30 条回复 • 2024-09-22 16:36:07 +08:00
 |
1
tunggt 1 天前
应该还是可用的,不过我自己 dot 和 doh 都绑的 ipv6
|
 |
2
obeykarma 1 天前
用 IP 的话 SSL 链接还可靠吗?
|
 |
3
cndns 1 天前 via Android
我自己搭建的还没有
|
 |
4
cookii 1 天前  4
今天刚整理了 DoH 清单,稍微大点的域名 DoH 都被毙了,IP 还可以使用。
https://coding.gs/2024/06/09/available-doh/ |
 |
5
caola 1 天前
可以考虑自建,但不要用 “/dns-query” 这种常规的 URL 和带 doh 前缀的二级域名,某些东西就难以侦测出 DoH 。
|
 |
6
showgood163 1 天前
指定 ip + dns over tls ,目前还算可以
|
 |
7
czk1997 23 小时 56 分钟前
在用某个收费的自定义 DOH 服务,目前还没被封。
|
 |
8
Xihi 23 小时 29 分钟前
DoQ 好像行。
|
 |
9
everfly 22 小时 48 分钟前 via iPhone
用 IP 不检查证书,你可能连接到假的目标服务器,或者被监听。
|
 |
12
KHHj7U2DNR 22 小时 12 分钟前 4
> 可以考虑自建,但不要用 “/dns-query” 这种常规的 URL
HTTPS 协议下面,请求 path 都是加密的。用`/dns-query`一点问题没有。 |
 |
13
Kinnice 21 小时 43 分钟前 via Android 7
@KHHj7U2DNR 会有设备主动探测这个默认路径,然后就知道你是 dns 服务器了,并不是什么设备知道你在访问这个路径.
|
 |
14
spartacussoft 21 小时 43 分钟前
但凡是大一点的服务商,提供 DOH 的证书都支持解析到 IP ,所以使用 IP 来访问 tls 不但符合 tls 验证,而且也没有 SNI 。
|
 |
17
miaomiao888 21 小时 0 分钟前
NEXTDNS 有很多节点 IP 可以自选
搭配 MOSDNS 指定 IP 并 insecure_skip_verify: true |
|
18
miaomiao888 20 小时 57 分钟前
- tag: forward_COM
type: fast_forward args: upstream: # - addr: https://dns.nextdns.io # - addr: https://149.28.148.222 #SG - addr: https://103.170.232.254 #JP # - addr: https://45.150.242.161 #TW # - addr: https://45.11.104.186 #HK # - addr: https://103.127.124.46 #KR # - addr: https://45.121.146.34 #MA enable_http3: false enable_pipeline: true insecure_skip_verify: true |
 |
19
ChicC 18 小时 45 分钟前
[2024-09-20 08:11:55,886][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer
[2024-09-20 10:06:31,161][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 10:14:19,160][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 12:42:57,162][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 12:54:07,305][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 14:37:30,751][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 16:44:20,162][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 18:54:35,247][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 18:57:34,098][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 19:37:35,163][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 20:44:34,374][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-20 22:32:53,164][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 08:20:54,162][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 12:30:23,160][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 16:16:40,700][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 17:32:17,164][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 17:54:15,787][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 19:09:39,448][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 20:10:07,956][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 21:01:53,407][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer [2024-09-21 21:42:13,366][ WARN][ dns_client.c:3320] Handshake with 104.16.249.249 failed, Connection reset by peer |
|
20
ChicC 18 小时 44 分钟前
确实域名 cloudflare-dns.com 不可用了
|
 |
21
glasswm 18 小时 2 分钟前
我在用境内 360 、alidns ,这个不可靠吗?
|
 |
22
AlphaTauriHonda 17 小时 55 分钟前 via iPhone
|
 |
23
tes286 17 小时 41 分钟前
确实。包括我自己自建的 doh 也被 reset 了。
第一个地址被 ban 后换了个新地址,不超过一天就又被 ban 了,adg home 上请求量才几千 最近 dns 环境好像很差,运营商在拦截一切 udp dns 数据包,返回几个奇奇怪怪的 ip (比如那个 ipv6 地址:2001:1 ,很明显是假的。。。) 服了(* ̄︿ ̄) > www.google.com 1.1.1.1 服务器: [1.1.1.1] Address: 1.1.1.1 非权威应答: 名称: www.google.com Addresses: 2001::1 31.13.88.26 > www.google.com 8.8.8.8 服务器: [8.8.8.8] Address: 8.8.8.8 非权威应答: 名称: www.google.com Addresses: 2001::1 199.16.158.8 > www.google.com 223.5.5.5 服务器: [223.5.5.5] Address: 223.5.5.5 非权威应答: 名称: www.google.com Addresses: 2001::1 31.13.88.26 > www.google.com 2001:4860:4860::8888 服务器: [2001:4860:4860::8888] Address: 2001:4860:4860::8888 非权威应答: 名称: www.google.com Addresses: 2001::1 31.13.68.169 > www.google.com 216.239.32.10 服务器: [216.239.32.10] -> ns1.google.com Address: 216.239.32.10 非权威应答: -> 这里本来应该是权威解析的 名称: www.google.com Addresses: 2001::1 199.16.158.9 tes286@TESDpc:~$ dig www.google.com +trace @192.168.0.200 -4 ; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> www.google.com +trace @192.168.0.200 -4 ;; global options: +cmd . 517895 IN NS a.root-servers.net. . 517895 IN NS b.root-servers.net. . 517895 IN NS c.root-servers.net. . 517895 IN NS d.root-servers.net. . 517895 IN NS e.root-servers.net. . 517895 IN NS f.root-servers.net. . 517895 IN NS g.root-servers.net. . 517895 IN NS h.root-servers.net. . 517895 IN NS i.root-servers.net. . 517895 IN NS j.root-servers.net. . 517895 IN NS k.root-servers.net. . 517895 IN NS l.root-servers.net. . 517895 IN NS m.root-servers.net. ;; Received 525 bytes from 192.168.0.200#53(192.168.0.200) in 0 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 1174 bytes from 199.7.83.42#53(l.root-servers.net) in 32 ms www.google.com. 203 IN A 157.240.17.35 ;; Received 59 bytes from 192.26.92.30#53(c.gtld-servers.net) in 43 ms -> 甚至截胡根 dns 正常解析: tes286@TESDpc:~$ dig dns.google +trace @192.168.0.200 -4 ; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> dns.google +trace @192.168.0.200 -4 ;; global options: +cmd . 517679 IN NS a.root-servers.net. . 517679 IN NS b.root-servers.net. . 517679 IN NS c.root-servers.net. . 517679 IN NS d.root-servers.net. . 517679 IN NS e.root-servers.net. . 517679 IN NS f.root-servers.net. . 517679 IN NS g.root-servers.net. . 517679 IN NS h.root-servers.net. . 517679 IN NS i.root-servers.net. . 517679 IN NS j.root-servers.net. . 517679 IN NS k.root-servers.net. . 517679 IN NS l.root-servers.net. . 517679 IN NS m.root-servers.net. ;; Received 525 bytes from 192.168.0.200#53(192.168.0.200) in 0 ms google. 172800 IN NS ns-tld4.charlestonroadregistry.com. google. 172800 IN NS ns-tld5.charlestonroadregistry.com. google. 172800 IN NS ns-tld1.charlestonroadregistry.com. google. 172800 IN NS ns-tld2.charlestonroadregistry.com. google. 172800 IN NS ns-tld3.charlestonroadregistry.com. ;; Received 730 bytes from 193.0.14.129#53(k.root-servers.net) in 335 ms dns.google. 10800 IN NS ns2.zdns.google. dns.google. 10800 IN NS ns1.zdns.google. dns.google. 10800 IN NS ns3.zdns.google. dns.google. 10800 IN NS ns4.zdns.google. ;; Received 539 bytes from 216.239.36.105#53(ns-tld3.charlestonroadregistry.com) in 86 ms dns.google. 900 IN A 8.8.8.8 dns.google. 900 IN A 8.8.4.4 ;; Received 274 bytes from 216.239.38.114#53(ns4.zdns.google) in 249 ms |
 |
24
bollld607 17 小时 9 分钟前
其实 IP 访问也会间歇性失效,我就用的是 Cloudflare 的 IP 地址 1.0.0.1 和 1.1.1.1 ,Firefox 浏览器。用着用着就失效了,打开 about:networking#DNS 里的 TRR 一列,果然全是 false ,TCP ping 443 端口果然连不上,然后我换另一个就正常了。目前我就是在这两个 IP 来回切换:1.0.0.1 暂时连不上了就用 1.1.1.1 ,反之亦然。
|
 |
25
bluaze 16 小时 23 分钟前 1
其实别折腾 doh/dot 了,直接通过代理访问外面无污染普通 dns 服务就可以了
|
 |
27
ccbikai 8 小时 5 分钟前 via iPhone
|
 |
29
ffnil 2 小时 14 分钟前
服了,就保持现在这样不好吗?还要加码
|
Select Language