search

daeuniverse / dae

eBPF-based Linux high-performance transparent proxy solution.
GNU Affero General Public License v3.0
3.24k stars 201 forks source link

[Bug Report] 上游个别DNS超时会影响其余DNS速度 #589

Open HurryYU opened 3 months ago

HurryYU commented 3 months ago

Checks

Current Behavior

当上游任意dns超时的时候,会导致使用上游其它dns响应速度减慢

Expected Behavior

上游dns间互不影响,当其中一个dns地址出现问题后,不影响其它程序使用其它dns

Steps to Reproduce

我的dns配置如下:

dns {
    upstream {
        alidns: 'udp://223.5.5.5:53'
        googledns: 'tcp+udp://8.8.8.8:53'
    }
    routing {
        request {
            qname(geosite:category-ads-all) -> reject
            qname(geosite:github) -> googledns
            qname(geosite:telegram) -> googledns
            qname(geosite:gfw) -> googledns
            fallback: alidns
        }
        response {
            upstream(googledns) -> accept
            ip(geoip:private) && !qname(geosite:cn) -> googledns
            fallback: accept
       }
    }
}

route中我会让8.8.8.8通过xray走国外线路.现在,将xray程序关闭,即googledns(8.8.8.8)会timeout.

此时,使用nslookup www.google.com,确实得到超时的输出:

nslookup www.google.com
;; communications error to 127.0.0.53#53: timed out

此时查看dae日志,也确实有打印相关日志:

level=warning msg="handlePkt: failed to dial '8.8.8.8:53': [socks5]: dial to localhost:10808 error: dial tcp <nil>->[::1]:10808: connect: connection refused"

问题是一旦出现了超时的情况后,alidns也会受到影响,即其它程序访问的是国内域名,dae是会交给alidns来解析的,但速度明显会慢很多.

比如ping,nslookup国内域名,都会出现较大的延时才会输出结果:

nslookup www.baidu.com
;; communications error to 127.0.0.53#53: timed out
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 183.2.172.42
Name:   www.a.shifen.com
Address: 183.2.172.185
Name:   www.a.shifen.com
Address: 240e:ff:e020:966:0:ff:b042:f296
Name:   www.a.shifen.com
Address: 240e:ff:e020:9ae:0:ff:b014:8e8b

上面的输出日志可见,是经历过一次超时后才正常输出的.同理,ping也有很大的延迟才返回结果.

当我关闭dae,或是从来不让dae代理会超时的dns流量时,此现象消失

期望得到的解决是:个别dns超时不会影响到其它正常dns

Environment

Anything else?

No response

dae-prow[bot] commented 3 months ago

Thanks for opening this issue!

Nephren-Ruq-Insania commented 3 months ago

能看看你的routing配置吗?

HurryYU commented 3 months ago

能看看你的routing配置吗?

感谢回复,我的routing配置如下:

routing {
    pname(NetworkManager) -> must_direct
    pname(xray) -> must_direct
    dip(224.0.0.0/3, 'ff00::/8') -> direct
    dip(223.5.5.5) -> direct
    dip(8.8.8.8) -> proxy
    domain(ext:'geosite:category-ads-all') -> block
    domain(ext:'geosite:github') -> proxy
    domain(ext:'geosite:telegram') -> proxy
    domain(ext:'geosite:gfw') -> proxy
    domain(suffix: ipleak.net) -> proxy
    dip(ext:'geoip:telegram') -> proxy
    dip(ext:'geoip:cloudflare') -> proxy
    fallback: direct
}
senkiss commented 2 months ago

dae 不是默认国外IP走代理么?还要指定?

HurryYU commented 2 months ago

dae 不是默认国外IP走代理么?还要指定?

走直连还是走代理是根据路由规则而定,没有默认与不默认一说吧.

soraneoumi commented 1 month ago

我似乎也遇到了同样的问题。

dns {
    upstream {
        v4: 'udp://1.1.1.1:53'
        v6: 'udp://[2606:4700:4700::1111]:53'
    }
    routing {
        request {
            fallback: v4
        }
    }
}
routing {
    ### Preset rules.
    pname(NetworkManager, systemd-resolved) -> must_direct
    dip(224.0.0.0/3, 'ff00::/8') -> must_direct
    dip(geoip:private) -> must_direct

    ### Write your rules below.
    ipversion(4) -> group4
    ipversion(6) -> group6

    fallback: must_direct
}

在通过远程服务器解析域名时会遇到解析超时的情况。