使用 dnscrypt 时，DNS 无法正确路由至 WAN NIC

2024-5-29 • tag-icon

我有一台集成了 AD DNS 的 Windows 2003 服务器。我尝试将服务器配置为通过以下方式发出传出（转发）DNS请求：dnscrypt 代理而不是通过正常的 TCP/UDP 53。

127.0.0.7我使用命令设置了 dnscrypt 以在上运行dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.7。当我尝试使用测试 DNS 连接时nslookup google.com 127.0.0.7，我收到错误消息[WARNING] sendto: [No route to host [WSAEHOSTUNREACH ]]。

编辑：这是route printdnscrypt 运行 127.0.0.7 时的输出。

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...4c 00 10 53 0c 4c ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Kerio WinRoute Firewall
0x3 ...00 16 76 c8 8c cc ...... Intel(R) 82566DC Gigabit Network Connection - Kerio WinRoute Firewall
0x10005 ...44 45 53 54 4f 53 ...... Kerio Virtual Network Adapter - Kerio WinRoute Firewall
===========================================================================
===========================================================================
        Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2      1
            127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
          192.168.1.0    255.255.255.0      192.168.1.2      192.168.1.2     20
          192.168.1.2  255.255.255.255        127.0.0.1        127.0.0.1     20
        192.168.1.102  255.255.255.255      192.168.3.1      192.168.3.1      1
        192.168.1.255  255.255.255.255      192.168.1.2      192.168.1.2     20
          192.168.2.0    255.255.255.0      192.168.2.2      192.168.2.2     20
          192.168.2.2  255.255.255.255        127.0.0.1        127.0.0.1     20
        192.168.2.255  255.255.255.255      192.168.2.2      192.168.2.2     20
          192.168.3.0    255.255.255.0      192.168.3.1      192.168.3.1     20
          192.168.3.1  255.255.255.255        127.0.0.1        127.0.0.1     20
        192.168.3.255  255.255.255.255      192.168.3.1      192.168.3.1     20
            224.0.0.0        240.0.0.0      192.168.1.2      192.168.1.2     20
            224.0.0.0        240.0.0.0      192.168.2.2      192.168.2.2     20
            224.0.0.0        240.0.0.0      192.168.3.1      192.168.3.1     20
      255.255.255.255  255.255.255.255      192.168.1.2      192.168.1.2      1
      255.255.255.255  255.255.255.255      192.168.2.2      192.168.2.2      1
      255.255.255.255  255.255.255.255      192.168.3.1      192.168.3.1      1
    Default Gateway:       192.168.2.1
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
        192.168.1.102  255.255.255.255      192.168.3.1       1

作为测试，我使用 127.0.0.1 运行了 dnscrypt（成功了），并比较了两种配置的进程监视器输出。以下是两者的 kdiff 的屏幕截图。

kdiff 比较

以下是原始的进程监视器日志：

Command: dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.1

Time of Day Process Name    PID Operation   Path    Result  Detail
57:57.2 dnscrypt-proxy.exe  5492    UDP Receive 127.0.0.1:53 -> 127.0.0.1:2549  SUCCESS Length: 40
57:57.2 dnscrypt-proxy.exe  5492    UDP Send    192.168.2.2:2546 -> 208.67.220.220:443  SUCCESS Length: 512
57:57.2 dnscrypt-proxy.exe  5492    UDP Send    192.168.2.2:2546 -> 192.168.2.1:0   SUCCESS Length: 554
57:57.3 dnscrypt-proxy.exe  5492    UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443  SUCCESS Length: 304
57:57.3 dnscrypt-proxy.exe  5492    UDP Send    127.0.0.1:53 -> 127.0.0.1:2549  SUCCESS Length: 110
57:57.3 dnscrypt-proxy.exe  5492    UDP Receive 127.0.0.1:53 -> 127.0.0.1:2550  SUCCESS Length: 42
57:57.3 dnscrypt-proxy.exe  5492    UDP Send    192.168.2.2:2546 -> 208.67.220.220:443  SUCCESS Length: 512
57:57.3 dnscrypt-proxy.exe  5492    UDP Send    192.168.2.2:2546 -> 192.168.2.1:0   SUCCESS Length: 554
57:57.3 dnscrypt-proxy.exe  5492    UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443  SUCCESS Length: 368
57:57.3 dnscrypt-proxy.exe  5492    UDP Send    127.0.0.1:53 -> 127.0.0.1:2550  SUCCESS Length: 128
57:57.3 dnscrypt-proxy.exe  5492    UDP Receive 127.0.0.1:53 -> 127.0.0.1:2551  SUCCESS Length: 28
57:57.3 dnscrypt-proxy.exe  5492    UDP Send    192.168.2.2:2546 -> 208.67.220.220:443  SUCCESS Length: 512
57:57.4 dnscrypt-proxy.exe  5492    UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443  SUCCESS Length: 304
57:57.4 dnscrypt-proxy.exe  5492    UDP Send    127.0.0.1:53 -> 127.0.0.1:2551  SUCCESS Length: 135

和

Command: dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.7

Time of Day Process Name    PID Operation   Path    Result  Detail
59:40.5 dnscrypt-proxy.exe  5212    UDP Receive 127.0.0.7:53 -> 127.0.0.7:2562  SUCCESS Length: 40
59:40.5 dnscrypt-proxy.exe  5212    UDP Send    192.168.2.2:2563 -> 208.67.220.220:443  SUCCESS Length: 512
59:40.6 dnscrypt-proxy.exe  5212    UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443  SUCCESS Length: 240
59:42.5 dnscrypt-proxy.exe  5212    UDP Receive 127.0.0.7:53 -> 127.0.0.7:2564  SUCCESS Length: 42
59:42.5 dnscrypt-proxy.exe  5212    UDP Send    192.168.2.2:2563 -> 208.67.220.220:443  SUCCESS Length: 512
59:42.6 dnscrypt-proxy.exe  5212    UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443  SUCCESS Length: 240
59:44.5 dnscrypt-proxy.exe  5212    UDP Receive 127.0.0.7:53 -> 127.0.0.7:2565  SUCCESS Length: 28
59:44.5 dnscrypt-proxy.exe  5212    UDP Send    192.168.2.2:2563 -> 208.67.220.220:443  SUCCESS Length: 512
59:44.6 dnscrypt-proxy.exe  5212    UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443  SUCCESS Length: 240
59:44.6 dnscrypt-proxy.exe  5212    UDP Send    192.168.2.2:2563 -> 127.0.0.7:2565  SUCCESS Length: 135

相关内容