tun模式下，设置dns server为local， 无法解析，报错timeout

[lqu3j]

操作系统

Linux

系统版本

Gentoo

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version 1.9.3

Environment: go1.21.11 linux/amd64
Tags: with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api,with_gvisor
CGO: enabled

描述

{
  "log": {
    "disabled": false,
    "level": "trace",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "dns-tls-google",
        "address": "tls://8.8.8.8",
        "detour": "出国"
      },
      {
        "tag": "dns-google",
        "address": "8.8.8.8",
        "address_resolver": "dns-tls-google",
        "detour": "出国"
      },
      {
        "tag": "dns-local",
        "address": "local",
        "detour": "out-direct"
      },
      {
        "tag": "dns-block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "dns-local"
      },
      {
        "domain_suffix":[
            "5488888.xyz"
        ],
        "server": "dns-local"
      },
      {
        "rule_set": [
          "site-youtube",
          "site-telegram",
          "site-github",
          "site-openai",
          "site-google"
        ],
        "server": "dns-google"
      },
      {
        "rule_set": [
          "site-direct"
        ],
        "server": "dns-local"
      },
      {
        "query_type": [
          "A"
        ],
        "rewrite_ttl": 1,
        "server": "dns-google"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
        "type": "tun",
        "tag": "tun-in",
        "interface_name": "tun-sinbox",
        "inet4_address": "172.100.0.1/30",
        "auto_route": true,
        "domain_strategy":"prefer_ipv4",
        "strict_route": true,
        "stack": "gvisor",
        "sniff": true
    }
  ],
  "route": {
    "rule_set": [
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-youtube",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/youtube.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "ip-telegram",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geoip/telegram.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-telegram",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/telegram.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-github",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/github.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-openai",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/openai.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-netflix",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/netflix.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "ip-netflix",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo-lite/geoip/netflix.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-google",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/google.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "ip-direct",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geoip/cn.srs"
      },
      {
        "type": "remote",
        "format": "binary",
        "download_detour": "出国",
        "tag": "site-direct",
        "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/cn.srs"
      }
    ],
    "rules": [
      {
        "protocol": "dns",
        "outbound": "out-dns"
      },
      {
        "port": 53,
        "outbound": "out-dns"
      },
      {
        "type": "logical",
        "mode": "or",
        "rules": [
          {
            "port": 853
          },
          {
            "network": "udp",
            "port": 443
          },
          {
            "protocol": "stun"
          }
        ],
        "outbound": "out-block"
      },
      {
        "rule_set": [
          "site-youtube",
          "site-telegram",
          "site-github",
          "site-openai",
          "site-google",
          "ip-telegram",
          "ip-netflix"
        ],
        "outbound": "出国"
      },
      {
        "domain_suffix":[
            "5488888.xyz"
        ],
        "outbound": "yy"
      },
      {
        "rule_set": [
          "site-direct",
          "ip-direct"
        ],
        "outbound": "out-direct"
      },
      {
        "ip_is_private": true,
        "outbound": "out-direct"
      }
    ],
    "auto_detect_interface": true,
    "final": "出国"
  },
  "outbounds": [
    {
      "tag": "出国",
      "outbounds": [
        "trojan-bwg"
      ],
      "interrupt_exist_connections": true,
      "type": "selector"
    },
    {
      "tag": "回家",
      "outbounds": [
        "yy"
      ],
      "interrupt_exist_connections": true,
      "type": "selector"
    },
    {
      "type": "trojan",
      "tag": "trojan-bwg",
      "server": "xxxxx",
      "server_port": 443,
      "password": "xxxx",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "xxx"
      }
    },
    {
      "type": "wireguard",
      "tag": "yy",
      "server": "xxx",
      "server_port": xxxx,
      "system_interface": false,
      "gso": false,
      "interface_name": "wg0",
      "local_address": [
        "10.0.0.3/32"
      ],
      "private_key": "xxx",
      "peer_public_key": "xx",
      "network": "tcp"
    },

    {
      "type": "direct",
      "tag": "out-direct"
    },
    {
      "type": "dns",
      "tag": "out-dns"
    },
    {
      "type": "block",
      "tag": "out-block"
    }
  ]
}

重现方式

按照上述配置测试即可重现

日志

Jul 04 18:38:21 lx systemd-journald[574]: [🡕] Suppressed 3784752 messages from sing-box.service
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [897431655 10.46s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [2328585459 10.73s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 ERROR dns: exchange failed for git.5488888.xyz. IN A: lookup git.5488888.xyz: i/o timeout
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [1412750994 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 ERROR dns: exchange failed for git.5488888.xyz. IN A: lookup git.5488888.xyz: i/o timeout
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [4255108323 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 ERROR dns: exchange failed for git.5488888.xyz. IN A: lookup git.5488888.xyz: operation was canceled
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 INFO [2897107194 0ms] inbound/tun[tun-in]: inbound packet connection from 172.100.0.1:50190
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 INFO [2897107194 0ms] inbound/tun[tun-in]: inbound packet connection to 172.100.0.2:53
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [2897107194 0ms] router: sniffed packet protocol: dns
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [2897107194 0ms] router: match[0] protocol=dns => out-dns
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG dns: exchange git.5488888.xyz. IN A
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG dns: match[1] domain_suffix=5488888.xyz => dns-local
Jul 04 18:38:21 lx sing-box[378729]: +0800 2024-07-04 18:38:21 DEBUG [511545230 10.17s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:22 lx sing-box[378729]: +0800 2024-07-04 18:38:22 ERROR dns: exchange failed for git.5488888.xyz. IN A: lookup git.5488888.xyz: i/o timeout
Jul 04 18:38:22 lx sing-box[378729]: +0800 2024-07-04 18:38:22 DEBUG [1830291570 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: exchange h-adashx.ut.taobao.com. IN AAAA
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: exchange h-adashx.ut.taobao.com. IN A
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: match[3] rule_set=site-direct => dns-local
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: match[3] rule_set=site-direct => dns-local
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: strategy rejected
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: exchange h-adashx.ut.taobao.com. IN A
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG dns: match[3] rule_set=site-direct => dns-local
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 ERROR dns: exchange failed for git.5488888.xyz. IN A: lookup git.5488888.xyz: i/o timeout
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 ERROR dns: exchange failed for git.5488888.xyz. IN A: lookup git.5488888.xyz: operation was canceled
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG [3574317410 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG [2745497822 10.17s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:23 lx sing-box[378729]: +0800 2024-07-04 18:38:23 DEBUG [1823350538 10.16s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
Jul 04 18:38:24 lx sing-box[378729]: +0800 2024-07-04 18:38:24 DEBUG dns: exchange git.5488888.xyz. IN A
Jul 04 18:38:24 lx sing-box[378729]: +0800 2024-07-04 18:38:24 DEBUG dns: match[1] domain_suffix=5488888.xyz => dns-local

支持我们

• [ ] 我已经 赞助

完整性要求

• [X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• [X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• [X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[luweijun1992]

你意思是把终端DNS设置成sing-box Linux的IP地址把，导致解析不了。 你把终端网关设置成sing-box，然后dns IP随便设置一个非sing-box IP看看是不是就可以了，这样经过sing-box的dns流量被劫持所以可以 然后设置成sing-box IP反而不可以。

[dyhkwong]

使用 TUN 时 local 是 TUN DNS，会导致回环，不能用是正常行为。尝试使用 dhcp://auto 替代。

[luweijun1992]

使用 TUN 时 local 是 TUN DNS，会导致回环，不能用是正常行为。尝试使用 dhcp://auto 替代。

这是什么意思啊？我也遇到相同问题，inbounds：direct 53 + tun ，终端dns为sing-box IP时候无法解析