{"id":164379,"date":"2020-10-07T01:24:46","date_gmt":"2020-10-06T17:24:46","guid":{"rendered":"http:\/\/4563.org\/?p=164379"},"modified":"2020-10-07T01:24:46","modified_gmt":"2020-10-06T17:24:46","slug":"ios14-%e7%bb%93%e5%90%88-dns-%e7%9a%84-https-%e8%ae%b0%e5%bd%95%e8%bf%9b%e8%a1%8c-http-3-%e8%bf%9e%e6%8e%a5%e7%9a%84%e5%ae%9e%e6%b5%8b","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=164379","title":{"rendered":"iOS14 \u7ed3\u5408 DNS \u7684 HTTPS \u8bb0\u5f55\u8fdb\u884c HTTP\/3 \u8fde\u63a5\u7684\u5b9e\u6d4b"},"content":{"rendered":"<div>\n<div>\n<div>\n<h1>                  iOS14 \u7ed3\u5408 DNS \u7684 HTTPS \u8bb0\u5f55\u8fdb\u884c HTTP\/3 \u8fde\u63a5\u7684\u5b9e\u6d4b               <\/h1>\n<p> <\/p>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : domosekai <\/span>  <span><i><\/i> 1<\/span> <\/div>\n<div> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div isfirst=\"1\"> <\/p>\n<p>\u524d\u60c5\u63d0\u8981\uff1a https:\/\/www.v2ex.com\/t\/699027<\/p>\n<p>\u4e0a\u6b21\u53d1\u73b0 iOS14 \u4f1a\u67e5\u8be2\u57df\u540d\u7684 HTTPS \u8bb0\u5f55(TYPE65\uff0c\u4ee5\u524d\u53eb HTTPSSVC)\u540e\uff0c\u672c\u4ee5\u4e3a\u53ea\u662f\u4e2a\u8bd5\u63a2\u6027\u529f\u80fd\u6ca1\u591a\u5927\u7528\uff0c\u7ed3\u679c\u4eca\u5929\u770b\u5230 cloudflare \u7684\u8d34\u6587\uff0c\u5df2\u7ecf\u5b8c\u5168\u5b9e\u7528\u5316\u4e86\u3002<\/p>\n<p>\u7b80\u5355\u6765\u8bf4\uff0c\u4f7f\u7528 CF \u7684\u57df\u540d\u5df2\u589e\u52a0 HTTPS \u8bb0\u5f55\uff0c\u8bb0\u5f55\u91cc\u7f57\u5217\u670d\u52a1\u5668\u652f\u6301\u7684\u534f\u8bae\u7c7b\u578b\uff08\u5982 HTTP\/3\uff0cHTTP\/2 \uff09\uff0c\u540c\u65f6\u63d0\u4f9b IPv4 \u548c v6 \u5730\u5740\uff0c\u514d\u53bb\u67e5\u8be2 A \u548c AAAA \u8bb0\u5f55\u7684\u5fc5\u8981\uff0c\u4f7f\u5f97\u5ba2\u6237\u7aef\u53ef\u4ee5\u76f4\u63a5\u7528\u5408\u9002\u7684\u534f\u8bae\u8fde\u63a5\uff0c\u4e0d\u9700\u8981\u5148 HTTP \u518d fallback \u3002<\/p>\n<p>\u539f\u6587\uff1a https:\/\/blog.cloudflare.com\/speeding-up-https-and-http-3-negotiation-with-dns\/<\/p>\n<p>\u4e0d\u7f57\u55e6\uff0c\u4e0b\u9762\u662f\u7f51\u5173\u4e0a\u7684\u6293\u5305\u5206\u6790\uff0c\u4ee5 iOS14 \u8bbe\u5907\u8fde\u63a5 V2EX \u4e3a\u4f8b\uff08 Safari \u8981\u5148\u5f00\u542f HTTP\/3 \u652f\u6301\uff09\uff1a <img decoding=\"async\" src=\"http:\/\/4563.org\/wp-content\/uploads\/2020\/10\/20201007_5f7ddf7f13a8a.png\" alt=\"iOS14 \u7ed3\u5408 DNS \u7684 HTTPS \u8bb0\u5f55\u8fdb\u884c HTTP\/3 \u8fde\u63a5\u7684\u5b9e\u6d4b\" \/><\/p>\n<p>1 \u3001\u5305 497-499\uff1a\u5ba2\u6237\u7aef\u53d1\u51fa HTTPS(65),A,AAAA \u4e09\u79cd\u7c7b\u578b\u7684 DNS \u67e5\u8be2<\/p>\n<p>2 \u3001\u5305 500\uff1aHTTPS \u7ed3\u679c\u8fd4\u56de\uff0c\u7531\u4e8e wireshark \u4e0d\u652f\u6301 decode 65 \u8bb0\u5f55\uff0c\u7ffb\u8bd1\u5982\u4e0b\uff0cdata \u90e8\u5206\u5171 96 \u5b57\u8282\uff1a<\/p>\n<pre><code>0000   00 01 00 00 01 00 15 05 68 33 2d 32 39 05 68 33   ........h3-29.h3 0010   2d 32 38 05 68 33 2d 32 37 02 68 32 00 04 00 0c   -28.h3-27.h2.... 0020   68 14 09 da 68 14 0a da ac 43 03 bc 00 06 00 30   h..\u00dah..\u00da\u00acC.\u00bc...0 0030   26 06 47 00 00 10 00 00 00 00 00 00 68 14 09 da   &amp;.G.........h..\u00da 0040   26 06 47 00 00 10 00 00 00 00 00 00 68 14 0a da   &amp;.G.........h..\u00da 0050   26 06 47 00 00 10 00 00 00 00 00 00 ac 43 03 bc   &amp;.G.........\u00acC.\u00bc <\/code><\/pre>\n<p>\u8df3\u8fc7\u524d\u4e09\u5b57\u8282\uff0c\u6b64\u540e\u6bcf\u6761\u8bb0\u5f55\u6709 4 \u5b57\u8282 header\uff0c2 \u5b57\u8282 key \u548c 2 \u5b57\u8282 length \u3002<\/p>\n<p>\u8bb0\u5f55 1\uff1a00010015\uff0c0001 \u662f alpn\uff0c15 \u662f\u957f\u5ea6\uff0c\u5185\u5bb9\u662f\u652f\u6301\u7684\u534f\u8bae\uff1ah3-29,h3-28,h3-27,h2 \u56db\u79cd\uff0c\u7531\u4e8e http\/3 \u8fd8\u5728 draft\uff0c\u540e\u9762\u5e26\u7684\u662f\u8349\u6848\u7248\u672c<\/p>\n<p>\u8bb0\u5f55 2\uff1a0004000c\uff0c0004 \u662f ipv4hint\uff0c\u5c31\u662f ipv4 \u5730\u5740\uff0c\u7701\u5f97\u4f60\u53bb\u67e5 A \u8bb0\u5f55\uff0c\u503c\u5f53\u7136\u5c31\u662f ip \u5730\u5740<\/p>\n<p>\u8bb0\u5f55 3\uff1a00060030\uff0c0006 \u662f ipv6hint\uff0c\u5185\u5bb9\u6b63\u597d\u662f\u6700\u540e 3 \u884c\uff0c\u4ece hex \u5c31\u770b\u5f97\u51fa\u662f\u4e09\u6761 v6 \u5730\u5740\uff0c2606:4700 \u5f00\u5934<\/p>\n<p>3 \u3001\u5305 501,504\uff1aSafari \u53d1\u51fa HTTP\/3 \u8bf7\u6c42\u548c\u670d\u52a1\u7aef\u5e94\u7b54\uff0c\u53ef\u4ee5\u770b\u5230\u662f UDP(QUIC)\uff0c\u6ca1\u6709\u8fdb\u4e00\u6b65\u7814\u7a76<\/p>\n<p>4 \u3001\u5305 502-503\uff1aA \u548c AAAA \u7684\u5e94\u7b54\uff0c\u5728\u8fd9\u91cc\u5df2\u7ecf\u6ca1\u7528\u4e86<\/p>\n<p>\u53e6\u5916\uff0c\u76ee\u524d Google \u3001CF DNS \u90fd\u53ef\u4ee5\u6b63\u5e38\u8fd4\u56de HTTPS \u8bb0\u5f55\uff0c<em><strong>dnspod \u548c alidns \u4e0d\u652f\u6301\uff0c114 \u548c\u767e\u5ea6\u652f\u6301\u4f46\u975e\u5e38\u7f13\u6162<\/strong><\/em>\uff0c\u53ef\u7528<code>dig type65 example.com<\/code>\u6d4b\u8bd5\u3002\u5c0f\u767d\u6ce8\u610f\uff0cHTTPS \u8bb0\u5f55\u548c DOH \u6ca1\u6709\u4efb\u4f55\u5173\u7cfb\u3002<\/p>\n<\/p><\/div>\n<div> <b>\u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (<span>1<\/span>)        <\/div>\n<div> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<ul>\n<li data-pid=\"3605225\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u4e3b<\/span> <span>\u8cc7\u6df1\u5927\u4f6c : domosekai <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             \u53c8\u60f3\u5230\u4e00\u70b9\uff0c\u65e2\u7136 HTTPS \u56de\u7b54\u5305\u62ec\u4e86 IP \u5730\u5740\uff0c\u90a3\u4e48\u6240\u6709\u57fa\u4e8e DNS \u7684\u7b56\u7565\uff08\u6bd4\u5982 ipset\uff0c\u6bd4\u5982\u90a3\u4e9b\u4e0d\u53ef\u63cf\u8ff0\u7684\u5206\u6d41\u5de5\u5177\uff09\u90fd\u5c06\u53ef\u80fd\u6682\u65f6\u5931\u6548\u3002\u5373\u4fbf\u5ba2\u6237\u7aef\u540c\u65f6\u53d1\u51fa A \u548c AAAA\uff0c\u4f46\u53ef\u80fd\u7531\u4e8e\u65f6\u95f4\u5dee\uff0c\u8fde\u63a5\u8bf7\u6c42\u65e9\u4e8e\u5206\u6d41\u53d1\u51fa\u3002                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li>\n","protected":false},"excerpt":{"rendered":"<p>iOS14 \u7ed3\u5408 DNS \u7684 HT&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/164379"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=164379"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/164379\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=164379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=164379"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=164379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}