我目前已设置 nginx 将 DNS over TLS 请求转发到我的私有本地 DNS 服务器,配置如下:
stream {
upstream dns-servers {
server 127.0.0.1:53;
}
server {
listen 853 ssl;
proxy_pass dns-servers;
ssl_preread on;
ssl_certificate cert.pem;
ssl_certificate_key key.pem;
ssl_dhparam ssl-dhparams.pem;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
}
}
这工作正常,但 DNS 服务器将所有请求视为来自localhost。因此,我还想将源 IP 地址转发到我的 DNS 服务器。
我尝试添加
proxy_bind $remote_addr:$remote_port transparent;
并尝试添加
proxy_protocol on;
但添加它们之后,我在日志中收到以下错误:
2019/09/25 14:48:40 [error] 26463#26463: *1 upstream timed out (110: Connection timed out) while proxying connection, client: <remote ip was here>, server: 0.0.0.0:853, upstream: "127.0.0.1:53", bytes from/to client:1040/0, bytes from/to upstream:0/0