Total Pageviews

Sunday 14 July 2019

利用RPDNS解决dns污染问题

[Clients] -> [RPDNS] -> [authoritative servers]
RPDNS accepts DNS queries, and responds from its own cache or after forwarding them to a set of authoritative dns servers.
Although queries can be forwarded to recursive servers as well, RPDNS itself does not perform any recursion. Its main purpose is to reduce the load on authoritative servers, and to mitigate denial-of-service attacks.

Features

  • EDNS0 support. Forwarded queries are rewritten in order to accept large payloads over UDP, independently from the payload size advertised by the client.
  • Response rate limiting in order to protect upstream servers against resource exhaustion.
  • Validation - Do not forward invalid queries and queries that are not fully qualified to upstream servers.
  • ANY queries are answered directly as a synthesized HINFO record.
  • TCP and UDP support; support for truncated responses.
  • ARC-based cache for DNS responses.
  • DNSSEC support.
  • Basic failover/load balancing with consistent hashing.
  • Resilience against outages of upstream servers.

Install

cd $GOPATH
$ go get -u -v github.com/jedisct1/rpdns

Usage

sudo rpdns -listen :53 -upstream 8.8.8.8:53,8.8.4.4:53

FROM https://github.com/jedisct1/rpdns

看看能用多久。

No comments:

Post a Comment