路由器上装安了 stubby，然后域名服务器使用的是 dns.google 但是拿到的 CDN 解析地址都是国外的，有什么解决办法吗？

@loukky #20 OpenDNS 暂不支持 DoT。。。

我用 OpenDNS DoH 查你的几个域名，nslookup 结果如下：
Name: fonts.googleapis.com
Address 1: 203.208.50.167
Address 2: 203.208.50.165
Address 3: 203.208.50.164
Address 4: 203.208.50.160
Address 5: 203.208.50.168
Address 6: 203.208.50.166
Address 7: 203.208.50.174
Address 8: 203.208.50.162
Address 9: 203.208.50.169
Address 10: 203.208.50.161
Address 11: 203.208.50.163
Address 12: 2404:6800:4002:80f::200a

Name: adservice.google.com
adservice.google.com canonical name = pagead46.l.doubleclick.net
Name: pagead46.l.doubleclick.net
Address 1: 203.208.50.89
Address 2: 203.208.50.90
Address 3: 203.208.50.77
adservice.google.com canonical name = pagead46.l.doubleclick.net

Name: www.googletagservices.com
www.googletagservices.com canonical name = pagead46.l.doubleclick.net
Name: pagead46.l.doubleclick.net
Address 1: 203.208.39.205
Address 2: 203.208.39.218
Address 3: 203.208.39.217
www.googletagservices.com canonical name = pagead46.l.doubleclick.net

最后一个
*** Can't find g.doubleclick.net: No answer
*** Can't find g.doubleclick.net: No answer

@zro 我试试 opendns 的 doh

@zro opendns 的 doh 域名是什么？

@loukky #23 https://github.com/curl/curl/wiki/DNS-over-HTTPS

@zro opendns doh 用 stubby，解析到的 IP 还是国外的..怪了
https://imgur.loukky.com/imgs/2020/02/35454953caa07cfc.png

这个是配置文件
resolution_type: GETDNS_RESOLUTION_STUB
round_robin_upstreams: 1
appdata_dir: "/var/lib/stubby"
tls_authentication: GETDNS_AUTHENTICATION_NONE
tls_query_padding_blocksize: 128
edns_client_subnet_private: 0
idle_timeout: 10000
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
dns_transport_list:
- GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 146.112.41.2
tls_port: 443
tls_auth_name: "doh.opendns.com"
- address_data: 2620:119:fc::2
tls_port: 443
tls_auth_name: "doh.opendns.com"

@loukky #25 stubby 不支持 DoH 吧？？

@zro 没注意..不过我换回谷歌以后，测试了几个域名，发现 cdn 都能正确的解析到国内。不知道为啥..

目前我还是在用 dnscrypt-proxy，其实 DoT 和 DoH 还有 DNSSEC 究竟哪个好啊？一堆乱七八糟的方案，不知怎么选择。

@Kobayashi
应该是懒。。。之前是 tunnel 到海外查询，现在换用机场，用 overture 代替这个 udp tunnel，就不折腾了

@parametrix 我问了 https_dns_proxy 的作者，给来的答复如下：
This is a request to add back ECS support.

To be clear, ECS support is not removed. It's just using the DNS protocol rather than the mechanism that Google supported in their JSON API.

That said, I can see a good reason to want to use it and none of the other caching DNS resolvers really give much clear control over this field. RFC8484 doesn't provide any guidance either. I'll treat this as a feature request but can't provide any hard time lines.

@loukky 应该是没有正确传递 ECS 参数

@yulihao 我也觉得是，但是不知道怎样调整配置文件