检测 DNS leak 的原理是什么?

2019-01-20 00:04:53 +08:00
 Loyalsoldier

https://www.astrill.com/zh/dns-leak-test

https://www.dnsleaktest.com

我本地用了 Pcap_DNSProxy 客户端,开了中国大陆白名单代理。检测结果如下:有 Google、OpenDNS 和 Cloudflare 这三个是正常的,其他就不太清楚怎么测出来的……

有人知道检测原理?

4366 次点击
所在节点    问与答
5 条回复
xfspace
2019-01-20 02:04:44 +08:00
$("#imgpark").append('<img src="https://'+sessions[tested]+'.dnsleak.astrill.net" height="0" width="0"/>');


# dig xx.dnsleak.astrill.net +trace

; <<>> DiG 9.11.5-P1-1-Debian <<>> xx.dnsleak.astrill.net +trace
;; global options: +cmd
. 448916 IN NS l.root-servers.net.
. 448916 IN NS k.root-servers.net.
. 448916 IN NS g.root-servers.net.
. 448916 IN NS i.root-servers.net.
. 448916 IN NS e.root-servers.net.
. 448916 IN NS c.root-servers.net.
. 448916 IN NS j.root-servers.net.
. 448916 IN NS m.root-servers.net.
. 448916 IN NS h.root-servers.net.
. 448916 IN NS f.root-servers.net.
. 448916 IN NS b.root-servers.net.
. 448916 IN NS a.root-servers.net.
. 448916 IN NS d.root-servers.net.
. 490594 IN RRSIG NS 8 0 518400 20190201050000 20190119040000 16749 . kCuIr4upZWr9JPrQFFinhA2op2fUxhWjg1OVSHpGOeCa6ZOb3OQVcnoQ boGkE4YJiGxdr+/IzsBpnFnlzqvRYGOClLxeWpnlSIWG9IhX4tHfDY9F iEGirceGaxV6j58zxcly80fkBR6OH2C8OlCatm6STAUbl5RnRtB3hfSd Topb5/lqRszlCts279K+3mvpQhWKM1qi0GXhEeKwSFxKn2HcSvPy67zK rLW+qCrLZ7ccWyT/d1d28B0LFqXWxY9xl9sfycy4uXnYsksa1yNq21kW 7PQeD5O2V3FIryDcg3nCctR4h5zHK1DDgKrWeM/AWzlWO5OKpPbZjeCa UnJJ4w==
;; Received 1097 bytes from 210.2.4.8#53(210.2.4.8) in 33 ms

net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
net. 86400 IN RRSIG DS 8 1 86400 20190201050000 20190119040000 16749 . FO0vnVngIMXkUVvsaYrx26Br/YyeydERikybxzaukVX70tXYG/zOD4hv iRn2K+yT7QhzTjIi//u+AYeMoMXYjSR7WruylVKpoR4pIOfBjDby2EEs 9UB59xhzBgr5jG9oMIWx2yh0Thct9pe4G7zEFWLnMpA/RdUBG+4Tpm2h dGz4vNIxDw4QGviRwt37DbFtsoa8jo8ex8Wk82KSVEEHy1AYaEGA0dTn qijOjxPqKzBoyRWPoh2rSdsgVOhdzrZ+l4QYmMfbGfBcmaoKg87ro2Jq AGToBgdU4N408KQZ/es7pClB5lxGeXuWDD+UaMux8BxmG4b6uQrtZVTa xTy9JA==
;; Received 1208 bytes from 199.9.14.201#53(b.root-servers.net) in 237 ms

astrill.net. 172800 IN NS ns01.astrill.net.
astrill.net. 172800 IN NS ns02.astrill.net.
astrill.net. 172800 IN NS ns03.astrill.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20190123063539 20190116052539 51638 net. eBBi58orqud9eZ32+dugUrAFdyw3FBw5/jZ4MUh90NJzRvSOKn+3Dt4d U2PQnLSmcZUq+xzc6r4hK3xO3nSSc4S6LSt+5zsb/g1a/KoBXNMC2yhO 41QA3BScy5NtOeZEPWpZIoP/wF8xlPFTrZV0dsUkaxveadUkZ9FlqHAm K7Y=
3ND9M5511C86ELU6BQ79AEP1NMGBPVKB.net. 86400 IN NSEC3 1 1 0 - 3NDLS0BB02C91RMJ5M1I3TGCF8DFBTDT NS DS RRSIG
3ND9M5511C86ELU6BQ79AEP1NMGBPVKB.net. 86400 IN RRSIG NSEC3 8 2 86400 20190123063058 20190116052058 51638 net. pkvApX6Ok+rqMpuo6YItBuo3qsNFUC6QPm304qpkD/2APWPI/X/H1LA4 bLaaHrAQABmdHwuIR+mTuCWL8nAH12QgCQc9UaRa+EBlpR7K7lc/o51T y8gxkoAIHoAdo3yxUgjLk4EaST4m8Dw6uynvn9V70AjGn5bP3UFfNUxQ Tmk=
;; Received 642 bytes from 192.55.83.30#53(m.gtld-servers.net) in 297 ms
;; expected opt record in response
astrill.net. 60 IN SOA ns01.astrill.net. admin.astrill.net. 2019011918 3600 600 1209600 60
;; Received 121 bytes from 104.156.49.107#53(ns02.astrill.net) in 321 ms


NS 记录 client IP

问问题何必加粗
ZRS
2019-01-20 02:39:21 +08:00
大概的思路就是生成大量域名,喂给不同地区的 DNS 服务器,你去测试的时候对比解析结果吧
gamexg
2019-01-20 11:04:43 +08:00
dns 泄露检测原理应该是自建 dns 服务器,然后将 自己的域名 NS 记录设置为自己的 dns 服务器。

检测时的操作是,js 等方式访问 http://随机编号.自己域名.com 。isp 等 dns 服务器会去访问 检测网站自建的 dns 服务器,dns 服务器根据随机编号就能够对应到具体客户。
catalina
2019-01-20 14:01:09 +08:00
看 dnsleaktest 下面的说明啊:

The servers identified above receive a request to resolve a domain name (e.g. www.eff.org) to an IP address everytime you enter a website address in your browser.

The owners of the servers above have the ability to associate your personal IP address with the names of all the sites you connect to and store this data indefinitely. This does not mean that they do log or store it indefinitely but they may and you need to trust whatever their policy says.

If you are connected to a VPN service and ANY of the servers listed above are not provided by the VPN service then you have a DNS leak and are choosing to trust the owners of the above servers with your private data.
shuiguomayi
96 天前
@gamexg ,今天正好遇到这个问题,有幸看到了正确的解答,感谢。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/528709

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX