HttpDNS说开去

 

【鹅厂网事】全局精确流量调度新思路-HttpDNS服务详解

http://mp.weixin.qq.com/s?__biz=MzA3ODgyNzcwMw==&mid=201837080&idx=1&sn=b2a152b84df1c7dbd294ea66037cf262&scene=2&from=timeline&isappinstalled=0&utm_source=tuicool

DNS多点部署IP Anycast+BGP实战分析

http://www.linuxidc.com/Linux/2014-08/105816.htm

如何对抗APP“域名劫持”和“解析失败”问题?

http://www.oschina.net/question/1401206_229818

创建一个HttpDNSLib(专门负责DNS查询)

参考 Sina的实现(可适当简化)
https://github.com/SinaMSRE/HTTPDNSLib

// 如果HttpDNS不可用,使用系统域名解析服务(libresolv.dylib)
http://www.opensource.apple.com/source/libresolv/libresolv-57/

使用NSURLProtocol自定义URL Loading过程 (实现domain -> ip全局转化)
https://github.com/rnapier/RNCachingURLProtocol

使用HttpDNS后,使用https协议,如果直接用ip地址访问服务器会出现证书验证出错(证书上是用Domain,建立连接时用的是ip,SSL在验证证书时出错),这样就需要改变系统默认的证书链验证逻辑

Overriding TLS Chain Validation Correctly

https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html#//apple_ref/doc/uid/TP40012544

AFNetWorking SSL Pinning Mode

http://security.stackexchange.com/questions/29988/what-is-certificate-pinning
https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/