[DNS] 为 DOH 增加 edns_client_subnet 获得更好的 CDN 体验

以 https://dns.google/dns-query 为例

加入 edns_client_subnet：

DNS answer is: ;; opcode: QUERY, status: NOERROR, id: 12373
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 512
; SUBNET: 110.81.11.0/24/24

;; QUESTION SECTION:
;v.qq.com.	IN	 A

;; ANSWER SECTION:
v.qq.com.	600	IN	CNAME	v.tc.qq.com.
v.tc.qq.com.	180	IN	CNAME	v.qq.com.sched.px-dk.tdnsv6.com.
v.qq.com.sched.px-dk.tdnsv6.com.	60	IN	A	27.152.187.140

为加入 edns_client_subnet：

DNS answer is: ;; opcode: QUERY, status: NOERROR, id: 32922
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;v.qq.com.	IN	 A

;; ANSWER SECTION:
v.qq.com.	600	IN	CNAME	p21ovs.tcdn.qq.com.
p21ovs.tcdn.qq.com.	120	IN	CNAME	ssd.tcdn.qq.com.
ssd.tcdn.qq.com.	180	IN	A	203.205.137.236

已经代码为 cloudflare worker 当未设置 edns_client_subnet 时，取来源 IP 为 edns_client_subnet 参数并做了 IP 模糊处理, 当设置 edns_client_subnet 则直接传给上游。

js 只向上游请求 A 记录，AAAA 记录 留在以后做吧。

js 内容应该做 cache 的，留在以后做吧。

const endpointPath = '/dns-query';
const upstream = 'https://dns.google/dns-query';
const headers = {
  'accept': 'application/dns-message',
  'content-type': 'application/dns-message',
};

function getAdditionalBytes(ip, isIPv4) {
  if (isIPv4) {
    return new Uint8Array([
      0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x0b, 0x00, 0x08, 0x00, 0x07, 0x00, 0x01, 0x18, 0x00,
      ...ip.split('.').slice(0, 3).map(num => parseInt(num).toString(16).padStart(2, '0'))
    ]);
  } else {
    return new Uint8Array([
      0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x0e, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x02, 0x30, 0x00,
      ...ip.split(':').slice(0, 3).map(num => num.padStart(4, '0'))
    ]);
  }
}

async function fetchUpstream(body) {
  return await fetch(new Request(upstream, {
    method: 'POST',
    headers,
    body,
  }));
}

async function handleRequestPost(request) {
  if (request.headers.get('content-type') !== 'application/dns-message') {
    return new Response('bad request header', { status: 400 });
  }

  const bodyArrayBuffer = await request.arrayBuffer();
  const body = new Uint8Array(bodyArrayBuffer);

  // Check the 12th byte
  if (body[11] === 0x00) {
    body[11] = 0x01; // Modify the 12th byte

    const ip = request.headers.get('cf-connecting-ip');
    const isIPv4 = ip.includes('.');
    const additionalBytes = getAdditionalBytes(ip, isIPv4);

    // Create a new body with additional bytes
    const modifiedBody = new Uint8Array(body.length + additionalBytes.length);
    modifiedBody.set(body);
    modifiedBody.set(additionalBytes, body.length);

    return fetchUpstream(modifiedBody);
  }

  return fetchUpstream(bodyArrayBuffer);
}

async function handleRequest(request) {
  const clientUrl = new URL(request.url);
  if (clientUrl.pathname !== endpointPath) {
    return new Response('Hello World!', { status: 404 });
  }

  switch (request.method) {
    case 'POST':
      return handleRequestPost(request);
    default:
      return new Response('method not allowed', { status: 405 });
  }
}

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request));
});