BUG: DNS problem

[papampi]

Hi, First I should thank you again for your great works and efforts.

As you mentioned in 4.1.6 release note there is some issue with raw DNS addresses but it causes more issue than just setting nekoray direct DNS address with tls, tcp, udp ,...

My setup is Ubuntu 24.04 + nekoray + AdGuardHome as my local network default gateway + DNS server.

Ubuntu network setting: IP: 192.168.1.10/24 Gateway: 192.168.1.1, DNS: 8.8.8.8
Local Network devices: 192.168.1.x/24, Gateway: 192.168.1.10, DNS: 192.168.1.10 

In 4.1.6 none of the local devices connected to this home server can resolve with raw addresses if DNS is set to anything other than AdGuard, also AdGuard gives error on all raw upstream addresses and the home server can't resolve with raw DNS too.

So I had to change home server DNS to localhost (AdGuardHome) but it causes some lags and resolve times in adgauard query log goes as high as 400-500 ms.

Ubuntu network setting: IP: 192.168.1.10/24 Gateway: 192.168.1.1, DNS: 127.0.0.1

4.1.5 and earlier works with no problems.

[Mahdi-zarei]

The problem should be from the sing-box side, as the 4.1.6 has just reverted a change made in 4.1.5 and updated the sing-box version. if 4.1.4 also works, then the only source of the problem could be sing-box. However, I feel like there is something wrong with your DNS settings, usually the router should not be the dns resolver and this causes issues, is 192.168.1.10 the server running adguard? if not try settings your system dns to some dns server like 8.8.8.8 or whatever, and try setting your direct DNS in nekoray to localhost and see if this helps.

[papampi]

192.168.1.10 is the Ubuntu server with nekoray+adguard 192.168.1.1 is router which is the default gateway of ubuntu server

4.1.4 works with no problems too.

4.1.6:

:~$ nslookup github.com
;; communications error to 8.8.8.8#53: timed out
;; communications error to 8.8.8.8#53: timed out
;; communications error to 8.8.8.8#53: timed out

4.1.5,4.1.4,...

~$ nslookup github.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   github.com
Address: 140.82.114.3

Then its sing-box issue, hopefully will be solved in next releases.

[papampi]

Just checked nsresolve again on 4.1.5 and its not resolving anymore after 20 minutes: Dropping down to 4.1.4 and check again in 30 min to see how it goes.

Edit: Seems like it was resolving from cache

[papampi]

Tried resolving multiple domains ... 4.1.4 has no problem

[Mahdi-zarei]

can you also export the sing-box conf and see if there is any particular difference?

[papampi]

I updated from within nekoray so they should be same, correct? By sing-box conf, which exact file do you want me to check?

[Mahdi-zarei]

most of the configs remain the same yes. You can use share-> export sing-box config to see what config is being generated and compare for issues.

[papampi]

can you also export the sing-box conf and see if there is any particular difference?

Other than Direct DNS address everything else is same

[Mahdi-zarei]

what are their differences in the two versions?

[papampi]

what are their differences in the two versions?

4.1.4: 8.8.8.8 4.1.5, 4.1.6: tcp://8.8.8.8

[papampi]

Working flawless on 4.1.4 now ... Dont worry.

[Mahdi-zarei]

try 8.8.8.8 on the newer versions as well, if it does not work, then the problem is from sing-box's end...

[papampi]

try 8.8.8.8 on the newer versions as well, if it does not work, then the problem is from sing-box's end...

raw dns like 8.8.8.8 wont resolve on other devices connected to this machine and its not resolving on its own either and even adguard upstreams gives error.

[papampi]

Found what causes this problem and tried on multiple ubuntu 24.04 and even a fresh vm install. In Tun settings when enabled GSO nslookup gives this error and nothing resolves:

~$ nslookup facebook.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

When disabled GSO:

Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   facebook.com
Address: 31.13.66.35
Name:   facebook.com
Address: 2a03:2880:f103:83:face:b00c:0:25de

[Mahdi-zarei]

I suggest you submit an issue with enough details in sing-box's repo so that this ( and perhaps some other issue regarding GSO) can be fixed.

[papampi]

Will wait for your nekoray with latest stable sing-box core and if it was not resolved yet will post an issue there. For now just disabled GSO and all works great.

Thanks again for your awesome hard works.