返回一组名称服务器:
Domain exists: yes, 4 name servers found
有些解析器可能总是返回名称服务器,有些解析器可能会返回最少的响应。因此,Domain exists:当名称是域时,此行可以正确返回服务器数量,但当名称是完全限定主机名时,此行不可靠。