smartdns icon indicating copy to clipboard operation
smartdns copied to clipboard

Published 20 hours ago verified publisher icon pymumu

配置 serve-expired no 后在域名过期仍会导致3秒ttl=3

Open PikuZheng opened this issue 9 months ago • 5 comments

问题现象
配置 serve-expired yes 后 观察下游发现大量域名ttl=3。遂配置 serve-expired no 。此时观察在域名过期后仍会导致3秒ttl=3

运行环境

  1. docker

  2. 多上游

  3. 最新release自编译

  4. 涉及的配置(注意去除个人相关信息)

bind [::]:53

prefetch-domain yes
dualstack-ip-selection no
serve-expired no
response-mode fastest-response

cache-size 10000

rr-ttl-min 1
rr-ttl-max 3600
rr-ttl-reply-max 3600

重现步骤

  1. 上游DNS配置。
    server-tls 1.12.12.12 -host-name dot.pub -group mainland -blacklist-ip

  2. 访问的域名。
    私有域名

信息收集

localhost:~# kdig sponsor.ajay.app @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 38887
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; sponsor.ajay.app.            IN      A

;; ANSWER SECTION:
sponsor.ajay.app.       6       IN      A       104.21.44.169
sponsor.ajay.app.       6       IN      A       172.67.201.151

;; Received 66 B
;; Time 2025-02-11 18:42:05 CST
;; From 127.0.0.1@53(UDP) in 0.6 ms
localhost:~# kdig sponsor.ajay.app @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 49607
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; sponsor.ajay.app.            IN      A

;; ANSWER SECTION:
sponsor.ajay.app.       3       IN      A       104.21.44.169
sponsor.ajay.app.       3       IN      A       172.67.201.151

;; Received 66 B
;; Time 2025-02-11 18:42:11 CST
;; From 127.0.0.1@53(UDP) in 0.6 ms
localhost:~# kdig sponsor.ajay.app @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 3429
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; sponsor.ajay.app.            IN      A

;; ANSWER SECTION:
sponsor.ajay.app.       3       IN      A       104.21.44.169
sponsor.ajay.app.       3       IN      A       172.67.201.151

;; Received 66 B
;; Time 2025-02-11 18:42:12 CST
;; From 127.0.0.1@53(UDP) in 0.6 ms
localhost:~# kdig sponsor.ajay.app @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 65380
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; sponsor.ajay.app.            IN      A

;; ANSWER SECTION:
sponsor.ajay.app.       89      IN      A       172.67.201.151
sponsor.ajay.app.       89      IN      A       104.21.44.169

;; Received 66 B
;; Time 2025-02-11 18:42:12 CST
;; From 127.0.0.1@53(UDP) in 0.7 ms
localhost:~# kdig sponsor.ajay.app @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 51708
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; sponsor.ajay.app.            IN      A

;; ANSWER SECTION:
sponsor.ajay.app.       88      IN      A       172.67.201.151
sponsor.ajay.app.       88      IN      A       104.21.44.169

;; Received 66 B
;; Time 2025-02-11 18:42:13 CST
;; From 127.0.0.1@53(UDP) in 0.5 ms

PikuZheng avatar Feb 11 '25 10:02 PikuZheng

ttl=3有两种情况:1.过期域名 2.首次查询域名。确定不是第二种情况吗?

htfcuddles avatar Feb 17 '25 03:02 htfcuddles

ttl=3有两种情况:1.过期域名 2.首次查询域名。确定不是第二种情况吗?

配置了 response-mode fastest-response 应该完全透传上游结果

PikuZheng avatar Feb 17 '25 04:02 PikuZheng

即使是fastest-response,我理解也只是快速返回第一个相应结果,后台还会对多IP进行优选,以返回多个IP。

如果缓存没有命中,则及时返回一个IP地址给客户端,并设置TTL为3,让客户端再次查询,避免客户端等待。
并行的,smartdns等待所有IP地址的查询结果,并对查询结果进行优选。原则为:
    IP列表中的第一个IP为最快地址。
    其他IP相比第一个IP的速度差不多。
    速度较差的IP丢弃。
客户端3秒后,再次查询,将会获的所有最佳IP地址,但第一个IP地址仍然为最快,大部分软件也只会使用第一个IP。

htfcuddles avatar Feb 17 '25 04:02 htfcuddles

我仍认为在配置了response-mode fastest-response 时首次查询的ttl应该透传上游ttl。或应该遵循 rr-ttl-min

PikuZheng avatar Apr 03 '25 00:04 PikuZheng

似乎目前最新版本还有这个问题

AriaCraft2019 avatar Jul 04 '25 14:07 AriaCraft2019