search

Seji64 / SniDust

SmartDNS Proxy to hide your GeoLocation. Based on DnsDist and nginx
GNU General Public License v3.0
156 stars 43 forks source link

Issue with upstream resolver and Custom upstream DNS resolver #23

Closed prooshani closed 1 year ago

prooshani commented 1 year ago

Hi @Seji64,

Thanks for sharing this useful project.

I have an issue with the upstream resolvers. I am using your default docker-compose.yml sample code and I am getting:

Marking downstream dns.google (8.8.8.8:853) as 'down'
Marking downstream dns.google (8.8.4.4:853) as 'down'
Marking downstream 1.0.0.1:443 as 'down'
Marking downstream 1.1.1.1:443 as 'down'

and yes, I have checked inside the docker environment to see if it has the Internet connectivity (#17) and everything looks fine but still receiving marking 'down'.

1- What should I do next to solve the problem? 2- Is it possible to use my own custom upstream DNS resolvers instead of default google and cloudflare resolvers? If yes, how?

Thanks a lot in advance

Seji64 commented 1 year ago

2- Is it possible to use my own custom upstream DNS resolvers instead of default google and cloudflare resolvers? If yes, how?

No, this currently not possible.

Hi @Seji64,

Thanks for sharing this useful project.

I have an issue with the upstream resolvers. I am using your default docker-compose.yml sample code and I am getting:

Marking downstream dns.google (8.8.8.8:853) as 'down'
Marking downstream dns.google (8.8.4.4:853) as 'down'
Marking downstream 1.0.0.1:443 as 'down'
Marking downstream 1.1.1.1:443 as 'down'

and yes, I have checked inside the docker environment to see if it has the Internet connectivity (#17) and everything looks fine but still receiving marking 'down'.

1- What should I do next to solve the problem?

Can you post your output of the command in #17 ? What is the result of dog google.com ?

prooshani commented 1 year ago

2- Is it possible to use my own custom upstream DNS resolvers instead of default google and cloudflare resolvers? If yes, how?

No, this currently not possible.

Hi @Seji64, Thanks for sharing this useful project. I have an issue with the upstream resolvers. I am using your default docker-compose.yml sample code and I am getting:

Marking downstream dns.google (8.8.8.8:853) as 'down'
Marking downstream dns.google (8.8.4.4:853) as 'down'
Marking downstream 1.0.0.1:443 as 'down'
Marking downstream 1.1.1.1:443 as 'down'

and yes, I have checked inside the docker environment to see if it has the Internet connectivity (#17) and everything looks fine but still receiving marking 'down'. 1- What should I do next to solve the problem?

Can you post your output of the command in #17 ? What is the result of dog google.com ?

The answer is:

A google.com. 3m03s 142.250.185.238

So ,I think the container has the Internet connection.

Seji64 commented 1 year ago

Strange, sry no idea why dnsdist is marking those upstream Servers as down. I think i can't help here, its something in your Environment or Docker Installation.

prooshani commented 1 year ago

Strange, sry no idea why dnsdist is marking those upstream Servers as down. I think i can't help here, its something in your Environment or Docker Installation.

I have checked netstat -tlnp to check if the ports are open and this is the result:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      638/sshd: /usr/sbin 
tcp6       0      0 :::22                   :::*                    LISTEN      638/sshd: /usr/sbin

Which shows the container did not occupied any port to listen to! Is this triggers anything for you?

Seji64 commented 1 year ago

Hm, it is not relevant if something is listening when your outgoing Connection ist not working....

Besides this, is that Output from your Host or the Container?

prooshani commented 1 year ago

Hm, it is not relevant if something is listening when your outgoing Connection ist not working....

Besides this, is that Output from your Host or the Container?

This is for Host.

prooshani commented 1 year ago

The inside containers tlnp is:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:8083          0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:5300            0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.11:44599        0.0.0.0:*               LISTEN      -
tcp        0      0 :::80                   :::*                    LISTEN      27/sniproxy
tcp        0      0 :::443                  :::*                    LISTEN      27/sniproxy
Seji64 commented 1 year ago

If that is from your Host then either your docker command / docker-compose is wrong or the Docker Service somehow does not forward those ports. The Output from the Container Looks good. Can you Post your Docker Compose file?

prooshani commented 1 year ago

If that is from your Host then either your docker command / docker-compose is wrong or the Docker Service somehow does not forward those ports. The Output from the Container Looks good. Can you Post your Docker Compose file?

Sure.

version: '3.3'
services:
    snidust:
        container_name: snidust
        image: 'ghcr.io/seji64/snidust:main'
        environment:
            - ALLOWED_CLIENTS=0.0.0.0/0
            - EXTERNAL_IP=45.159.151.17
            - SPOOF_ALL_DOMAINS=true
        ports:
            - '443:443'
            - '80:80'
            - '53:5300/udp'
Seji64 commented 1 year ago

Looks okay, as said i cannot help here. You have to troubleshoot your Docker Host.

prooshani commented 1 year ago

Looks okay, as said i cannot help here. You have to troubleshoot your Docker Host.

OK, thanks anyway,

Do you know how I can set SSL certificates for the container? I don't want to use self-signed SSL certificate as the output log for the container show:

snidust  | Added downstream server 8.8.8.8:853
snidust  | Added downstream server 8.8.4.4:853
snidust  | Added downstream server 1.1.1.1:443
snidust  | Added downstream server 1.0.0.1:443
snidust  | Listening on 0.0.0.0:5300
snidust  | dnsdist 1.7.1 comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
snidust  | ACL allowing queries from: 0.0.0.0/0
snidust  | Console ACL allowing connections from: 127.0.0.0/8, ::1/128
snidust  | Webserver launched on 127.0.0.1:8083
snidust  | Marking downstream dns.google (8.8.4.4:853) as 'down'
snidust  | Marking downstream dns.google (8.8.8.8:853) as 'down'
snidust  | Marking downstream 1.1.1.1:443 as 'down'
snidust  | Marking downstream 1.0.0.1:443 as 'down'
snidust  | Error while retrieving the security update for version dnsdist-1.7.1: Unable to get a valid Security Status update
snidust  | Failed to retrieve security status update for '1.7.1' on dnsdist-1.7.1.security-status.secpoll.powerdns.com.
snidust  | time=2023-05-02T16:30:47.351Z level=WARN msg="Domain list (--domainListPath) is not specified, routing ALL domains through the SNI proxy"
snidust  | time=2023-05-02T16:30:47.352Z level=INFO msg="server info" public_ip=x.x.x.x
snidust  | time=2023-05-02T16:30:47.356Z level=INFO msg=**"Certificate was not provided, using a self signed cert"**
snidust  | time=2023-05-02T16:30:47.357Z level=INFO msg="Started UDP DNS" service=dns host=0.0.0.0 port=5353
Seji64 commented 1 year ago

DoH is not implemented

Seji64 commented 1 year ago

In Version 1.0.6 you can use a custom dns upstream. See Readme for documentation