V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
liuzhuorui88
V2EX  ›  DNS

下一代互联网国家工程中心的官方 doh/dot 公布

  •  
  •   liuzhuorui88 · 2020-11-21 22:52:10 +08:00 · 9967 次点击
    这是一个创建于 1497 天前的主题,其中的信息可能已经有所发展或是发生改变。
    doh: https://dns.cfiec.net/dns-query
    dot:dns.cfiec.net
    但是我试了一下,貌似需要纯 ipv6 环境,或者手动设置本地 IP,不然解析不出来。需要的大佬可以试一试,还蛮好用的。
    官方网址: https://www.chinaipv6.com.cn/dot-doh/
    23 条回复    2020-11-23 03:02:16 +08:00
    jim9606
        1
    jim9606  
       2020-11-21 23:21:45 +08:00   ❤️ 1
    证书用的是 Let's Encrypt,槽点略多
    301
        2
    301  
       2020-11-21 23:24:39 +08:00 via Android
    我刚试了,有 IPv4 地址,解析出来是这个 111.7.186.177 ,谁测测有没有污染
    learningman
        3
    learningman  
       2020-11-21 23:27:48 +08:00
    dns query not allowed because of ACL
    Greatshu
        4
    Greatshu  
       2020-11-21 23:38:16 +08:00
    indev
        5
    indev  
       2020-11-21 23:50:25 +08:00
    无法解析?
    lxilu
        6
    lxilu  
       2020-11-22 00:03:34 +08:00 via iPhone
    这是啥中心,够格国字吗?
    v2tudnew
        7
    v2tudnew  
       2020-11-22 00:13:34 +08:00
    pmispig
        8
    pmispig  
       2020-11-22 00:19:01 +08:00
    看上去像私企搞的,不是工信部直属的
    Henryzhao
        9
    Henryzhao  
       2020-11-22 00:28:27 +08:00
    有污染,解析谷歌返回了 199.59.149.136 2001::9a5c:1061,分别是推特 IP 和非法 IPv6 。

    ```
    $ curl -v --doh-url 'https://dns.cfiec.net/dns-query' www.google.com
    * Added dns.cfiec.net:443:240e:e9:900b::6 to DNS cache
    * Found bundle for host dns.cfiec.net: 0x7fffed0e5680 [serially]
    * Server doesn't support multiplex (yet)
    * Trying 240e:e9:900b::6:443...
    * TCP_NODELAY set
    * Hostname 'dns.cfiec.net' was found in DNS cache
    * Trying 240e:e9:900b::6:443...
    * TCP_NODELAY set
    * Connected to dns.cfiec.net (240e:e9:900b::6) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * successfully set certificate verify locations:
    * CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
    * Connected to dns.cfiec.net (240e:e9:900b::6) port 443 (#1)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * successfully set certificate verify locations:
    * CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * ALPN, server accepted to use h2
    * Server certificate:
    * subject: CN=dns.cfiec.net
    * start date: Oct 26 01:01:40 2020 GMT
    * expire date: Jan 24 01:01:40 2021 GMT
    * subjectAltName: host "dns.cfiec.net" matched cert's "dns.cfiec.net"
    * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
    * SSL certificate verify ok.
    * Using HTTP2, server supports multi-use
    * Connection state changed (HTTP/2 confirmed)
    * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    * Using Stream ID: 1 (easy handle 0x7fffed105700)
    > POST /dns-query HTTP/2
    Host: dns.cfiec.net
    accept: */*
    content-type: application/dns-message
    content-length: 32

    * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
    * We are completely uploaded and fine
    < HTTP/2 200
    < server: h2o/dnsdist
    < date: Sat, 21 Nov 2020 16:25:17 GMT
    < content-type: application/dns-message
    < content-length: 48
    <
    * Connection #0 to host dns.cfiec.net left intact
    * a DOH request is completed, 1 to go
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * ALPN, server accepted to use h2
    * Server certificate:
    * subject: CN=dns.cfiec.net
    * start date: Oct 26 01:01:40 2020 GMT
    * expire date: Jan 24 01:01:40 2021 GMT
    * subjectAltName: host "dns.cfiec.net" matched cert's "dns.cfiec.net"
    * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
    * SSL certificate verify ok.
    * Using HTTP2, server supports multi-use
    * Connection state changed (HTTP/2 confirmed)
    * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    * Using Stream ID: 1 (easy handle 0x7fffed10aea0)
    > POST /dns-query HTTP/2
    Host: dns.cfiec.net
    accept: */*
    content-type: application/dns-message
    content-length: 32

    * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
    * We are completely uploaded and fine
    < HTTP/2 200
    < server: h2o/dnsdist
    < date: Sat, 21 Nov 2020 16:25:18 GMT
    < content-type: application/dns-message
    < content-length: 60
    <
    * Connection #1 to host dns.cfiec.net left intact
    * a DOH request is completed, 0 to go
    * DOH Host name: www.google.com
    * TTL: 101 seconds
    * DOH A: 199.59.149.136
    * DOH AAAA: 2001:0000:0000:0000:0000:0000:9a5c:1061
    * Trying 199.59.149.136:80...
    * TCP_NODELAY set
    * Connected to www.google.com (199.59.149.136) port 80 (#0)
    > GET / HTTP/1.1
    > Host: www.google.com
    > User-Agent: curl/7.68.0
    > Accept: */*
    >
    ```
    jinliming2
        10
    jinliming2  
       2020-11-22 00:37:03 +08:00
    DoH 手动测试几个常见被那啥的域名解析结果:
    google.com. 300 IN A 172.217.27.142
    www.google.com. 153 IN A 31.13.64.49
    www.google.com. 88 IN AAAA 2001::1f0d:5520
    facebook.com. 68 IN A 173.252.88.133
    facebook.com. 77 IN AAAA 2001::45ab:e025
    www.facebook.com. 138 IN A 199.59.149.244
    www.facebook.com. 104 IN AAAA 2001::1f0d:440e
    fb.com. 300 IN A 157.240.28.35
    fb.com. 298 IN AAAA 2a03:2880:f141:82:face:b00c:0:25de
    twitter.com. 162 IN A 31.13.69.129
    twitter.com. 244 IN AAAA 2001::6ca0:aa2e
    www.twitter.com. 158 IN A 69.171.248.128
    www.twitter.com. 85 IN AAAA 2001::45ab:e614
    reddit.com. 115 IN A 128.242.240.20
    reddit.com. 106 IN AAAA 2001::40e9:bdc7
    www.reddit.com. 66 IN A 108.160.167.147
    www.reddit.com. 72 IN AAAA 2001::42dc:9e01
    wikipedia.org. 178 IN A 202.160.128.205
    wikipedia.org. 76 IN AAAA 2001::4a75:b24f
    en.wikipedia.org. 90 IN A 67.15.100.252
    en.wikipedia.org. 143 IN AAAA 2001::453f:b50c
    zh.wikipedia.org. 182 IN A 67.230.169.182
    zh.wikipedia.org. 174 IN AAAA 2001::48e9:4882
    www.v2ray.com. 131 IN A 202.160.128.14
    www.v2ray.com. 174 IN AAAA 2001::42ab:ea50

    所有请求都只返回一条记录,DoT 的返回结果略有不同,应该是多条记录随机返回一条的。
    在测试过程中发现他们的这个服务可能还不太稳定,一些域名他们可能还没有缓存,在前几次请求的时候会返回 502 Bad Gateway,过几秒再请求就好了。
    leido
        11
    leido  
       2020-11-22 00:43:10 +08:00 via Android   ❤️ 2
    国内备选方案
    谷歌 DoT(安卓测试可无视墙) dns.google
    腾讯 DoT dns.pub
    阿里 DoT dns.alidns.com
    jinliming2
        12
    jinliming2  
       2020-11-22 00:45:57 +08:00
    上面的结果可以看出,几乎所有都是被污染的
    autogen
        13
    autogen  
       2020-11-22 00:46:49 +08:00
    下一代互联网不是 ipv9 吗? [狗头]
    lpts007
        14
    lpts007  
       2020-11-22 01:17:39 +08:00 via Android
    技术原理我了解,但是国内搞这玩意有什么作用呢?
    Whalko
        15
    Whalko  
       2020-11-22 01:22:29 +08:00
    还是老老实实阿里吧
    ncepuzs
        16
    ncepuzs  
       2020-11-22 01:33:21 +08:00
    SSL 证书经费没批下来吗?
    12101111
        17
    12101111  
       2020-11-22 01:40:40 +08:00   ❤️ 1
    下一代互联网国家工程中心( CFIEC,全称“下一代互联网关键技术和评测国家地方联合工程研究中心”)是天地互连公司承建,由北京市发改委于 2012 年认定的北京市工程研究中心,并于 2015 年由国家发改委批复升级为国家地方联合工程研究中心。工程中心作为领先的第三方 IPv6 基础设施服务商,以 IPv6 下一代互联网、DNS 根服务器、SDN 软件定义网络、NFV 网络功能虚拟化以及区块链、人工智能网络等先进网络技术为研究重心,参与全球网络技术标准化和市场化工作,建设运营关键信息基础设施,开展网络安全、性能、一致性等第三方测试认证业务,推动全球网络互联互通。

    领导介绍
    刘东
    下一代互联网国家工程中心主任
    北京天地互连信息技术有限公司董事长


    @pmispig 所以就是个私企了
    parametrix
        18
    parametrix  
       2020-11-22 02:22:47 +08:00
    @jim9606 有被笑到,谢谢 😂
    wql
        19
    wql  
       2020-11-22 07:58:18 +08:00 via Android
    @pmispig 下一代中心现在就是私企……
    micean
        20
    micean  
       2020-11-22 09:38:21 +08:00
    这公司名称起的跟有家客栈一样……
    DEVN
        21
    DEVN  
       2020-11-22 11:31:39 +08:00 via iPhone
    国内哪有不被污染的,
    skyeycirno
        22
    skyeycirno  
       2020-11-22 20:49:12 +08:00
    @12101111 #17 这公司以前是不是还搞过一个 6plat 的啥东西~
    S179276SP
        23
    S179276SP  
       2020-11-23 03:02:16 +08:00
    谷歌解析到 Facebook 爱尔兰的 IP
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2365 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 16:03 · PVG 00:03 · LAX 08:03 · JFK 11:03
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.