小天管理 发表于 2024年9月29日 发表于 2024年9月29日 以 https://dns.google/dns-query 为例 加入 edns_client_subnet: DNS answer is: ;; opcode: QUERY, status: NOERROR, id: 12373 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version 0; flags:; udp: 512 ; SUBNET: 110.81.11.0/24/24 ;; QUESTION SECTION: ;v.qq.com. IN A ;; ANSWER SECTION: v.qq.com. 600 IN CNAME v.tc.qq.com. v.tc.qq.com. 180 IN CNAME v.qq.com.sched.px-dk.tdnsv6.com. v.qq.com.sched.px-dk.tdnsv6.com. 60 IN A 27.152.187.140 为加入 edns_client_subnet: DNS answer is: ;; opcode: QUERY, status: NOERROR, id: 32922 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;v.qq.com. IN A ;; ANSWER SECTION: v.qq.com. 600 IN CNAME p21ovs.tcdn.qq.com. p21ovs.tcdn.qq.com. 120 IN CNAME ssd.tcdn.qq.com. ssd.tcdn.qq.com. 180 IN A 203.205.137.236 已经代码为 cloudflare worker 当未设置 edns_client_subnet 时,取来源 IP 为 edns_client_subnet 参数并做了 IP 模糊处理, 当设置 edns_client_subnet 则直接传给上游。 js 只向上游请求 A 记录,AAAA 记录 留在以后做吧。 js 内容应该做 cache 的,留在以后做吧。 const endpointPath = '/dns-query'; const upstream = 'https://dns.google/dns-query'; const headers = { 'accept': 'application/dns-message', 'content-type': 'application/dns-message', }; function getAdditionalBytes(ip, isIPv4) { if (isIPv4) { return new Uint8Array([ 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x07, 0x00, 0x01, 0x18, 0x00, ...ip.split('.').slice(0, 3).map(num => parseInt(num).toString(16).padStart(2, '0')) ]); } else { return new Uint8Array([ 0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x02, 0x30, 0x00, ...ip.split(':').slice(0, 3).map(num => num.padStart(4, '0')) ]); } } async function fetchUpstream(body) { return await fetch(new Request(upstream, { method: 'POST', headers, body, })); } async function handleRequestPost(request) { if (request.headers.get('content-type') !== 'application/dns-message') { return new Response('bad request header', { status: 400 }); } const bodyArrayBuffer = await request.arrayBuffer(); const body = new Uint8Array(bodyArrayBuffer); // Check the 12th byte if (body[11] === 0x00) { body[11] = 0x01; // Modify the 12th byte const ip = request.headers.get('cf-connecting-ip'); const isIPv4 = ip.includes('.'); const additionalBytes = getAdditionalBytes(ip, isIPv4); // Create a new body with additional bytes const modifiedBody = new Uint8Array(body.length + additionalBytes.length); modifiedBody.set(body); modifiedBody.set(additionalBytes, body.length); return fetchUpstream(modifiedBody); } return fetchUpstream(bodyArrayBuffer); } async function handleRequest(request) { const clientUrl = new URL(request.url); if (clientUrl.pathname !== endpointPath) { return new Response('Hello World!', { status: 404 }); } switch (request.method) { case 'POST': return handleRequestPost(request); default: return new Response('method not allowed', { status: 405 }); } } addEventListener('fetch', event => { event.respondWith(handleRequest(event.request)); });
已推荐帖子