O DNS não é roteado corretamente para a NIC da WAN quando o dnscrypt é usado
1
Eu tenho um servidor Windows 2003 com DNS integrado ao AD. Estou tentando configurar o servidor para fazer solicitações de DNS de saída (encaminhadas) por meio do proxy dnscrypt em vez de pelo TCP / UDP normal 53.
Eu configurei o dnscrypt para ser executado em 127.0.0.7 com o comando dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.7 . Quando tento testar a conexão DNS com nslookup google.com 127.0.0.7 , recebo a mensagem de erro [WARNING] sendto: [No route to host [WSAEHOSTUNREACH ]] .
EDIT: Aqui está a saída de route print enquanto o dnscrypt estava executando 127.0.0.7.
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...4c 00 10 53 0c 4c ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Kerio WinRoute Firewall
0x3 ...00 16 76 c8 8c cc ...... Intel(R) 82566DC Gigabit Network Connection - Kerio WinRoute Firewall
0x10005 ...44 45 53 54 4f 53 ...... Kerio Virtual Network Adapter - Kerio WinRoute Firewall
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.102 255.255.255.255 192.168.3.1 192.168.3.1 1
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
192.168.3.0 255.255.255.0 192.168.3.1 192.168.3.1 20
192.168.3.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.3.255 255.255.255.255 192.168.3.1 192.168.3.1 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.3.1 192.168.3.1 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
255.255.255.255 255.255.255.255 192.168.3.1 192.168.3.1 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.102 255.255.255.255 192.168.3.1 1
Como teste, executei o dnscrypt com 127.0.0.1 (que funciona) e comparei a saída do monitor de processo das duas configurações. Aqui está uma imagem do kdiff dos dois.
Aqui estão os registros originais do Process Monitor:
Command: dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.1
Time of Day Process Name PID Operation Path Result Detail
57:57.2 dnscrypt-proxy.exe 5492 UDP Receive 127.0.0.1:53 -> 127.0.0.1:2549 SUCCESS Length: 40
57:57.2 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 512
57:57.2 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 192.168.2.1:0 SUCCESS Length: 554
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 304
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 127.0.0.1:53 -> 127.0.0.1:2549 SUCCESS Length: 110
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 127.0.0.1:53 -> 127.0.0.1:2550 SUCCESS Length: 42
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 512
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 192.168.2.1:0 SUCCESS Length: 554
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 368
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 127.0.0.1:53 -> 127.0.0.1:2550 SUCCESS Length: 128
57:57.3 dnscrypt-proxy.exe 5492 UDP Receive 127.0.0.1:53 -> 127.0.0.1:2551 SUCCESS Length: 28
57:57.3 dnscrypt-proxy.exe 5492 UDP Send 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 512
57:57.4 dnscrypt-proxy.exe 5492 UDP Receive 192.168.2.2:2546 -> 208.67.220.220:443 SUCCESS Length: 304
57:57.4 dnscrypt-proxy.exe 5492 UDP Send 127.0.0.1:53 -> 127.0.0.1:2551 SUCCESS Length: 135
e
Command: dnscrypt-proxy.exe -R opendns -L dnscrypt-resolvers.csv --local-address 127.0.0.7
Time of Day Process Name PID Operation Path Result Detail
59:40.5 dnscrypt-proxy.exe 5212 UDP Receive 127.0.0.7:53 -> 127.0.0.7:2562 SUCCESS Length: 40
59:40.5 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 512
59:40.6 dnscrypt-proxy.exe 5212 UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 240
59:42.5 dnscrypt-proxy.exe 5212 UDP Receive 127.0.0.7:53 -> 127.0.0.7:2564 SUCCESS Length: 42
59:42.5 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 512
59:42.6 dnscrypt-proxy.exe 5212 UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 240
59:44.5 dnscrypt-proxy.exe 5212 UDP Receive 127.0.0.7:53 -> 127.0.0.7:2565 SUCCESS Length: 28
59:44.5 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 512
59:44.6 dnscrypt-proxy.exe 5212 UDP Receive 192.168.2.2:2563 -> 208.67.220.220:443 SUCCESS Length: 240
59:44.6 dnscrypt-proxy.exe 5212 UDP Send 192.168.2.2:2563 -> 127.0.0.7:2565 SUCCESS Length: 135
por just.another.programmer
14.07.2014 / 16:21