DNS over HTTPS连接失败

[seraphzl]

你正在使用哪个版本的 V2Ray？

V2Ray 4.40.1

你的使用场景是什么？

使用V2Ray内建DNS上网

你看到的异常现象是什么？

DNS over HTTPS连接失败

你期待看到的正常表现是怎样的？

DNS连接正常，返回正确结果

请附上你的配置

服务端配置：

// 在这里附上服务器端配置文件
{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbounds": [{
    "port": 12345,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
          "level": 1,
          "alterId": 64
        }
      ]
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}

客户端配置：

// 在这里附上客户端配置
{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [{
    "port": 1080,
    "listen": "127.0.0.1",
    "tag": "socks-inbound",
    "protocol": "socks",

    "settings": {
      "auth": "noauth",
      "udp": false,
      "ip": "127.0.0.1"
    },
    "sniffing": {
      "enabled": true,
      "destOverride": ["http", "tls"]
    }
  }],
  "outbounds": [
  {
    "protocol": "vmess",
    "settings":
    {
      "vnext":
      [{
        "address": "服务器IP地址",
        "port": 12345,
        "users":
        [{
          "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
          "alterId": 0,
          "security": "auto",
          "level": 0
        }]
      }]
    }
  },
  {
    "protocol": "freedom",
    "settings": 
    {
      "domainStrategy": "UseIPv4"
    },
    "tag": "direct"
  },
  {
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "domainMatcher": "mph",
    "rules":[
      {
        "type": "field",
        "domains": [
          "geosite:cn"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": [
          "geoip:cn",
          "geoip:private"
        ],
        "outboundTag": "direct"
      }
    ]
  },
  "dns": {
    "hosts": {
      "dns.google": "8.8.8.8",
      "dns.cloudflare.com": "1.1.1.1",
    },
    "servers": [
      "https://dns.google/dns-query",
      {
        "address": "https://dns.alidns.com/dns-query",
        "skipFallback": true,
        "domains": [
          "domain:baidu.com",
          "geosite:cn"
        ],
        "expectIPs": [
          "geoip:cn"
        ]
      },
      {
        "address": "https://dns.cloudflare.com/dns-query",
        "domains": [
          "domain:v2fly.org",
          "geosite:geolocation-!cn"
        ]
      },
      "localhost"
    ]
  },
  "policy": {
    "levels": {
      "0": {
        "uplinkOnly": 0,
        "downlinkOnly": 0
      }
    },
    "system": {
      "statsInboundUplink": false,
      "statsInboundDownlink": false
    }
  },
  "other": {}
}

请附上出错时软件输出的错误日志

客户端错误日志：

// 在这里附上客户端日志
2021/07/04 19:00:26 tcp:127.0.0.1:59038 accepted tcp:alive.github.com:443
2021/07/04 19:00:27 tcp:127.0.0.1:59050 accepted tcp:www.google.com:443
2021/07/04 19:00:36 [Error] app/dns: failed to retrieve response > Post "https://dns.cloudflare.com/dns-query": io: read/write on closed pipe
2021/07/04 19:00:36 [Error] app/dns: failed to retrieve response > Post "https://dns.cloudflare.com/dns-query": io: read/write on closed pipe
2021/07/04 19:00:40 [Error] app/dns: failed to retrieve response > Post "https://dns.google/dns-query": io: read/write on closed pipe
2021/07/04 19:00:40 [Error] app/dns: failed to retrieve response > Post "https://dns.google/dns-query": io: read/write on closed pipe
2021/07/04 19:00:40 tcp:127.0.0.1:59088 accepted tcp:play.google.com:443
2021/07/04 19:00:44 tcp:127.0.0.1:59090 accepted tcp:mail.google.com:443
2021/07/04 19:01:08 [Error] app/dns: failed to retrieve response > Post "https://dns.cloudflare.com/dns-query": io: read/write on closed pipe
2021/07/04 19:01:12 [Error] app/dns: failed to retrieve response > Post "https://dns.google/dns-query": io: read/write on closed pipe
2021/07/04 19:01:16 tcp:127.0.0.1:59228 accepted tcp:accounts.google.com:443
2021/07/04 19:01:33 tcp:127.0.0.1:59334 accepted tcp:accounts.google.com:443
2021/07/04 19:01:34 tcp:127.0.0.1:59342 accepted tcp:accounts.youtube.com:443
2021/07/04 19:01:36 tcp:127.0.0.1:59358 accepted tcp:accounts.youtube.com:443

请附上访问日志

// 在这里附上服务器端日志
2021/07/04 11:00:26 123.456.78.90:54770 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:26 123.456.78.90:54772 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:27 123.456.78.90:54774 accepted tcp:alive.github.com:443
2021/07/04 11:00:27 123.456.78.90:54783 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:27 123.456.78.90:54782 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:27 123.456.78.90:54786 accepted tcp:www.google.com:443
2021/07/04 11:00:36 123.456.78.90:54824 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:36 123.456.78.90:54822 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:36 123.456.78.90:54826 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:36 123.456.78.90:54828 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:00:40 123.456.78.90:54846 accepted tcp:dns.google:443
2021/07/04 11:00:40 123.456.78.90:54847 accepted tcp:dns.google:443
2021/07/04 11:00:40 123.456.78.90:54852 accepted tcp:dns.google:443
2021/07/04 11:00:40 123.456.78.90:54850 accepted tcp:dns.google:443
2021/07/04 11:00:40 123.456.78.90:54854 accepted tcp:play.google.com:443
2021/07/04 11:00:44 123.456.78.90:54868 accepted tcp:mail.google.com:443
2021/07/04 11:01:08 123.456.78.90:54960 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:01:08 123.456.78.90:54961 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:01:12 123.456.78.90:54981 accepted tcp:dns.google:443
2021/07/04 11:01:12 123.456.78.90:54980 accepted tcp:dns.google:443
2021/07/04 11:01:16 123.456.78.90:55000 accepted tcp:accounts.google.com:443
2021/07/04 11:01:33 123.456.78.90:55066 accepted tcp:accounts.google.com:443
2021/07/04 11:01:34 123.456.78.90:55074 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:01:34 123.456.78.90:55075 accepted tcp:dns.cloudflare.com:443
2021/07/04 11:01:34 123.456.78.90:55078 accepted tcp:accounts.youtube.com:443
2021/07/04 11:01:36 123.456.78.90:55090 accepted tcp:accounts.youtube.com:443

[rurirei]

1. add "dns.google: 8.8.8.8" to hosts
2. "dns.cloudflare.com"? you should use "onedotonedotonedotone.cloudflare-dns.com".

[seraphzl]

Thanks for reply.

1. add "dns.google: 8.8.8.8" to hosts

"dns": {
    "hosts": {
      "dns.google": "8.8.8.8",
      "dns.cloudflare.com": "1.1.1.1",
    },
...

The IP address for dns.google have been added in previous conf file.
Did you mean add "dns.google 8.8.8.8" to /etc/hosts file?
Update: adding "dns.google 8.8.8.8" to /etc/hosts file did not solve the issue.

2. "dns.cloudflare.com"? you should use "onedotonedotonedotone.cloudflare-dns.com".

I replaced "https://dns.cloudflare.com/dns-query" with "https://1.1.1.1/dns-query", and It is ok.
I will try "onedotonedotonedotone.cloudflare-dns.com" later.
Update: using "https://1.1.1.1/dns-query" did not solve this issue.

2021/07/07 13:50:19 [Error] app/dns: failed to retrieve response > Post "https://1.1.1.1/dns-query": io: read/write on closed pipe

[seraphzl]

2. "dns.cloudflare.com"? you should use "onedotonedotonedotone.cloudflare-dns.com".

Update:

      {
        "address": "https://onedotonedotonedotone.cloudflare-dns.com/dns-query",
        "domains": ["domain:v2fly.org", "geosite:geolocation-!cn"]
      },

Using "onedotonedotonedotone.cloudflare-dns.com" did not solve this issue.

2021/07/07 12:47:48 [Error] app/dns: failed to retrieve response > Post "https://onedotonedotonedotone.cloudflare-dns.com/dns-query": io: read/write on closed pipe
2021/07/07 12:48:04 tcp:127.0.0.1:57998 accepted tcp:www.v2fly.org:443
2021/07/07 12:48:06 [Error] app/dns: failed to retrieve response > Post "https://onedotonedotonedotone.cloudflare-dns.com/dns-query": io: read/write on closed pipe
2021/07/07 12:48:09 tcp:127.0.0.1:58006 accepted tcp:api.xuann.wang:443
2021/07/07 12:48:10 [Error] app/dns: failed to retrieve response > Post "https://onedotonedotonedotone.cloudflare-dns.com/dns-query": io: read/write on closed pipe

[ghost]

doh config in server no client

cloudflare real doh add is https://cloudflare-dns.com/dns-query

google real doh add is https://dns.google/dns-query

link:

https://developers.cloudflare.com/1.1.1.1/dns-over-https/request-structure

https://developers.google.com/speed/public-dns/docs/doh

[digglife]

Could you enable loglevel to debug and post the log again? I can't reproduce it with your client config. Here is the log, the domain github.com was successfully resolved by DOH//dns.cloudflare.com.

V2Ray 4.40.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.16.5 darwin/amd64)
A unified platform for anti-censorship.
2021/07/23 02:58:40 [Info] main/jsonem: Reading config: /Users/zhu/Downloads/v2ray_test.json
2021/07/23 02:58:40 [Debug] app/log: Logger started
2021/07/23 02:58:40 [Info] app/dns: DNS: created Remote DOH client for https://dns.google/dns-query
2021/07/23 02:58:40 [Info] app/dns: DNS: created Remote DOH client for https://dns.alidns.com/dns-query
2021/07/23 02:58:40 [Info] app/dns: DNS: created Remote DOH client for https://dns.cloudflare.com/dns-query
2021/07/23 02:58:40 [Debug] app/router: MphDomainMatcher is enabled for 3052 domain rule(s)
2021/07/23 02:58:40 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:10080
2021/07/23 02:58:40 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10080
2021/07/23 02:58:40 [Warning] V2Ray 4.40.1 started
2021/07/23 02:58:43 [Info] [2775910877] proxy/socks: TCP Connect request to tcp:52.69.186.44:80
2021/07/23 02:58:43 [Info] [2775910877] app/dispatcher: sniffed domain: www.github.com
2021/07/23 02:58:43 [Debug] app/dns: domain www.github.com matches following rules: [geosite:geolocation-!cn(DNS idx:2)]
2021/07/23 02:58:43 [Debug] app/dns: domain www.github.com will use DNS in order: [DOH//dns.cloudflare.com DOH//dns.google]
2021/07/23 02:58:43 [Info] app/dns: DOH//dns.cloudflare.com querying: www.github.com.
2021/07/23 02:58:43 [Info] app/dispatcher: default route for tcp:dns.cloudflare.com:443
2021/07/23 02:58:43 [Info] app/dispatcher: default route for tcp:dns.cloudflare.com:443
2021/07/23 02:58:43 [Info] transport/internet/tcp: dialing TCP to tcp:myproxyip:myproxyport
2021/07/23 02:58:43 [Info] transport/internet/tcp: dialing TCP to tcp:myproxyip:myproxyport
2021/07/23 02:58:43 [Info] proxy/vmess/outbound: tunneling request to tcp:dns.cloudflare.com:443 via tcp:myproxyip:myproxyport
2021/07/23 02:58:43 [Info] proxy/vmess/outbound: tunneling request to tcp:dns.cloudflare.com:443 via tcp:myproxyip:myproxyport
2021/07/23 02:58:43 [Info] app/dns: DOH//dns.cloudflare.com got answer: www.github.com. TypeAAAA -> [] 471.682145ms
2021/07/23 02:58:43 [Info] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/23 02:58:43 [Info] app/dns: DOH//dns.cloudflare.com got answer: www.github.com. TypeA -> [52.69.186.44] 541.725727ms
2021/07/23 02:58:43 [Info] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/23 02:58:43 [Info] [2775910877] app/dispatcher: default route for tcp:www.github.com:80
2021/07/23 02:58:43 [Info] [2775910877] transport/internet/tcp: dialing TCP to tcp:myproxyip:myproxyport
2021/07/23 02:58:43 tcp:127.0.0.1:58493 accepted tcp:52.69.186.44:80

[realEthanZou]

Having the same issue, v4.41.1
Related issue: #152
Possible fix: XTLS/Xray-core#147

[Yuki-Nagato]

不仅是DOH有问题，DNS over TCP在使用一段时间后也会断，而且不像DOH那样下一次查询可以恢复，必须重启应用。

[qct]

same issue solved by

iptables -A OUTPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP

[zhuziyi1989]

同样的问题，每次必须重启，换成了8.8.8.8算了

v2ray/v2ray-core#2286 (comment)

[github-actions]

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days