smartdns
smartdns copied to clipboard
Published
20 hours ago •
pymumu
pymumu
使用smartdns查询的https记录不完整
问题现象
https record的ipv4hint内只有一个ip,且缺少ipv6hint。
# 使用smartdns查询
$ kdig www.cloudflare.com '@127.0.0.1:535' HTTPS +short
1 . alpn="h3,h2" ipv4hint=104.16.123.96
# 直接使用tls://1.0.0.1查询
$ kdig www.cloudflare.com '@1.0.0.1' +tls-ca HTTPS +short
1 . alpn="h3,h2" ipv4hint=104.16.123.96,104.16.124.96 ipv6hint=2606:4700::6810:7b60,2606:4700::6810:7c60
运行环境
-
smartdns来源以及版本
archlinux 仓库,smartdns 46-1
-
涉及的配置(注意去除个人相关信息)
bind 127.0.0.1:535 -no-cache -no-dualstack-selection -no-speed-check
log-console yes
log-level debug
server-tls 1.0.0.1:853
重现步骤
-
上游DNS配置。
tls://1.0.0.1:853
-
访问的域名。
www.cloudflare.com
信息收集
log
[2025-01-26 20:53:21,784][NOTICE][ smartdns.c:640 ] smartdns starting...(Copyright (C) Nick Peng <[email protected]>, build: 1.20240625-2307)
[2025-01-26 20:53:21,785][ INFO][ dns_server.c:9013] bind ip 127.0.0.1:535, type 0
[2025-01-26 20:53:21,785][DEBUG][ fast_ping.c:1454] ping 2001::, id = 1
[2025-01-26 20:53:21,785][DEBUG][ fast_ping.c:678 ] ping 2001:: end, id 1
[2025-01-26 20:53:21,785][ INFO][ dns_server.c:9330] IPV6 is ready, enable IPV6 features
[2025-01-26 20:53:21,785][ INFO][ dns_server.c:9219] auto enable cache persist.
[2025-01-26 20:53:21,785][ INFO][ dns_cache.c:758 ] load cache file /var/cache/smartdns/smartdns.cache, total 1 records
[2025-01-26 20:53:21,799][ INFO][ dns_client.c:1272] add server 1.0.0.1:853, type: tls
[2025-01-26 20:53:27,409][DEBUG][ dns_server.c:7155] recv query packet from 127.0.0.1, len = 47, type = 0
[2025-01-26 20:53:27,409][DEBUG][ dns_server.c:7171] request qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 47, id = 44045, tc = 0, rd = 1, ra = 0, rcode = 0
[2025-01-26 20:53:27,410][DEBUG][ dns_server.c:7196] query www.cloudflare.com from 127.0.0.1, qtype: 65, id: 44045, query-num: 1
[2025-01-26 20:53:27,410][DEBUG][ dns_client.c:3855] send query to server 1.0.0.1:853
[2025-01-26 20:53:27,410][DEBUG][ dns_client.c:2376] tls server 1.0.0.1 connecting.
[2025-01-26 20:53:27,410][ INFO][ dns_client.c:4252] request: www.cloudflare.com, qtype: 65, id: 8399, group: default
[2025-01-26 20:53:27,780][DEBUG][ dns_client.c:3325] tls server 1.0.0.1 connected.
[2025-01-26 20:53:27,780][DEBUG][ dns_client.c:3330] new session
[2025-01-26 20:53:27,780][DEBUG][ dns_client.c:3215] peer CN: cloudflare-dns.com
[2025-01-26 20:53:27,780][DEBUG][ dns_client.c:3261] cert SPKI pin(sha256): 48:F7:E0:E8:59:6E:3C:89:54:73:A6:B9:87:7D:77:04:30:B1:41:83:46:5F:E4:C7:4F:2E:E2:83:95:F7:F9:50
[2025-01-26 20:53:27,986][DEBUG][ dns_client.c:4127] retry query www.cloudflare.com, type: 65, id: 8399
[2025-01-26 20:53:27,986][DEBUG][ dns_client.c:3855] send query to server 1.0.0.1:853
[2025-01-26 20:53:28,186][DEBUG][ dns_client.c:2907] recv tcp packet from 1.0.0.1, len = 470
[2025-01-26 20:53:28,186][DEBUG][ dns.c:2160] opt type 12
[2025-01-26 20:53:28,186][DEBUG][ dns_client.c:1836] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 468, id = 8399, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2025-01-26 20:53:28,186][DEBUG][ dns_client.c:1848] domain: www.cloudflare.com qtype: 65 qclass: 1
[2025-01-26 20:53:28,186][DEBUG][ dns_server.c:4644] query result from server 1.0.0.1:853, type: 2, domain: www.cloudflare.com qtype: 65 rcode: 0, id: 44045
[2025-01-26 20:53:28,186][DEBUG][ dns_server.c:3947] domain: www.cloudflare.com HTTPS: TTL: 101 priority: 1
[2025-01-26 20:53:28,186][DEBUG][ dns_server.c:2336] reply www.cloudflare.com qtype: 65, rcode: 0, reply: 1
[2025-01-26 20:53:28,186][ INFO][ dns_server.c:2391] result: www.cloudflare.com, client: 127.0.0.1, qtype: 65, id: 44045, group: default, time: 777ms
[2025-01-26 20:53:28,186][DEBUG][ dns_client.c:2907] recv tcp packet from 1.0.0.1, len = 470
[2025-01-26 20:53:28,186][DEBUG][ dns.c:2160] opt type 12
[2025-01-26 20:53:28,186][DEBUG][ dns_client.c:1836] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 468, id = 8399, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2025-01-26 20:53:28,186][DEBUG][ dns_client.c:1848] domain: www.cloudflare.com qtype: 65 qclass: 1
[2025-01-26 20:53:28,486][DEBUG][ dns_client.c:1600] result: www.cloudflare.com, qtype: 65, has-result: 1, id 8399
[2025-01-26 20:53:38,186][DEBUG][ dns_client.c:1324] server 1.0.0.1 closed.
[2025-01-26 20:53:38,186][DEBUG][ dns_client.c:2983] peer close, 1.0.0.1
看起来 bind ... -no-dualstack-selection 没生效,增加配置 dualstack-ip-selection no试试
看起来 bind ... -no-dualstack-selection 没生效,增加配置
dualstack-ip-selection no试试
换成了git版本,配置里添加了dualstack-ip-selection no,问题依然存在。
$ smartdns -v
smartdns 1.20250126-1420 (Release46-16-gb969ee6)
bind 127.0.0.1:535 -no-cache -no-speed-check -no-dualstack-selection
log-console yes
log-level debug
dualstack-ip-selection no
server-tls 1.0.0.1:853
log
[2025-01-26 22:28:36,981][NOTICE][ smartdns.c:560 ] smartdns starting...(Copyright (C) Nick Peng <[email protected]>, build: 1.20250126-1420 (Release46-16-gb969ee6))
[2025-01-26 22:28:36,982][ INFO][ dns_server.c:9027] bind ip 127.0.0.1:535, type 0
[2025-01-26 22:28:36,982][DEBUG][ fast_ping.c:1474] ping 2001::, id = 1
[2025-01-26 22:28:36,982][DEBUG][ fast_ping.c:679 ] ping 2001:: end, id 1
[2025-01-26 22:28:36,982][ INFO][ dns_server.c:9344] IPV6 is ready, enable IPV6 features
[2025-01-26 22:28:36,983][ INFO][ dns_server.c:9233] auto enable cache persist.
[2025-01-26 22:28:36,983][ INFO][ dns_cache.c:758 ] load cache file /var/cache/smartdns/smartdns.cache, total 1 records
[2025-01-26 22:28:36,999][ INFO][ dns_client.c:1271] add server 1.0.0.1:853, type: tls
[2025-01-26 22:28:39,745][DEBUG][ dns_server.c:7165] recv query packet from 127.0.0.1, len = 47, type = 0
[2025-01-26 22:28:39,745][DEBUG][ dns_server.c:7181] request qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 47, id = 32722, tc = 0, rd = 1, ra = 0, rcode = 0
[2025-01-26 22:28:39,745][DEBUG][ dns_server.c:7206] query www.cloudflare.com from 127.0.0.1, qtype: 65, id: 32722, query-num: 1
[2025-01-26 22:28:39,745][DEBUG][ dns_client.c:3883] send query to server 1.0.0.1:853
[2025-01-26 22:28:39,745][DEBUG][ dns_client.c:2404] tls server 1.0.0.1 connecting.
[2025-01-26 22:28:39,745][ INFO][ dns_client.c:4280] request: www.cloudflare.com, qtype: 65, id: 10599, group: default
[2025-01-26 22:28:40,233][DEBUG][ dns_client.c:3353] tls server 1.0.0.1 connected.
[2025-01-26 22:28:40,233][DEBUG][ dns_client.c:3358] new session
[2025-01-26 22:28:40,233][DEBUG][ dns_client.c:3243] peer CN: cloudflare-dns.com
[2025-01-26 22:28:40,233][DEBUG][ dns_client.c:3289] cert SPKI pin(sha256): 48:F7:E0:E8:59:6E:3C:89:54:73:A6:B9:87:7D:77:04:30:B1:41:83:46:5F:E4:C7:4F:2E:E2:83:95:F7:F9:50
[2025-01-26 22:28:40,283][DEBUG][ dns_client.c:4155] retry query www.cloudflare.com, type: 65, id: 10599
[2025-01-26 22:28:40,283][DEBUG][ dns_client.c:3883] send query to server 1.0.0.1:853
[2025-01-26 22:28:40,637][DEBUG][ dns_client.c:2935] recv tcp packet from 1.0.0.1, len = 470
[2025-01-26 22:28:40,637][DEBUG][ dns.c:2237] opt type 12
[2025-01-26 22:28:40,637][DEBUG][ dns_client.c:1864] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 468, id = 10599, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2025-01-26 22:28:40,637][DEBUG][ dns_client.c:1876] domain: www.cloudflare.com qtype: 65 qclass: 1
[2025-01-26 22:28:40,637][DEBUG][ dns_server.c:4654] query result from server 1.0.0.1:853, type: 2, domain: www.cloudflare.com qtype: 65 rcode: 0, id: 32722
[2025-01-26 22:28:40,637][DEBUG][ dns_server.c:3951] domain: www.cloudflare.com HTTPS: TTL: 288 priority: 1
[2025-01-26 22:28:40,637][DEBUG][ dns_server.c:2337] reply www.cloudflare.com qtype: 65, rcode: 0, reply: 1
[2025-01-26 22:28:40,637][ INFO][ dns_server.c:2392] result: www.cloudflare.com, client: 127.0.0.1, qtype: 65, id: 32722, group: default, time: 892ms
[2025-01-26 22:28:40,637][DEBUG][ dns_client.c:2935] recv tcp packet from 1.0.0.1, len = 470
[2025-01-26 22:28:40,637][DEBUG][ dns.c:2237] opt type 12
[2025-01-26 22:28:40,637][DEBUG][ dns_client.c:1864] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 468, id = 10599, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2025-01-26 22:28:40,637][DEBUG][ dns_client.c:1876] domain: www.cloudflare.com qtype: 65 qclass: 1
[2025-01-26 22:28:40,784][DEBUG][ dns_client.c:1609] result: www.cloudflare.com, qtype: 65, has-result: 1, id 10599
原配置
dualstack-ip-selection no
新配置
dualstack-ip-selection no
speed-check-mode none
response-mode fastest-response
先彻底停掉smartdns,删掉持久化缓存再打开,结果正常了。直接在luci中保存并应用无效。
刚开始结果正常,一段时间后又不正常了,好像与缓存行为有关系。
下面是两次连续的查询,这个域名曾经查询过:
~> dig @192.168.10.1 -p 15353 cn.v2ex.com HTTPS
; <<>> DiG 9.18.33 <<>> @192.168.10.1 -p 15353 cn.v2ex.com HTTPS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51491
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 0
;; QUESTION SECTION:
;cn.v2ex.com. IN HTTPS
;; ANSWER SECTION:
cn.v2ex.com. 3 IN HTTPS 1 . alpn="h3,h2" ipv4hint=172.66.133.207,172.66.137.6 ech=AEX+DQBBegAgACDHozq2Cecd6u20C271gNdv3ApQvUIj3+Z27z0Nlrd/IwAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= ipv6hint=2606:4700:10::ac42:85cf,2606:4700:10::ac42:8906
;; Query time: 0 msec
;; SERVER: 192.168.10.1#15353(192.168.10.1) (UDP)
;; WHEN: Fri Aug 01 10:07:36 CST 2025
;; MSG SIZE rcvd: 188
~> dig @192.168.10.1 -p 15353 cn.v2ex.com HTTPS
; <<>> DiG 9.18.33 <<>> @192.168.10.1 -p 15353 cn.v2ex.com HTTPS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34158
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cn.v2ex.com. IN HTTPS
;; ANSWER SECTION:
cn.v2ex.com. 598 IN HTTPS 1 . alpn="h3,h2" ipv4hint=172.66.133.207 ech=AEX+DQBBaAAgACCLgvqdflFqc40y/rOnvX/+AvcR4+8CLCKhHRcSHSjWBwAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA=
;; Query time: 0 msec
;; SERVER: 192.168.10.1#15353(192.168.10.1) (UDP)
;; WHEN: Fri Aug 01 10:07:39 CST 2025
;; MSG SIZE rcvd: 137
使用一个未查询过的新域名,结果正常
~> dig @192.168.10.1 -p 15353 hk.v2ex.com HTTPS
; <<>> DiG 9.18.33 <<>> @192.168.10.1 -p 15353 hk.v2ex.com HTTPS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19410
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hk.v2ex.com. IN HTTPS
;; ANSWER SECTION:
hk.v2ex.com. 300 IN HTTPS 1 . alpn="h3,h2" ipv4hint=172.66.133.207,172.66.137.6 ech=AEX+DQBBaAAgACCLgvqdflFqc40y/rOnvX/+AvcR4+8CLCKhHRcSHSjWBwAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= ipv6hint=2606:4700:10::ac42:85cf,2606:4700:10::ac42:8906
;; Query time: 41 msec
;; SERVER: 192.168.10.1#15353(192.168.10.1) (UDP)
;; WHEN: Fri Aug 01 10:08:09 CST 2025
;; MSG SIZE rcvd: 188
PS:v2ex.com 有很多子域名,很方便debug
完整的配置如下:
cat /var/etc/smartdns/smartdns.conf
server-name smartdns
speed-check-mode none
dualstack-ip-selection no
prefetch-domain yes
cache-size 10000
dnsmasq-lease-file /tmp/dhcp.leases
rr-ttl-min 600
log-size 10M
log-num 1
log-level debug
audit-enable yes
audit-size 1M
audit-num 1
response-mode fastest-response
cache-persist yes
cache-file /etc/smartdns/smartdns.cache
proxy-server socks5://127.0.0.1:10080 -name default-proxy
resolv-file /tmp/resolv.conf.d/resolv.conf.auto
bind [::]:15353@br-lan
bind [::]:15353@lo
bind-tcp [::]:15353@br-lan
bind-tcp [::]:15353@lo
server-tcp 223.5.5.5:53
server-https https://cloudflare-dns.com/dns-query -group gfw -exclude-default-group -proxy default-proxy
server-https https://dns.adguard.com/dns-query -group gfw -exclude-default-group -proxy default-proxy
conf-file '/etc/smartdns/conf.d/anti-AD'
conf-file '/etc/smartdns/conf.d/gfwlist_smartdns_conf'
domain-set -name domain-forwarding-list -file /etc/smartdns/domain-forwarding.list
domain-rules /domain-set:domain-forwarding-list/ -dualstack-ip-selection no
domain-set -name domain-block-list -file /etc/smartdns/domain-block.list
domain-rules /domain-set:domain-block-list/ -address #
conf-file /etc/smartdns/address.conf
conf-file /etc/smartdns/blacklist-ip.conf
conf-file /etc/smartdns/custom.conf
gfwlist_smartdns_conf中有一条针对v2ex.com的域名规则
domain-rules /v2ex.com/ -speed-check-mode none -nameserver gfw
看看最新代码
升级到最新commit,保持配置文件不变,然后:
- 查询 v2ex.com 的https记录
- 等待ttl过期,再次查询,得到ttl=3的缓存记录
- 再次查询,得到正确的https记录
3次结果都完整,应该没问题了。