Closed ziyouchutuwenwu closed 8 months ago
ameshkov
commented
8 months ago dnsproxy just proxies queries, it cannot come up with NXDOMAIN by itself, it just means that the upstream DNS server returned NXDOMAIN to it.
Try enabling verbose logging and troubleshooting it from there.
ziyouchutuwenwu
commented
8 months ago the first response of nslookup will be ok, the next will be failed, i tried many times.
$ nslookup gitlab.xxx.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: gitlab.xxx.com
Address: 192.168.9.157
** server can't find gitlab.xxx.com: NXDOMAIN
mmc at manjaro in ~/Desktop (dev_env)
$ nslookup gitlab.xxx.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find gitlab.xxx.com: NXDOMAINsudo dnsproxy -l 127.0.0.1 -u 192.168.9.253 -u 223.5.5.5 -u 223.6.6.6 -v
2024/02/27 17:25:56 12267#1 [info] Starting dnsproxy v0.65.0
2024/02/27 17:25:56 12267#1 [debug] dnsproxy: upstream at index 0: 192.168.9.253:53
2024/02/27 17:25:56 12267#1 [debug] dnsproxy: upstream at index 1: 223.5.5.5:53
2024/02/27 17:25:56 12267#1 [debug] dnsproxy: upstream at index 2: 223.6.6.6:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: starting dns proxy server
2024/02/27 17:25:56 12267#1 [info] dnsproxy: cache: disabled
2024/02/27 17:25:56 12267#1 [info] dnsproxy: creating udp server socket 127.0.0.1:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: listening to udp://127.0.0.1:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: creating tcp server socket 127.0.0.1:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: listening to tcp://127.0.0.1:53
2024/02/27 17:25:56 12267#19 [info] dnsproxy: entering tcp listener loop on 127.0.0.1:53
2024/02/27 17:25:56 12267#18 [info] dnsproxy: entering udp listener loop on 127.0.0.1:53
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: handling new udp packet from 127.0.0.1:57633
2024/02/27 17:25:59 12267#5 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 43159
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN A
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: cache: disabled; not caching
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: sending request to 192.168.9.253:53 over udp: A "gitlab.xxx.com."
2024/02/27 17:25:59 12267#5 [debug] bootstrap: dialing 192.168.9.253:53 (1/1)
2024/02/27 17:25:59 12267#5 [debug] bootstrap: connection to 192.168.9.253:53 succeeded in 27.484µs
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: 192.168.9.253:53: response received over udp: "ok"
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: upstream 192.168.9.253:53 successfully finished exchange of ;gitlab.xxx.com. IN A; elapsed 406.939µs
2024/02/27 17:25:59 12267#5 [debug] proxy: replying from upstream: rtt is 429.097µs
2024/02/27 17:25:59 12267#5 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 43159
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN A
;; ANSWER SECTION:
gitlab.xxx.com. 3600 IN A 192.168.9.157
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: handling new udp packet from 127.0.0.1:51317
2024/02/27 17:25:59 12267#6 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 2425
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN AAAA
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: cache: disabled; not caching
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: sending request to 223.6.6.6:53 over udp: AAAA "gitlab.xxx.com."
2024/02/27 17:25:59 12267#6 [debug] bootstrap: dialing 223.6.6.6:53 (1/1)
2024/02/27 17:25:59 12267#6 [debug] bootstrap: connection to 223.6.6.6:53 succeeded in 17.644µs
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: 223.6.6.6:53: response received over udp: "ok"
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: upstream 223.6.6.6:53 successfully finished exchange of ;gitlab.xxx.com. IN AAAA; elapsed 6.597982ms
2024/02/27 17:25:59 12267#6 [debug] proxy: replying from upstream: rtt is 6.617439ms
2024/02/27 17:25:59 12267#6 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 2425
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN AAAA
;; AUTHORITY SECTION:
xxx.com. 393 IN SOA dns15.hichina.com. hostmaster.hichina.com. 2024022709 3600 1200 86400 600
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: handling new udp packet from 127.0.0.1:54534
2024/02/27 17:26:01 12267#7 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 19993
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN A
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: cache: disabled; not caching
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: sending request to 223.5.5.5:53 over udp: A "gitlab.xxx.com."
2024/02/27 17:26:01 12267#7 [debug] bootstrap: dialing 223.5.5.5:53 (1/1)
2024/02/27 17:26:01 12267#7 [debug] bootstrap: connection to 223.5.5.5:53 succeeded in 25.934µs
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: 223.5.5.5:53: response received over udp: "ok"
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: upstream 223.5.5.5:53 successfully finished exchange of ;gitlab.xxx.com. IN A; elapsed 5.894651ms
2024/02/27 17:26:01 12267#7 [debug] proxy: replying from upstream: rtt is 5.918033ms
2024/02/27 17:26:01 12267#7 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 19993
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN A
;; AUTHORITY SECTION:
xxx.com. 373 IN SOA dns15.hichina.com. hostmaster.hichina.com. 2024022709 3600 1200 86400 600
^C2024/02/27 17:26:02 12267#1 [info] dnsproxy: stopping dns proxy server
2024/02/27 17:26:02 12267#19 [debug] dnsproxy: tcp connection 127.0.0.1:53 closed
2024/02/27 17:26:02 12267#18 [debug] dnsproxy: udp connection 127.0.0.1:53 closed
2024/02/27 17:26:02 12267#1 [info] dnsproxy: stopped dns proxy serverHere is the upstream responding with NXDOMAIN:
2024/02/27 17:25:59 12267#6 [debug] bootstrap: dialing 223.6.6.6:53 (1/1)
2024/02/27 17:25:59 12267#6 [debug] bootstrap: connection to 223.6.6.6:53 succeeded in 17.644µs
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: 223.6.6.6:53: response received over udp: "ok"
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: upstream 223.6.6.6:53 successfully finished exchange of ;gitlab.xxx.com. IN AAAA; elapsed 6.597982ms
2024/02/27 17:25:59 12267#6 [debug] proxy: replying from upstream: rtt is 6.617439ms
2024/02/27 17:25:59 12267#6 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 2425
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab.xxx.com. IN AAAA
;; AUTHORITY SECTION:
xxx.com. 393 IN SOA dns15.hichina.com. hostmaster.hichina.com. 2024022709 3600 1200 86400 600You need to configure dnsproxy to not send those queries to these upstreams: https://github.com/AdguardTeam/dnsproxy?tab=readme-ov-file#specifying-upstreams-for-domains
192.168.9.253 is local dns server, which contains some private domain, for example: gitlab.xxx.com
now set dns server to 127.0.0.1, reup network.
when i ping gitlab.xxx.com, sometimes it's ok, like this
sometimes , it failed
nslookup response, first response is ok, the next failed.
local dns server is stable