Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

局域网linux设备无法访问smartdns?;; connection timed out; no servers could be reached,防火墙已经关闭了,可以ping到. #234

Closed
masx200 opened this issue Jan 17, 2024 · 1 comment

Comments

@masx200
Copy link

masx200 commented Jan 17, 2024

局域网linux设备无法访问smartdns?;; connection timed out; no servers could be reached,防火墙已经关闭了,可以ping到.

 nslookup www.baidu.com 192.168.1.10
;; connection timed out; no servers could be reached

nslookup www.baidu.com 192.168.1.10
服务器:  UnKnown
Address:  192.168.1.10

非权威应答:
名称:    www.a.shifen.com
Addresses:  240e:e9:6002:15a:0:ff:b05c:1278
          180.101.50.242
Aliases:  www.baidu.com
hosts-file C:/Windows/System32/drivers/etc/hosts

# dns server name, default is host name
# server-name, 
# example:
#   server-name smartdns
#
server 100.100.100.100
# whether resolv local hostname to ip address
# resolv-hostname yes
server 1.1.1.1
server 2606:4700:4700::1111
server-tls  one.one.one.one
# dns server run user
# user [username]
# example: run as nobody
#   user nobody
#

# Include another configuration options
# conf-file [file]
# conf-file blacklist-ip.conf

# dns server bind ip and port, default dns server port is 53, support binding multi ip and port
# bind udp server
#   bind [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# bind tcp server
#   bind-tcp [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# bind tls server
#   bind-tls [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
#   bind-cert-key-file [path to file]
#      tls private key file
#   bind-cert-file [path to file]
#      tls cert file
#   bind-cert-key-pass [password]
#      tls private key password
# option:
#   -group: set domain request to use the appropriate server group.
#   -no-rule-addr: skip address rule.
#   -no-rule-nameserver: skip nameserver rule.
#   -no-rule-ipset: skip ipset rule or nftset rule.
#   -no-speed-check: do not check speed.
#   -no-cache: skip cache.
#   -no-rule-soa: Skip address SOA(#) rules.
#   -no-dualstack-selection: Disable dualstack ip selection.
#   -force-aaaa-soa: force AAAA query return SOA.
#   -set-mark: set mark on packets.
# example: 
#  IPV4: 
#    bind :53
#    bind :53@eth0
#    bind :6053 -group office -no-speed-check
#  IPV6:
#    bind [::]:53
#    bind [::]:53@eth0
#    bind-tcp [::]:53
bind [::]:53
bind :53
# tcp connection idle timeout
# tcp-idle-time [second]

# dns cache size
# cache-size [number]
#   0: for no cache
cache-size 32768

# enable persist cache when restart
cache-persist yes

#cache persist file
cache-file ./smartdns/smartdns.cache

# prefetch domain
# prefetch-domain [yes|no]
# prefetch-domain yes

# cache serve expired 
# serve-expired [yes|no]
serve-expired yes

# cache serve expired TTL
# serve-expired-ttl [num]
serve-expired-ttl 600
cache-checkpoint-time 86400
# reply TTL value to use when replying with expired data
# serve-expired-reply-ttl [num]
# serve-expired-reply-ttl 30

# List of hosts that supply bogus NX domain results 
# bogus-nxdomain [ip/subnet]

# List of IPs that will be filtered when nameserver is configured -blacklist-ip parameter
# blacklist-ip [ip/subnet]

# List of IPs that will be accepted when nameserver is configured -whitelist-ip parameter
# whitelist-ip [ip/subnet]

# List of IPs that will be ignored
# ignore-ip [ip/subnet]

# speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# example:
speed-check-mode ping,tcp:80,tcp:443
#   speed-check-mode tcp:443,ping
#   speed-check-mode none

# force AAAA query return SOA
# force-AAAA-SOA [yes|no]

# force specific qtype return soa
# force-qtype-SOA [qtypeid |...]
# force-qtype-SOA 65 28
force-qtype-SOA 65

# Enable IPV4, IPV6 dual stack IP optimization selection strategy
# dualstack-ip-selection-threshold [num] (0~1000)
# dualstack-ip-allow-force-AAAA [yes|no]
# dualstack-ip-selection [yes|no]
# dualstack-ip-selection no

# edns client subnet
# edns-client-subnet [ip/subnet]
# edns-client-subnet 192.168.1.1/24
# edns-client-subnet 8::8/56

# ttl for all resource record
# rr-ttl: ttl for all record
# rr-ttl-min: minimum ttl for resource record
# rr-ttl-max: maximum ttl for resource record
# rr-ttl-reply-max: maximum reply ttl for resource record
# example:
#rr-ttl 600
rr-ttl-min 600
# rr-ttl-max 86400
# rr-ttl-reply-max 60
prefetch-domain yes
# Maximum number of IPs returned to the client|8|number of IPs, 1~16
# example:
# max-reply-ip-num 1

# response mode
# Experimental feature
# response-mode [first-ping|fastest-ip|fastest-response]

# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-console [yes|no]: output log to console.
# log-size: size of each log file, support k,m,g
# log-num: number of logs, 0 means disable log
log-level info

log-file ./log/smartdns/smartdns.log
# log-size 128k
# log-num 2
# log-file-mode [mode]: file mode of log file.

# dns audit
# audit-enable [yes|no]: enable or disable audit.
# audit-enable yes
# audit-SOA [yes|no]: enable or disable log soa result.
# audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log
# audit-console [yes|no]: output audit log to console.
# audit-file-mode [mode]: file mode of audit file.
# audit-size 128k
# audit-num 2

# Support reading dnsmasq dhcp file to resolve local hostname
# dnsmasq-lease-file /var/lib/misc/dnsmasq.leases

# certificate file
# ca-file [file]
# ca-file /etc/ssl/certs/ca-certificates.crt

# certificate path
# ca-path [path]
# ca-path /etc/ss/certs

# remote udp dns server list
# server [IP]:[PORT]|URL [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
# default port is 53
#   -blacklist-ip: filter result with blacklist ip
#   -whitelist-ip: filter result with whitelist ip,  result in whitelist-ip will be accepted.
#   -check-edns: result must exist edns RR, or discard result.
#   -group [group]: set server to group, use with nameserver /domain/group.
#   -exclude-default-group: exclude this server from default group.
#   -proxy [proxy-name]: use proxy to connect to server.
#   -bootstrap-dns: set as bootstrap dns server.
# server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2
#server tls://dns.google:853 
#server-https https://dns.google/dns-query

# remote tcp dns server list
# server-tcp [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-group [group] ...] [-exclude-default-group]
# default port is 53
#server-tcp 8.8.8.8

# remote tls dns server list
# server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
#   -spki-pin: TLS spki pin to verify.
#   -tls-host-verify: cert hostname to verify.
#   -host-name: TLS sni hostname.
#   -no-check-certificate: no check certificate.
#   -proxy [proxy-name]: use proxy to connect to server.
#   -bootstrap-dns: set as bootstrap dns server.
# Get SPKI with this command:
#    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# default port is 853
#server-tls 8.8.8.8
server-tls 1.0.0.1

# remote https dns server list
# server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
#   -spki-pin: TLS spki pin to verify.
#   -tls-host-verify: cert hostname to verify.
#   -host-name: TLS sni hostname.
#   -http-host: http host.
#   -no-check-certificate: no check certificate.
#   -proxy [proxy-name]: use proxy to connect to server.
#   -bootstrap-dns: set as bootstrap dns server.
# default port is 443
server-https https://cloudflare-dns.com/dns-query
#server-https https://doh.sb/dns-query
#server-https https://doh.opendns.com/dns-query
#server-https https://dns.quad9.net/dns-query
server-https https://doh.360.cn/dns-query
#server-https https://dns.twnic.tw/dns-query
# socks5 and http proxy list
# proxy-server URL -name [proxy name]
#   URL: socks5://[username:password@]host:port
#        http://[username:password@]host:port
#   -name: proxy name, use with server -proxy [proxy-name]
# example:
#   proxy-server socks5://user:pass@1.2.3.4:1080 -name proxy
#   proxy-server http://user:pass@1.2.3.4:3128 -name proxy

# specific nameserver to domain
# nameserver /domain/[group|-]
# nameserver /www.example.com/office, Set the domain name to use the appropriate server group.
# nameserver /www.example.com/-, ignore this domain

# specific address to domain
# address /domain/[ip|-|-4|-6|#|#4|#6]
# address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client
# address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all
# address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all

# specific cname to domain
# cname /domain/target

# enalbe DNS64 feature
# dns64 [ip/subnet]
# dns64 64:ff9b::/96

# enable ipset timeout by ttl feature
# ipset-timeout [yes]

# specific ipset to domain
# ipset /domain/[ipset|-]
# ipset /www.example.com/block, set ipset with ipset name of block 
# ipset /www.example.com/-, ignore this domain

# add to ipset when ping is unreachable
# ipset-no-speed ipsetname
# ipset-no-speed pass

# enable nftset timeout by ttl feature
# nftset-timeout [yes|no]
# nftset-timeout yes

# add to nftset when ping is unreachable
# nftset-no-speed [#4:ip#table#set,#6:ipv6#table#setv6]
# nftset-no-speed #4:ip#table#set

# enable nftset debug, check nftset setting result, output log when error.
# nftset-debug [yes|no]
# nftset-debug yes

# specific nftset to domain
# nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6]
# nftset /www.example.com/ip#table#set, equivalent to 'nft add element ip table set { ... }'
# nftset /www.example.com/-, ignore this domain
# nftset /www.example.com/#6:-, ignore ipv6

# set domain rules
# domain-rules /domain/ [-speed-check-mode [...]]
# rules:
#   [-c] -speed-check-mode [mode]: speed check mode
#                             speed-check-mode [ping|tcp:port|none|,]
#   [-a] -address [address|-]: same as address option
#   [-n] -nameserver [group|-]: same as nameserver option
#   [-p] -ipset [ipset|-]: same as ipset option
#   [-t] -nftset [nftset|-]: same as nftset option
#   [-d] -dualstack-ip-selection [yes|no]: same as dualstack-ip-selection option
#   -no-serve-expired: ignore expired domain
#   -delete: delete domain rule

# collection of domains 
# the domain-set can be used with /domain/ for address, nameserver, ipset, etc.
# domain-set -name [set-name] -type list -file [/path/to/file]
#   [-n] -name [set name]: domain set name
#   [-t] -type [list]: domain set type, list only now
#   [-f] -file [path/to/set]: file path of domain set
# 
# example:
# domain-set -name domain-list -type list -file /etc/smartdns/domain-list.conf
# address /domain-set:domain-list/1.2.3.4
# nameserver /domain-set:domain-list/server-group
# ipset /domain-set:domain-list/ipset
# domain-rules /domain-set:domain-list/ -speed-check-mode ping
# 在本地 53 端口监听
#bind 127.0.0.1:53  

# 配置 bootstrap-dns,如不配置则调用系统的,建议配置,这样就加密了。
server-https https://223.5.5.5/dns-query  -bootstrap-dns #-exclude-default-group

# 配置默认上游服务器
server-https https://dns.alidns.com/dns-query
server-https https://doh.pub/dns-query

# 配置公司(家里)上游服务器
#server 192.168.1.1 -exclude-default-group -group office

# 以 ofc 结尾的域名转发至 office 分组进行解析
#nameserver /ofc/office

# 设置域名的静态 IP
#address /test.example.com/1.2.3.5

# 屏蔽域名(广告屏蔽)
#address /ads.example.com/#

# 以下特性在[C 语言版 SmartDNS](https://github.com/pymumu/smartdns) 尚未支持,仅适用于SmartDNS-rs
# 使用 DoH3
#server-h3 223.5.5.5

# 使用 DoQ
#server-quic 223.5.5.5
dualstack-ip-selection yes
bind-tcp [::]:53
bind-tcp :53
#server 202.96.128.166
server 223.5.5.5
server 223.6.6.6
server 119.29.29.29
#server 8.8.4.4 #-group whatsappdns -exclude-default-group
#server-tcp 8.8.4.4
server 2400:3200::1
server  2400:3200:baba::1
#server 180.76.76.76
#server 2400:da00::6666
#server 114.114.115.115
#server 114.114.114.114
@mokeyish
Copy link
Owner

谢谢反馈,先用 readme 上的配置试一下,逐步逐行注释配置排查问题具体问题点,你给这么一堆,我没那么多时间测的。

@mokeyish mokeyish closed this as not planned Won't fix, can't repro, duplicate, stale Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants