sing-box DNS Exchange Reports ‘Context Canceled’ Error When Used as Bypass Router (Secondary Gateway)

DDCHlsq commented 4 months ago

Operating system

Linux

System version

Ubuntu Server LTS 22.04 (Kernel ver. 6.1.31-sun50iw9)

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.4 linux/arm64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

Environment:

sing-box running in Tun mode (auto_route enabled, strict_route disabled)
Linux device running as bypass router (or secondary gateway, you name it)
Devices in the same LAN sets the gateway addr to the Linux device running sing-box
Linux IPv4 forwarding enabled

Issue:

When running sing-box with the configuration provided in the Reproduction section below, everything appears normal initially. However, after approximately 10 minutes, error messages start to appear, as shown in the Logs section.

Observations:

This issue is perplexing because I am running the same version of sing-box with almost identical configurations (strict_route enabled) on my iPhone, iPad, MacBook Pro, and Windows PCs, none of which exhibit this problem. Additionally, if the requested domain matches the rule using fake-ip, the issue does not occur.

Reproduction

{
  "log": {
    "disabled": false,
    "level": "info",
    "timestamp": true
  },
  "ntp": {
    "enabled": true,
    "server": "ntp.aliyun.com",
    "server_port": 123,
    "interval": "1m",
    "detour": "direct"
  },
  "dns": {
    "servers": [
      {
        "tag": "cf",
        "address": "https://1.1.1.1/dns-query",
        "detour": "proxy"
      },
      {
        "tag": "ali",
        "address": "https://223.5.5.5/dns-query",
        "detour": "direct"
      },
      {
        "tag": "refuseddns",
        "address": "rcode://success"
      },
      {
        "tag": "fakedns",
        "address": "fakeip"
      },
      {
        "tag": "localdns",
        "address": "local"
      }
    ],
    "rules": [
      {
        "rule_set": "rule-xboxdlglobal",
        "server": "localdns"
      },
      {
        "outbound": "any",
        "server": "ali"
      },
      {
        "rule_set": "rule-private",
        "server": "ali"
      },
      {
        "rule_set": [
          "rule-reject",
          "rule-pcdn",
          "rule-httpdns"
        ],
        "server": "refuseddns"
      },
      {
        "rule_set": [
          "rule-icloud",
          "rule-apple",
          "rule-steamcn",
          "rule-xboxdlcn"
        ],
        "server": "ali"
      },
      {
        "query_type": [
          "HTTPS",
          "SVCB"
        ],
        "rule_set": "rule-proxy",
        "server": "refuseddns"
      },
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "rule_set": "rule-proxy",
        "server": "fakedns"
      },
      {
        "rule_set": "rule-proxy",
        "server": "cf"
      },
      {
        "rule_set": "rule-direct",
        "server": "ali"
      }
    ],
    "final": "cf",
    "disable_cache": false,
    "disable_expire": false,
    "independent_cache": false,
    "reverse_mapping": false,
    "fakeip": {
      "enabled": true,
      "inet4_range": "198.18.0.0/15"
      // "inet6_range": "fc00::/18"
    }
  },
  "inbounds": [
    {
      "tag": "tun",
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      // "inet6_address": "fdfe:dcba:9876::1/126",
      "mtu": 1500,
      "stack": "mixed",
      "auto_route": true,
      "strict_route": false,
      "sniff": true,
      "sniff_override_destination": false
    }
  ],
  "outbounds": [
    {
      "type": "selector",
      "tag": "proxy",
      "outbounds": [
        "JP_BGP",
        "JP_SB",
        "JP_AZ",
        "TW",
        "TW_CF",
        "HK_4837",
        "US_CMIN2",
        "HK",
        "SG",
        "US_CMIN2_quic"
      ],
      "default": "JP_BGP",
      "interrupt_exist_connections": false
    },
    {
      "type": "selector",
      "tag": "udp_proxy",
      "outbounds": [
        "proxy",
        "JP_BGP_UDP",
        "JP_SB_UDP",
        "HK_UDP"
      ],
      "default": "proxy",
      "interrupt_exist_connections": false
    },
    // detailed server data omitted
    {
      "type": "dns",
      "tag": "dns-out"
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      // NO QUIC
      {
        "protocol": "quic",
        "outbound": "block"
      },
      // zerotier direct
      {
        "port": 9993,
        "outbound": "direct"
      },
      // DNS 劫持
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      // 私有 direct
      {
        "rule_set": "rule-private",
        "outbound": "direct"
      },
      // 去广告、拦截 PCDN、拦截 HTTP DNS
      {
        "rule_set": [
          "rule-reject",
          "rule-pcdn",
          "rule-httpdns"
        ],
        "outbound": "block"
      },
      // 域名特例 direct 区
      {
        "rule_set": [
          "rule-icloud",
          "rule-apple",
          "rule-steamcn",
          "rule-xboxdlcn",
          "rule-xboxdlglobal"
        ],
        "outbound": "direct"
      },
      // 域名 proxy 区
      {
        "rule_set": "rule-proxy",
        "network": "tcp",
        "outbound": "proxy"
      },
      {
        "rule_set": "rule-proxy",
        "network": "udp",
        "outbound": "udp_proxy"
      },
      // 域名 direct 区
      {
        "rule_set": "rule-direct",
        "outbound": "direct"
      },
      // IP proxy 区
      {
        "rule_set": "rule-telegramcidr",
        "network": "tcp",
        "outbound": "proxy"
      },
      {
        "rule_set": "rule-telegramcidr",
        "network": "udp",
        "outbound": "udp_proxy"
      },
      // IP direct 区
      {
        "rule_set": "rule-cncidr",
        "outbound": "direct"
      },
      // final proxy 区
      {
        "network": "tcp",
        "outbound": "proxy"
      },
      {
        "network": "udp",
        "outbound": "udp_proxy"
      }
    ],
    "rule_set": [
      {
        "tag": "geosite-pixiv",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-pixiv.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "geosite-openai",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-openai.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "geosite-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-direct",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/direct.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-proxy",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/proxy.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-reject",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/reject.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-private",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/private.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-apple",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/apple.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-icloud",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/icloud.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-tld-not-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/tld-not-cn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-telegramcidr",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/telegramcidr.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-cncidr",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/cncidr.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-pcdn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/pcdn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-httpdns",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/httpdns.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-steamcn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/steamcn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-xboxdlglobal",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/xboxdlglobal.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-xboxdlcn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/xboxdlcn.srs",
        "download_detour": "proxy"
      }
    ],
    "final": "proxy",
    "auto_detect_interface": true
  },
  "experimental": {
    "cache_file": {
      "enabled": true
    },
    "clash_api": {
      "external_controller": "0.0.0.0:9090",
      "external_ui": "/opt/sing-box/Yacd-meta-gh-pages"
    }
  }
}

Logs

+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN A: context deadline exceeded
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN HTTPS: context deadline exceeded
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN A: context canceled
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN HTTPS: context canceled
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN A: context canceled
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN HTTPS: context canceled
+0000 2024-07-05 14:41:58 ERROR dns: exchange failed for o33249.ingest.sentry.io. IN A: context deadline exceeded
+0000 2024-07-05 14:41:58 ERROR dns: exchange failed for o33249.ingest.sentry.io. IN A: context canceled
+0000 2024-07-05 14:41:58 ERROR dns: exchange failed for o33249.ingest.sentry.io. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context deadline exceeded
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context deadline exceeded
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled

Supporter

[x] I am a sponsor

Integrity requirements

[X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
[X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
[X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
[X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

VladimirFedulov commented 4 months ago

Did anyone fixed it?

hoodadt commented 2 months ago

exact same problem this only happens in TUN mode not others

mading0817 commented 2 months ago

I have this too, under TUN mode.

FrozenAlex commented 2 months ago

I have this too. I get context canceled when I restart my interface that I route the internet through and it changes ip. Clients can connect to internet after restarting the client. Workaround is to turn off dns-over-https in clients. Although it could be a different issue xD

choicky commented 1 month ago

I got same problem. https://github.com/SagerNet/sing-box/issues/2156

choicky commented 1 month ago

my issue got fix. the problem was dns configuration on client just used simple udp but it's not secure

I still got this issue in Linux Mint 22. I've try UDP, DOT, DOH and normal DNS in the dns configuration on client.

RuochenFu21 commented 1 month ago

Same

vstar37 commented 1 month ago

same..

hoodadt commented 1 month ago

my issue got solved the problem was dns configuration on client side just use simple udp://8.8.8.8

SagerNet / sing-box