search

Control-D-Inc / ctrld

A highly configurable, multi-protocol DNS forwarding proxy
MIT License
424 stars 21 forks source link

DNS resolving fails when restarting or awaking the computer #34

Closed pmcarrion closed 1 year ago

pmcarrion commented 1 year ago

OS: macOS Ventura 13.2.1 (22D68) Computer: MacBook Pro with M1 Max chip (Apple Silicon) ctrld version: 1.1.3 darwin_arm64

DNS resolving fails when restarting or awaking the computer.

The command sudo ./ctrld start --cd $DID --config /Applications/CLI/ctrld/ctrld.toml creates a file called ctrld.plist in /Library/LaunchDaemons. This file sets a daemon with the following command: /Applications/CLI/ctrld/ctrld run --cd $DID --config /Applications/CLI/ctrld/ctrld.toml --iface=auto --homedir=/Users/$USER

It seems that ctrld tries to get a new ctrld.toml file every time the computer restarts or wakes up. This is completely unnecessary as the ctrld.toml file never changes and only needs to be fetched once when setting up the service.

It also seems that ctrld is unable to resolve its own URL and get the DoH service running.

This issue causes my computer to freeze until I remove the DNS server (127.0.0.1) or uninstall the ctrld service.

domy86 commented 1 year ago

I have created a task to start the service upon connecting to network, will see how it works with network jumping...

cuonglm commented 1 year ago

@domy86 Thanks for the video, I can see where's the problem now.

This will be fixed in next release.

cuonglm commented 1 year ago

@pmcarrion I got a dock for using Ethernet, but could not reproduce the issue with v1.1.3, when I restart the OS, the ethernet is up very quickly, and ctrld start resolving everything as-is.

To gather more information, would you mind doing these things immediately after OS restart:

Do you have ipv6 only, or have both ipv4 and ipv6?

When using Wi-Fi, I did see a delay before ctrld start resolving after network is in up state.

cuonglm commented 1 year ago

@cuonglm

Aside from my application firewall, no. I don't think Little Snitch is the issue here.

I'll make a video and send it by email. Please note that I use Ethernet, not Wi-Fi.

Hi @pmcarrion, does your firewall block outbound request to port 53?

cuonglm commented 1 year ago

@cuonglm Aside from my application firewall, no. I don't think Little Snitch is the issue here. I'll make a video and send it by email. Please note that I use Ethernet, not Wi-Fi.

Hi @pmcarrion, does your firewall block outbound request to port 53?

Never mind, we figured it out the issue, this will be fixed in v1.1.4

pmcarrion commented 1 year ago

Hi @cuonglm!

Sorry for the late reply.

Here are the results:

➜  ~ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether da:e4:19:XX:XX:XX
    inet6 fe80::d8e4:XX:XX:XX%anpi1 prefixlen 64 scopeid 0x4
    nd6 options=201<PERFORMNUD,DAD>
    media: none
    status: inactive
anpi2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether da:e4:19:XX:XX:XX
    inet6 fe80::d8e4:XX:XX:XX%anpi2 prefixlen 64 scopeid 0x5
    nd6 options=201<PERFORMNUD,DAD>
    media: none
    status: inactive
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether da:e4:19:XX:XX:XX
    inet6 fe80::d8e4:XX:XX:XX%anpi0 prefixlen 64 scopeid 0x6
    nd6 options=201<PERFORMNUD,DAD>
    media: none
    status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether da:e4:19:XX:XX:XX
    nd6 options=201<PERFORMNUD,DAD>
    media: none
    status: inactive
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether da:e4:19:XX:XX:XX
    nd6 options=201<PERFORMNUD,DAD>
    media: none
    status: inactive
en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether da:e4:19:XX:XX:XX
    nd6 options=201<PERFORMNUD,DAD>
    media: none
    status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 36:16:6c:XX:XX:XX
    media: autoselect <full-duplex>
    status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 36:16:6c:XX:XX:XX
    media: autoselect <full-duplex>
    status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 36:16:6c:XX:XX:XX
    media: autoselect <full-duplex>
    status: inactive
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether f6:d4:88:XX:XX:XX
    media: autoselect
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    ether f4:d4:88:XX:XX:XX
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 36:16:6c:XX:XX:XX
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x0
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 10 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 11 priority 0 path cost 0
    member: en3 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 12 priority 0 path cost 0
    nd6 options=201<PERFORMNUD,DAD>
    media: <unknown type>
    status: inactive
awdl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
    options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    ether ce:93:76:XX:XX:XX
    inet6 fe80::cc93:XX:XX:XX%awdl0 prefixlen 64 scopeid 0x12
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (<unknown type>)
    status: inactive
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether ce:93:76:XX:XX:XX
    inet6 fe80::cc93:XX:XX:XX%llw0 prefixlen 64 scopeid 0x13
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: inactive
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=6467<RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    ether 00:23:a4:06:1b:20
    inet6 fe80::1873:XX:XX:XX%en7 prefixlen 64 secured scopeid 0xd
    inet 192.XX:XX:XX netmask 0xffffff00 broadcast 192.168.50.255
    inet6 2001:1388:3c0:656a:cd8:XX:XX:XX prefixlen 64 autoconf secured
    inet6 2001:1388:3c0:656a:e181:XX:XX:XX prefixlen 64 autoconf temporary
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (1000baseT <full-duplex>)
    status: active
en8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=6467<RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    ether 00:e0:4c:XX:XX:XX
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (none)
    status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::ee37:XX:XX:XX%utun0 prefixlen 64 scopeid 0x14
    nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
    inet6 fe80::329e:XX:XX:XXf9%utun1 prefixlen 64 scopeid 0x15
    nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
    inet6 fe80::ce81:XX:XX:XXe%utun2 prefixlen 64 scopeid 0x16
    nd6 options=201<PERFORMNUD,DAD>
➜  ~ networksetup -listnetworkserviceorder
An asterisk (*) denotes that a network service is disabled.
(1) USB 10/100/1000 LAN (Dock)
(Hardware Port: USB 10/100/1000 LAN, Device: en7)

(2) USB 10/100/1000 LAN 2 (Uni)
(Hardware Port: USB 10/100/1000 LAN, Device: en8)

(3) Wi-Fi
(Hardware Port: Wi-Fi, Device: en0)

(4) iPhone USB
(Hardware Port: iPhone USB, Device: en9)

(5) Thunderbolt Bridge
(Hardware Port: Thunderbolt Bridge, Device: bridge0)

(6) VPN by Cisco
(Hardware Port: com.cisco.one, Device: )

➜  ~ ps -ef | grep ctrld
    0   542     1   0  3:40PM ??         0:01.71 /Applications/CLI/ctrld/ctrld run --cd $DID -vv --iface=auto --homedir=/Users/XX
  501  4568  4136   0  3:45PM ttys001    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox ctrld
➜  ~ cat /etc/resolv.conf
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
nameserver 127.0.0.1

Do you have ipv6 only, or have both ipv4 and ipv6?

I have both, but there have been times that my ISP has a massive failure with their IPv4 stack and the IPv6 kept on working. Those times, I was unable to access IPv4-only services.

Hi @pmcarrion, does your firewall block outbound request to port 53?

Little Snitch is an application firewall, it can only block domains/IP addresses + ports. It can't block whole ports like an iptables firewall. So, no, port 53 is not blocked.

Never mind, we figured it out the issue, this will be fixed in v1.1.4

Thanks!