Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VPN模式DNS解析bug #347

Closed
jfox7852 opened this issue Feb 3, 2023 · 2 comments
Closed

VPN模式DNS解析bug #347

jfox7852 opened this issue Feb 3, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@jfox7852
Copy link

jfox7852 commented Feb 3, 2023
edited
Loading

nekoray版本:2.11/2.13
协议:vmess,规则:绕过大陆,模式:VPN
在访问少数国内直连域名时,如https://otp.landian.vip/ 无法解析域名.

详细信息:

nslookup报错信息:
C:\Windows\system32>nslookup otp.landian.vip
服务器: UnKnown
Address: 172.19.0.2
没有 otp.landian.vip 可以使用的 internal type for both IPv4 and IPv6 Addresses (A+AAAA)记录

nekoray日志信息:
[2023-02-03 13:38:42] udp:127.0.0.1:57963 accepted [udp:172.19.0.2:53] [socks-in -> dns-out]
[2023-02-03 13:38:42] [Warning] [2877428295] app/dispatcher: taking detour [dns-out] for [udp:172.19.0.2:53]
[2023-02-03 13:38:42] [Debug] app/dns: domain otp.landian.vip matches following rules: [geosite:cn(DNS idx:1)]
[2023-02-03 13:38:42] [Debug] app/dns: domain otp.landian.vip will use DNS in order: [localhost] [TypeA]
[2023-02-03 13:38:42] [Info] LookupIP error: lookup otp.landian.vip on 192.168.1.1:53: read udp 172.19.0.1:57971->192.168.1.1:53: wsarecv: A message sent on a datagram socket was larger than the internal message buffer or some other network limit, or the buffer used to receive a datagram into was smaller than the datagram itself.
[2023-02-03 13:38:42] udp:127.0.0.1:57973 accepted [udp:172.19.0.2:53] [socks-in -> dns-out]
[2023-02-03 13:38:42] [Warning] [2214492853] app/dispatcher: taking detour [dns-out] for [udp:172.19.0.2:53]
[2023-02-03 13:38:42] [Debug] app/dns: domain otp.landian.vip matches following rules: [geosite:cn(DNS idx:1)]
[2023-02-03 13:38:42] [Debug] app/dns: domain otp.landian.vip will use DNS in order: [localhost] [TypeAAAA]
[2023-02-03 13:38:42] [Info] LookupIP error: lookup otp.landian.vip on 172.19.0.2:53: no such host

尝试过的解决方法:
开启或关闭VPN设置的fakedns, strict route 无效
变更路由设置中的DNS路由--域名策略 无效
将域名添加到代理列表 (domain:landian.vip) 可解析,但不是根本解决方法,出现问题的国内域名都变成走代理也不现实。

以上是尽可能提供的信息,如果其他信息或进行更多测试请再联系,拜托!
@jfox7852 jfox7852 changed the title DNS解析bug VPN模式DNS解析bug Feb 3, 2023
@arm64v8a arm64v8a added the bug Something isn't working label Feb 3, 2023
@arm64v8a
Copy link
Contributor

arm64v8a commented Feb 3, 2023

[2023-02-03 13:38:42] [Info] LookupIP error: lookup otp.landian.vip on 192.168.1.1:53: read udp 172.19.0.1:57971->192.168.1.1:53: wsarecv: A message sent on a datagram socket was larger than the internal message buffer or some other network limit, or the buffer used to receive a datagram into was smaller than the datagram itself.

留意 MTU 设置有没有问题?

一些之前的经验

Go Windows resolver 有两种模式 windns / godns ,默认用的是 windns

godns for Windows 有很多 bug,比如在多网卡的情况下会用错服务器等等。

而 windns 不能随意选择查询网卡(sing-box 也不支持这种的分流,来源全是 svchost.exe ,这样 dns 流量走 sing-tun 的接口造成回环),所以 nekoray_core 里面只能用 go dns

之前的方案是直接用 godns + bindinterface

https://github.com/MatsuriDayo/nekoray/actions/runs/4082573765/jobs/70370919577a3be29 这就是恢复之前的方案,可以下载测试。正式版应该会改回去。)

后来 nekoray_core 就改成 godns 但是转发给 nekobox_core ,让它选择正确的本地 DNS (用了不少 sing-box API 和 Windows API,不能移植到 nekoray_core),这样大部分 localhost DNS 问题都解决了。

所以你的问题看起来无解,尝试调一调 VPN 配置或者改用 DoH ?

隔壁 v2rayN 甚至写死了 223.5.5.5

@jfox7852
Copy link
Author

jfox7852 commented Feb 3, 2023

测试过不同mtu,9000, 1500, 甚至手动写成1492, 1300,依然有这个问题。但是很奇怪的,偶尔出现疑似dnsleak的时候,会有短暂的正常,当然只是怀疑,并没有严谨的证据证明是leak。至于您上面说到的原理,我还要再理解一下。

@arm64v8a arm64v8a mentioned this issue Feb 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arm64v8a @jfox7852