Similar to the domain name resolver, the DNS proxy service supports multiple protocol types, supports custom domain name resolution (host mapper), has a caching function, and supports forwarding chains.
udp- DNS over UDP
tcp- DNS over TCP
tls- DNS over TLS
https- DNS over HTTPS
The format of each DNS is:
protocol: udp, tcp, tls and https. Default value is udp.
port: default value is 53.
- udp://22.214.171.124:53, or udp://126.96.36.199
Custom domain name resolution¶
Domain name resolution can be customized by setting the host-IP mapper.
services: - name: service-0 addr: :10053 hosts: hosts-0 handler: type: dns listener: type: dns metadata: mode: udp forwarder: nodes: - name: target-0 addr: 188.8.131.52 hosts: - name: hosts-0 mappings: - ip: 127.0.0.1 hostname: example.org - ip: ::1 hostname: example.org - ip: 2001:db8::1 hostname: example.com
Then query for
example.org will match the mapper without using the 184.108.40.206.
DNS Query example.org(ipv4)
DNS Query example.org(ipv6)
When querying for
example.com, since ipv4 has no counterpart in the mapper, 220.127.116.11 is used.
DNS Query example.com(ipv4)
DNS Query example.com(ipv6)
The DNS queries can be fine-grained devided by setting bypasses on the DNS proxy service and the forwarder nodes.
Service Level Bypass¶
When the DNS proxy service itself is set with a bypass, if the domain name queries does not pass the rule test (does not match the whitelist or matches the blacklist), the DNS proxy service returns an empty result.
example.com, the bypass-0 on the service is not passed, and the query will return empty results.
example.org, it passes the bypass bypass-0 on the service, the query will return results normally.
DNS Query example.org(ipv4)
Bypass On Forwarder Nodes¶
Similar to the bypass on the forwarding chain node, the forwarder nodes of the DNS proxy service can also be set to achieve fine-grained query control.
example.org, it does not pass the bypass bypass-0 on the target node target-0, but passes the bypass bypass-1 on the target node target-1, and the query will be forwarded to the node target-1 for processing.
example.com, it passes the bypass bypass-0 on the target node target-0, but does not pass the bypass bypass-1 on the target node target-1, the query will be forwarded to the node target-0 for processing.
The cache duration can be set through the
ttl option. By default, the TTL in the result returned by the DNS query is used. When it is set to a negative value, the cache is not used.
async option to set the query request to the upper-level DNS service to be asynchronous. At this time, when the cache is expired, the result in the client cache will still be returned, and at the same time, the query request will be sent to the upper-level DNS proxy service asynchronously and the cache will be updated.
Set the client IP through the
clientIP option, and enable the ECS (EDNS Client Subnet) extension function.