Everyday, we view a lot of websites, we see many videos without care about how it works. Do you want to know the details? just follow me to take a look, and to see how to control it as well.
The workflow of browser — website.
- User input a website url
- Browser send a dns query to dns server for this domain
- Browser receive the domain ip records
- Browser send a query to the website server
- Browser receive the response data of from the website server
- Browser draw the website by the data
- User view the website contents
The two major transactions in the workflow:
1) DNS server transaction
2) Web server transaction
What’s the meaning of Control Traffic
So control the traffic means we need to control dns query as well as web server query.
Notes: From above we can see that before send query to the website server, we should know about what’s the IP of the website, and the mapping domain <--> IP store in the DNS server. And normally, the dns query step is hidden for users.
Why need to Control the Traffic?
Before that, we need to know the reason, right?
In some cases, we want to:
1) Connect some websites directly
2) Connect some websites by proxy A (high speed)
3) Connect some websites by proxy B (more security)
How to Control
How to Control DNS Query
Here we only talk about how to control the DNS from client side, because the we cannot touch the DNS server, we cannot control it.
There are so many DNS clients we can use, I just recommend the dnsmasq for a beginner, since it’s a full feature dns client, and easy to get start.
For example, you can configure your dns config and put it into /etc/dnsmasq.d/example.conf:
It means use the google’s dns server to resolve the domain like *.google.com. Normally, some DNS server like openDNS are the geo based DNS, it would return the IPs close to your location, so it would speed up your query time.
How to Control Website Query(http query)
In this step, we’ve already got the IP of the website. And we want connect with this IP by a proxy. So, here we can use the iptables to do that (maintain a IP list in iptables, forward the traffic to the specific proxy if matched).
Now, you can write your own dnsmasq configuration file and plan your traffic path with dnsmasq + iptable.
Ok, in this article is just a brief introduction, there are some problems we have to face:
1) What if the DNS server return a wrong IP records?
2) What if the DNS query be hijacked?
3) It’s really hard to maintain the IP list for the iptables, is there any other way to handle it? (IPSet)
I’ll talk about these in the next. Have a fun