Some dns query cant be done correctly

[Yxue-1906]

Operating system

Linux

System version

ubuntu22.04lts

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.3 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

Some dns query cant be done correctly. All failed dns query results returned by sing-box set edns version to 1. failed query packets(packet returned by sing-box with edns version set to 1):

Reproduction

1.start sing-box 2.query 'www121.jal.co.jp' with nslookup or dig 3.query failed

related configuration:

// ...
"dns": {
    "servers": [
      {
        "tag": "out_dns",
        "address": "https://1.1.1.1/dns-query",
        "detour": "proxy"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "local",
        "disable_cache": true
      },
      {
        "rule_set": "geosite-cn",
        "server": "local"
      }
    ],
    "final": "out_dns",
    "strategy": "prefer_ipv4"
  }
// ...
"outbounds": [
  { "type": "dns", "tag": "dns_out"}
]
// ...
"route": {
    "rules": [
      {
        "inbound": "mixed-in",
        "outbound": "proxy"
      },
      {
        "inbound": "dns_in",
        "outbound": "dns_out"
      },
      {
        "protocol": "dns",
        "outbound": "dns_out"
      }
   ]
 }

Logs

+0800 2024-06-29 00:23:55 DEBUG dns: exchange www121.jal.co.jp. IN A
+0800 2024-06-29 00:23:55 INFO [848291404 0ms] inbound/tun[tun-in]: inbound connection from 172.19.0.1:33254
+0800 2024-06-29 00:23:55 INFO [848291404 0ms] inbound/tun[tun-in]: inbound connection to 142.251.42.138:443
+0800 2024-06-29 00:23:55 DEBUG [848291404 6ms] router: sniffed protocol: tls, domain: www.googleapis.com
+0800 2024-06-29 00:23:55 INFO [848291404 22ms] router: found process path: /usr/libexec/goa-daemon
+0800 2024-06-29 00:23:55 DEBUG [848291404 22ms] router: match[7] process_name=[gvfsd-google gio goa-daemon] => proxy
+0800 2024-06-29 00:23:55 INFO [848291404 22ms] outbound/vmess[***]: outbound connection to 142.251.42.138:443
+0800 2024-06-29 00:23:55 DEBUG dns: exchanged www121.jal.co.jp NOERROR 82960
+0800 2024-06-29 00:23:55 INFO dns: exchanged www121.jal.co.jp A www121.jal.co.jp. 82960 IN A 163.211.253.68
+0800 2024-06-29 00:23:55 INFO dns: exchanged www121.jal.co.jp OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x4410, udp: 1232

Supporter

• [ ] I am a sponsor

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[dyhkwong]

What is the result of dig that domain with edns without proxy?

[Yxue-1906]

What is the result of dig that domain with edns without proxy?

result of dig with proxy

[Yxue-1906]

known domain(s) which cant be resolved correctly: www121.jal.co.jp www.hmv.co.jp

[Yxue-1906]

known domain(s) which cant be resolved correctly: www121.jal.co.jp www.hmv.co.jp

also pipy.org

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[Yxue-1906]

any progress?

[nekohasekai]

Works on my devices, checks your problems and open a new issue.

[Yxue-1906]

Works on my devices, checks your problems and open a new issue.

could you please share a sample of dns section of your configuration? thx.

[lazybetrayer]

I have the same problem

+0800 2024-09-14 13:54:46 DEBUG [2622094223 0ms] router: sniffed packet protocol: dns
+0800 2024-09-14 13:54:46 INFO [2622094223 1ms] router: found process path: /usr/lib/systemd/systemd-resolved
+0800 2024-09-14 13:54:46 DEBUG [2622094223 1ms] router: match[0] protocol=dns => dns-out
+0800 2024-09-14 13:54:46 DEBUG dns: exchange pypi.org. IN A
+0800 2024-09-14 13:54:46 DEBUG dns: match[5] domain_suffix=[xxxxxx] rule_set=[geosite-geolocation-!cn geosite-category-cryptocurrency] => dns_proxy
+0800 2024-09-14 13:54:46 DEBUG dns: exchanged pypi.org NOERROR 78458
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.128.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.192.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.64.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org A pypi.org. 78458 IN A 151.101.0.223
+0800 2024-09-14 13:54:46 INFO dns: exchanged pypi.org OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x327a, udp: 1232

$ dig pypi.org

; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> pypi.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18305
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;pypi.org.                      IN      A

;; Query time: 123 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Sep 14 13:54:46 CST 2024
;; MSG SIZE  rcvd: 37