时间戳

首页 > 解决方案 > 即使带有 --doh-url 标志的 DNS over HTTPS 请求,如何使 curl 使用相同的接口?

curl - 即使带有 --doh-url 标志的 DNS over HTTPS 请求,如何使 curl 使用相同的接口?

问题描述

在使用带有 --doh-url 标志的 curl 时,我注意到只有对目标服务器的最终 GET 请求(下面代码段中的 example.com)是通过命令本身指定的接口发出的,通过 https 请求的 dns 仍然会产生使用默认界面。有没有办法让 DoH 请求也使用相同的接口?

 curl --doh-url https://dns.google/dns-query https://example.com -vk --doh-insecure --interface 10.10.104.102 -4

* Found bundle for host dns.google: 0x55efcc8081d0 [serially]
*   Trying 8.8.8.8:443...
* Hostname 'dns.google' was found in DNS cache
*   Trying 8.8.8.8:443...
* Connected to dns.google (8.8.8.8) port 443 (#2)
* ALPN, offering http/1.1
* Connected to dns.google (8.8.8.8) port 443 (#1)
* ALPN, offering http/1.1
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=dns.google
*  start date: Sep 13 04:12:13 2021 GMT
*  expire date: Nov 20 04:12:12 2021 GMT
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> POST /dns-query HTTP/1.1
Host: dns.google
Accept: */*
Content-Type: application/dns-message
Content-Length: 29

* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=dns.google
*  start date: Aug 30 04:00:00 2021 GMT
*  expire date: Nov 22 03:59:59 2021 GMT
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> POST /dns-query HTTP/1.1
Host: dns.google
Accept: */*
Content-Type: application/dns-message
Content-Length: 29

* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< Date: Fri, 01 Oct 2021 10:37:19 GMT
< Expires: Fri, 01 Oct 2021 10:37:19 GMT
< Cache-Control: private, max-age=19274
< Content-Type: application/dns-message
< Server: HTTP server (unknown)
< Content-Length: 57
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< 
* Connection #2 to host dns.google left intact
* a DoH request is completed, 1 to go
* old SSL session ID is stale, removing
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< Date: Fri, 01 Oct 2021 10:37:19 GMT
< Expires: Fri, 01 Oct 2021 10:37:19 GMT
< Cache-Control: private, max-age=20920
< Content-Type: application/dns-message
< Server: HTTP server (unknown)
< Content-Length: 45
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< 
* Connection #1 to host dns.google left intact
* a DoH request is completed, 0 to go
* DoH Host name: example.com
* TTL: 19274 seconds
* DoH A: 93.184.216.34
* DoH AAAA: 2606:2800:0220:0001:0248:1893:25c8:1946
*   Trying 93.184.216.34:443...
* Name '10.10.104.102' family 2 resolved to '10.10.104.102' family 2

从上面的示例可以看出,接口 10.10.104.102 没有响应并因此超时,但 DoH 请求正在通过默认接口并因此成功。

标签: curldnsdns-over-https

解决方案

推荐阅读