Some domains cannot be resolved by sing-box dns

Amia33 commented 3 months ago

Operating system

Linux

System version

Ubuntu 24.04

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.3 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

After changing from windows to ubuntu 24.04 with same config file, I find that some of domains cannot be resolved, including gnome.org, pypi.org, etc. NSLookup returns SERVFAIL error

❯ nslookup gnome.org
;; Got SERVFAIL reply from 127.0.0.53
Server:     127.0.0.53
Address:    127.0.0.53#53

** server can't find gnome.org: SERVFAIL

Reproduction

parts in Client config /etc/sing-box/config.json

dns ``` { "servers": [ { "tag": "cloudflare", "address": "https://1.1.1.1/dns-query", "detour": "Select Node FYI" }, { "tag": "aliyun", "address": "https://223.5.5.5/dns-query", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "rule_set": "geosite-category-ads-all", "server": "block" }, { "rule_set": "geosite-google", "server": "cloudflare" }, { "rule_set": "geosite-tld-cn", "server": "aliyun" }, { "rule_set": "geosite-geolocation-!cn", "server": "cloudflare" }, { "rule_set": "geosite-cn", "server": "aliyun" } ], "final": "cloudflare", "strategy": "prefer_ipv4" } ``` inbounds ``` [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet4_address": "172.16.0.1/30", "mtu": 9000, "gso": true, "auto_route": true, "strict_route": true, "stack": "gvisor", "sniff": true } ] ``` outbounds ``` [ { "type": "direct", "tag": "direct" }, { "type": "dns", "tag": "dns-out" }, { "type": "block", "tag": "block" }, ... ] ``` route ``` { "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "rule_set": "geosite-category-ads-all", "outbound": "block" }, { "rule_set": "geosite-google", "outbound": "Select Node FYI" }, { "rule_set": "geoip-google", "outbound": "Select Node FYI" }, { "rule_set": "geosite-tld-cn", "outbound": "direct" }, { "rule_set": "geosite-geolocation-!cn", "outbound": "Select Node FYI" }, { "rule_set": "geosite-cn", "outbound": "direct" }, { "rule_set": "geoip-cn", "outbound": "direct" }, { "rule_set": "geosite-private", "outbound": "direct" }, { "ip_is_private": true, "outbound": "direct" } ], "rule_set": [ { "type": "remote", "tag": "geoip-cn", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/cn.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geoip-google", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/google.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geosite-private", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/private.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geosite-google", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/google.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geosite-cn", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/cn.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geosite-geolocation-!cn", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-!cn.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geosite-category-ads-all", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/category-ads-all.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" }, { "type": "remote", "tag": "geosite-tld-cn", "format": "binary", "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/tld-cn.srs", "download_detour": "Select Node FYI", "update_interval": "24h0m0s" } ], "final": "Select Node FYI", "auto_detect_interface": true } ```

Logs

Client Log:

+0800 2024-08-16 23:15:18 INFO [2877961103 0ms] inbound/tun[tun-in]: inbound packet connection from 172.16.0.1:42068
+0800 2024-08-16 23:15:18 INFO [2877961103 0ms] inbound/tun[tun-in]: inbound packet connection to 172.16.0.2:53
+0800 2024-08-16 23:15:18 DEBUG [2877961103 0ms] router: sniffed packet protocol: dns
+0800 2024-08-16 23:15:18 DEBUG [2877961103 0ms] router: match[0] protocol=dns => dns-out
+0800 2024-08-16 23:15:18 DEBUG dns: exchange gnome.org. IN A
+0800 2024-08-16 23:15:18 DEBUG dns: exchanged gnome.org NOERROR 81224
+0800 2024-08-16 23:15:18 INFO dns: exchanged gnome.org A gnome.org. 81224 IN A 151.101.129.91
+0800 2024-08-16 23:15:18 INFO dns: exchanged gnome.org A gnome.org. 81224 IN A 151.101.193.91
+0800 2024-08-16 23:15:18 INFO dns: exchanged gnome.org A gnome.org. 81224 IN A 151.101.1.91
+0800 2024-08-16 23:15:18 INFO dns: exchanged gnome.org A gnome.org. 81224 IN A 151.101.65.91
+0800 2024-08-16 23:15:18 INFO dns: exchanged gnome.org OPT OPT PSEUDOSECTION: EDNS: version 1 flags: MBZ: 0x3d48, udp: 1232

Server Log:
No, I looked up server log with `debug` level, and no packet was sent to server.

Supporter

[ ] I am a sponsor

Integrity requirements

[X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
[X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
[X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
[X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

Amia33 commented 3 months ago

Closing issue since changed back to Windows to avoid unexpected errors. Will test on another chance.

papampi commented 1 month ago

Try without GSO, I have same problem on linux machines when GSO is enabled

GSO enabled:

~$ nslookup facebook.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

GSO disabled:

Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   facebook.com
Address: 31.13.66.35
Name:   facebook.com
Address: 2a03:2880:f103:83:face:b00c:0:25de

Amia33 commented 1 month ago

Try without GSO, I have same problem on linux machines when GSO is enabled

GSO enabled:

~$ nslookup facebook.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

GSO disabled:

Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   facebook.com
Address: 31.13.66.35
Name:   facebook.com
Address: 2a03:2880:f103:83:face:b00c:0:25de

Thanks but I've sticked to Windows 11 LTSC 2024 LOLOL Will check when new laptop is deployed

SagerNet / sing-box