检查F12后会发现是CORS相关错误。使用Firefox 87.0 on win64配合Allow CORS这个插件会发现问题解决了。

但是大多数浏览器无法通过这个方法解决问题,因为最新版本chrome和firefox开始禁止使用Access-Control-Allow-Origin: *

I'm looking into this problem, and Firefox 87.0 on win64 is a verified working solution. Try it if you're stuck!

什么是安全DNS

传统的DNS数据报文不加密,可以被任意劫持和篡改。DNS over TLS(RFC7858,RFC8310) 和 DNS over HTTPS(RFC 8484)是很好的解决方案,它们用不同的方法达成了相同的目的:防止DNS报文被中间人窥探、篡改或伪造。

浏览器ONLY 安全DNS解决方案

此方式难度较低!

目前(2019.7)Chrome还正在实现此功能,Firefox早已支持此功能了。如果你用的是中国浏览器,请不要指望他们。

  • Firefox 在右上角->Preferences->最下面的Network Settings->勾上最下面的Enable DNS over HTTPS->确定即可。
    (翻译: 在右上角->选项->最下面的网络设置->勾上最下面的启用DNS over HTTPS->确定即可。)

全局安全DNS解决方案

这一类解决方案让你的所有网络流量不受DNS污染攻击的影响。这类小工具有很多,我的推荐不一定适合你,但我会推荐最容易操作、最广泛使用、足够安全的解决方案。

Windows推荐: SimpleDNSCrypt

请访问这个网站下载安装包。https://simplednscrypt.org/ 安装之后,启动软件,点击中间的Service的开关启动服务,然后在下方点击你的WLAN或者网线的图标,即可对这条网络连接启用安全DNS服务。
提示,右上角的设置里可以改界面为中文,可以禁止启动软件时检查更新(因为检查更新有点慢)。这软件的默认配置就足够大多数人用了,如果你不懂的话,不必自己改配置。
这是一个开源软件,发布的安装包也经过数字签名,如果你懂得计算机知识并且重视安全,你可以自行验证它的安全性。如果你不懂得计算机知识且重视安全,相信我,你没有能力重视安全。

Linux推荐: stubby

Linux直接用包管理器一条命令安装,然后systemd启动就好了。下面我写的命令只是示例,请修改成你使用的包管理器。同样,这个软件的默认配置就足够好用了。如果你希望加上GoogleDNS作为你的服务器,你可以参考这里的配置

  • Ubuntu
sudo apt-get install -y stubby ; sudo systemctl disable systemd-resolved --now ; sudo systemctl enable stubby --now
  • ArchLinux
sudo pacman  -S --noconfirm stubby ; sudo systemctl disable systemd-resolved --now ; sudo systemctl enable stubby --now
  • Android 9+ 请在Settings -> Network&internet -> Private DNS -> Private DNS provider hostname填写dns.google并确定。我不清楚这个路径的中文翻译会被翻译成什么样,请自己寻找吧。

  • 其他Android和IOS设备 请搜索下载Cloudflare的手机app,这是全球最大的网络公司,能帮助你一键解决DNS不安全的问题。当然,中国对它不太友好,因为它是安全的。
    在Google Play Store或Apple App Store搜索Cloudflare或1.1.1.1即可找到这个好用的App。

测试我的设置

请尝试访问https://recolic.net 。选择全局方案的Windows用户可能需要用命令ipconfig /flushdns来清理缓存,如果能正常访问,说明配置成功。

Shadowsocks

Check this: https://shadowsocks.org/en/download/clients.html

NOTE:

ArchLinux and Ubuntu users: Install from your offical repo:

# pacman –S shadowsocks 
# apt install shadowsocks 

For Chinese:

中国区的iOS推荐使用Outline, 趁着现在还没被下架, 赶紧装. 直接AppStore搜索就行.

ShadowsocksR

wiki

https://github.com/iMeiji/shadowsocks_install/wiki/ShadowsocksR-%E5%8D%8F%E8%AE%AE%E6%8F%92%E4%BB%B6%E6%96%87%E6%A1%A3

linux server/client

use branch manyuser.

https://github.com/shadowsocksr-backup/shadowsocksr

ArchLinux server/client

AUR shadowsocksr

Windows Client

https://github.com/shadowsocksrr/shadowsocksr-csharp/releases

Android client

https://github.com/shadowsocksr-backup/shadowsocksr-android/releases

v2ray

https://www.v2ray.com/en/awesome/tools.html

NOTE:

Ubuntu and ArchLinux users, you can install from your offical repo:

# pacman –S v2ray 
# apt install v2ray 

OpenVPN

  • ArchLinux/Ubuntu:
# pacman –S openvpn
# apt install openvpn
  • Other Linux:

Try your package manager before refer to this webpage: https://openvpn.net/community-resources/installing-openvpn/

  • Windows:

PLEASE download OpenVPN community version!!!

https://openvpn.net/community-downloads/

Use "WINDOWS 64-BIT MSI INSTALLER" or "WINDOWS 32-BIT MSI INSTALLER"

  • Router: Use your google.

udp2raw

  • ArchLinux

pacman –S udp2raw-tunnel

ubuntu also has udp2raw in apt repo.

  • Other Linux (including router):

https://github.com/wangyu-/udp2raw-tunnel

  • Other OS (windows/MacOS/BSD):

https://github.com/wangyu-/udp2raw-multiplatform

udp-forwarder-ex

https://github.com/recolic/udp-forwarder-ex

Notice: Domain Issue

recolic.net is ALWAYS my main domain, use it if possible.

However, recolic.net has been attacked by P.R.China government since 2019.

"recolic.net" in all URL could be replaced by "recolic.cc". Only use it as a workaround if you're fucked by china Great Firewall DNS pollution attack. Read more about this: https://recolic.net/

IPLC Proxy [NO HEAVY TRAFFIC]

Please login to view information. https://git.recolic.net/root/premium-proxy

Public Proxy Nodes [All Any Heavy Traffic]

USA/California and PRC/HongKong: Shadowsocks:

ss://chacha20-ietf-poly1305:recolic.fucking.cpc@base.us12.recolic.cc:25551
ss://chacha20-ietf-poly1305:recolic.fucking.cpc@base.hk2.recolic.cc:25551

Or encoded url:

ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpyZWNvbGljLmZ1Y2tpbmcuY3BjQGJhc2UudXMxMi5yZWNvbGljLmNjOjI1NTUx#RECOLIC-US12
ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpyZWNvbGljLmZ1Y2tpbmcuY3BjQGJhc2UuaGsyLnJlY29saWMuY2M6MjU1NTE#RECOLIC-HK2

Or QR code:

Failed to load QR image

Failed to load QR image

We use AEAD methods to avoid being fucked. https://shadowsocks.org/en/spec/AEAD-Ciphers.html

Download Software

Refer to this article.

View realtime node status

https://recolic.net/status

go-get golang.org/x/... will run perfectly in china!

go-get-for-china.py

#!/bin/env python3
# by Recolic Keghart, Nov 16

import sys
import os
import subprocess

if len(sys.argv) < 2:
    print('Error: go-get-for-china <pkg path>')
    exit(1)

gopath = os.environ['GOPATH']
if gopath == '':
    print('Error: GOPATH is empty.')
    exit(2)
print('GOPATH is ' + gopath)

def cut_last_path_segment(pathstr):
    # Example: cut('/home/recolic/tmp') => '/home/recolic/'
    #          cut('/home/recolic/tmp/') => '/home/recolic/'
    if pathstr == '' or pathstr == '/':
        raise ValueError('pathstr {} is not cutable.'.format(pathstr))
    revpath = pathstr[::-1]
    if revpath[0] == '/':
        revpath = revpath[1:]
    pos = revpath.find('/')
    if pos == -1:
        raise ValueError('pathstr {} is not cutable.'.format(pathstr))
    return revpath[pos:][::-1]

def error_line_to_pkgname(errline):
    res = errline.find(': ')
    if res == -1:
        raise ValueError('Incorrect error line passed to parser.')
    return errline[8:res]

def try_install_blocked(pkgname):
    newname = 'github.com/golang' + pkgname[12:]
    try_install_normal(newname, 'expects import')
    subprocess.run(['mkdir', '-p', gopath + '/src/' + cut_last_path_segment(pkgname)], check=True)
    subprocess.run(['cp', '-rf', gopath + '/src/' + newname, gopath + '/src/' + pkgname], check=True)
    subprocess.run(['go', 'build', pkgname], check=True)
    subprocess.run(['go', 'install', pkgname], check=True)

def try_install_normal(pkgname, ignore_error = '_fuck_chinese_gfw__fuck_fangbinxing`s_family_'):
    result = subprocess.run(["go", "get", pkgname], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    if result.returncode == 0:
        return
    for line in result.stderr.decode().split('\n'):
        if line == '':
            continue
        if '(https fetch:' in line:
            new_pkgname = error_line_to_pkgname(line)
            try_install(new_pkgname)
        elif ignore_error not in line:
            print('ERROR>' + line)
            raise RuntimeError('go get failed.') 

def try_install(pkgname):
    print('Installing {} ...'.format(pkgname))
    if pkgname[:12] == 'golang.org/x':
        try_install_blocked(pkgname)
    else:
        try_install_normal(pkgname)

try_install(sys.argv[1])