sing-box DNS Exchange Reports ‘Context Canceled’ Error When Used as Bypass Router (Secondary Gateway)

[DDCHlsq]

Operating system

Linux

System version

Ubuntu Server LTS 22.04 (Kernel ver. 6.1.31-sun50iw9)

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.4 linux/arm64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

Environment:

• sing-box running in Tun mode (auto_route enabled, strict_route disabled)
• Linux device running as bypass router (or secondary gateway, you name it)
• Devices in the same LAN sets the gateway addr to the Linux device running sing-box
• Linux IPv4 forwarding enabled

Issue:

When running sing-box with the configuration provided in the Reproduction section below, everything appears normal initially. However, after approximately 10 minutes, error messages start to appear, as shown in the Logs section.

Observations:

This issue is perplexing because I am running the same version of sing-box with almost identical configurations (strict_route enabled) on my iPhone, iPad, MacBook Pro, and Windows PCs, none of which exhibit this problem. Additionally, if the requested domain matches the rule using fake-ip, the issue does not occur.

Reproduction

{
  "log": {
    "disabled": false,
    "level": "info",
    "timestamp": true
  },
  "ntp": {
    "enabled": true,
    "server": "ntp.aliyun.com",
    "server_port": 123,
    "interval": "1m",
    "detour": "direct"
  },
  "dns": {
    "servers": [
      {
        "tag": "cf",
        "address": "https://1.1.1.1/dns-query",
        "detour": "proxy"
      },
      {
        "tag": "ali",
        "address": "https://223.5.5.5/dns-query",
        "detour": "direct"
      },
      {
        "tag": "refuseddns",
        "address": "rcode://success"
      },
      {
        "tag": "fakedns",
        "address": "fakeip"
      },
      {
        "tag": "localdns",
        "address": "local"
      }
    ],
    "rules": [
      {
        "rule_set": "rule-xboxdlglobal",
        "server": "localdns"
      },
      {
        "outbound": "any",
        "server": "ali"
      },
      {
        "rule_set": "rule-private",
        "server": "ali"
      },
      {
        "rule_set": [
          "rule-reject",
          "rule-pcdn",
          "rule-httpdns"
        ],
        "server": "refuseddns"
      },
      {
        "rule_set": [
          "rule-icloud",
          "rule-apple",
          "rule-steamcn",
          "rule-xboxdlcn"
        ],
        "server": "ali"
      },
      {
        "query_type": [
          "HTTPS",
          "SVCB"
        ],
        "rule_set": "rule-proxy",
        "server": "refuseddns"
      },
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "rule_set": "rule-proxy",
        "server": "fakedns"
      },
      {
        "rule_set": "rule-proxy",
        "server": "cf"
      },
      {
        "rule_set": "rule-direct",
        "server": "ali"
      }
    ],
    "final": "cf",
    "disable_cache": false,
    "disable_expire": false,
    "independent_cache": false,
    "reverse_mapping": false,
    "fakeip": {
      "enabled": true,
      "inet4_range": "198.18.0.0/15"
      // "inet6_range": "fc00::/18"
    }
  },
  "inbounds": [
    {
      "tag": "tun",
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      // "inet6_address": "fdfe:dcba:9876::1/126",
      "mtu": 1500,
      "stack": "mixed",
      "auto_route": true,
      "strict_route": false,
      "sniff": true,
      "sniff_override_destination": false
    }
  ],
  "outbounds": [
    {
      "type": "selector",
      "tag": "proxy",
      "outbounds": [
        "JP_BGP",
        "JP_SB",
        "JP_AZ",
        "TW",
        "TW_CF",
        "HK_4837",
        "US_CMIN2",
        "HK",
        "SG",
        "US_CMIN2_quic"
      ],
      "default": "JP_BGP",
      "interrupt_exist_connections": false
    },
    {
      "type": "selector",
      "tag": "udp_proxy",
      "outbounds": [
        "proxy",
        "JP_BGP_UDP",
        "JP_SB_UDP",
        "HK_UDP"
      ],
      "default": "proxy",
      "interrupt_exist_connections": false
    },
    // detailed server data omitted
    {
      "type": "dns",
      "tag": "dns-out"
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      // NO QUIC
      {
        "protocol": "quic",
        "outbound": "block"
      },
      // zerotier direct
      {
        "port": 9993,
        "outbound": "direct"
      },
      // DNS 劫持
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      // 私有 direct
      {
        "rule_set": "rule-private",
        "outbound": "direct"
      },
      // 去广告、拦截 PCDN、拦截 HTTP DNS
      {
        "rule_set": [
          "rule-reject",
          "rule-pcdn",
          "rule-httpdns"
        ],
        "outbound": "block"
      },
      // 域名特例 direct 区
      {
        "rule_set": [
          "rule-icloud",
          "rule-apple",
          "rule-steamcn",
          "rule-xboxdlcn",
          "rule-xboxdlglobal"
        ],
        "outbound": "direct"
      },
      // 域名 proxy 区
      {
        "rule_set": "rule-proxy",
        "network": "tcp",
        "outbound": "proxy"
      },
      {
        "rule_set": "rule-proxy",
        "network": "udp",
        "outbound": "udp_proxy"
      },
      // 域名 direct 区
      {
        "rule_set": "rule-direct",
        "outbound": "direct"
      },
      // IP proxy 区
      {
        "rule_set": "rule-telegramcidr",
        "network": "tcp",
        "outbound": "proxy"
      },
      {
        "rule_set": "rule-telegramcidr",
        "network": "udp",
        "outbound": "udp_proxy"
      },
      // IP direct 区
      {
        "rule_set": "rule-cncidr",
        "outbound": "direct"
      },
      // final proxy 区
      {
        "network": "tcp",
        "outbound": "proxy"
      },
      {
        "network": "udp",
        "outbound": "udp_proxy"
      }
    ],
    "rule_set": [
      {
        "tag": "geosite-pixiv",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-pixiv.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "geosite-openai",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-openai.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "geosite-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-direct",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/direct.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-proxy",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/proxy.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-reject",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/reject.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-private",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/private.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-apple",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/apple.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-icloud",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/icloud.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-tld-not-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/tld-not-cn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-telegramcidr",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/telegramcidr.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-cncidr",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/cncidr.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-pcdn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/pcdn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-httpdns",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/httpdns.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-steamcn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/steamcn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-xboxdlglobal",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/xboxdlglobal.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "rule-xboxdlcn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/DDCHlsq/sing-ruleset/ruleset/xboxdlcn.srs",
        "download_detour": "proxy"
      }
    ],
    "final": "proxy",
    "auto_detect_interface": true
  },
  "experimental": {
    "cache_file": {
      "enabled": true
    },
    "clash_api": {
      "external_controller": "0.0.0.0:9090",
      "external_ui": "/opt/sing-box/Yacd-meta-gh-pages"
    }
  }
}

Logs

+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN A: context deadline exceeded
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN HTTPS: context deadline exceeded
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN A: context canceled
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN HTTPS: context canceled
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN A: context canceled
+0000 2024-07-05 14:38:45 ERROR dns: exchange failed for ip.skk.moe. IN HTTPS: context canceled
+0000 2024-07-05 14:41:58 ERROR dns: exchange failed for o33249.ingest.sentry.io. IN A: context deadline exceeded
+0000 2024-07-05 14:41:58 ERROR dns: exchange failed for o33249.ingest.sentry.io. IN A: context canceled
+0000 2024-07-05 14:41:58 ERROR dns: exchange failed for o33249.ingest.sentry.io. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context deadline exceeded
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context deadline exceeded
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN HTTPS: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled
+0000 2024-07-05 15:06:36 ERROR dns: exchange failed for ip-api.com. IN A: context canceled

Supporter

• [ ] I am a sponsor

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[VladimirFedulov]

Did anyone fixed it?

[dyhkwong]

Can you confirm that:

• only DoH has this issue (context deadline exceeded), others (e.g. DoH3) are unaffected
• it occurs when active DNS connections are interrupted (e.g. by switch network)
• it is platform unrelated

[hoodadt]

exact same problem this only happens in TUN mode not others