A na-akụ isiokwu a nke ọma, amaara m. Dịka ọmụmaatụ, enwere nnukwu , mana naanị akụkụ IP nke blocklist ka a na-atụle ebe ahụ. Anyị ga-agbakwunye ngalaba.
N'ihi n'eziokwu na ụlọikpe na RKN na-egbochi ihe niile ziri ezi na aka ekpe, na ndị na-enye ọrụ na-agbalịsi ike ka ha ghara ịdaba n'okpuru ụgwọ nke Revizorro nyere, ihe ndị na-efunahụ ndị metụtara igbochi dị nnọọ ukwuu. Na n'ime saịtị ndị egbochiri "nke iwu kwadoro" enwere ọtụtụ ndị bara uru (ndewo, rutracker)
Anọ m na-abụghị ikike nke RKN, mana ndị mụrụ m, ndị ikwu na ndị enyi m nọgidere n'ụlọ. Ya mere e kpebiri iwepụta ụzọ dị mfe maka ndị mmadụ dị anya na IT iji zere igbochi, ọkacha mma na-etinyeghị aka ma ọlị.
Na ndetu a, agaghị m akọwa ihe netwọkụ bụ isi na nzọụkwụ, mana m ga-akọwa ụkpụrụ izugbe nke otu esi eme atụmatụ a. Yabụ na ịmara ka netwọkụ ahụ si arụ ọrụ n'ozuzu yana na Linux bụ nke a ga-enwerịrị.
Ụdị mkpọchi
Nke mbụ, ka anyị mee ka anyị cheta ihe a na-egbochi.
Enwere ọtụtụ ụdị mkpọchi na XML ebugoro na RKN:
- IP
- Home
- URL
Maka ịdị mfe, anyị ga-ebelata ha abụọ: IP na ngalaba, anyị ga-ewepụkwa ngalaba ahụ site na igbochi URL (n'ụzọ ziri ezi, ha emelarị anyị nke a).
ezigbo mmadụ si ghọtara ihe magburu onwe ya , site na nke anyị nwere ike nweta ihe anyị chọrọ:
- IP:
- Ngalaba:
Ịnweta saịtị egbochiri
Iji mee nke a, anyị chọrọ obere VPS ndị mba ọzọ, ọkacha mma na okporo ụzọ na-akparaghị ókè - enwere ọtụtụ n'ime ndị a maka 3-5. Ịkwesịrị iburu ya na nso mba ọzọ ka ping ghara ịdị ukwuu, ma ọzọ, buru n'uche na ịntanetị na ọdịdị ala anaghị adaba mgbe niile. Ma ebe ọ bụ na ọ nweghị SLA maka ego 5, ọ ka mma iwere iberibe 2+ site na ndị na-enye dị iche iche maka nnabata mmejọ.
Na-esote, anyị kwesịrị ịtọ ọwara ezoro ezo site na rawụta ndị ahịa na VPS. M na-eji Wireguard dị ka nke kacha ọsọ na mfe ịtọlite. Enwekwara m ndị na-anya ụgbọ ala ndị ahịa dabere na Linux ( ma ọ bụ ihe dị na OpenWRT). N'ihe banyere ụfọdụ Mikrotik / Cisco, ị nwere ike iji protocols dị na ha dị ka OpenVPN na GRE-over-IPSEC.
Nchọpụta na redirection nke okporo ụzọ mmasị
Ị nwere ike, n'ezie, gbanyụọ niile okporo ụzọ Ịntanetị site na mba ọzọ. Mana, o yikarịrị, ọsọ nke ịrụ ọrụ na ọdịnaya mpaghara ga-ata ahụhụ nke ukwuu site na nke a. Na mgbakwunye, ihe achọrọ bandwidth na VPS ga-adị elu karịa.
Ya mere, anyị ga-achọ n'ụzọ ụfọdụ ikenye okporo ụzọ na saịtị egbochiri ma họrọ ya duzie ya na ọwara. Ọbụna ma ọ bụrụ na ụfọdụ n'ime "mgbakwunye" okporo ụzọ na-erute ebe ahụ, ọ ka dị mma karịa ịkwanye ihe niile site na ọwara.
Iji jikwaa okporo ụzọ, anyị ga-eji protocol BGP wee kwupụta ụzọ gaa na netwọkụ dị mkpa site na VPS anyị gaa na ndị ahịa. Ka anyị were BIRD dị ka otu n'ime daemons BGP kacha arụ ọrụ yana dabara adaba.
IP
Site na igbochi IP, ihe niile doro anya: anyị na-akpọsa IP niile egbochiri na VPS. Nsogbu bụ na e nwere ihe dị ka 600 puku subnets na ndepụta nke API na-alọghachi, na ọtụtụ n'ime ha bụ /32 ọbịa. Ọnụọgụ ụzọ a nwere ike ịgbagha ndị na-anya ụgbọ ala ndị ahịa adịghị ike.
Ya mere, mgbe ị na-ahazi ndepụta ahụ, e kpebiri ichikota na netwọk / 24 ma ọ bụrụ na ọ nwere ndị ọbịa 2 ma ọ bụ karịa. Ya mere, a na-ebelata ọnụ ọgụgụ nke ụzọ ruo ~ 100 puku. Edemede maka nke a ga-esochi.
Ngalaba
Ọ gbagwojuru anya ma enwere ụzọ dị iche iche. Dịka ọmụmaatụ, ịnwere ike ịwụnye Squid na-enweghị atụ na onye ahịa ahịa ọ bụla wee mee ntinye HTTP ebe ahụ wee banye na aka TLS iji nweta URL a rịọrọ na nke mbụ yana ngalaba site na SNI na nke abụọ.
Mana n'ihi ụdị ọhụrụ ọ bụla TLS1.3 + eSNI, nyocha HTTPS na-adị ntakịrị ma na-adịchaghị adị kwa ụbọchị. Ee, na akụrụngwa dị n'akụkụ ndị ahịa na-aghọwanye mgbagwoju anya - ị ga-eji opekata mpe OpenWRT.
Ya mere, ekpebiri m iwere ụzọ nke intercepting nzaghachi na DNS arịrịọ. N'ebe a kwa, DNS-over-TLS / HTTPS ọ bụla na-amalite ịkwanye n'elu isi gị, mana anyị nwere ike (maka ugbu a) ijikwa akụkụ a na onye ahịa - gbanyụọ ya ma ọ bụ jiri ihe nkesa gị maka DoT / DoH.
Kedu ka esi egbochi DNS?
N'ebe a kwa, enwere ike inwe ọtụtụ ụzọ.
- Ntinye nke okporo ụzọ DNS site na PCAP ma ọ bụ NFLOG
A na-emejuputa ụzọ abụọ a nke ntinye aka n'ọrụ . Ma akwadobeghị ya ruo ogologo oge na ọrụ ya dị oke oge, yabụ na ị ka kwesịrị ịdere ya ihe nkedo. - Nyocha nke ndekọ ihe nkesa DNS
Ọ dị nwute, ndị recursors mara m enweghị ike ịdekọ nzaghachi, mana ọ bụ naanị arịrịọ. Na ụkpụrụ, nke a bụ ihe ezi uche dị na ya, ebe ọ bụ na, n'adịghị ka arịrịọ, azịza nwere usoro mgbagwoju anya na ọ na-esiri ike ide ha n'ụdị ederede.
Ọ dabara nke ọma, ọtụtụ n'ime ha akwadola DNSTap maka ebumnuche a.
Gịnị bụ DNSTap?
Ọ bụ usoro ihe nkesa nke ndị ahịa dabere na Protocol Buffers na Frame Streams maka ibufe site na sava DNS gaa na onye nchịkọta nke ajụjụ na nzaghachi DNS ahaziri ahazi. N'ụzọ bụ isi, ihe nkesa DNS na-ebufe ajụjụ na nzaghachi metadata (ụdị ozi, onye ahịa / ihe nkesa IP, wdg) yana ozi DNS zuru ezu na ụdị ( ọnụọgụ abụọ) nke ya na ha na-arụ ọrụ na netwọkụ.
Ọ dị mkpa ịghọta na na DNSTap paradigm, ihe nkesa DNS na-eme ka onye ahịa na onye nchịkọta na-eme ihe dị ka ihe nkesa. Ya bụ, ihe nkesa DNS na-ejikọta na onye nchịkọta, ọ bụghịkwa ọzọ.
Taa a na-akwado DNSTap na sava DNS niile ama ama. Mana, dịka ọmụmaatụ, BIND n'ọtụtụ nkesa (dị ka Ubuntu LTS) na-ewukarị maka ihe ụfọdụ na-enweghị nkwado ya. Ya mere, ka anyị ghara ichegbu onwe anyị na reassembly, ma were a Mkpa ọkụ na ngwa ngwa recursor - Unbound.
Kedu ka esi enweta DNSTap?
E nwere Ngwa CLI maka iji ọtụtụ ihe omume DNSTap rụọ ọrụ, mana ha adabaghị maka idozi nsogbu anyị. Ya mere, ekpebiri m imepụta igwe igwe nke m nke ga-eme ihe niile dị mkpa:
Algọridim ọrụ:
- Mgbe emebere ya, ọ na-ebu ndepụta ngalaba site na faịlụ ederede, tụgharịa ha (habr.com -> com.habr), ewepu ahịrị agbajiri, oyiri na subdomains (yabụ ma ọ bụrụ na ndepụta ahụ nwere habr.com na www.habr.com, a ga-ebu ya naanị nke mbụ) wee wuo osisi prefix maka ịchọ ngwa ngwa site na ndepụta a
- Na-eme dị ka ihe nkesa DNSTap, ọ na-echere njikọ sitere na sava DNS. Na ụkpụrụ, ọ na-akwado ma UNIX na TCP sockets, mana sava DNS m maara nwere ike iji sọks UNIX naanị.
- A na-ebu ụzọ degharịa ngwugwu DNSTap na-abata n'ime usoro Protobuf, wee sụgharịa ozi DNS ọnụọgụ abụọ n'onwe ya, nke dị n'otu mpaghara Protobuf, ruo ọkwa nke ndekọ RR DNS.
- A na-enyocha ma onye nnabata a rịọrọ (ma ọ bụ ngalaba nne na nna ya) nọ na listi ebugoro, ọ bụrụ na ọ bụghị, eleghara nzaghachi ya anya.
- Naanị A/AAAA/CNAME RR ka ahọpụtara site na nzaghachi wee wepụta adreesị IPv4/IPv6 kwekọrọ na ha.
- A na-echekwa adreesị IP yana TTL nwere ike ịhazi wee kpọsaa ya na ndị ọgbọ BGP niile ahaziri.
- Mgbe ị na-enweta nzaghachi na-atụ aka na IP echekwara echekwabara, a na-emelite TTL ya
- Mgbe TTL gwụchara, a na-ewepụ ntinye na cache yana na ọkwa BGP
Ọrụ ndị ọzọ:
- Na-agụgharị ndepụta ngalaba site na SIGHUP
- Idobe cache na mmekọrịta ya na oge ndị ọzọ dnstap-bgp site na HTTP/JSON
- Megharịa cache na diski (na nchekwa data BoltDB) iji weghachi ọdịnaya ya ka ịmalitegharịa
- Nkwado maka ịgbanwee gaa na aha netwọkụ dị iche (ihe kpatara nke a ka a ga-akọwa n'okpuru)
- nkwado IPv6
Nkwenye:
- akwadobeghị ngalaba IDN
- Ntọala BGP ole na ole
Anakọtara m ngwugwu maka nrụnye dị mfe. Kwesịrị ịrụ ọrụ na OS niile na-adịbeghị anya nwere sistemu. ha enweghị ndabere ọ bụla.
Atụmatụ ahụ
Ya mere, ka anyị malite ikpokọta ihe niile ọnụ. N'ihi ya, anyị kwesịrị inweta ihe dị ka nke a netwọk topology:
Echiche nke ọrụ, echere m, doro anya site na eserese ahụ:
- Onye ahịa nwere ahaziri ihe nkesa anyị dị ka DNS, ajụjụ DNS ga-agafekwa na VPN. Nke a dị mkpa ka onye na-eweta ya enweghị ike iji interception DNS gbochie.
- Mgbe ị na-emepe saịtị ahụ, onye ahịa na-eziga ajụjụ DNS dị ka " kedu ihe bụ IP nke xxx.org"
- Unbound na-edozi xxx.org (ma ọ bụ wepụ ya na cache) wee ziga onye ahịa nzaghachi "xxx.org nwere ụdị IP dị otú ahụ", na-emegharị ya n'otu oge site na DNSTap.
- dnstap-bgp na-ekwupụta adreesị ndị a na BIRI site na BGP ma ọ bụrụ na ngalaba ahụ dị na ndepụta akpọchiri
- BIRI jiri kpọsaa ụzọ maka IP ndị a
next-hop selfrawụta ahịa - Ngwunye ndị na-esote onye ahịa gaa na IP ndị a na-aga n'ọwara
Na ihe nkesa, maka ụzọ na-aga na saịtị egbochiri, m na-eji tebụl dị iche n'ime BIRD ma ọ naghị ejikọta OS n'ụzọ ọ bụla.
Atụmatụ a nwere ihe ndọghachi azụ: ngwugwu SYN mbụ sitere n'aka onye ahịa, o yikarịrị, ga-enwe oge ịhapụ onye na-eweta ụlọ. A naghị ekwupụta ụzọ ahụ ozugbo. Na ebe a nhọrọ ga-ekwe omume dabere n'otú onye na-eweta ya si eme nkwụsị. Ọ bụrụ na ọ kwụsịrị okporo ụzọ, mgbe ahụ ọ nweghị nsogbu. Ma ọ bụrụ na ọ na-emegharị ya na ụfọdụ DPI, mgbe ahụ (n'ụzọ doro anya) mmetụta pụrụ iche ga-ekwe omume.
Ọ ga-ekwe omume na ndị ahịa anaghị asọpụrụ ọrụ ebube TTL DNS, nke nwere ike ime ka onye ahịa jiri ụfọdụ ndenye sitere na cache rere ure kama ịjụ Unbound.
Na omume, ọbụghị nke mbụ ma ọ bụ nke abụọ kpatara m nsogbu, mana njem gị nwere ike ịdị iche.
Ndozi ihe nkesa
Maka ịdị mfe ịtụgharị, edere m . Ọ nwere ike hazie ma sava na ndị ahịa dabere na Linux (emebere maka nkesa dabere na deb). Ntọala niile doro anya ma etinyere ya ngwa ahịa.yml. Ebipụrụ ọrụ a n'akwụkwọ nnukwu egwuregwu m, ya mere ọ nwere ike ịnwe mperi - ndewo 🙂
Ka anyị na-aga site na isi components.
BGP
Na-agba ọsọ BGP daemons abụọ n'otu onye ọbịa nwere nsogbu bụ isi: BIRD achọghị iji localhost guzobe BGP peering (ma ọ bụ interface mpaghara ọ bụla). Site na okwu ahụ ma ọlị. Googling na ịgụ akwụkwọ ozi-ndesịta enyeghị aka, ha na-ekwu na nke a bụ site na imewe. Ikekwe enwere ụzọ, ma ahụghị m ya.
Ị nwere ike ịnwale daemon BGP ọzọ, mana ọ na-amasị m BIRD na m na-eji ya ebe niile, achọghị m ịmepụta ụlọ ọrụ.
Ya mere, m zoro dnstap-bgp n'ime oghere aha netwọk, nke ejikọrọ na mgbọrọgwụ site na veth interface: ọ dị ka ọkpọkọ, njedebe ya na-apụta n'aha dị iche iche. Na njedebe nke ọ bụla, anyị na-ekowe adreesị IP p2p nkeonwe nke na-agaghị agafe onye ọbịa, ka ha wee bụrụ ihe ọ bụla. Nke a bụ otu usoro eji abanye usoro n'ime hụrụ n'anya niile Docker na arịa ndị ọzọ.
N'ihi na nke a ka e dere na ọrụ akọwara n'elu maka ịdọrọ onwe gị site na ntutu gaa na aha ọzọ ka etinyere na dnstap-bgp. N'ihi nke a, a ga-agbarịrị ya ka mgbọrọgwụ ma ọ bụ nye ya na ọnụọgụ abụọ CAP_SYS_ADMIN site na iwu setcap.
Edemede ihe atụ maka imepụta oghere aha
#!/bin/bash
NS="dtap"
IP="/sbin/ip"
IPNS="$IP netns exec $NS $IP"
IF_R="veth-$NS-r"
IF_NS="veth-$NS-ns"
IP_R="192.168.149.1"
IP_NS="192.168.149.2"
/bin/systemctl stop dnstap-bgp || true
$IP netns del $NS > /dev/null 2>&1
$IP netns add $NS
$IP link add $IF_R type veth peer name $IF_NS
$IP link set $IF_NS netns $NS
$IP addr add $IP_R remote $IP_NS dev $IF_R
$IP link set $IF_R up
$IPNS addr add $IP_NS remote $IP_R dev $IF_NS
$IPNS link set $IF_NS up
/bin/systemctl start dnstap-bgpdnstap-bgp.conf
namespace = "dtap"
domains = "/var/cache/rkn_domains.txt"
ttl = "168h"
[dnstap]
listen = "/tmp/dnstap.sock"
perm = "0666"
[bgp]
as = 65000
routerid = "192.168.149.2"
peers = [
"192.168.149.1",
]nnụnụ.conf
router id 192.168.1.1;
table rkn;
# Clients
protocol bgp bgp_client1 {
table rkn;
local as 65000;
neighbor 192.168.1.2 as 65000;
direct;
bfd on;
next hop self;
graceful restart;
graceful restart time 60;
export all;
import none;
}
# DNSTap-BGP
protocol bgp bgp_dnstap {
table rkn;
local as 65000;
neighbor 192.168.149.2 as 65000;
direct;
passive on;
rr client;
import all;
export none;
}
# Static routes list
protocol static static_rkn {
table rkn;
include "rkn_routes.list";
import all;
export none;
}rkn_routes.list
route 3.226.79.85/32 via "ens3";
route 18.236.189.0/24 via "ens3";
route 3.224.21.0/24 via "ens3";
...DNS
Site na ndabara, na Ubuntu, profaịlụ AppArmor na-amachi ọnụọgụ abụọ na-adịghị, nke na-egbochi ya ijikọ na ụdị DNSTap niile. Ị nwere ike ihichapụ profaịlụ a, ma ọ bụ gbanyụọ ya:
# cd /etc/apparmor.d/disable && ln -s ../usr.sbin.unbound .
# apparmor_parser -R /etc/apparmor.d/usr.sbin.unboundEkwesịrị ịgbakwunye nke a na akwụkwọ egwuregwu. Ọ dị mma, n'ezie, iji dozie profaịlụ ma nye ikike ndị dị mkpa, mana m dị umengwụ.
unbound.conf
server:
chroot: ""
port: 53
interface: 0.0.0.0
root-hints: "/var/lib/unbound/named.root"
auto-trust-anchor-file: "/var/lib/unbound/root.key"
access-control: 192.168.0.0/16 allow
remote-control:
control-enable: yes
control-use-cert: no
dnstap:
dnstap-enable: yes
dnstap-socket-path: "/tmp/dnstap.sock"
dnstap-send-identity: no
dnstap-send-version: no
dnstap-log-client-response-messages: yesNbudata na nhazi ndepụta
Ọ na-ebudata ndepụta ahụ, chịkọta ruo prefix pfx. The agbakwunyekwala и egbula_summarize ị nwere ike ịgwa IP na netwọk ka ịwụpụ ma ọ bụ ghara ichikota. achọrọ m ya. subnet nke VPS m nọ na listi mgbochi 🙂
Ihe na-atọ ọchị bụ na RosKomSvoboda API na-egbochi arịrịọ onye ọrụ Python ndabara. Ọ dị ka script-kiddy nwetara ya. Ya mere, anyị na-agbanwe ya na Ognelis.
Ka ọ dị ugbu a, ọ na-arụ ọrụ naanị na IPv4. òkè nke IPv6 dị obere, ma ọ ga-adị mfe idozi. Ọ gwụla ma ị ga-eji nnụnụ6 kwa.
rkn.py
#!/usr/bin/python3
import json, urllib.request, ipaddress as ipa
url = 'https://api.reserve-rbl.ru/api/v2/ips/json'
pfx = '24'
dont_summarize = {
# ipa.IPv4Network('1.1.1.0/24'),
}
dont_add = {
# ipa.IPv4Address('1.1.1.1'),
}
req = urllib.request.Request(
url,
data=None,
headers={
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36'
}
)
f = urllib.request.urlopen(req)
ips = json.loads(f.read().decode('utf-8'))
prefix32 = ipa.IPv4Address('255.255.255.255')
r = {}
for i in ips:
ip = ipa.ip_network(i)
if not isinstance(ip, ipa.IPv4Network):
continue
addr = ip.network_address
if addr in dont_add:
continue
m = ip.netmask
if m != prefix32:
r[m] = [addr, 1]
continue
sn = ipa.IPv4Network(str(addr) + '/' + pfx, strict=False)
if sn in dont_summarize:
tgt = addr
else:
tgt = sn
if not sn in r:
r[tgt] = [addr, 1]
else:
r[tgt][1] += 1
o = []
for n, v in r.items():
if v[1] == 1:
o.append(str(v[0]) + '/32')
else:
o.append(n)
for k in o:
print(k)
M na-agba ya na okpueze otu ugboro n'ụbọchị, ma eleghị anya, ọ bara uru ịdọrọ ya kwa awa 4. nke a, n'uche nke m, bụ oge mmeghari nke RKN chọrọ n'aka ndị na-eweta ya. Na mgbakwunye, ha nwere ihe mgbochi ndị ọzọ dị oke ngwa ngwa, nke nwere ike ịbịa ngwa ngwa.
Na-eme ihe ndị a:
- Na-eme edemede nke mbụ wee melite ndepụta ụzọ (
rkn_routes.list) maka Nnụnụ - Bugharịa Nnụnụ
- Na-emelite ma na-ehichapụ ndepụta ngalaba maka dnstap-bgp
- Bugharịa dnstap-bgp
rkn_update.sh
#!/bin/bash
ROUTES="/etc/bird/rkn_routes.list"
DOMAINS="/var/cache/rkn_domains.txt"
# Get & summarize routes
/opt/rkn.py | sed 's/(.*)/route 1 via "ens3";/' > $ROUTES.new
if [ $? -ne 0 ]; then
rm -f $ROUTES.new
echo "Unable to download RKN routes"
exit 1
fi
if [ -e $ROUTES ]; then
mv $ROUTES $ROUTES.old
fi
mv $ROUTES.new $ROUTES
/bin/systemctl try-reload-or-restart bird
# Get domains
curl -s https://api.reserve-rbl.ru/api/v2/domains/json -o - | jq -r '.[]' | sed 's/^*.//' | sort | uniq > $DOMAINS.new
if [ $? -ne 0 ]; then
rm -f $DOMAINS.new
echo "Unable to download RKN domains"
exit 1
fi
if [ -e $DOMAINS ]; then
mv $DOMAINS $DOMAINS.old
fi
mv $DOMAINS.new $DOMAINS
/bin/systemctl try-reload-or-restart dnstap-bgpEdere ha n'enweghị echiche dị ukwuu, yabụ ọ bụrụ na ị hụ ihe nwere ike imeziwanye - gaa maka ya.
Nhazi onye ahịa
N'ebe a, m ga-enye ihe atụ maka ndị na-anya ụgbọ ala Linux, mana n'ihe banyere Mikrotik / Cisco ọ kwesịrị ịdị mfe karị.
Nke mbụ, anyị na-edozi BIRD:
nnụnụ.conf
router id 192.168.1.2;
table rkn;
protocol device {
scan time 10;
};
# Servers
protocol bgp bgp_server1 {
table rkn;
local as 65000;
neighbor 192.168.1.1 as 65000;
direct;
bfd on;
next hop self;
graceful restart;
graceful restart time 60;
rr client;
export none;
import all;
}
protocol kernel {
table rkn;
kernel table 222;
scan time 10;
export all;
import none;
}Ya mere, anyị ga-emekọrịta ụzọ ndị a natara n'aka BGP na nọmba kernel routing nọmba 222.
Mgbe nke ahụ gasịrị, o zuru ezu ịrịọ kernel ka ọ lelee efere a tupu i lee nke ndabara:
# ip rule add from all pref 256 lookup 222
# ip rule
0: from all lookup local
256: from all lookup 222
32766: from all lookup main
32767: from all lookup defaultIhe niile, ọ na-anọgide na-ahazi DHCP na rawụta iji kesaa adreesị IP ọwara nkesa dị ka DNS, na atụmatụ dị njikere.
-adịghị emezi emezi
Site na algọridim dị ugbu a maka ịmepụta na nhazi ndepụta ngalaba, ọ gụnyere, n'etiti ihe ndị ọzọ, youtube.com na CDN ya.
Na nke a na-eduga n'eziokwu na vidiyo niile ga-agafe na VPN, nke nwere ike mechie ọwa dum. Ikekwe ọ bara uru ịchịkọta ndepụta nke ngalaba ndị a ma ama-mwepu na-egbochi RKN maka oge a, eriri afọ dị gịrịgịrị. Mawụpụ ha mgbe ị na-atụgharị.
nkwubi
Usoro akọwara na-enye gị ohere ịgafe ihe fọrọ nke nta ka ọ bụrụ mgbochi ọ bụla nke ndị na-enye ọrụ na-eme ugbu a.
N'ụzọ bụ isi dnstap-bgp enwere ike iji ya mee ihe ọ bụla ọzọ ebe a chọrọ ọkwa ụfọdụ nke njikwa okporo ụzọ dabere na aha ngalaba. Buru n'uche na n'oge anyị, otu puku saịtị nwere ike kpọgidere n'otu adreesị IP ahụ (n'azụ ụfọdụ Cloudflare, dịka ọmụmaatụ), yabụ usoro a nwere obere izi ezi.
Mana maka mkpa nke ịgafe mkpọchi, nke a zuru oke.
Mgbakwunye, ndezi, dọpụta arịrịọ - nnabata!
isi: www.habr.com