search

Seji64 / SniDust

SmartDNS Proxy to hide your GeoLocation. Based on DnsDist and nginx
GNU General Public License v3.0
156 stars 43 forks source link

Failed to start dnsdist(pdns) Unable to convert presentation address #25

Closed imohsen7 closed 1 year ago

imohsen7 commented 1 year ago

Hi i had to update docker image and then an image has been happend ! even if i build image manually with Dockerfile . i think problem is with pdns package inside the image . When we start the container after loading domain list , this error happen :

Fatal pdns error: Unable to convert presentation address 'EXTERNAL_IP'

Seji64 commented 1 year ago

do not have these issue on my environment....could please post the full log and your docker-compose file?

imohsen7 commented 1 year ago

Thanks for reply , you can find the full log of container

https://pastebin.com/nxnP1B2M

and here is my docker-compose file content


version: '3.3'

services:
  snidust:
    container_name: snidust
    environment:
      - 'ALLOWED_CLIENTS=0.0.0.0/0'
      - 'EXTERNAL_IP=XXX.XXX.XXX.XXX'
      - 'SPOOF_ALL_DOMAINS=true'
    ports:
      - '443:443'
      - '80:80'
      - '53:5300'
      - '53:5300/udp'
      - '8080:8083'
#    image: 'ghcr.io/seji64/snidust:latest'
    image: 'ghcr.io/seji64/snidust:sha-ce2ad51'
Seji64 commented 1 year ago

Very strange, i used the Same compose file and tried different Image tags- i cannot reproduce your error 🥲

Could you Jump into the Container via docker exec -it snidust /b in/ash and Paste the content of /etc/dnsdist/dnsdist.conf ? Also Mask pls only the Last and First bits of your ip to Double Check there is not a typo.

Also you could try to omit the EXTERNAL_IP env. SniDust will determine your Public ip automatically.

imohsen7 commented 1 year ago

Very strange, i used the Same compose file and tried different Image tags- i cannot reproduce your error smiling_face_with_tear

Could you Jump into the Container via docker exec -it snidust /b in/ash and Paste the content of /etc/dnsdist/dnsdist.conf ? Also Mask pls only the Last and First bits of your ip to Double Check there is not a typo.

Also you could try to omit the EXTERNAL_IP env. SniDust will determine your Public ip automatically.

the container does not even start or wait to get content of that file but i found the content from /var/lib/docker/overlay2 here is content of dnsdist.conf : 

-- LUA
dbrRateLimit = dynBlockRulesGroup()
-- Generate a warning if we detect a query rate above 800 qps for at least 60s.
-- If the query rate raises above 1000 qps for 60 seconds, we'll block the client for 360s.
dbrRateLimit:setQueryRate(1000, 60, "Exceeded query rate", 360, DNSAction.Drop, 800)

function maintenance()
   dbrRateLimit:apply()
end

-- Add Bind
addLocal('0.0.0.0:5300')

-- Include Config
includeDirectory("/etc/dnsdist/conf.d")

-- set ACL to prevent abuse use
setACLFromFile("/etc/dnsdist/allowedClients.acl")

-- add default upstream pool
newServer({address="8.8.8.8:853", name="dns.google", order=1, pool="upstream", reconnectOnUp=true, maxCheckFailures=3, rise=3, tls="openssl", subjectName="dns.google", validateCertificates=true, mustResolve=true, checkInterval=10, checkTimeout=2000})
newServer({address="8.8.4.4:853", name="dns.google", order=1, pool="upstream", reconnectOnUp=true, maxCheckFailures=3, rise=3, tls="openssl", subjectName="dns.google", validateCertificates=true, mustResolve=true, checkInterval=10, checkTimeout=2000})
newServer({address="1.1.1.1:443", name="cloudflare-dns", order=1, pool="upstream", reconnectOnUp=true, maxCheckFailures=3, rise=3, tls="openssl", subjectName="cloudflare-dns.com", dohPath="/dns-query", validateCertificates=true, mustResolve=false, checkInterval=10, checkTimeout=2000})
newServer({address="1.0.0.1:443", name="cloudflare-dns", order=1, pool="upstream", reconnectOnUp=true, maxCheckFailures=3, rise=3, tls="openssl", subjectName="cloudflare-dns.com", dohPath="/dns-query", validateCertificates=true, mustResolve=false, checkInterval=10, checkTimeout=2000})

setPoolServerPolicy(roundrobin,"upstream")

-- query reload.blocklist.unblockdock.local to reload Blocklist
addAction(AndRule({QNameRule("reload.domainlist.snidust.local"),QTypeRule("A")}),LuaAction(ReloadBlocklist))

-- query reload.acl.unblockdock.local to reload Blocklist
addAction(AndRule({QNameRule("reload.acl.snidust.local"),QTypeRule("A")}),LuaAction(ReloadACL))

 -- rewrite it for ALL Domains
addAction(AllRule(), SpoofAction("EXTERNAL_IP"))
-- Default -> send to Upstream Pool
addAction(AllRule(),PoolAction("upstream"))

also i removed EXTERNAL_IP from docker-compose env variables and got same error . i think problem is with pdns (dnsdist) and this config file , that line was used SpoofAction

Seji64 commented 1 year ago

So the Env variable is not getting replaced / Templated. I have no glue why especially cause the Problem does not occur in my lab neither in my Prod Environment.

However, the pdns Package / dnsdist package is Not the cause. As stated above it is the config itself.

imohsen7 commented 1 year ago

i tried to build image manually with Dockerfile and found out a typo . i think you didn't got this error because yo don't use SPOOF_ALL_DOMAINS = True , because it's have a type in Dockerfile of EXTERNAL_IP in this block it should be : 

if [ "${SPOOF_ALL_DOMAINS}" == "true" ]; then
    echo " -- rewrite it for ALL Domains"
    echo "addAction(AllRule(), SpoofAction(\"${EXTERNAL_IP}\"))"
else
    echo "-- Tag dq if domain is on Blocklist"
    echo "addAction(SuffixMatchNodeRule(BlockNode), SetTagAction(\"rewrite\",\"true\"))"
    echo ""
    echo "-- If dq has Tag --> rewrite it"
    echo "addAction(TagRule(\"rewrite\",\"true\"), SpoofAction(\"${EXTERNAL_IP}\"))"
    echo ""
    echo "-- Fallback if dq has tag but QType was not A,AAAA or CNAME"
    echo "addAction(TagRule(\"rewrite\",\"true\"), RCodeAction(DNSRCode.NXDOMAIN))"
echo ""
fi

but it is 

if [ "${SPOOF_ALL_DOMAINS}" == "true" ]; then
    echo " -- rewrite it for ALL Domains"
    echo "addAction(AllRule(), SpoofAction(\"EXTERNAL_IP\"))"
else
    echo "-- Tag dq if domain is on Blocklist"
    echo "addAction(SuffixMatchNodeRule(BlockNode), SetTagAction(\"rewrite\",\"true\"))"
    echo ""
    echo "-- If dq has Tag --> rewrite it"
    echo "addAction(TagRule(\"rewrite\",\"true\"), SpoofAction(\"${EXTERNAL_IP}\"))"
    echo ""
    echo "-- Fallback if dq has tag but QType was not A,AAAA or CNAME"
    echo "addAction(TagRule(\"rewrite\",\"true\"), RCodeAction(DNSRCode.NXDOMAIN))"
echo ""
fi

after make changes and build an image , everythings works fine . thanks for you help and great work of this project Seji :)

Seji64 commented 1 year ago

Thanks for the hint/help