search

folbricht / routedns

DNS stub resolver, proxy and router with support for DoT, DoH, DoQ, and DTLS
BSD 3-Clause "New" or "Revised" License
473 stars 62 forks source link

Query Blocklist Errors #133

Open galpt opened 3 years ago

galpt commented 3 years ago

These errors appeared while we're trying to use the remote query blocklist.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Error: blocklist: Get "https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt": dial tcp: lookup justdomains.github.io: no such host

Done.

Tested on Windows 10.

Here's what the config looks like:

[bootstrap-resolver]
address = "https://dns.google/dns-query{?dns}"
protocol = "doh"
transport = "quic"
doh = { method = "GET" }
bootstrap-address = "8.8.4.4"

[resolvers.google-get]
address = "https://dns.google/dns-query{?dns}"
protocol = "doh"
transport = "quic"
doh = { method = "GET" }
bootstrap-address = "8.8.8.8"

[resolvers.google-get-dns64]
address = "https://dns64.dns.google/dns-query{?dns}"
protocol = "doh"
transport = "quic"
doh = { method = "GET" }
bootstrap-address = "8.8.8.8"

[groups.fastest]
type = "fastest"
resolvers = ["google-get", "google-get-dns64"]

[groups.blocklist]
type = "blocklist-v2"
resolvers = ["fastest"]
blocklist-refresh = 3600
blocklist-source = [
    {format = "domain", source = "https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt"},
    {format = "domain", source = "https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnscrypt-proxy/dnscrypt-proxy.blacklist.txt"},
]

[listeners.any-udp]
address = ":53"
protocol = "udp"
resolver = "blocklist"

[listeners.any-tcp]
address = ":53"
protocol = "tcp"
resolver = "blocklist"

Is there anything wrong with the config or is it something else?

folbricht commented 3 years ago

From the error message it looks like it's a simple bootstrapping issue. Does the machine running routedns also use itself for DNS? Then the problem is that the service is not up yet when it needs to lookup those blocklist domains. Is that's the issue, https://github.com/folbricht/routedns/blob/master/doc/configuration.md#bootstrap-resolver should help.

galpt commented 3 years ago

https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/use-case-6.toml Doesn't work on Windows, specifically if Windows is configured using 127.0.0.1 as the Preferred IPv4 DNS, which is used for preventing DNS leaks.

As you can see from the config above, the bootstrap resolver's already there but still gives the Error: blocklist: Get "https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt": dial tcp: lookup justdomains.github.io: no such host.

But if the blocklist's configured to use a blocklist.txt file, there'll be no errors. FYI: We've tried to copy-paste 100% the config file from the use-case-6 and didn't change anything which should fix the problem theorically, but surprise it didn't work.

Perhaps a bootstrap explicitly used for the blocklist features themselves or other workaround. The config we're using above works well without the blocklist query tho'.

folbricht commented 3 years ago

Interesting, this seems to be related to https://github.com/golang/go/issues/33097 and it's also mentioned here https://golang.org/pkg/net/#hdr-Name_Resolution

On Windows, the resolver always uses C library functions, such as GetAddrInfo and DnsQuery.

Going to have to think a bit about how to work around this.

galpt commented 3 years ago

Guess it can't be helped for now. But nvm we didn't actually need the query blocklist for now so not a problem. Perhaps we're going to leave this issue opened until we could find the quick fix and post it here, Thanks in advance.