Mar 27

样本是 China Domain List,平台是 ASUS RT-AC68P ARM + Tomato,DNS 解析程序都是静态编译。支持排除/指定解析列表的,都加载了样本域名。没什么太大实际意义,蛋疼而已。

Unbound
Statistics:

Queries sent: 26919
Queries completed: 26832 (99.68%)
Queries lost: 87 (0.32%)

Response codes: NOERROR 20030 (74.65%), SERVFAIL 6714 (25.02%), NXDOMAIN 88 (0.33%)
Average packet size: request 28, response 50
Run time (s): 69.774275
Queries per second: 384.554336

Average Latency (s): 0.238396 (min 0.000236, max 4.992936)
Latency StdDev (s): 0.389999

Pdnsd:
Statistics:

Queries sent: 26919
Queries completed: 23513 (87.35%)
Queries lost: 3406 (12.65%)

Response codes: NOERROR 23234 (98.81%), SERVFAIL 171 (0.73%), NXDOMAIN 108 (0.46%)
Average packet size: request 28, response 59
Run time (s): 314.555457
Queries per second: 74.749935

Average Latency (s): 0.596292 (min 0.000358, max 4.999555)
Latency StdDev (s): 1.019165

dnsforwarder:
Statistics:

Queries sent: 26919
Queries completed: 25401 (94.36%)
Queries lost: 1518 (5.64%)

Response codes: NOERROR 25401 (100.00%)
Average packet size: request 28, response 61
Run time (s): 183.965017
Queries per second: 138.075165

Average Latency (s): 0.416087 (min 0.000227, max 4.999129)
Latency StdDev (s): 0.644664

ChinaDNS:
Statistics:

Queries sent: 26919
Queries completed: 21331 (79.24%)
Queries lost: 5588 (20.76%)

Response codes: NOERROR 21232 (99.54%), SERVFAIL 13 (0.06%), NXDOMAIN 86 (0.40%)
Average packet size: request 28, response 57
Run time (s): 363.248690
Queries per second: 58.722855

Average Latency (s): 0.375668 (min 0.015623, max 4.569101)
Latency StdDev (s): 0.340221

Pcap_DNSProxy
Statistics:

Queries sent: 26919
Queries completed: 25476 (94.64%)
Queries lost: 1443 (5.36%)

Response codes: NOERROR 25205 (98.94%), SERVFAIL 158 (0.62%), NXDOMAIN 113 (0.44%)
Average packet size: request 28, response 57
Run time (s): 513.577050
Queries per second: 49.605020

Average Latency (s): 1.716650 (min 0.059361, max 4.998602)
Latency StdDev (s): 1.207510


Mar 23

一个是做 DNSSEC 的
auto-trust-anchor-file: "/opt/etc/unbound/root.key"
一个是
use-caps-for-id: yes
开启这两个参数任意一个,如果转发的 DNS (若干)上游服务器稍有“不遵循规范”的就会返回空值:

wrong 0x20-ID in reply qname
......
Capsforid fallback: getting different replies, failed
......

具体没做细研究了!

Use 0x20-encoded random bits in the query to foil spoof
attempts. This perturbs the lowercase and uppercase of query
names sent to authority servers and checks if the reply still
has the correct casing. Disabled by default. This feature is
an experimental implementation of draft dns-0x20.

Tags: ,