dnsproxy
dnsproxy copied to clipboard
Published
20 hours ago •
AdguardTeam
AdguardTeam
The strange dns resolution failure problem when farwording the query to upsteam server with dnsproxy.
On Ubuntu 20.10, I use the self compiled git master version of dnsproxy. I noticed a very strange error when using dnsproxy as a forwarder as shown below:
First start dnsproxy as a forwarder:
$ ./dnsproxy -u 114.114.114.114 -v -l 127.0.0.1 -p 6055
Then check it with the following DNS query:
$ dig www.baidu.com -p6055 @127.0.0.1
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.16.6-Ubuntu <<>> www.baidu.com -p6055 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39178
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
. 0 CLASS4096 OPT 10 8 pVJy6qvyGAQ=
;; ADDITIONAL SECTION:
www.baidu.com. 3600 IN A 192.168.1.1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#6055(127.0.0.1)
;; WHEN: Thu Jan 14 17:12:56 CST 2021
;; MSG SIZE rcvd: 70
At the same time, the verbose output on stdout of dnsproxy is also shown as the following:
$ ./dnsproxy -u 114.114.114.114 -v -l 127.0.0.1 -p 6055
2021/01/14 17:12:45 [info] Starting the DNS proxy
2021/01/14 17:12:45 3475495#1 [debug] Upstream 0: 114.114.114.114:53
2021/01/14 17:12:45 3475495#1 [info] Starting the DNS proxy server
2021/01/14 17:12:45 3475495#1 [info] Creating the UDP server socket
2021/01/14 17:12:45 3475495#1 [info] Listening to udp://127.0.0.1:6055
2021/01/14 17:12:45 3475495#1 [info] Creating a TCP server socket
2021/01/14 17:12:45 3475495#1 [info] Listening to tcp://127.0.0.1:6055
2021/01/14 17:12:45 3475495#19 [info] Entering the UDP listener loop on 127.0.0.1:6055
2021/01/14 17:12:45 3475495#20 [info] Entering the tcp listener loop on 127.0.0.1:6055
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).udpHandlePacket(): Start handling new UDP packet from 127.0.0.1:40181
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 39178
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ADDITIONAL SECTION:
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 4096
; COOKIE: a55272eaabf21804
2021/01/14 17:12:56 3475495#34 [debug] 114.114.114.114:53: sending request A www.baidu.com.
2021/01/14 17:12:56 3475495#34 [debug] 114.114.114.114:53: response: ok
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.exchangeWithUpstream(): upstream 114.114.114.114:53 successfully finished exchange of ;www.baidu.com. IN A. Elapsed 1 ms.
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).Resolve(): RTT: 1 ms
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 39178
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 4096
; COOKIE: a55272eaabf21804
;; ADDITIONAL SECTION:
www.baidu.com. 3600 IN A 192.168.1.1
As you can see, obviously the return DNS record is wrong.
OTOH, I also checked with the remote upstream DNS server directly as below:
werner@X10DAi:~$ dig www.baidu.com @114.114.114.114
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.16.6-Ubuntu <<>> www.baidu.com @114.114.114.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5699
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
. 0 CLASS4096 OPT 10 8 vlkJY8LKzyI=
;; ADDITIONAL SECTION:
www.baidu.com. 3600 IN A 192.168.1.1
;; Query time: 4 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Thu Jan 14 17:25:52 CST 2021
;; MSG SIZE rcvd: 70
werner@X10DAi:~$ dig www.baidu.com @114.114.114.114 +tcp
; <<>> DiG 9.16.6-Ubuntu <<>> www.baidu.com @114.114.114.114 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47325
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 357 IN CNAME www.a.shifen.com.
www.a.shifen.com. 138 IN A 220.181.38.149
www.a.shifen.com. 138 IN A 220.181.38.150
;; Query time: 20 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Thu Jan 14 17:26:03 CST 2021
;; MSG SIZE rcvd: 101
As you can see, only a DNS query using TCP will succeed. I'm very confused on this problem. Any hints/clues for this problem are highly appreciated.
Regards, HY
@hongyi-zhao it looks as if your ISP is intercepting and modifying DNS traffic
Are there some methods for further digging into the underneath causes in the packet level?
Well, I just don't see what else could it be.
You could try a different DNS server to see if the responses are changed.