调试了好久，还是无法做到连接权威DNS服务器的IP=你的宽带IP

[moshangniqiu]

/data # debug.sh
=====PaoPaoDNS docker debug=====
[info] images build time : 2023-11-03 10:40:36 UTC
[DEBUG-OK]DATA_writeable
[DEBUG-OK]DATA_readable
[info] ========== network info ==========
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
94: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:c0:a8:32:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.5/24 brd 192.168.50.255 scope global eth0
valid_lft forever preferred_lft forever
default via 192.168.50.1 dev eth0
192.168.50.0/24 dev eth0 scope link src 192.168.50.5
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=119 time=4.206 ms
64 bytes from 223.5.5.5: seq=1 ttl=119 time=5.220 ms

--- 223.5.5.5 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.206/4.713/5.220 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=55 time=4.630 ms
64 bytes from 119.29.29.29: seq=1 ttl=55 time=5.742 ms

--- 119.29.29.29 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.630/5.186/5.742 ms
Server: 223.5.5.5
Address: 223.5.5.5#53

Non-authoritative answer:
www.taobao.com canonical name = www.taobao.com.danuoyi.tbcache.com.
Name: www.taobao.com.danuoyi.tbcache.com
Address: 122.13.173.235
Name: www.taobao.com.danuoyi.tbcache.com
Address: 122.13.173.234
Name: www.taobao.com.danuoyi.tbcache.com
Address: 2408:8760:2:21:3::3d1
Name: www.taobao.com.danuoyi.tbcache.com
Address: 2408:8760:2:21:3::3d0

Server: 119.29.29.29
Address: 119.29.29.29#53

Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.65
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.76
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c

[info] ========== env info ==========
====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:1000m 2000m 1000000 3000mb
prefPC:100
CORES:-4-
POWCORES:-4-
ulimit :-1048576-
FDLIM :-4096-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-PaoPaoDNS,blog.03k.org-
SERVER_IP:-192.168.50.5-
ETHIP:-192.168.50.5-
DNSPORT:-53-
SOCKS5:-192.168.50.6:1080-
CNAUTO:-yes-
IPV6:-no-
CNFALL:-yes-
CUSTOM_FORWARD:-192.168.50.6:53-
AUTO_FORWARD:-yes-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-yes-
RULES_TTL:-0-
CUSTOM_FORWARD_TTL:-0-
SHUFFLE:-no-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-no-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-no-
PLATFORM:-Linux paopaodns 5.10.0-26-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:231103.1
[info] ========== process info ==========
PID USER TIME COMMAND
1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
13 root 0:00 crond
45 root 0:52 redis-server unixsocket:/tmp/redis.sock
157 root 0:10 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.t
158 root 0:15 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt_s
184 root 0:02 unbound -c /tmp/unbound_forward.conf -p
185 root 0:13 mosdns start -d /tmp -c /tmp/mosdns.yaml
198 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
205 root 0:01 tail -f /dev/null
206 root 0:07 unbound -c /tmp/unbound_raw.conf -p
237 root 0:00 inotifywait -e modify,delete /etc/unbound/named.cache /dat
377 root 0:00 sh
383 root 0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
399 root 0:00 ps -ef
[info] ========== cn list info ==========
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
[info] ========== reids info ==========
used_memory_human:1.40M
used_memory_rss_human:2.69M
used_memory_peak_human:1.40M
total_system_memory_human:15.44G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:2.93G
(integer) 167
[test] IP test, you will see that all the following IPs are your public network exit IP !
[test] ========== IP TEST START ==========
CN IP URL:
115.44.XX.XX
115.44.XX.XX
CN RAW-IP URL:
115.44.XX.XX

Non-CN IP URL:
118.167.18.XXX
118.167.18.XXX
118.167.18.XXX
Non-CN RAW-IP URL:
115.44.XX.XX
115.44.XX.XX
115.44.XX.XX

IP INFO:
115.44.XX.XX

HTTP/1.1
curl/8.4.0
Asia/Shanghai Time: 11/4/2023, 5:57:43 PM

----mosdns whoami aka dig:
"ecs" "36.36.7.1/32/24"
"ns" "81.71.99.228"
"ip" "81.71.99.228"

----local-unbound whoami aka dig:
"ecs" "36.36.7.1/32/24"
"ns" "81.71.99.228"
"ip" "81.71.99.228"

----mosdns whoami 03k dig:
7.0.1.70

----local-unbound whoami 03k dig:
7.0.1.70
[test] ========== IP TEST END ==========

[test] The DNS hijacking test, you will see timed out message !
[test] ========== DNS HIJACK START ==========
Server: 9.8.7.6
Address: 9.8.7.6#53

Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.65
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.76
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c

[test] ========== DNS HIJACK END ==========
[test] CN domain test, you will see that the DNS resolution result is CN IP !
[test] ========== CN DOMAIN TEST START ==========
----mosdns CN dig:
7.0.1.52

----local-unbound CN dig:
7.0.0.26
[test] ========== CN DOMAIN TEST END ==========
[test] Non-CN domain test, you will see that the DNS resolution result is correct IP !
[test] ========== Non-CN DOMAIN TEST START ==========
----mosdns Non-CN dig:
7.0.0.10

----dnscrypt-unbound NOCN dig:
youtube-ui.l.google.com.
142.250.180.46
142.250.185.46

----dnscrypt Non-CN dig:
youtube-ui.l.google.com.
142.250.180.46
142.250.185.46

----dnscrypt-socks5 Non-CN dig:
youtube-ui.l.google.com.
74.125.130.190
172.253.118.136
[test] ========== Non-CN DOMAIN TEST END ==========
[test] IPv6 Dual CN test: you will see that IPv6 is OK !
[test] ========== IPV6 CN DOMAIN TEST START ==========
[test] ========== IPV6 CN DOMAIN TEST END ==========
[test] IPv6 Dual Non-CN test: you will see that IPv6 is empty !
[test] ========== IPV6 Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 Non-CN DOMAIN TEST END ==========
[test] IPv6 only Non-CN test: you will see that IPv6 is ok !
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST END ==========

[info] ALL TEST FINISH.

[kkkgo]

参考 #56 (comment)

[kkkgo]

除了DNS被劫持之外，还注意到调试日志里面部分域名没有按预期解析，这可能是你在ROS上使用了IP分流之类的操作。

[moshangniqiu]

谢谢一直关注，明天改成路由器拨号试试。

[moshangniqiu]

光猫直连电脑拨号后，nas没网络，测试不到paopaodns，还是说在电脑里装个docker.

[kkkgo]

不需要跑docker啊，就打开你电脑的CMD命令行就能用nslookup。这只是一个网络环境测试，跟任何docker没关系。
如果你电脑接入的网络环境没有劫持，就不会返回DNS结果，就像这样：

[moshangniqiu]

明白了，谢谢解答，也有了排查思路。

[moshangniqiu]

经测试是运营商劫持了dns，有办法解决吗？

[kkkgo]

如果你是电脑直连光猫，用电脑手动拨号仍然出现劫持现象的话，就可以认为是运营商存在劫持。
解决办法只有向运营商投诉，劫持DNS了说不定还劫持别的。
如果投诉成功的话，运营商会把你加入劫持白名单。

[moshangniqiu]

运营商不承认。昨天又研究了一下，发现把百度、京东的域名加入force_cn_list.txt中，就登录不了百度京东了，是不是证明本地递归失败，网络环境差到这种地步，还是说哪里设置有问题。

[kkkgo]

登录不了可能是被劫持的IP解析结果不对或者解析出来的IP被阻止访问，unbound基于CNAME链来解析域名来避免域名缓存污染，会导致被篡改过的解析结果不一样，你可以手动nslookup一下对应域名的解析结果，如果有结果的话，可以把这个IP结果用在线ping工具ping一下，看看其他地区其他宽带是否也用不了。从你的这段调试信息来看，DNS递归信息的确是先被劫持到运营商的服务器（腾讯云）再出口的。

----local-unbound whoami aka dig:
"ecs" "36.36.7.1/32/24"  # 查询组织：天威视讯宽带
"ns" "81.71.99.228"  # 查询组织：腾讯云
"ip" "81.71.99.228"  

[kkkgo]

理论上 你真的被劫持的话，加不加force_cn_list.txt效果都一样。如果加了导致域名解析不出来结果的话，那就是递归失败。

[kkkgo]

按调试信息看，要么局域网或者ISP劫持到腾讯云DNS去了，要么天威视讯自己租了个腾讯云当递归DNS

[moshangniqiu]

C:\Users\Administrator>nslookup tieba.baidu.com
服务器: PaoPaoDNS
Address: 10.1.1.5
名称: tieba.baidu.com
C:\Users\Administrator>nslookup tieba.baidu.com
服务器: PaoPaoDNS
Address: 10.1.1.5
名称: tieba.baidu.com

电脑nslookup tieba.baidu.com 没有结果，运营商劫持的话，是不是应该会返回一个结果。

[kkkgo]

你测劫持应该直接在nslookup后面加上一个不存在的DNS地址。
nslookup tieba.baidu.com 9.8.7.6

[moshangniqiu]

换了路由器拨号的debug.sh
/data # debug.sh
=====PaoPaoDNS docker debug=====
[info] images build time : 2023-11-03 10:40:36 UTC
[DEBUG-OK]DATA_writeable
[DEBUG-OK]DATA_readable
[info] ========== network info ==========
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
19: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:0a:01:01:05 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.5/24 brd 10.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
default via 10.1.1.1 dev eth0
10.1.1.0/24 dev eth0 scope link src 10.1.1.5
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=119 time=4.639 ms
64 bytes from 223.5.5.5: seq=1 ttl=119 time=5.101 ms

--- 223.5.5.5 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.639/4.870/5.101 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=55 time=5.141 ms
64 bytes from 119.29.29.29: seq=1 ttl=55 time=4.904 ms

--- 119.29.29.29 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.904/5.022/5.141 ms
Server: 223.5.5.5
Address: 223.5.5.5#53

Non-authoritative answer:
www.taobao.com canonical name = www.taobao.com.danuoyi.tbcache.com.
Name: www.taobao.com.danuoyi.tbcache.com
Address: 122.13.173.235
Name: www.taobao.com.danuoyi.tbcache.com
Address: 122.13.173.234
Name: www.taobao.com.danuoyi.tbcache.com
Address: 2408:8760:2:21:3::3d1
Name: www.taobao.com.danuoyi.tbcache.com
Address: 2408:8760:2:21:3::3d0

Server: 119.29.29.29
Address: 119.29.29.29#53

Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.65
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.76
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c

[info] ========== env info ==========
====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:1000m 2000m 1000000 3000mb
prefPC:100
CORES:-4-
POWCORES:-4-
ulimit :-1048576-
FDLIM :-4096-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-PaoPaoDNS-
SERVER_IP:-10.1.1.5-
ETHIP:-10.1.1.5-
DNSPORT:-53-
SOCKS5:[email protected]:1080-
CNAUTO:-yes-
IPV6:-no-
CNFALL:-yes-
CUSTOM_FORWARD:-10.1.1.2:53-
AUTO_FORWARD:-yes-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-yes-
RULES_TTL:-300-
CUSTOM_FORWARD_TTL:-300-
SHUFFLE:-yes-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-yes-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-yes-
PLATFORM:-Linux paopaodns 5.10.0-26-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:231103.1
[info] ========== process info ==========
PID USER TIME COMMAND
1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
13 root 0:00 crond
45 root 2:36 redis-server unixsocket:/tmp/redis.sock
510 root 0:31 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt_s
537 root 0:01 unbound -c /tmp/unbound_forward.conf -p
548 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
551 root 0:05 tail -f /dev/null
553 root 0:22 unbound -c /tmp/unbound_raw.conf -p
2156 root 0:01 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.t
2349 root 0:00 mosdns start -d /data -c /tmp/mosdns.yaml
2392 root 0:00 inotifywait -e modify,delete /etc/unbound/named.cache /dat
2394 root 0:00 sh
2400 root 0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
2416 root 0:00 ps -ef
[info] ========== cn list info ==========
#domain:whoami.ds.akahelp.net
#domain:whoami.03k.org
[info] ========== reids info ==========
used_memory_human:1.61M
used_memory_rss_human:2.97M
used_memory_peak_human:1.64M
total_system_memory_human:15.44G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:2.93G
(integer) 167
[test] IP test, you will see that all the following IPs are your public network exit IP !
[test] ========== IP TEST START ==========
CN IP URL:
115.45.X.XXX
CN RAW-IP URL:
115.45.X.XXX

Non-CN IP URL:
54.238.XXX.XXX
54.238.XXX.XXX
Non-CN RAW-IP URL:
115.45.X.XXX
115.45.X.XXX
115.45.X.XXX

IP INFO:
115.45.X.XXX
CN,Shenzhen,Guangdong
HTTP/1.1
curl/8.4.0
Asia/Shanghai Time: 11/12/2023, 6:28:22 PM

----mosdns whoami aka dig:
"ip" "81.71.99.228"
"ecs" "36.36.7.1/32/24"
"ns" "81.71.99.228"

----local-unbound whoami aka dig:
"ip" "81.71.99.228"
"ecs" "36.36.7.1/32/24"
"ns" "81.71.99.228"

----mosdns whoami 03k dig:
7.0.0.125

----local-unbound whoami 03k dig:
7.0.1.70
[test] ========== IP TEST END ==========

[test] The DNS hijacking test, you will see timed out message !
[test] ========== DNS HIJACK START ==========
Server: 9.8.7.6
Address: 9.8.7.6#53

Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.65
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.76
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c

[test] ========== DNS HIJACK END ==========
[test] CN domain test, you will see that the DNS resolution result is CN IP !
[test] ========== CN DOMAIN TEST START ==========
----mosdns CN dig:
7.0.0.129

----local-unbound CN dig:
7.0.0.26
[test] ========== CN DOMAIN TEST END ==========
[test] Non-CN domain test, you will see that the DNS resolution result is correct IP !
[test] ========== Non-CN DOMAIN TEST START ==========
----mosdns Non-CN dig:
7.0.0.114

----dnscrypt-unbound NOCN dig:
youtube-ui.l.google.com.
142.251.40.46
172.217.12.142

----dnscrypt Non-CN dig:
youtube-ui.l.google.com.
172.217.12.142
142.250.68.14

----dnscrypt-socks5 Non-CN dig:
youtube-ui.l.google.com.
172.217.31.142
172.217.161.78
[test] ========== Non-CN DOMAIN TEST END ==========
[test] IPv6 Dual CN test: you will see that IPv6 is OK !
[test] ========== IPV6 CN DOMAIN TEST START ==========
[test] ========== IPV6 CN DOMAIN TEST END ==========
[test] IPv6 Dual Non-CN test: you will see that IPv6 is empty !
[test] ========== IPV6 Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 Non-CN DOMAIN TEST END ==========
[test] IPv6 only Non-CN test: you will see that IPv6 is ok !
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST END ==========

[info] ALL TEST FINISH.

[kkkgo]

跟之前的debug没啥区别。

[moshangniqiu]

再和运营商聊聊

[kkkgo]

这里面debug让我疑惑的是本地递归怎么能递归出FAKEIP的，我觉得你的网络拓扑也有问题。

----local-unbound CN dig:
7.0.0.26

合理的解释只能是你局域网嵌套了一层DNS，还劫持到FAKEIP去了。

[kkkgo]

也不知道你光猫直连电脑拨号测试了没有

[moshangniqiu]

测了二次，自己测了一次，和宽带小哥测了一次，nslookup www.taobao.com 9.8.7.6 有结果返回。运营商答复是有cdn加速，做了定向解析。我也感觉本地递归有问题，但不会查。我的网络结构很简单，路由器拨号，接nas，docker装的paopaodns，虚拟机装paopaogw，其他没有了，docker和虚拟机的网络用的是ovs模式，我查了下网卡没有开启混杂模式，不知道有影响没。

[kkkgo]

应该是你路由器做了IP段分流的策略。你可以接个普通路由器再测或者把CUSTOM_FORWAED停掉ppg停掉再测。
"做了定向解析"不就是DNS劫持换个说法，都一样。

[kkkgo]

其实还有个解析是本地递归完全失败了，故障转移到最后的FAKEIP解析。我感觉应该是这个。但你开了CNFALL的话至少也能解析出结果，只能是把223.5.5.5这种的结果也劫持没了。

[moshangniqiu]

/data # debug.sh
=====PaoPaoDNS docker debug=====
[info] images build time : 2023-11-03 10:40:36 UTC
[DEBUG-OK]DATA_writeable
[DEBUG-OK]DATA_readable
[info] ========== network info ==========
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
49: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:0a:01:01:05 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.5/24 brd 10.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
default via 10.1.1.1 dev eth0
10.1.1.0/24 dev eth0 scope link src 10.1.1.5
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=119 time=5.513 ms
64 bytes from 223.5.5.5: seq=1 ttl=119 time=5.492 ms

--- 223.5.5.5 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 5.492/5.502/5.513 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=55 time=6.056 ms
64 bytes from 119.29.29.29: seq=1 ttl=55 time=6.138 ms

--- 119.29.29.29 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.056/6.097/6.138 ms
Server: 223.5.5.5
Address: 223.5.5.5#53

Non-authoritative answer:
www.taobao.com canonical name = www.taobao.com.danuoyi.tbcache.com.
Name: www.taobao.com.danuoyi.tbcache.com
Address: 163.177.180.107
Name: www.taobao.com.danuoyi.tbcache.com
Address: 163.177.180.108
Name: www.taobao.com.danuoyi.tbcache.com
Address: 2408:8760:2:21:3::3d1
Name: www.taobao.com.danuoyi.tbcache.com
Address: 2408:8760:2:21:3::3d0

Server: 119.29.29.29
Address: 119.29.29.29#53

Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.65
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.76
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c

[info] ========== env info ==========
====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:1000m 2000m 1000000 3000mb
prefPC:100
CORES:-4-
POWCORES:-4-
ulimit :-1048576-
FDLIM :-4096-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-PaoPaoDNS-
SERVER_IP:-10.1.1.5-
ETHIP:-10.1.1.5-
DNSPORT:-53-
SOCKS5:[email protected]:1080-
CNAUTO:-yes-
IPV6:-no-
CNFALL:-yes-
CUSTOM_FORWARD:--
AUTO_FORWARD:-yes-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-yes-
RULES_TTL:-300-
CUSTOM_FORWARD_TTL:-300-
SHUFFLE:-yes-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-yes-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-yes-
PLATFORM:-Linux paopaodns 5.10.0-26-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:231103.1
[info] ========== process info ==========
PID USER TIME COMMAND
1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
13 root 0:00 crond
45 root 0:00 redis-server unixsocket:/tmp/redis.sock
756 root 0:01 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.t
757 root 0:00 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt_s
785 root 0:00 mosdns start -d /tmp -c /tmp/mosdns.yaml
794 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
795 root 0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
802 root 0:00 tail -f /dev/null
1144 root 0:01 unbound -c /tmp/unbound_raw.conf
1145 root 0:00 unbound -c /tmp/unbound_forward.conf
1181 root 0:00 inotifywait -e modify,delete /etc/unbound/named.cache /dat
1206 root 0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
1207 root 0:00 curl -4L --connect-timeout 10 -s https://raw.githubusercon
1208 root 0:00 grep -Eo [0-9A-Za-z]{64}
1210 root 0:00 head -1
1211 root 0:00 sh
1217 root 0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
1233 root 0:00 ps -ef
[info] ========== cn list info ==========
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
[info] ========== reids info ==========
used_memory_human:1.70M
used_memory_rss_human:5.04M
used_memory_peak_human:1.73M
total_system_memory_human:15.44G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:2.93G
(integer) 167
[test] IP test, you will see that all the following IPs are your public network exit IP !
[test] ========== IP TEST START ==========
CN IP URL:
36.36.xx.xx
CN RAW-IP URL:
36.36.xx.xx

Non-CN IP URL:
36.36.xx.xx
36.36.xx.xx
36.36.xx.xx
Non-CN RAW-IP URL:
36.36.xx.xx
36.36.xx.xx
36.36.xx.xx

IP INFO:
36.36.xx.xx
HTTP/1.1
curl/8.4.0
Asia/Shanghai Time: 11/15/2023, 11:08:56 PM

----mosdns whoami aka dig:
"ecs" "36.36.7.1/32/24"
"ns" "81.71.99.228"
"ip" "81.71.99.228"

----local-unbound whoami aka dig:
"ecs" "36.36.7.1/32/24"
"ns" "81.71.99.228"
"ip" "81.71.99.228"

----mosdns whoami 03k dig:
7.0.1.70

----local-unbound whoami 03k dig:
7.0.1.70
[test] ========== IP TEST END ==========

[test] The DNS hijacking test, you will see timed out message !
[test] ========== DNS HIJACK START ==========
Server: 9.8.7.6
Address: 9.8.7.6#53

Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.76
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 109.244.236.65
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c

[test] ========== DNS HIJACK END ==========
[test] CN domain test, you will see that the DNS resolution result is CN IP !
[test] ========== CN DOMAIN TEST START ==========
----mosdns CN dig:
www.taobao.com.danuoyi.tbcache.com.
47.246.2.233
47.246.2.234

----local-unbound CN dig:
7.0.0.26
[test] ========== CN DOMAIN TEST END ==========
[test] Non-CN domain test, you will see that the DNS resolution result is correct IP !
[test] ========== Non-CN DOMAIN TEST START ==========
----mosdns Non-CN dig:
youtube-ui.l.google.com.
216.58.196.14
142.250.199.46

----dnscrypt-unbound NOCN dig:
youtube-ui.l.google.com.
142.251.42.142
142.251.42.174

----dnscrypt Non-CN dig:
youtube-ui.l.google.com.
142.250.66.238
142.250.67.14

----dnscrypt-socks5 Non-CN dig:
;; communications error to 127.0.0.1#5303: timed out
;; communications error to 127.0.0.1#5303: timed out
;; communications error to 127.0.0.1#5303: timed out
[test] ========== Non-CN DOMAIN TEST END ==========
[test] IPv6 Dual CN test: you will see that IPv6 is OK !
[test] ========== IPV6 CN DOMAIN TEST START ==========
[test] ========== IPV6 CN DOMAIN TEST END ==========
[test] IPv6 Dual Non-CN test: you will see that IPv6 is empty !
[test] ========== IPV6 Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 Non-CN DOMAIN TEST END ==========
[test] IPv6 only Non-CN test: you will see that IPv6 is ok !
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST END ==========

[info] ALL TEST FINISH.

这是关了CUSTOM_FORWAED停掉ppgw停掉的结果，用的路由器是普通的路由器。

[moshangniqiu]

运营商牛的很，投诉不成功。但paopaodns和ppgw配合是真的好用，速度很多，就是现在有个节点是Hysteria2,内核不支持，ppgw启动失败，大佬有换内核的想法吗？另外既然不能解决劫持，就想把paopaodns里的公共DNS换成运营商的（就是开了CNFALL的话至少也能解析出结果用的dns），但不知道修改哪个文件。

[kkkgo]

可以参考文档自己换clash meta的内核。
可以改/data/mosdns.yaml 搜索替换223.5.5.5/119.29.29.29

[kkkgo]

#82

[moshangniqiu]

我现在用的就是clash meta内核，不支持。clash verge、sing-box可以。

[kkkgo]

clash verge用的也是meta内核。meta文档：https://wiki.metacubex.one/config/inbound/listeners/hysteria2/

[52Mark]

电脑端：
环境：本地直连，无代理。

PS C:\Users\mmmm> nslookup -type=TXT whoami.ds.akahelp.net 23.*.*.33
服务器:  23-*-*-33-host.colocrossing.com
Address:  23.*.*.33

非权威应答:
whoami.ds.akahelp.net   text =

        "ns"
        "23.*.*.33"

20231119015334.229195564.addinfo.paopaodns      text =

        "Since 0ms From:not_a_aaaa -> local_unbound"
PS C:\Users\mmmm>

[kkkgo]

这并没有什么问题，一切都符合预期，递归服务器搭建在哪出口就是哪，你可能理解错了递归的原理，有其他问题可以另外开贴。

[52Mark]

这并没有什么问题，一切都符合预期，递归服务器搭建在哪出口就是哪，你可能理解错了递归的原理，有其他问题可以另外开贴。

emmmmm。抱歉