search

julian-klode / dns66

DNS-based Host Blocker (and lightweight ad blocker) for Android
https://jak-linux.org/projects/dns66/
GNU General Public License v3.0
2.11k stars 200 forks source link

DNS over TCP support (DNSSEC) #415

Open jape42 opened 3 years ago

jape42 commented 3 years ago

I have dns66 from fdroid running on my Xioami Mi A1, Andoid 9 Aug 2020 security update I'm running pihole dns with DNSsec enabled on my internal network. the pihole is at 192.168.50.2. I am unable to access some sites using firefox when dns66 is enabled. These sites are accessible if I disable dns66.

For example at 16:40 I tried accessing www.nhc.noaa.gov.

logcat: 11-06 16:40:34.013 7525 32379 D AdVpnThread: Read from device 11-06 16:40:34.013 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 62 11-06 16:40:34.013 7525 32379 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /192.168.50.2 11-06 16:40:34.013 7525 32379 I DnsPacketProxy: handleDnsRequest: DNS Name www.nhc.noaa.gov Allowed, sending to /192.168.50.2 11-06 16:40:34.014 7525 32379 D AdVpnThread: doOne: Polling 3 file descriptors 11-06 16:40:34.128 7525 32379 D AdVpnThread: Read from DNS socketjava.net.DatagramSocket@1e78365 11-06 16:40:34.129 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:34.129 7525 32379 D AdVpnThread: Write to device 11-06 16:40:34.129 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:34.129 7525 32379 D AdVpnThread: Read from device 11-06 16:40:34.130 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Identification: 47074 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Header checksum: 0x3ed6 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:34.130 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:34.130 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:35.124 7525 32379 D AdVpnThread: Read from device 11-06 16:40:35.125 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Identification: 47165 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Header checksum: 0x3e7b 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:35.126 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:35.126 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:37.134 7525 32379 D AdVpnThread: Read from device 11-06 16:40:37.134 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Identification: 47208 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Header checksum: 0x3e50 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:37.135 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:37.135 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:39.137 7525 32379 D AdVpnThread: Read from device 11-06 16:40:39.138 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 62 11-06 16:40:39.138 7525 32379 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /192.168.50.2 11-06 16:40:39.139 7525 32379 I DnsPacketProxy: handleDnsRequest: DNS Name www.nhc.noaa.gov Allowed, sending to /192.168.50.2 11-06 16:40:39.142 7525 32379 D AdVpnThread: doOne: Polling 3 file descriptors 11-06 16:40:39.176 7525 32379 D AdVpnThread: Read from DNS socketjava.net.DatagramSocket@b51f0e1 11-06 16:40:39.177 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:39.178 7525 32379 D AdVpnThread: Write to device 11-06 16:40:39.178 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:39.179 7525 32379 D AdVpnThread: Read from device 11-06 16:40:39.179 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Identification: 47395 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Header checksum: 0x3d95 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:39.181 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:39.181 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:40.184 7525 32379 D AdVpnThread: Read from device 11-06 16:40:40.184 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Identification: 47400 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Header checksum: 0x3d90 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:40.185 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:40.185 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:42.184 7525 32379 D AdVpnThread: Read from device 11-06 16:40:42.184 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Identification: 47585 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Header checksum: 0x3cd7 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:42.185 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:42.185 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors 11-06 16:40:48.641 7525 7525 D MainActivity: onNewIntent: Wee 11-06 16:40:50.438 7525 32379 D AdVpnThread: Read from device 11-06 16:40:50.439 7525 32379 D VpnWatchDog: handlePacket: Received packet of length 60 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)] 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Version: 4 (IPv4) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: IHL: 5 (20 [bytes]) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Total length: 60 [bytes] 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Identification: 47826 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Fragment offset: 0 (0 [bytes]) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: TTL: 64 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Protocol: 6 (TCP) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Header checksum: 0x3be6 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Source address: /192.0.2.1 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: Destination address: /192.0.2.2 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162) 11-06 16:40:50.440 7525 32379 I DnsPacketProxy: at java.lang.Thread.run(Thread.java:764) 11-06 16:40:50.440 7525 32379 D AdVpnThread: doOne: Polling 2 file descriptors

julian-klode commented 3 years ago

It's odd it's getting tcp packets there

k3an3 commented 3 years ago

I've been having what looks like the same issue for quite a while, but always with "i.stack.imgur.com". I can confirm this issue on 2 different devices, running the latest version from F-droid.

12-18 11:38:28.379  1248  3665 D AdVpnThread: doOne: Polling 2 file descriptors
12-18 11:40:44.349  1248  3665 D AdVpnThread: Read from device
12-18 11:40:44.350  1248  3665 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /192.168.0.1
12-18 11:40:44.350  1248  3665 I DnsPacketProxy: handleDnsRequest: DNS Name i.stack.imgur.com Allowed, sending to /192.168.0.1
12-18 11:40:44.352  1248  3665 D AdVpnThread: doOne: Polling 3 file descriptors
12-18 11:40:44.380  1248  3665 D AdVpnThread: Read from DNS socketjava.net.DatagramSocket@6395635
12-18 11:40:44.381  1248  3665 D AdVpnThread: doOne: Polling 2 file descriptors
12-18 11:40:44.381  1248  3665 D AdVpnThread: Write to device
12-18 11:40:44.381  1248  3665 D AdVpnThread: doOne: Polling 2 file descriptors
12-18 11:40:44.382  1248  3665 D AdVpnThread: Read from device
12-18 11:40:44.382  1248  3665 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /192.168.0.1
12-18 11:40:44.382  1248  3665 I DnsPacketProxy: handleDnsRequest: DNS Name i.stack.imgur.com Allowed, sending to /192.168.0.1
12-18 11:40:44.384  1248  3665 D AdVpnThread: doOne: Polling 3 file descriptors
12-18 11:40:44.459  1248  3665 D AdVpnThread: Read from DNS socketjava.net.DatagramSocket@be0758
12-18 11:40:44.459  1248  3665 D AdVpnThread: doOne: Polling 2 file descriptors
12-18 11:40:44.459  1248  3665 D AdVpnThread: Write to device
12-18 11:40:44.460  1248  3665 D AdVpnThread: doOne: Polling 2 file descriptors
12-18 11:40:44.460  1248  3665 D AdVpnThread: Read from device
12-18 11:40:44.464  1248  3665 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)]
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Version: 4 (IPv4)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   IHL: 5 (20 [bytes])
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0]
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Total length: 60 [bytes]
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Identification: 65253
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Fragment offset: 0 (0 [bytes])
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   TTL: 64
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Protocol: 6 (TCP)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Header checksum: 0xb7d2
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Source address: /192.0.2.1
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:   Destination address: /192.0.2.2
12-18 11:40:44.464  1248  3665 I DnsPacketProxy: 
12-18 11:40:44.464  1248  3665 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162)
12-18 11:40:44.464  1248  3665 I DnsPacketProxy:    at java.lang.Thread.run(Thread.java:919)
12-18 11:40:44.464  1248  3665 D AdVpnThread: doOne: Polling 2 file descriptors
12-18 11:40:45.491  1248  3665 D AdVpnThread: Read from device
12-18 11:40:45.494  1248  3665 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv4 Header (20 bytes)]
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Version: 4 (IPv4)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   IHL: 5 (20 [bytes])
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0]
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Total length: 60 [bytes]
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Identification: 65254
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Fragment offset: 0 (0 [bytes])
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   TTL: 64
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Protocol: 6 (TCP)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Header checksum: 0xb7d1
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Source address: /192.0.2.1
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:   Destination address: /192.0.2.2
12-18 11:40:45.494  1248  3665 I DnsPacketProxy: 
12-18 11:40:45.494  1248  3665 I DnsPacketProxy: java.lang.ClassCastException: org.pcap4j.packet.TcpPacket cannot be cast to org.pcap4j.packet.UdpPacket
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:156)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:324)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:289)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:225)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:    at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:162)
12-18 11:40:45.494  1248  3665 I DnsPacketProxy:    at java.lang.Thread.run(Thread.java:919)
julian-klode commented 3 years ago

This works for me, and support for DNS over TCP is out of scope for the project at the moment, so I'm afraid I have to close it. DNS over TCP, like DNS over TLS would require a significant rewrite of the backend and add support for session management, which I do not have resources to commit for.

k3an3 commented 3 years ago

Why is there TCP in this case at all? As far as I know, these are normal DNS requests from the browser (Chrome in my case, Firefox for OP) that are failing due to DNS66 issues.

The issues seem intermittent, so maybe that's why you can't reproduce.

So this issue will just go unresolved then, even though it breaks normal browsing?

jape42 commented 3 years ago

I think TCP is used when the dns request size exceeds UDP max size. In my case, I'm guessing it is dnssec related.

I'm trying out using blokada 5 from fdroid. First few tests look good.

julian-klode commented 3 years ago

Oh right, yes. DNS66 should probably strip all DNSSEC stuff which should fix the issue I suppose, as Android will just silently downgrade.

julian-klode commented 3 years ago

Optimally we'd have TCP support (which would also give us DNSoverTLS easily), but oh well, it's hard and time is limited?

k3an3 commented 3 years ago

Why would I be having the same issue if I'm not using DNSSEC though?