Previous DNSLOG public network that is deployed on its own server, the product depend on the individual environment is not very good. So do the modification.
frame
detail
1) A domain name server domain name to point B
- ns0.B.com
- ns1.B.com
2) two ns0 B domain designated as A and ns1 recorded on the public IP network
3) public network through VIP way to map the public IP port 53 traffic to any port within the network server (preferably over 1000 port, because the binding 1000 following ports need root privileges)
4) important
within the local network server monitor bind before, first with ifconfig see the next, if there is a mapping of external network IP (VIP through my yes). dnslog bind directly to the VIP program, so returned DNS request, through the VIP is the original IP. Even if UDP is supported out of the way
When a machine name resolution request to the DNS server (public network), an IP packet received from another (other outlet IP network), the network is not normal filtering.
But Ali cloud and cloud seems to take that request TX / return DNS addresses do not match the return packet interception off. It may be security reasons, DDOS / DNS hijacking and the like.
Although the process like a bunch of methods forged UDP IP, the network is not unreasonable getting better, but in the end found the card, the smooth return packets to solve the problem.
5) Finally, the B A record domain name resolves to a network server, you can access WEB server on the internal network set up by the B domain.
link
Write your own realization dns
https://www.cnblogs.com/Chorder/p/9087386.html
Clover with dnslib module (Clover functionality did not realize how certain code does not conform to the format pep8 looked uncomfortable)
https://github.com/BugScanTeam/DNSLog