search

AdguardTeam / dnsproxy

Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
Apache License 2.0
2.36k stars 245 forks source link

dns.circl.lu reply wrong #342

Open gansui opened 1 year ago

gansui commented 1 year ago

when dnsproxy point upstream dns to following, reply is wrong(peer reset the connection) ,but dig reply correct if dig point to dns.circl.lu directly. there are also other dns reply wrong,I can't list all

circl-doh DoH server operated by CIRCL, Computer Incident Response Center Luxembourg. Hosted in Bettembourg, Luxembourg. Protocol DoH Addresses [ "dns.circl.lu", "185.194.94.71" ] Ports [ 443 ] DNSSEC false No filters true No logs true Stamp sdns://AgYAAAAAAAAADTE4NS4xOTQuOTQuNzEADGRucy5jaXJjbC5sdQovZG5zLXF1ZXJ5

2023/07/15 10:27:37 1227322#3 [debug] dnsproxy: cache: disabled; not caching 2023/07/15 10:27:37 1227322#3 [debug] https://dns.circl.lu:443/dns-query: sending request over tcp: A www.youtube.com. 2023/07/15 10:27:37 1227322#5 [debug] bootstrap: dialing 185.194.94.71:443 (1/1) 2023/07/15 10:27:37 1227322#5 [debug] bootstrap: connection to 185.194.94.71:443 succeeded in 244.511957ms 2023/07/15 10:27:37 1227322#3 [debug] https://dns.circl.lu:443/dns-query: response received over tcp: requesting https://dns.circl.lu:443/dns-query: Get "https://dns.circl.lu:443/dns-query?dns=AAABIAABAAAAAAABA3d3dwd5b3V0dWJlA2NvbQAAAQABAAApBNAAAAAAAAwACgAIwXwyIjGOIK4": read tcp 192.168.0.155:52380->185.194.94.71:443: read: connection reset by peer 2023/07/15 10:27:37 1227322#3 [debug] re-creating the http client due to requesting https://dns.circl.lu:443/dns-query: Get "https://dns.circl.lu:443/dns-query?dns=AAABIAABAAAAAAABA3d3dwd5b3V0dWJlA2NvbQAAAQABAAApBNAAAAAAAAwACgAIwXwyIjGOIK4": read tcp 192.168.0.155:52380->185.194.94.71:443: read: connection reset by peer 2023/07/15 10:27:37 1227322#3 [debug] using HTTP/2 for this upstream: HTTP3 support is not enabled 2023/07/15 10:27:37 1227322#3 [debug] github.com/AdguardTeam/dnsproxy/proxy.exchangeWithUpstream(): upstream https://dns.circl.lu:443/dns-query failed to exchange ;www.youtube.com. IN A in 252.715784ms. Cause: requesting https://dns.circl.lu:443/dns-query: Get "https://dns.circl.lu:443/dns-query?dns=AAABIAABAAAAAAABA3d3dwd5b3V0dWJlA2NvbQAAAQABAAApBNAAAAAAAAwACgAIwXwyIjGOIK4": read tcp 192.168.0.155:52380->185.194.94.71:443: read: connection reset by peer 2023/07/15 10:27:37 1227322#3 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).replyFromUpstream(): RTT: 252.87266ms 2023/07/15 10:27:37 1227322#3 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: SERVFAIL, id: 3417 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

gansui commented 1 year ago

if dnsproxy point to comodo-02,dnsproxy will crash,but dnscrypt go client(https://github.com/ameshkov/dnscrypt) works

comodo-02 Comodo Dome Shield (anycast) - https://cdome.comodo.com/shield/ Protocol DNSCrypt Addresses [ "8.20.247.2" ] Ports [ 443 ] DNSSEC true No filters true No logs false Stamp sdns://AQUAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ

===========================

2023/07/15 10:52:32 1228497#3 [debug] dnsproxy: cache: disabled; not caching 2023/07/15 10:52:32 1228497#3 [debug] [2.dnscrypt-cert.shield-2.dnsbycomodo.com.] fetched certificate 8 2023/07/15 10:52:32 1228497#3 [debug] [2.dnscrypt-cert.shield-2.dnsbycomodo.com.] fetched certificate 7 2023/07/15 10:52:32 1228497#3 [debug] [2.dnscrypt-cert.shield-2.dnsbycomodo.com.] bad cert: dnscrypt: cert has invalid ts-start or ts-end panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x4 pc=0x74955f]

goroutine 3 [running]: github.com/ameshkov/dnscrypt/v2.(Client).DialStamp(0xc0001b6000?, {{0xc000024290, 0xe}, {0xc00002e195, 0x20, 0x49}, {0x0, 0x0, 0x0}, {0xc00002a150, ...}, ...}) github.com/ameshkov/dnscrypt/v2@v2.2.6/client.go:78 +0x1df github.com/ameshkov/dnscrypt/v2.(Client).Dial(0xc000112090?, {0xc0001b6000?, 0x4b047c?}) github.com/ameshkov/dnscrypt/v2@v2.2.6/client.go:54 +0x125 github.com/AdguardTeam/dnsproxy/upstream.(dnsCrypt).resetClient(0xc00012d6b0) github.com/AdguardTeam/dnsproxy/upstream/upstream_dnscrypt.go:136 +0x11f github.com/AdguardTeam/dnsproxy/upstream.(dnsCrypt).exchangeDNSCrypt(0xc00012d6b0, 0xc0001a2000) github.com/AdguardTeam/dnsproxy/upstream/upstream_dnscrypt.go:98 +0xc8 github.com/AdguardTeam/dnsproxy/upstream.(dnsCrypt).Exchange(0x600aaa?, 0xc0000b0010?) github.com/AdguardTeam/dnsproxy/upstream/upstream_dnscrypt.go:56 +0x27 github.com/AdguardTeam/dnsproxy/proxy.exchangeWithUpstream({0xa791a0, 0xc00012d6b0}, 0xc0001a2000) github.com/AdguardTeam/dnsproxy/proxy/exchange.go:69 +0x72 github.com/AdguardTeam/dnsproxy/proxy.(Proxy).exchange(0xc00013d500?, 0xc0001a6000?, {0xc000132ff0?, 0x8ed640?, 0xc000024230?}) github.com/AdguardTeam/dnsproxy/proxy/exchange.go:30 +0xf6 github.com/AdguardTeam/dnsproxy/proxy.(Proxy).replyFromUpstream(0xc00013d500, 0xc0001a6000) github.com/AdguardTeam/dnsproxy/proxy/proxy.go:490 +0x98 github.com/AdguardTeam/dnsproxy/proxy.(Proxy).Resolve(0xc00013d500, 0xc0001a6000) github.com/AdguardTeam/dnsproxy/proxy/proxy.go:574 +0xa5 github.com/AdguardTeam/dnsproxy/proxy.(Proxy).handleDNSRequest(0xc00013d500, 0xc0001a6000) github.com/AdguardTeam/dnsproxy/proxy/server.go:133 +0x3de github.com/AdguardTeam/dnsproxy/proxy.(Proxy).udpHandlePacket(0xc00013d500, {0xc00006c140, 0x38, 0x38}, {0xc000024150, 0x4, 0x4}, 0xc00007a000, 0xc0000b0610) github.com/AdguardTeam/dnsproxy/proxy/server_udp.go:115 +0x2e6 github.com/AdguardTeam/dnsproxy/proxy.(Proxy).udpPacketLoop.func1() github.com/AdguardTeam/dnsproxy/proxy/server_udp.go:82 +0x4f created by github.com/AdguardTeam/dnsproxy/proxy.(Proxy).udpPacketLoop github.com/AdguardTeam/dnsproxy/proxy/server_udp.go:81 +0x37e