我有一台集成了 AD DNS 的 Windows 2003 服务器。我尝试将服务器配置为通过以下方式发出传出(转发)DNS请求:dnscrypt 代理而不是通过正常的 TCP/UDP 53。
127.0.0.7
我使用命令设置了 dnscrypt 以在 上运行dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.7
。当我尝试使用 测试 DNS 连接时nslookup google.com 127.0.0.7
,我收到错误消息[WARNING] sendto: [No route to host [WSAEHOSTUNREACH ]]
。
编辑:这是route print
dnscrypt 运行 127.0.0.7 时的输出。
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...4c 00 10 53 0c 4c ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Kerio WinRoute Firewall
0x3 ...00 16 76 c8 8c cc ...... Intel(R) 82566DC Gigabit Network Connection - Kerio WinRoute Firewall
0x10005 ...44 45 53 54 4f 53 ...... Kerio Virtual Network Adapter - Kerio WinRoute Firewall
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.102 255.255.255.255 192.168.3.1 192.168.3.1 1
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
192.168.3.0 255.255.255.0 192.168.3.1 192.168.3.1 20
192.168.3.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.3.255 255.255.255.255 192.168.3.1 192.168.3.1 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.3.1 192.168.3.1 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
255.255.255.255 255.255.255.255 192.168.3.1 192.168.3.1 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.102 255.255.255.255 192.168.3.1 1
作为测试,我使用 127.0.0.1 运行了 dnscrypt(成功了),并比较了两种配置的进程监视器输出。以下是两者的 kdiff 的屏幕截图。
以下是原始的进程监视器日志:
Command: dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.1
Time of Day Process Name PID Operation Path Result Detail
57:57.2 dnscrypt-proxy.exe 5492 UDP Receive 127.0.0.1:53 -> 127.0.0.1:2549 SUCCESS Length: 40
57:57.2 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 512
57:57.2 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 192.168.2.1:0 SUCCESS Length: 554
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 304
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 127.0.0.1:53 -> 127.0.0.1:2549 SUCCESS Length: 110
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 127.0.0.1:53 -> 127.0.0.1:2550 SUCCESS Length: 42
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 512
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 192.168.2.1:0 SUCCESS Length: 554
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 368
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 127.0.0.1:53 -> 127.0.0.1:2550 SUCCESS Length: 128
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 127.0.0.1:53 -> 127.0.0.1:2551 SUCCESS Length: 28
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 512
57:57.4 dnscrypt-proxy.exe 5492 UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 304
57:57.4 dnscrypt-proxy.exe 5492 UDP Send 127.0.0.1:53 -> 127.0.0.1:2551 SUCCESS Length: 135
和
Command: dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.7
Time of Day Process Name PID Operation Path Result Detail
59:40.5 dnscrypt-proxy.exe 5212 UDP Receive 127.0.0.7:53 -> 127.0.0.7:2562 SUCCESS Length: 40
59:40.5 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 512
59:40.6 dnscrypt-proxy.exe 5212 UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 240
59:42.5 dnscrypt-proxy.exe 5212 UDP Receive 127.0.0.7:53 -> 127.0.0.7:2564 SUCCESS Length: 42
59:42.5 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 512
59:42.6 dnscrypt-proxy.exe 5212 UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 240
59:44.5 dnscrypt-proxy.exe 5212 UDP Receive 127.0.0.7:53 -> 127.0.0.7:2565 SUCCESS Length: 28
59:44.5 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 512
59:44.6 dnscrypt-proxy.exe 5212 UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 240
59:44.6 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 127.0.0.7:2565 SUCCESS Length: 135