search

AdguardTeam / dnsproxy

Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
Apache License 2.0
2.37k stars 246 forks source link

The strange dns resolution failure problem when farwording the query to upsteam server with dnsproxy. #123

Open hongyi-zhao opened 3 years ago

hongyi-zhao commented 3 years ago

On Ubuntu 20.10, I use the self compiled git master version of dnsproxy. I noticed a very strange error when using dnsproxy as a forwarder as shown below:

First start dnsproxy as a forwarder:

$ ./dnsproxy -u 114.114.114.114 -v -l 127.0.0.1 -p 6055

Then check it with the following DNS query:

$ dig www.baidu.com -p6055 @127.0.0.1 
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.16.6-Ubuntu <<>> www.baidu.com -p6055 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39178
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
.           0   CLASS4096 OPT   10 8 pVJy6qvyGAQ=

;; ADDITIONAL SECTION:
www.baidu.com.      3600    IN  A   192.168.1.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#6055(127.0.0.1)
;; WHEN: Thu Jan 14 17:12:56 CST 2021
;; MSG SIZE  rcvd: 70

At the same time, the verbose output on stdout of dnsproxy is also shown as the following: 

$ ./dnsproxy -u 114.114.114.114 -v -l 127.0.0.1 -p 6055
2021/01/14 17:12:45 [info] Starting the DNS proxy
2021/01/14 17:12:45 3475495#1 [debug] Upstream 0: 114.114.114.114:53
2021/01/14 17:12:45 3475495#1 [info] Starting the DNS proxy server
2021/01/14 17:12:45 3475495#1 [info] Creating the UDP server socket
2021/01/14 17:12:45 3475495#1 [info] Listening to udp://127.0.0.1:6055
2021/01/14 17:12:45 3475495#1 [info] Creating a TCP server socket
2021/01/14 17:12:45 3475495#1 [info] Listening to tcp://127.0.0.1:6055
2021/01/14 17:12:45 3475495#19 [info] Entering the UDP listener loop on 127.0.0.1:6055
2021/01/14 17:12:45 3475495#20 [info] Entering the tcp listener loop on 127.0.0.1:6055
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).udpHandlePacket(): Start handling new UDP packet from 127.0.0.1:40181
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 39178
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.baidu.com. IN   A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 4096
; COOKIE: a55272eaabf21804

2021/01/14 17:12:56 3475495#34 [debug] 114.114.114.114:53: sending request A www.baidu.com.
2021/01/14 17:12:56 3475495#34 [debug] 114.114.114.114:53: response: ok
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.exchangeWithUpstream(): upstream 114.114.114.114:53 successfully finished exchange of ;www.baidu.com.  IN   A. Elapsed 1 ms.
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).Resolve(): RTT: 1 ms
2021/01/14 17:12:56 3475495#34 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 39178
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.baidu.com. IN   A

;; ANSWER SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 4096
; COOKIE: a55272eaabf21804

;; ADDITIONAL SECTION:
www.baidu.com.  3600    IN  A   192.168.1.1

As you can see, obviously the return DNS record is wrong.

OTOH, I also checked with the remote upstream DNS server directly as below:

werner@X10DAi:~$ dig www.baidu.com  @114.114.114.114 
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.16.6-Ubuntu <<>> www.baidu.com @114.114.114.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5699
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
.           0   CLASS4096 OPT   10 8 vlkJY8LKzyI=

;; ADDITIONAL SECTION:
www.baidu.com.      3600    IN  A   192.168.1.1

;; Query time: 4 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Thu Jan 14 17:25:52 CST 2021
;; MSG SIZE  rcvd: 70

werner@X10DAi:~$ dig www.baidu.com  @114.114.114.114 +tcp

; <<>> DiG 9.16.6-Ubuntu <<>> www.baidu.com @114.114.114.114 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47325
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
www.baidu.com.      357 IN  CNAME   www.a.shifen.com.
www.a.shifen.com.   138 IN  A   220.181.38.149
www.a.shifen.com.   138 IN  A   220.181.38.150

;; Query time: 20 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Thu Jan 14 17:26:03 CST 2021
;; MSG SIZE  rcvd: 101

As you can see, only a DNS query using TCP will succeed. I'm very confused on this problem. Any hints/clues for this problem are highly appreciated.

Regards, HY

ameshkov commented 3 years ago

@hongyi-zhao it looks as if your ISP is intercepting and modifying DNS traffic

hongyi-zhao commented 3 years ago

Are there some methods for further digging into the underneath causes in the packet level?

ameshkov commented 3 years ago

Well, I just don't see what else could it be.

You could try a different DNS server to see if the responses are changed.