SagerNet
Some dns query cant be done correctly
Operating system
Linux
System version
ubuntu22.04lts
Installation type
Original sing-box Command Line
If you are using a graphical client, please provide the version of the client.
No response
Version
sing-box version 1.9.3
Environment: go1.22.3 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled
Description
Some dns query cant be done correctly. All failed dns query results returned by sing-box set edns version to 1.
failed query packets(packet returned by sing-box with edns version set to 1):
Reproduction
1.start sing-box 2.query 'www121.jal.co.jp' with nslookup or dig 3.query failed
related configuration:
// ...
"dns": {
"servers": [
{
"tag": "out_dns",
"address": "https://1.1.1.1/dns-query",
"detour": "proxy"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"outbound": "any",
"server": "local",
"disable_cache": true
},
{
"rule_set": "geosite-cn",
"server": "local"
}
],
"final": "out_dns",
"strategy": "prefer_ipv4"
}
// ...
"outbounds": [
{ "type": "dns", "tag": "dns_out"}
]
// ...
"route": {
"rules": [
{
"inbound": "mixed-in",
"outbound": "proxy"
},
{
"inbound": "dns_in",
"outbound": "dns_out"
},
{
"protocol": "dns",
"outbound": "dns_out"
}
]
}
Logs
+0800 2024-06-29 00:23:55 DEBUG dns: exchange www121.jal.co.jp. IN A
+0800 2024-06-29 00:23:55 INFO [848291404 0ms] inbound/tun[tun-in]: inbound connection from 172.19.0.1:33254
+0800 2024-06-29 00:23:55 INFO [848291404 0ms] inbound/tun[tun-in]: inbound connection to 142.251.42.138:443
+0800 2024-06-29 00:23:55 DEBUG [848291404 6ms] router: sniffed protocol: tls, domain: www.googleapis.com
+0800 2024-06-29 00:23:55 INFO [848291404 22ms] router: found process path: /usr/libexec/goa-daemon
+0800 2024-06-29 00:23:55 DEBUG [848291404 22ms] router: match[7] process_name=[gvfsd-google gio goa-daemon] => proxy
+0800 2024-06-29 00:23:55 INFO [848291404 22ms] outbound/vmess[***]: outbound connection to 142.251.42.138:443
+0800 2024-06-29 00:23:55 DEBUG dns: exchanged www121.jal.co.jp NOERROR 82960
+0800 2024-06-29 00:23:55 INFO dns: exchanged www121.jal.co.jp A www121.jal.co.jp. 82960 IN A 163.211.253.68
+0800 2024-06-29 00:23:55 INFO dns: exchanged www121.jal.co.jp OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x4410, udp: 1232
Supporter
- [ ] I am a sponsor
Integrity requirements
- [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
- [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
- [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
What is the result of dig that domain with edns without proxy?
result of dig with proxy
known domain(s) which cant be resolved correctly: www121.jal.co.jp www.hmv.co.jp
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Works on my devices, checks your problems and open a new issue.
could you please share a sample of dns section of your configuration? thx.
I have the same problem
+0800 2024-09-14 13:54:46 DEBUG [2622094223 0ms] router: sniffed packet protocol: dns
+0800 2024-09-14 13:54:46 INFO [2622094223 1ms] router: found process path: /usr/lib/systemd/systemd-resolved
+0800 2024-09-14 13:54:46 DEBUG [2622094223 1ms] router: match[0] protocol=dns => dns-out
+0800 2024-09-14 13:54:46 DEBUG dns: exchange pypi.org. IN A
+0800 2024-09-14 13:54:46 DEBUG dns: match[5] domain_suffix=[xxxxxx] rule_set=[geosite-geolocation-!cn geosite-category-cryptocurrency] => dns_proxy
+0800 2024-09-14 13:54:46 DEBUG dns: exchanged pypi.org NOERROR 78458
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.128.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.192.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.64.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.0.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x327a, udp: 1232
$ dig pypi.org
; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> pypi.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18305
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;pypi.org. IN A
;; Query time: 123 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Sep 14 13:54:46 CST 2024
;; MSG SIZE rcvd: 37
I have the same problem
+0800 2024-09-14 13:54:46 DEBUG [2622094223 0ms] router: sniffed packet protocol: dns +0800 2024-09-14 13:54:46 INFO [2622094223 1ms] router: found process path: /usr/lib/systemd/systemd-resolved +0800 2024-09-14 13:54:46 DEBUG [2622094223 1ms] router: match[0] protocol=dns => dns-out +0800 2024-09-14 13:54:46 DEBUG dns: exchange pypi.org. IN A +0800 2024-09-14 13:54:46 DEBUG dns: match[5] domain_suffix=[xxxxxx] rule_set=[geosite-geolocation-!cn geosite-category-cryptocurrency] => dns_proxy +0800 2024-09-14 13:54:46 DEBUG dns: exchanged pypi.org NOERROR 78458 +0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.128.223 +0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.192.223 +0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.64.223 +0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.0.223 +0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x327a, udp: 1232$ dig pypi.org ; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> pypi.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18305 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;pypi.org. IN A ;; Query time: 123 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Sat Sep 14 13:54:46 CST 2024 ;; MSG SIZE rcvd: 37
Hey, same here... I think this could be an issue related to systemd-resolved and this has been addressed here before but not sure.
If I use dhcp://auto it queries from eno1 which is my uplink but with systemd-resolved it seems to be flaky, it resolves sometimes and stops working after that. I think the fix is maybe to hardcode a DNS server like 1.1.1.1? not sure someone else could pitch in here.
