{"id":475,"date":"2015-07-01T01:30:00","date_gmt":"2015-07-01T01:30:00","guid":{"rendered":"http:\/\/www.houquner.com\/?p=2002"},"modified":"2016-08-12T16:06:11","modified_gmt":"2016-08-12T08:06:11","slug":"2002","status":"publish","type":"post","link":"https:\/\/www.houquner.com\/index.php\/archives\/475","title":{"rendered":"DNS support edns-client-subnet"},"content":{"rendered":"

\u8f6c\u8f7d\uff1ahttp:\/\/www.tuicool.com\/articles\/FV7VRnY<\/a><\/p>\n

\u770b\u4e862\u5929RFC\uff0c\u7ec8\u4e8e\u8ba9DNS\u652f\u6301edns-client-subnet\u534f\u8bae\uff0c\u901a\u8fc7google dns resolver\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u83b7\u53d6\u7528\u6237\u7684ip\u5730\u5740\u3002<\/p>\n


\n\u56fd\u5185\u5f88\u591aCDN\u548cDNS\u63d0\u4f9b\u5546\u90fd\u5df2\u7ecf\u5b9e\u73b0\u4e86\uff0c\u4f46\u7f51\u4e0a\u7684\u4e2d\u6587\u8d44\u6599\u6bd4\u8f83\u5c11\uff0c\u6240\u4ee5\u5728\u8fd9\u91cc\u5206\u4eab\u4e00\u4e0b\uff0c\u80fd\u529b\u6709\u9650\uff0c\u9519\u8bef\u4e4b\u5904\u8fd8\u8bf7\u8c05\u89e3\u3002
\n\u95ee\u9898<\/p>\n

CDN\u4f7f\u7528DNS\u83b7\u53d6\u67e5\u8be2IP\uff0c\u6839\u636eIP\u5bf9\u7528\u6237\u8fdb\u884c\u5730\u57df\u8c03\u5ea6\u3002\u4f46\u8fd9\u91cc\u83b7\u53d6\u7684IP\u5730\u5740\u662fDNS\u5730\u5740\uff0c\u800c\u4e0d\u662f\u7528\u6237\u771f\u5b9e\u7684IP\u5730\u5740\u3002
\n\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u5047\u8bbe\u7528\u6237\u901a\u8fc7\u4f1a\u4f7f\u7528\u79bb\u81ea\u5df1\u7f51\u7edc\u6700\u8fd1\u7684DNS resolver\uff0cCDN\u8c03\u5ea6\u57fa\u672c\u8fd8\u662f\u51c6\u786e\u7684\u3002
\n\u4f46\u4e5f\u6709\u5f88\u591anameserver\u8bbe\u7f6e\u9519\u8bef\uff0c\u6216\u8005\u7528\u6237\u4f7f\u7528google public dns\uff08nameserver 8.8.8.8\/8.8.4.4\uff09\u6216opendns\u8fdb\u884cDNS resolver
\n\u6bd4\u5982\uff1a
\n\u56fd\u5185\u7528\u6237\u8bbe\u7f6enamserver 8.8.8.8 (dig xxx.com @8.8.8.8)
\n\u6211\u4eec\u5f97\u5230\u7684DNS query IP\u662f74.125.16.208\uff0c\u5224\u65adIP\u5c5e\u4e8e \u7f8e\u56fd,,,\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5c71\u666f\u5e02\u8c37\u6b4c\u516c\u53f8
\n\u8fd9\u4e2a\u65f6\u5019\uff0c\u6211\u4eec\u7684DNS\u4f1a\u8fd4\u56de\u79bb\u7f8e\u56fd\u52a0\u5dde\u6700\u8fd1\u7684CDN\u8282\u70b9IP\u7ed9\u7528\u6237\u3002
\n\u56fd\u5185\u7528\u6237\u9519\u8bef\u7684\u8c03\u5ea6\u5230\u7f8e\u56fd\u8282\u70b9\u2026\u2026 \ud83d\ude41<\/p>\n

edns-client-subnet<\/p>\n

google\u63d0\u4ea4\u4e86\u4e00\u4efdDNS\u6269\u5c55\u534f\u8bae\uff0c \u6587\u6863\u5730\u5740
\n\u5141\u8bb8DNS resolver\u4f20\u9012\u7528\u6237\u7684ip\u5730\u5740\u7ed9authoritative DNS server.
\nCDN\u7684DNS\u652f\u6301\u8be5\u534f\u8bae\uff0c\u5c31\u53ef\u4ee5\u83b7\u53d6\u7528\u6237\u771f\u5b9e\u7684IP\u5730\u5740\uff0c\u8fdb\u884c\u51c6\u786e\u7684\u8c03\u5ea6\u3002
\n\u56fe\u72471
\n\"7fERJr.png\"<\/p>\n

OpenDNS\u548cGoogle Public DNS\u5df2\u7ecf\u652f\u6301\u4e86\u8be5\u534f\u8bae\uff0c\u5982\u679c\u5e0c\u671b\u4ed6\u4eec\u7684query\u4e2d\u5e26\u6709\u7528\u6237IP\uff0c\u9700\u8981\u8054\u7cfb\u4ed6\u4eec\u6dfb\u52a0\u767d\u540d\u5355\u3002
\n\u63d0\u4f9bnameserver\u7684hostname\u3001ip\u4ee5\u53ca\u53ef\u4ee5\u7528\u6765\u6d4b\u8bd5\u89e3\u6790\u7684\u57df\u540d\u5373\u53ef\uff0c\u4e00\u822c\u51e0\u5929\u5c31\u53ef\u4ee5\u641e\u5b9a\u3002\uff08\u6ce8\uff1a\u6211\u662f\u665a\u4e0a22:l00\u63d0\u4ea4\u7684\u7533\u8bf7\uff0c\u7b2c\u4e8c\u592910:00\u5c31\u5df2\u7ecf\u751f\u6548\u4e86\uff09<\/p>\n

\u5b9e\u73b0<\/p>\n

\u4e00. \u652f\u6301\u53d1\u9001\u548c\u63a5\u6536edns-client-subnet\u7684dig<\/p>\n

bind-9.7.3\u4e0b\u8f7d
\n\u652f\u6301edns-client-subnet\u7684dig path
\n\u4e0b\u8f7d\u4e0a\u8ff02\u4e2a\u5305\uff0c\u5c06patch\u6253\u8fdbbind\uff0c\u7f16\u8bd1\u51fadig\u8fdb\u884c\u6d4b\u8bd5
\n\"QQ\u622a\u56fe20150701092833.png\"
\n\u4e8c. \u534f\u8bae<\/p>\n

DNS\u534f\u8bae
\nDNS query\u4f1a\u5305\u542bheader\u548cRR 2\u90e8\u5206\uff0c\u8fd9\u91cc\u53ea\u4ecb\u7ecd\u6211\u4eec\u5173\u6ce8\u5730\u65b9\uff0c\u7f51\u4e0a\u53ef\u4ee5\u641c\u5230\u5f88\u591a\u534f\u8bae\u7684\u4ecb\u7ecd\uff0c\u6bd4\u5982\u8fd9\u4e2ahttp:\/\/archercai.blog.sohu.com\/60779796.html<\/a>
\nheader\u4f1a\u63cf\u8ff0\u672c\u6b21\u8bf7\u6c42\u4e2dQuestions\u3001Answer RRs\u3001Authority RRs\u548cAdditional RRs\u7684\u6570\u91cf
\nRR\u90e8\u5206\u4f1a\u8be6\u7ec6\u63cf\u8ff0\u6bcf\u4e2a\u8d44\u6e90\u7684\u5185\u5bb9\uff0c\u6240\u6709\u7684RR\u683c\u5f0f\u662f\u76f8\u540c\u7684\uff0c\u5982\u4e0b\uff1a<\/p>\n

                                 1    1    1    1    1    1\r\n   0    1    2    3    4    5    6    7    8    9    0    1    2    3    4    5\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- +\r\n |                                                |\r\n \/                                                \/\r\n \/                        NAME                      \/\r\n |                                                |\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- +\r\n |                        TYPE                      |\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- +\r\n |                      CLASS                      |\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- +\r\n |                        TTL                        |\r\n |                                                |\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- +\r\n |                    RDLENGTH                      |\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- |\r\n \/                      RDATA                      \/\r\n \/                                                \/\r\n + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- + -- +\r\n<\/code><\/pre>\n
\u4e2a\u4eba\u7406\u89e3edns-client-subnet\u662f\u5bf9edns\u534f\u8bae\u7684\u6269\u5c55\uff0c\u9644\u52a0\u5728\u4e00\u4e2aDNS\u8bf7\u6c42\u7684Additional RRs\u533a\u57df\uff0c\u8fd9\u91cc \u91cd\u70b9\u63cf\u8ff0edns-client-subnet\u7684\u7ed3\u6784
\nEDNS\u534f\u8bae Extension mechanisms for DNS (EDNS0\uff09\uff1ahttp:\/\/tools.ietf.org\/html\/draft-ietf-dnsind-edns0-01<\/a>
\n\u6bcf\u4e2a\u5b57\u6bb5\u7684\u7ed3\u6784\u548c\u63cf\u8ff0\u5982\u4e0b\uff1a<\/p>\n
Field Name Field Type Description<\/p>\n
\n
NAME domain name empty ( root domain )
\nTYPE u_int16_t OPT
\nCLASS u_int16_t sender ‘ s UDP payload size
\nTTL u_int32_t extended RCODE and flags
\nRDLEN u_int16_t describes RDATA
\nRDATA octet stream { attribute , value } pairs
\nOPT \u7684\u503c41\uff0c\u8be6\u7ec6\u7684\u534f\u8bae\u503c\u5982\u4e0b\uff1a<\/p>\n
( A , NS , MD , MF , CNAME , SOA , MB , MG , MR , NULL , WKS , PTR , HINFO , MINFO , MX , TXT ,
\nRP , AFSDB ) = range ( 1 , 19 )
\nAAAA = 28
\nSRV = 33
\nNAPTR = 35
\nA6 = 38
\nDNAME = 39
\nSPF = 99
\nOPT = 41
\nRDLENGTH\u63cf\u8ff0RDATAD\u7684\u957f\u5ea6\uff0cedns-client-subnet\u7684\u8be6\u7ec6\u683c\u5f0f\u5b58\u5728RDATA\u4e2d\uff0c\u5982\u4e0b\uff1a<\/p>\n
             + 0 ( MSB )                              + 1 ( LSB )\r\n + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - + -- - +\r\n<\/code><\/pre>\n
0 : | OPTION – CODE |
\n+ — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – +
\n2 : | OPTION – LENGTH |
\n+ — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – +
\n4 : | FAMILY |
\n+ — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – +
\n6 : | SOURCE NETMASK | SCOPE NETMASK |
\n+ — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – +
\n7 : | ADDRESS . . . \/
\n+ — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – + — – +
\nOPTION-CODE 2\u4e2abyte
\nOPTION-LENGTH 2\u4e2abyte\uff0c\u5b83\u4e4b\u540e\u7684\u5185\u5bb9\u957f\u5ea6
\nFAMILY 2\u4e2abyte\uff0c1\u8868\u793aipv4, 2\u8868\u793aipv6
\nADDRESS \u5b9e\u9645\u5b58\u653eIP\u5730\u5740\u7684\u5730\u65b9\uff0cipv4\u957f\u5ea6\u4e3a4\uff0cgoogle\u53d1\u9001\u8fc7\u6765\u7684\u957f\u5ea6\u4e00\u822c\u4e3a3\uff0c\u9690\u85cf\u4e86ip\u5730\u5740\u6700\u540e\u4e00\u4f4d
\n\u4e09. \u5f00\u53d1<\/p>\n
\u5b8c\u6210\u524d2\u4e2a\u6b65\u9aa4\uff0c\u5c31\u53ef\u4ee5\u5f00\u641e\u4e86\uff0c\u903b\u8f91\u5f88\u7b80\u5355\uff1a<\/p>\n
    \n
  1. \u5224\u65addns query\u662f\u5426\u5305\u542bAdditional RRs\uff0c\u8bfb\u53d6NAME\u90e8\u5206<\/li>\n
  2. \u8bfb\u53d610\u4e2a\u5b57\u8282(byte)\uff0c\u5224\u65adTYPE\u662f\u5426\u4e3a41\uff0crdlength > 8<\/li>\n
  3. \u5982\u679crdlength > 8\uff0c\u518d\u8bfb\u53d68\u4e2a\u5b57\u8282\uff0c\u5bf9\u5e94OPTION-CODE(2)\u2013>OPTION-LENGTH(2)\u2013>FAMILY(2)\u2013>SOURCE NETMASK(1)\u2013>SCOPE NETMASK(1)<\/li>\n
  4. \u8bfb\u53d6\u5269\u4e0b\u7684address\uff0c\u957f\u5ea6 rdlength \u2013 8 \u6216\u8005 option-length \u2013 4\u90fd\u884c
    \n\u6ce8\uff1a\u8bfb\u53d6\u5230\u7684\u5730\u5740\u957f\u5ea6\u4e3a4\uff0c\u53ef\u4ee5\u76f4\u63a5\u7528socket.inet_ntoa\u53d8\u6210ip\u5730\u5740\uff0c\u5982\u679c\u4e0d\u591f4\u4e2a\u5b57\u8282\uff0c\u9700\u8981\u540e\u9762\u8865x00<\/li>\n
  5. \u83b7\u53d6\u5230\u7684IP\u5730\u5740\u5c31\u53ef\u4ee5\u7528\u6765\u8fdb\u884c\u5224\u65ad\u8c03\u5ea6\u4e86<\/li>\n
  6. respond\u65f6\u4e5f\u9700\u8981\u589e\u52a0\u4e00\u4e2aAdditional RRs\u533a\u57df\uff0c\u76f4\u63a5\u628a\u8bf7\u6c42\u7684Additional\u5185\u5bb9\u539f\u5c01\u53d1\u8fc7\u53bb\u5c31\u53ef\u4ee5<\/li>\n<\/ol>\n
    \u56db. \u6293\u5305<\/p>\n
    \u53d1\u5305
    \n\u53d1\u9001dns query\u8bf7\u6c42\u65f6\uff0c\u53ef\u4ee5\u770b\u5230Questions:1, Additional RRs: 1
    \nAdditional RRs\u4e2d\uff0ctype: 41(OPT), rdlength: 12 (google\u53d1\u8fc7\u6765\u7684\u5305\uff0c\u957f\u5ea6\u4e3a11\uff0c\u6ca1\u6709IP\u5730\u5740\u6700\u540e\u4e00\u4f4d)
    \n12 \u2013 OPTION-CODE(2) \u2013 OPTION-LENGTH(2) \u2013 FAMILY(2) \u2013 SOURCE NETMASK(1) \u2013 SCOPE NETMASK(1) = 4\uff0cIPV4 \u5730\u5740\u7684\u5927\u5c0f
    \n\"Y7JJVr.png\"
    \n\u56de\u5305
    \n\u53d1\u9001dns query\u8bf7\u6c42\u65f6\uff0c\u53ef\u4ee5\u770b\u5230Questions:1, Answer RRs:1, Additional RRs: 1
    \n\"JbaQ7b.png\"<\/p>\n
    \u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aKermit\u7684\u7f51\u7ad9<\/a> » DNS support edns-client-subnet<\/a><\/p>","protected":false},"excerpt":{"rendered":"
    \u8f6c\u8f7d\uff1ahttp:\/\/www.tuicool.com\/articles\/FV7VRnY \u770b\u4e862\u5929RFC\uff0c\u7ec8\u4e8e\u8ba9DNS\u652f\u6301edns-client-subnet\u534f\u8bae\uff0c\u901a\u8fc7google dns resolver\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u83b7\u53d6\u7528\u6237\u7684ip\u5730\u5740\u3002 \u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aK […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-475","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/475"}],"collection":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/comments?post=475"}],"version-history":[{"count":1,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/475\/revisions"}],"predecessor-version":[{"id":613,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/475\/revisions\/613"}],"wp:attachment":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/media?parent=475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/categories?post=475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/tags?post=475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}