Some dns query cant be done correctly

Yxue-1906 commented 2 days ago

Operating system

Linux

System version

ubuntu22.04lts

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.3 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

Some dns query cant be done correctly. All failed dns query results returned by sing-box set edns version to 1. failed query packets(packet returned by sing-box with edns version set to 1):

Reproduction

1.start sing-box 2.query 'www121.jal.co.jp' with nslookup or dig 3.query failed

related configuration:

// ...
"dns": {
    "servers": [
      {
        "tag": "out_dns",
        "address": "https://1.1.1.1/dns-query",
        "detour": "proxy"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "local",
        "disable_cache": true
      },
      {
        "rule_set": "geosite-cn",
        "server": "local"
      }
    ],
    "final": "out_dns",
    "strategy": "prefer_ipv4"
  }
// ...
"outbounds": [
  { "type": "dns", "tag": "dns_out"}
]
// ...
"route": {
    "rules": [
      {
        "inbound": "mixed-in",
        "outbound": "proxy"
      },
      {
        "inbound": "dns_in",
        "outbound": "dns_out"
      },
      {
        "protocol": "dns",
        "outbound": "dns_out"
      }
   ]
 }

Logs

+0800 2024-06-29 00:23:55 DEBUG dns: exchange www121.jal.co.jp. IN A
+0800 2024-06-29 00:23:55 INFO [848291404 0ms] inbound/tun[tun-in]: inbound connection from 172.19.0.1:33254
+0800 2024-06-29 00:23:55 INFO [848291404 0ms] inbound/tun[tun-in]: inbound connection to 142.251.42.138:443
+0800 2024-06-29 00:23:55 DEBUG [848291404 6ms] router: sniffed protocol: tls, domain: www.googleapis.com
+0800 2024-06-29 00:23:55 INFO [848291404 22ms] router: found process path: /usr/libexec/goa-daemon
+0800 2024-06-29 00:23:55 DEBUG [848291404 22ms] router: match[7] process_name=[gvfsd-google gio goa-daemon] => proxy
+0800 2024-06-29 00:23:55 INFO [848291404 22ms] outbound/vmess[***]: outbound connection to 142.251.42.138:443
+0800 2024-06-29 00:23:55 DEBUG dns: exchanged www121.jal.co.jp NOERROR 82960
+0800 2024-06-29 00:23:55 INFO dns: exchanged www121.jal.co.jp A www121.jal.co.jp. 82960 IN A 163.211.253.68
+0800 2024-06-29 00:23:55 INFO dns: exchanged www121.jal.co.jp OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x4410, udp: 1232

Supporter

[ ] I am a sponsor

Integrity requirements

[X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
[X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
[X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
[X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

dyhkwong commented 11 hours ago

What is the result of dig that domain with edns without proxy?

Yxue-1906 commented 4 hours ago

What is the result of dig that domain with edns without proxy?

result of dig with proxy

SagerNet / sing-box