This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

TCPDNS

使用dnscrypt-proxy时遇到的问题

我是用dnscrypt-proxy来解决DNS污染的．但是，偶尔地会出现dnscrypt-proxy不能正常工作的情况，比如连续十几分钟都获取不到有效证书．当这种情况出现的时候，网络访问就几乎无法进行．我利用TCPDNS来解决这个问题．

使用TCPDNS做备用DNS

用TCPDNS做备用DNS的好处是保证DNS速度的情况下，避免污染DNS. 但对受限域名的查询会失败，因为此时TCP连接会被connection reset. 有个可用的DNS总好过完全没有DNS吧．当dnscrypt-proxy恢复后，受限域名的查询又会正常了．

1. 首先你要找几个支持TCP查询的境外DNS服务器．最好是在香港台湾等速度快的地方找．

2. 添加redsocks2配置并并重启redsocks2

   REDSOCKS2相关配置内容

   tcpdns {
    bind = 127.0.0.1:3053; // Local server to act as DNS server
    tcpdns1 = 168.95.192.1;      // DNS server that supports TCP DNS requests
    tcpdns2 = 202.175.3.8;      // DNS server that supports TCP DNS requests
    timeout = 6;            // Timeout value for TCP DNS requests
   }
   

3. 将上面配置的local_ip:local_port做为备用DNS加入到你的系统配置中，比如dnsmasq的配置文件里．

4. 重启DNS服务．

实际效果还不错，在TCPDNS的配合下，总体dns查询失败率已经从之前的8%左右降至0.02%

Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: time 1458179451
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: cache size 150, 5574/34694 cache insertions re-used unexpired cache entries.
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: queries forwarded 17548, queries answered locally 7477
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 127.0.0.1#3053: queries sent 14296, retried or failed 0
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 127.0.0.1#2053: queries sent 14296, retried or failed 0
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 127.0.0.1#1053: queries sent 14296, retried or failed 3
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 8.8.8.8#53: queries sent 3252, retried or failed 0
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 8.8.4.4#53: queries sent 0, retried or failed 0