frp icon indicating copy to clipboard operation
frp copied to clipboard

Published 20 hours ago verified publisher icon fatedier

建议默认不要启用DNS解析回退

Open 428571c opened this issue 9 months ago • 3 comments

Bug Description

偶尔路由器重启,这时发现的

~ $ cat ../usr/etc/resolv.conf
nameserver 185.222.222.222
~ $ frpc
WARNING: ini format is deprecated and the support will be removed in the future, please use yaml/json/toml format instead!
2024-05-20 13:03:02.472 [I] [sub/root.go:142] start frpc service for config file [./frpc.ini]
2024-05-20 13:03:02.472 [I] [client/service.go:294] try to connect to server...
2024-05-20 13:03:02.475 [W] [client/service.go:297] connect to server error: dial tcp: lookup f on 185.222.222.222:53: dial udp 8.8.8.8:53: connect: network is unreachable
2024-05-20 13:03:02.475 [I] [sub/root.go:160] frpc service for config file [./frpc.ini] stopped
login to the server failed: dial tcp: lookup f on 185.222.222.222:53: dial udp 8.8.8.8:53: connect: network is unreachable. With loginFailExit enabled, no additional retries will be attempted
~ $

这也太危险了。Traceroute发现这个8.8.8.8根本不是谷歌DNS,完全是运营商内网。

~ $ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  69.506 ms  68.482 ms  67.884 ms
 2  100.77.64.1 (100.77.64.1)  67.018 ms  66.224 ms  65.476 ms
 3  8.8.8.8 (8.8.8.8)  64.777 ms  64.096 ms  63.404 ms

而且

~ $ nslookup termux.dev 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   termux.dev
Address: 124.236.16.201
Name:   termux.dev
Address: ::

还有

~ $ nslookup raw.githubusercontent.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   raw.githubusercontent.com
Address: 0.0.0.0
Name:   raw.githubusercontent.com
Address: ::

~ $

万一哪天网速慢了或者185.222.222.222挂了,这会直接导致token泄漏,或者宽带建站被运营商检测导致封宽带的情况。

frpc Version

0.58.0

frps Version

N/A

System Architecture

android/arm64

Configurations

[common] server_addr = frpserverdomain* server_port = 7000 token = 6666666666* tls_enable = true protocol = tcp

[6f3a0f37_http] type = http local_ip = 127.0.0.1 local_port = 8000 custom_domains = 1a*

[16455db9_https] type = https local_ip = 127.0.0.1 local_port = 44300 custom_domains = 2b*

Logs

No response

Steps to reproduce

...

Affected area

  • [ ] Docs
  • [ ] Installation
  • [ ] Performance and Scalability
  • [X] Security
  • [ ] User Experience
  • [ ] Test and Release
  • [ ] Developer Infrastructure
  • [ ] Client Plugin
  • [ ] Server Plugin
  • [ ] Extensions
  • [ ] Others

428571c avatar May 20 '24 22:05 428571c