小樱 发表于 2022/2/24 03:55

dns服务器的https doh加密查询格式例子,代码url该怎么拼凑写ct参数,RFC8484和JSON,resolve输出接口

dns服务器的https doh加密查询格式例子,代码url该怎么拼凑写ct参数,RFC8484和JSON,resolve输出接口

腾讯云,http开发标准规范响应文本内容,但是不支持edns
https://1.12.12.12/dns-query?ct=application/dns-json&name=www.baidu.com.&type=A&edns_client_subnet=0.0.0.0
输出
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"www.baidu.com.","type":1}],"Answer":[{"name":"www.baidu.com.","type":5,"TTL":995,"data":"www.a.shifen.com."},{"name":"www.a.shifen.com.","type":1,"TTL":95,"data":"180.101.49.11"},{"name":"www.a.shifen.com.","type":1,"TTL":95,"data":"180.101.49.12"}]}

阿里云,我们中出了一个叛徒,,,和别人方式不一样。居然用的RFC8484而不是JSON,而是要发起https://223.5.5.5/dns-query?dns= + b64 这种格式,https://help.aliyun.com/document_detail/171664.html https://developer.aliyun.com/article/757592
https://dns.alidns.com/dns-query?dns=xzEBAAABAAAAAAAAA3d3dwZ0YW9iYW8DY29tAAABAAE
输出
一串乱码
好吧,也有JSON方式,但是要走resolve这个接口
https://223.5.5.5/resolve?ct=application/dns-json&name=www.baidu.com.&type=A&edns_client_subnet=0.0.0.0
输出
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":{"name":"www.baidu.com.","type":1},"Answer":[{"name":"www.baidu.com.","TTL":133,"type":5,"data":"www.a.shifen.com."},{"name":"www.a.shifen.com.","TTL":133,"type":1,"data":"183.232.231.174"},{"name":"www.a.shifen.com.","TTL":133,"type":1,"data":"183.232.231.172"}],"edns_client_subnet":"117.181.66.2/32"}

清华大学,输出数据都无了,空记录,不但带AD广告过滤导致大量网站无法解析,而且校外不推荐使用,有频率限制会跳错503 ServiceUnavailable
https://101.6.6.6:8443/resolve?ct=application/dns-json&name=bilibilihelper.com.&type=A&edns_client_subnet=::1
输出
{"Status":2,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"bilibilihelper.com.","type":1}],"edns_client_subnet":"::/0"}

RFC8484要求必须用netmask写法,但是google可以兼容这种不带netmask的场景,虽然我并没有找到说不带netmask就是非法包的论述,edns为RFC7871

https://8.8.8.8/resolve?ct=application/dns-json&name=www.baidu.com.&type=A&edns_client_subnet=0.0.0.0
输出
{"Status":5,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"www.baidu.com.","type":1}],"edns_client_subnet":"0.0.0.0/0"}

https://dns.google/resolve?ct=application/dns-json&name=www.baidu.com.&type=A&edns_client_subnet=0.0.0.0/0

ryoohki 发表于 2022/2/24 21:42

http,https协议不都是先看头部报文,再看body内容的吗?

小樱 发表于 2022/2/24 22:11

ryoohki 发表于 2022/2/24 21:42
http,https协议不都是先看头部报文,再看body内容的吗?

这就是doh的优势了,加密解析
页: [1]
查看完整版本: dns服务器的https doh加密查询格式例子,代码url该怎么拼凑写ct参数,RFC8484和JSON,resolve输出接口