[Bug] 访问 GitHub 出现 Fastly error: unknown domain: github.com.

Verify steps

[X] 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
[ ] 如果你可以自己 debug 并解决的话，提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
[X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
[X] 我已经使用 Alpha 分支版本测试过，问题依旧存在 I have tested using the dev branch, and the issue still exists.
[X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
[X] 这是 Mihomo 核心的问题，并非我所使用的 Mihomo 衍生版本（如 OpenMihomo、KoolMihomo 等）的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.

Mihomo version

Mihomo Meta alpha-e601130 darwin amd64 with go1.21.6 Tue Jan 30 11:42:09 UTC 2024 Use tags: with_gvisor

What OS are you seeing the problem on?

macOS

Mihomo config

mode: rule
mixed-port: 7897
allow-lan: false
log-level: debug
ipv6: false
secret: ''
external-controller: 127.0.0.1:9097
dns:
  enable: true
  default-nameserver:
  - 119.29.29.29
  - 223.5.5.5
  nameserver:
  - https://dot.pub/dns-query
  - https://dns.alidns.com/dns-query
  - tls://dot.pub
  - tls://dns.alidns.com
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fallback: []
tun:
  enable: true
  stack: gvisor
  dns-hijack:
  - any:53
  auto-route: true
  auto-detect-interface: true
script:
  shortcuts:
    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
redir-port: 7892

proxy-groups:
- type: select
  name: 默认出口
  proxies:
  - 自动回落
  - 自动选择
  - 手动选择1
- name: 自动回落
  type: fallback
  proxies:
  - 手动选择1
  - 手动选择2
  - 自动选择
  url: http://www.gstatic.com/generate_204
  interval: 10
- type: select
  name: 手动选择1
  proxies:
  - dler-hk-to-sg
  - dler-sg-to-sg
  - 🇺🇸 美国 IEPL [01] [Air]
  - 🇺🇸 美国 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用-🇭🇰 Hong Kong 01
  - 备用-🇭🇰 Hong Kong 02
  - 备用-🇭🇰 Hong Kong 03
  - 备用-🇭🇰 Hong Kong 04
  - 备用-🇯🇵 Japan 01
  - 备用-🇯🇵 Japan 02
  - 备用-🇯🇵 Japan 03
  - 备用-🇯🇵 Japan 04
  - 备用-🇺🇸 United States 01
  - 备用-🇺🇸 United States 02
  - 备用-🇺🇸 United States 03
  - 备用-🇺🇸 United States 04
  - 备用-🇯🇵 Japan[Home] 3.0x
  - 备用-🇺🇸 United States[Home] 3.0x
  - 备用2-CU|美国1|x1
  - 备用2-IEPL|美国1|x3
  - 备用2-IEPL|美国2|家庭宽带|x3
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  - 备用2-IPV6|美国1|x0.1
  - ekko-hostdare-direct-trojan
  - ekko-oracle-direct-trojan
  - ekko-s1-trojan-ipv6
  - ekko-s1-direct-trojan
  - home-trojan-v6
  - work
  use:
  - gohome
- type: select
  name: OpenAI
  proxies:
  - dler-hk-to-sg
  - dler-sg-to-sg
  - 🇺🇸 美国 IEPL [01] [Air]
  - 🇺🇸 美国 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用-🇭🇰 Hong Kong 01
  - 备用-🇭🇰 Hong Kong 02
  - 备用-🇭🇰 Hong Kong 03
  - 备用-🇭🇰 Hong Kong 04
  - 备用-🇯🇵 Japan 01
  - 备用-🇯🇵 Japan 02
  - 备用-🇯🇵 Japan 03
  - 备用-🇯🇵 Japan 04
  - 备用-🇺🇸 United States 01
  - 备用-🇺🇸 United States 02
  - 备用-🇺🇸 United States 03
  - 备用-🇺🇸 United States 04
  - 备用-🇯🇵 Japan[Home] 3.0x
  - 备用-🇺🇸 United States[Home] 3.0x
  - 备用2-CU|美国1|x1
  - 备用2-IEPL|美国1|x3
  - 备用2-IEPL|美国2|家庭宽带|x3
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  - 备用2-IPV6|美国1|x0.1
  - ekko-hostdare-direct-trojan
  - ekko-oracle-direct-trojan
  - ekko-s1-trojan-ipv6
  - ekko-s1-direct-trojan
  - home-trojan-v6
  - work
- type: select
  name: Claude
  proxies:
  - dler-hk-to-sg
  - dler-sg-to-sg
  - 🇺🇸 美国 IEPL [01] [Air]
  - 🇺🇸 美国 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用-🇭🇰 Hong Kong 01
  - 备用-🇭🇰 Hong Kong 02
  - 备用-🇭🇰 Hong Kong 03
  - 备用-🇭🇰 Hong Kong 04
  - 备用-🇯🇵 Japan 01
  - 备用-🇯🇵 Japan 02
  - 备用-🇯🇵 Japan 03
  - 备用-🇯🇵 Japan 04
  - 备用-🇺🇸 United States 01
  - 备用-🇺🇸 United States 02
  - 备用-🇺🇸 United States 03
  - 备用-🇺🇸 United States 04
  - 备用-🇯🇵 Japan[Home] 3.0x
  - 备用-🇺🇸 United States[Home] 3.0x
  - 备用2-CU|美国1|x1
  - 备用2-IEPL|美国1|x3
  - 备用2-IEPL|美国2|家庭宽带|x3
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  - 备用2-IPV6|美国1|x0.1
  - ekko-hostdare-direct-trojan
  - ekko-oracle-direct-trojan
  - ekko-s1-trojan-ipv6
  - ekko-s1-direct-trojan
  - home-trojan-v6
  - work
- type: select
  name: 手动选择2
  proxies:
  - dler-hk-to-sg
  - dler-sg-to-sg
  - 🇺🇸 美国 IEPL [01] [Air]
  - 🇺🇸 美国 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用-🇭🇰 Hong Kong 01
  - 备用-🇭🇰 Hong Kong 02
  - 备用-🇭🇰 Hong Kong 03
  - 备用-🇭🇰 Hong Kong 04
  - 备用-🇯🇵 Japan 01
  - 备用-🇯🇵 Japan 02
  - 备用-🇯🇵 Japan 03
  - 备用-🇯🇵 Japan 04
  - 备用-🇺🇸 United States 01
  - 备用-🇺🇸 United States 02
  - 备用-🇺🇸 United States 03
  - 备用-🇺🇸 United States 04
  - 备用-🇯🇵 Japan[Home] 3.0x
  - 备用-🇺🇸 United States[Home] 3.0x
  - 备用2-CU|美国1|x1
  - 备用2-IEPL|美国1|x3
  - 备用2-IEPL|美国2|家庭宽带|x3
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  - 备用2-IPV6|美国1|x0.1
  - ekko-hostdare-direct-trojan
  - ekko-oracle-direct-trojan
  - ekko-s1-trojan-ipv6
  - ekko-s1-direct-trojan
  - home-trojan-v6
  - work
- type: url-test
  name: 自动选择
  proxies:
  - dler-hk-to-sg
  - dler-sg-to-sg
  - 🇺🇸 美国 IEPL [01] [Air]
  - 🇺🇸 美国 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用-🇭🇰 Hong Kong 01
  - 备用-🇭🇰 Hong Kong 02
  - 备用-🇭🇰 Hong Kong 03
  - 备用-🇭🇰 Hong Kong 04
  - 备用-🇯🇵 Japan 01
  - 备用-🇯🇵 Japan 02
  - 备用-🇯🇵 Japan 03
  - 备用-🇯🇵 Japan 04
  - 备用-🇺🇸 United States 01
  - 备用-🇺🇸 United States 02
  - 备用-🇺🇸 United States 03
  - 备用-🇺🇸 United States 04
  - 备用-🇯🇵 Japan[Home] 3.0x
  - 备用-🇺🇸 United States[Home] 3.0x
  - 备用2-CU|美国1|x1
  - 备用2-IEPL|美国1|x3
  - 备用2-IEPL|美国2|家庭宽带|x3
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  - 备用2-IPV6|美国1|x0.1
  - ekko-hostdare-direct-trojan
  - ekko-oracle-direct-trojan
  - ekko-s1-trojan-ipv6
  - ekko-s1-direct-trojan
  - home-trojan-v6
  - work
  url: http://www.gstatic.com/generate_204
  interval: 120
- type: select
  name: 回家跳板手动选择
  proxies:
  - dler-hk-to-sg
  - dler-sg-to-sg
  - 🇺🇸 美国 IEPL [01] [Air]
  - 🇺🇸 美国 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用-🇭🇰 Hong Kong 01
  - 备用-🇭🇰 Hong Kong 02
  - 备用-🇭🇰 Hong Kong 03
  - 备用-🇭🇰 Hong Kong 04
  - 备用-🇯🇵 Japan 01
  - 备用-🇯🇵 Japan 02
  - 备用-🇯🇵 Japan 03
  - 备用-🇯🇵 Japan 04
  - 备用-🇺🇸 United States 01
  - 备用-🇺🇸 United States 02
  - 备用-🇺🇸 United States 03
  - 备用-🇺🇸 United States 04
  - 备用-🇯🇵 Japan[Home] 3.0x
  - 备用-🇺🇸 United States[Home] 3.0x
  - 备用2-CU|美国1|x1
  - 备用2-IEPL|美国1|x3
  - 备用2-IEPL|美国2|家庭宽带|x3
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  - 备用2-IPV6|美国1|x0.1
  - ekko-hostdare-direct-trojan
  - ekko-oracle-direct-trojan
  - ekko-s1-trojan-ipv6
  - ekko-s1-direct-trojan
  - home-trojan-v6
  - work
- name: Home-Relay
  type: select
  use:
  - gohome
  proxies:
  - Home-Relay-By-Self-Proxy
  - Home-Relay-By-Proxy
- name: Home-Relay-By-Self-Proxy
  type: relay
  proxies:
  - 回家跳板手动选择
  - ekko-s1-direct-trojan
  - home-trojan-v6
- name: Home-Relay-By-Proxy
  type: relay
  proxies:
  - 回家跳板手动选择
  - home-trojan-v6
- type: url-test
  name: HK
  proxies:
  - dler-hk-to-sg
  - 🇭🇰 香港 IEPL [01] [Air]
  - 🇭🇰 香港 IEPL [02] [Air]
  - 🇭🇰 香港 IEPL [03] [Std]
  - 🇭🇰 香港 IEPL [04] [Std]
  - 备用2-IEPL|香港1|x3
  - 备用2-IEPL|香港2|NF|x3
  url: http://www.gstatic.com/generate_204
  interval: 120
rules:
- AND, ((NETWORK,UDP), (DST-PORT,443),(NOT,((GEOIP,CN)))),REJECT
- DOMAIN-SUFFIX,audiences.me,HK
- DOMAIN-SUFFIX,hhanclub.top,HK
- DOMAIN-SUFFIX,52pt.site,HK
- DOMAIN-SUFFIX,btschool.club,HK
- DOMAIN-SUFFIX,m-team.cc,HK
- DOMAIN-SUFFIX,m-team.io,HK
- DOMAIN-SUFFIX,hdchina.org,HK
- DOMAIN-SUFFIX,hdfans.org,HK
- DOMAIN-KEYWORD,google,默认出口
- DOMAIN-KEYWORD,bing,OpenAI
- DOMAIN-SUFFIX,copilot.microsoft.com,OpenAI
- DOMAIN-SUFFIX,openai.com,OpenAI
- DOMAIN-SUFFIX,anthropic.com,Claude
- IP-CIDR,10.10.106.201/32,DIRECT
- IP-CIDR,192.168.33.1/24,Home-Relay
- DOMAIN-SUFFIX,dash.applovin.com,DIRECT
- DOMAIN-SUFFIX,hq1.appsflyer.com,DIRECT
- DOMAIN-SUFFIX,cli.im,DIRECT
- IP-CIDR,159.138.42.223/32,DIRECT
- IP-CIDR,47.243.120.211/32,DIRECT
- DOMAIN-SUFFIX,apple.com.cn,DIRECT
- DOMAIN-SUFFIX,apple.com,DIRECT
- IP-CIDR,192.168.214.1/24,work
- IP-CIDR,192.168.215.1/24,work
- IP-CIDR,192.168.18.123/32,work
- IP-CIDR,172.16.31.1/24,work
- IP-CIDR,192.168.0.252/24,work
- IP-CIDR,10.10.0.0/24,work
- DOMAIN-SUFFIX,local,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- GEOIP,CN,DIRECT
- MATCH,默认出口

Mihomo log

No response

Description

用的 Clash-Verge+1.18 内核，TUN 模式，Edge 浏览器，ss 代理节点，开了自动关闭连接，订阅 1 分钟刷新一次，刷新后访问 GitHub 就很容易遇到

Fastly error: unknown domain: github.com. Please check that this domain has been added to a service.

Details: cache-qpg1255-QPG

遇到这个错误后，在连接列表中查不到 github.com 的连接，刷新网页也不会有

出错信息

请求 URL:
https://github.com/
请求方法:
GET
状态代码:
500 Internal Server Error
远程地址:
198.18.0.5:443
引用者策略:
strict-origin-when-cross-origin

在出错时刷新网页，会一直对 198.18.0.5 这个 IP 进行请求

此时 dig github.com 会返回

❯ dig github.com

; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41388
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0001, udp: 4096
;; QUESTION SECTION:
;github.com.                    IN      A

;; ANSWER SECTION:
github.com.             1       IN      A       198.18.0.7

;; Query time: 0 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jan 31 14:15:15 CST 2024
;; MSG SIZE  rcvd: 55

在 edge://net-internals/#sockets 中 close idle sockets 后再刷新就能正常访问，并且连接列表中会正常出现 github.com，此时请求 IP 会变成一个新的 IP

在浏览器控制台中将出错的请求复制成 curl 命令并在终端执行，能得到 200 的结果，但是请求的不是在浏览器中请求的 IP，下面的例子中就是请求的 198.18.0.7，而在浏览器中持续报错的是 198.18.0.5

❯ curl -v https://github.com/ > /dev/null
* processing: https://github.com/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 198.18.0.7:443...
* Connected to github.com (198.18.0.7) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2459 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [80 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*  start date: Feb 14 00:00:00 2023 GMT
*  expire date: Mar 14 23:59:59 2024 GMT
*  subjectAltName: host "github.com" matched cert's "github.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
*  SSL certificate verify ok.
} [5 bytes data]
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: github.com]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
} [5 bytes data]
> GET / HTTP/2
> Host: github.com
> User-Agent: curl/8.2.1
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200 
< server: GitHub.com
< date: Wed, 31 Jan 2024 06:17:21 GMT
< content-type: text/html; charset=utf-8
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Language, Accept-Encoding, Accept, X-Requested-With
< content-language: en-US
< etag: W/"e39b3134ff83a049d554090a34d3b39e"
< cache-control: max-age=0, private, must-revalidate
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
< set-cookie: _gh_sess=H20beDRl6owJYmV53BWrOJ%2BtKCn8bFa7JuxLvGND9mF7oJMuVbfyr5Y1TQIBF3%2F8pEwp1zrAYAEBWR3giCEOPitjYTMNfnyjEHY5CCVspDUgSYs8aPi%2BnFD01uMuzTwoEC3F4i55XZ8N75SN%2BjHVEBAeyOIeZGkSzfX274ku5wnlxOqYjDl3bkI1027G%2Fwd2e2CmvncR0w7DkTrZ2vWxWwpP5nuog7a2yy7F4%2F4yIX9qirE9E%2BohQASx355cUkNTL4%2BY6ZKjb%2BkY9Jpd4O03Lg%3D%3D--yEbDMOmnn%2BG5%2BGbW--JnLNLo3t2Bmq0mxZodbR6g%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
< set-cookie: _octo=GH1.1.745130108.1706681848; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 06:17:28 GMT; Secure; SameSite=Lax
< set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 06:17:28 GMT; HttpOnly; Secure; SameSite=Lax
< accept-ranges: bytes
< x-github-request-id: 9C44:1DE793:766D09:84FCDA:65B9E5F8
< 
{ [5 bytes data]
100  203k    0  203k    0     0   645k      0 --:--:-- --:--:-- --:--:--  646k
* Connection #0 to host github.com left intact

出错期间，可以用 lsof 看到一条始终存在的连接

❯ sudo lsof -n -i | grep -e LISTEN -e ESTABLISHED | grep Microsoft | grep 198.18.0.5: Microsoft 59325 ciel 43u IPv4 0x562c64df5e52fe51 0t0 TCP 198.18.0.1:62715->198.18.0.5:https (ESTABLISHED)

close idle sockets 后这条就不见了

再之后刷新网页，返回 200，但是 IP 已经变成了 198.18.0.7

请求 URL:
https://github.com/
请求方法:
GET
状态代码:
200 OK
远程地址:
198.18.0.7:443
引用者策略:
strict-origin-when-cross-origin

在出错时，用 curl 请求，将 github.com 强制解析到有问题的 IP，也能正常访问

❯ curl --resolve 'github.com:443:192.18.0.5' 'https://github.com/' \
  --compressed -v > /dev/null
* processing: https://github.com/
* Added github.com:443:192.18.0.5 to DNS cache
* Hostname github.com was found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.18.0.5:443...
* Connected to github.com (192.18.0.5) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2459 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*  start date: Feb 14 00:00:00 2023 GMT
*  expire date: Mar 14 23:59:59 2024 GMT
*  subjectAltName: host "github.com" matched cert's "github.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
*  SSL certificate verify ok.
} [5 bytes data]
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: github.com]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* h2 [accept-encoding: deflate, gzip, br, zstd]
* Using Stream ID: 1
} [5 bytes data]
> GET / HTTP/2
> Host: github.com
> User-Agent: curl/8.2.1
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200 
< server: GitHub.com
< date: Wed, 31 Jan 2024 09:48:39 GMT
< content-type: text/html; charset=utf-8
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Language, Accept-Encoding, Accept, X-Requested-With
< content-language: en-US
< etag: W/"c2a0d479322e0a1068d245f2ab0cf218"
< cache-control: max-age=0, private, must-revalidate
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
< content-encoding: gzip
< set-cookie: _gh_sess=1XQRlonrk%2BDACI%2FjAz4okIRHf38Vqq8tKq7e9N8LYzmkRvPJB1wUqXT2dbdXMCdnRaRkWZdgIJw3m7I46fOMP3wNU4tAmMwGQPIxFjptC44wOA0ZzPDHglqrj6IB3Yy55jQpcciIXoxHudgOFmJUnVLehj7Uhp6wxxDp8NplYUiewm0i5q%2Bk%2BRo9g5Nfp3L1iU23Z%2FNDt3TvrIhy2UjC%2FLaYen85sj3WImuHjaN2oaRLzYtMy09akA92Uqs9E7FhirW2IZMirr3bsE12xG2vmg%3D%3D--ElRnYpuFFrjTqn3m--Zj%2BqfsBVh0UqMkzQYI7CyQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
< set-cookie: _octo=GH1.1.291426682.1706694524; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 09:48:44 GMT; Secure; SameSite=Lax
< set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 09:48:44 GMT; HttpOnly; Secure; SameSite=Lax
< accept-ranges: bytes
< x-github-request-id: B5DA:1F2CBB:7FEB79:8E58E0:65BA177C
< 
{ [5 bytes data]
100 37865    0 37865    0     0   134k      0 --:--:-- --:--:-- --:--:--  134k
* Connection #0 to host github.com left intact

似乎是某种状态下会导致 fake-ip DNS 不失效，导致 Edge 一直对旧 IP 进行请求或者连接没有正常关闭导致 Edge 不会请求新的 DNS

另外观察连接列表后发现在订阅刷新后并不会导致所有连接都断开

附上一点浏览器的日志 edge-net-export-log 2.json.zip

MetaCubeX / mihomo