dae
dae copied to clipboard
daeuniverse
[Support Request] routing{}中已经写了must_direct,但还是命中了dns{}中的规则,不是很明白原理。
Checks
- [x] I have searched the existing issues
- [x] I have read the documentation
- [x] Is it your first time sumbitting an issue
Support Request
正在尝试理解dae对于流量的处理过程,遇到些问题,请求解惑。按照说明文档routing.md
#对于单条规则,"direct"和"must_direct"的区别在于"direct"会劫持并处理DNS请求(用于流量分割使用),而"must_direct"不会。
我在routing{}中写了domain(suffix: dyndns.com) -> must_direct,我理解这个domain就该走默认DNS了而不进入dae内的DNS。但还是命中了dns{}中qtype(aaaa) && !qname(geosite:cn) -> reject规则
目标站点checkipv6.dyndns.com,以下为配置
global {
lan_interface: eth0
dial_mode: ip
}
node {
node2: 'vless://LINK'
}
dns {
#ipversion_prefer: 4
upstream {
alidns: 'udp://dns.alidns.com:53'
googledns: 'tcp+udp://dns.google:53'
}
routing {
request {
qname(geosite:cn) -> alidns
#qname(suffix:dyndns.com) -> alidns
qtype(aaaa) && !qname(geosite:cn) -> reject
# fallback is also called default.
fallback: googledns
}
}
}
group {
my_group {
policy: min_moving_avg
}
}
routing {
pname(NetworkManager) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
domain(suffix: dyndns.com) -> must_direct
l4proto(udp) && dport(443) -> block
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
fallback: my_group
}
Current Behavior
routing中配置不变的情况下 情况1: dns-request中注释 #qname(suffix:dyndns.com) -> alidns 访问checkipv6.dyndns.com打不开网站。因为aaaa结果被规则丢掉了。 情况2: dns-request中去掉注释 qname(suffix:dyndns.com) -> alidns 访问checkipv6.dyndns.com可以打开网站。因为提前走了alidns,没有匹配后续规则。
Expected Behavior
No response
Steps to Reproduce
日志:
level=trace msg="Received UDP(DNS) 192.168.1.24:58912 <-> 192.168.1.101:53: checkipv6.dyndns.com. AAAA"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 28 1}] upstream="udp://dns.alidns.com:53"
level=trace msg="Choose DNS path" choose="udp+4" dialer=direct ipversions=[4 6] l4protos=[udp] outbound=direct upstream="udp://dns.alidns.com:53" use="223.5.5.5:53"
level=trace msg="Received UDP(DNS) 192.168.1.24:51962 <-> 192.168.1.101:53: checkipv6.dyndns.com. HTTPS"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 65 1}] upstream="udp://dns.alidns.com:53"
level=trace msg="Received UDP(DNS) 192.168.1.24:65397 <-> 192.168.1.101:53: checkipv6.dyndns.com. A"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 1 1}] upstream="udp://dns.alidns.com:53"
level=trace msg="Choose DNS path" choose="udp+4" dialer=direct ipversions=[4 6] l4protos=[udp] outbound=direct upstream="udp://dns.alidns.com:53" use="223.5.5.5:53"
level=trace msg="Choose DNS path" choose="udp+4" dialer=direct ipversions=[4 6] l4protos=[udp] outbound=direct upstream="udp://dns.alidns.com:53" use="223.5.5.5:53"
level=trace msg=Accept question=[{checkipv6.dyndns.com. 28 1}] upstream="udp://dns.alidns.com:53"
level=info msg="192.168.1.24:58912 <-> 223.5.5.5:53" _qname=checkipv6.dyndns.com. dialer=direct dscp=0 mac="48:f1:7f:da:35:a4" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=AAAA
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans="checkipv6.dyndns.com.(AAAA): 2603:c020:2:f600:dbce:6764:dd0b:2653; checkipv6.dyndns.com.(AAAA): 2603:c021:8001:8800:da5f:2359:be8d:1f2c; checkipv6.dyndns.com.(AAAA): 2603:c021:c001:bb00:5108:6d6e:ef60:abf2; checkipv6.dyndns.com.(AAAA): 2603:c020:8003:3200:5bc6:2a97:45fe:db16; checkipv6.dyndns.com.(AAAA): 2603:c020:4000:ba00:906:2c31:7ef3:9a80" rcode=0
level=trace msg=Accept question=[{checkipv6.dyndns.com. 1 1}] upstream="udp://dns.alidns.com:53"
level=info msg="192.168.1.24:65397 <-> 223.5.5.5:53" _qname=checkipv6.dyndns.com. dialer=direct dscp=0 mac="48:f1:7f:da:35:a4" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
level=trace msg=Accept question=[{checkipv6.dyndns.com. 65 1}] upstream="udp://dns.alidns.com:53"
level=info msg="192.168.1.24:51962 <-> 223.5.5.5:53" _qname=checkipv6.dyndns.com. dialer=direct dscp=0 mac="48:f1:7f:da:35:a4" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
level=trace msg="Received UDP(DNS) 192.168.1.24:52847 <-> 192.168.1.101:53: checkipv6.dyndns.com. AAAA"
level=trace msg="Received UDP(DNS) 192.168.1.24:55464 <-> 192.168.1.101:53: checkipv6.dyndns.com. HTTPS"
level=trace msg="Received UDP(DNS) 192.168.1.24:60698 <-> 192.168.1.101:53: checkipv6.dyndns.com. A"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 65 1}] upstream="udp://dns.alidns.com:53"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 28 1}] upstream="udp://dns.alidns.com:53"
level=trace msg="Choose DNS path" choose="udp+4" dialer=direct ipversions=[4 6] l4protos=[udp] outbound=direct upstream="udp://dns.alidns.com:53" use="223.5.5.5:53"
level=trace msg="Choose DNS path" choose="udp+4" dialer=direct ipversions=[4 6] l4protos=[udp] outbound=direct upstream="udp://dns.alidns.com:53" use="223.5.5.5:53"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 1 1}] upstream="udp://dns.alidns.com:53"
level=trace msg="Choose DNS path" choose="udp+4" dialer=direct ipversions=[4 6] l4protos=[udp] outbound=direct upstream="udp://dns.alidns.com:53" use="223.5.5.5:53"
level=trace msg=Accept question=[{checkipv6.dyndns.com. 28 1}] upstream="udp://dns.alidns.com:53"
level=info msg="192.168.1.24:52847 <-> 223.5.5.5:53" _qname=checkipv6.dyndns.com. dialer=direct dscp=0 mac="48:f1:7f:da:35:a4" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=AAAA
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans="checkipv6.dyndns.com.(AAAA): 2603:c020:4000:ba00:906:2c31:7ef3:9a80; checkipv6.dyndns.com.(AAAA): 2603:c020:2:f600:dbce:6764:dd0b:2653; checkipv6.dyndns.com.(AAAA): 2603:c021:c001:bb00:5108:6d6e:ef60:abf2; checkipv6.dyndns.com.(AAAA): 2603:c021:8001:8800:da5f:2359:be8d:1f2c; checkipv6.dyndns.com.(AAAA): 2603:c020:8003:3200:5bc6:2a97:45fe:db16" rcode=0
level=trace msg=Accept question=[{checkipv6.dyndns.com. 1 1}] upstream="udp://dns.alidns.com:53"
level=info msg="192.168.1.24:60698 <-> 223.5.5.5:53" _qname=checkipv6.dyndns.com. dialer=direct dscp=0 mac="48:f1:7f:da:35:a4" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
level=trace msg=Accept question=[{checkipv6.dyndns.com. 65 1}] upstream="udp://dns.alidns.com:53"
level=info msg="192.168.1.24:55464 <-> 223.5.5.5:53" _qname=checkipv6.dyndns.com. dialer=direct dscp=0 mac="48:f1:7f:da:35:a4" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
被扔掉aaaa的日志:
level=trace msg="Received UDP(DNS) 192.168.1.24:63253 <-> 192.168.1.101:53: checkipv6.dyndns.com. A"
level=trace msg="Received UDP(DNS) 192.168.1.24:61043 <-> 192.168.1.101:53: checkipv6.dyndns.com. HTTPS"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 65 1}] upstream="tcp+udp://dns.google:53"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 1 1}] upstream="tcp+udp://dns.google:53"
level=trace msg="Choose DNS path" choose="udp+6" dialer=node2 ipversions=[4 6] l4protos=[udp tcp] outbound="my_group" upstream="tcp+udp://dns.google:53" use="[2001:4860:4860::8844]:53"
level=trace msg="Choose DNS path" choose="udp+6" dialer=node2 ipversions=[4 6] l4protos=[udp tcp] outbound="my_group" upstream="tcp+udp://dns.google:53" use="[2001:4860:4860::8844]:53"
level=trace msg=Accept question=[{checkipv6.dyndns.com. 1 1}] upstream="tcp+udp://dns.google:53"
level=info msg="192.168.1.24:63253 <-> [2001:4860:4860::8844]:53" _qname=checkipv6.dyndns.com. dialer=node2 dscp=0 mac="48:f1:7f:da:35:a4" network="udp6(DNS)" outbound="my_group" pid=0 pname= policy=min_moving_avg qtype=A
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
level=trace msg=Accept question=[{checkipv6.dyndns.com. 65 1}] upstream="tcp+udp://dns.google:53"
level=info msg="192.168.1.24:61043 <-> [2001:4860:4860::8844]:53" _qname=checkipv6.dyndns.com. dialer=node2 dscp=0 mac="48:f1:7f:da:35:a4" network="udp6(DNS)" outbound="my_group" pid=0 pname= policy=min_moving_avg qtype=HTTPS
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
level=trace msg="Received UDP(DNS) 192.168.1.24:61692 <-> 192.168.1.101:53: checkipv6.dyndns.com. A"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 1 1}] upstream="tcp+udp://dns.google:53"
level=trace msg="Choose DNS path" choose="udp+6" dialer=node2 ipversions=[4 6] l4protos=[udp tcp] outbound="my_group" upstream="tcp+udp://dns.google:53" use="[2001:4860:4860::8844]:53"
level=trace msg=Accept question=[{checkipv6.dyndns.com. 1 1}] upstream="tcp+udp://dns.google:53"
level=info msg="192.168.1.24:61692 <-> [2001:4860:4860::8844]:53" _qname=checkipv6.dyndns.com. dialer=node2 dscp=0 mac="48:f1:7f:da:35:a4" network="udp6(DNS)" outbound="my_group" pid=0 pname= policy=min_moving_avg qtype=A
level=trace msg="Update DNS record cache" _qname=checkipv6.dyndns.com. ans= rcode=0
level=trace msg="Received UDP(DNS) 192.168.1.24:61692 <-> 192.168.1.101:53: checkipv6.dyndns.com. A"
level=trace msg="Request to DNS upstream" question=[{checkipv6.dyndns.com. 1 1}] upstream="tcp+udp://dns.google:53"
level=trace msg="Choose DNS path" choose="udp+6" dialer=node2 ipversions=[4 6] l4protos=[udp tcp] outbound="my_group" upstream="tcp+udp://dns.google:53" use="[2001:4860:4860::8844]:53"
level=trace msg="Received UDP(DNS) 192.168.1.24:62666 <-> 192.168.1.101:53: checkipv6.dyndns.com. AAAA"
level=trace msg=Reject question=[{checkipv6.dyndns.com. 28 1}]
Environment
-
Dae version (use
dae --version):1.0.0 -
OS (e.g
cat /etc/os-release):ImmortalWrt 24.10.2 -
Kernel (e.g.
uname -a):Linux ImmortalWrt 6.6.93 #0 SMP Wed Jun 25 15:36:28 2025 x86_64 GNU/Linux - Others:ImmortalWrt 为旁路网关,SLAAC获取ipv6地址
Anything else?
想尝试理解流量包括DNS等处理过程,以便于更好的配置分流。谢谢
[!NOTE] The following content has been translated from its original language using an automated process powered by a proprietary API. Segments originally written in English have been preserved, while non-English portions have been machine-translated for readability. Please be aware that minor inaccuracies may exist due to the automated nature of the translation.
![dae-intelligence[bot] avatar](https://avatars.githubusercontent.com/in/1472278?v=4 "Published by a pub.dev verified publisher"){kind=small}
![dae-prow[bot] avatar](https://avatars.githubusercontent.com/in/345419?v=4 "Published by a pub.dev verified publisher"){kind=small}
dial_mode: domain++
[!NOTE] The following content has been translated from its original language using an automated process powered by a proprietary API. Segments originally written in English have been preserved, while non-English portions have been machine-translated for readability. Please be aware that minor inaccuracies may exist due to the automated nature of the translation.
bashdial_mode: domain++
dial_mode: domain++
domain/+/++都是一样的现象
[!NOTE] The following content has been translated from its original language using an automated process powered by a proprietary API. Segments originally written in English have been preserved, while non-English portions have been machine-translated for readability. Please be aware that minor inaccuracies may exist due to the automated nature of the translation.
Translation:
dial_mode: domain++
Domain/+/++ are all the same phenomenon