search

kkkgo / PaoPaoDNS

泡泡DNS是一个能一键部署递归DNS的docker镜像
https://blog.03k.org/post/paopaodns.html
GNU General Public License v3.0
847 stars 67 forks source link

[Help] test.sh 时不时失败,递归服务时不时无返回 #162

Closed wy315700 closed 4 months ago

wy315700 commented 4 months ago

在提交之前,请确认

test.sh脚本自检日志

/data # test.sh
*********************************************************************************

images build time : 2024-06-11 08:21:39 UTC
check for the latest version ,
go to https://github.com/kkkgo/PaoPaoDNS/discussions 
-> test start `1719552040`

[INFO] ALL TEST PASS.✅

-> test end `1719552042`

/data # test.sh -h
*********************************************************************************

images build time : 2024-06-11 08:21:39 UTC
check for the latest version ,
go to https://github.com/kkkgo/PaoPaoDNS/discussions 
-> test start `1719551876`
```rust
yyyyyyyyyNOCN-5301 failed:yyy
[INFO] TEST FAIL.❌

-> test end 1719551878


### debug.sh脚本自检日志

```txt
### == debug.sh : docker exec -it paopaodns sh ==
-> debug start `1719551845`

[INFO] images build time : 2024-06-11 08:21:39 UTC
[OK]DATA_writeable
[OK]DATA_readable
[INFO] NETWORK
*********************************************************************************

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
83: eth0@if84: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    inet 192.168.5.10/24 brd 192.168.5.255 scope global eth0
default via 192.168.5.1 dev eth0 
192.168.5.0/24 dev eth0 scope link  src 192.168.5.10 
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=117 time=6.529 ms

--- 223.5.5.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.529/6.529/6.529 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=53 time=5.363 ms

--- 119.29.29.29 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 5.363/5.363/5.363 ms
Server:         223.5.5.5
Address:        223.5.5.5#53

Non-authoritative answer:
www.taobao.com  canonical name = www.taobao.com.danuoyi.tbcache.com.
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 106.227.101.236
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 106.227.101.237
;; Got bad packet: unexpected end of input
84 bytes
93 9c 81 80 00 01 00 00 00 01 00 00 03 77 77 77          .............www
06 74 61 6f 62 61 6f 03 63 6f 6d 07 64 61 6e 75          .taobao.com.danu
6f 79 69 07 74 62 63 61 63 68 65 03 63 6f 6d 00          oyi.tbcache.com.
00 1c 00 01 c0 0c 00 06 00 01 00 00 01 2c 00 00          .............,..
16 6a 0f 2f 9d 9d 90 c2 7f 2e 63 14 c9 f6 b1 bc          .j./......c.....
16 ff b5 08                                              ....

Server:         119.29.29.29
Address:        119.29.29.29#53

Non-authoritative answer:
www.qq.com      canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.22.57
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.42.232
;; Got bad packet: unexpected end of input
84 bytes
5d e1 81 80 00 01 00 00 00 01 00 00 0c 69 6e 73          ]............ins
2d 72 32 33 74 73 75 75 66 03 69 61 73 0d 74 65          -r23tsuuf.ias.te
6e 63 65 6e 74 2d 63 6c 6f 75 64 03 6e 65 74 00          ncent-cloud.net.
00 1c 00 01 c0 0c 00 06 00 01 00 00 01 2c 00 00          .............,..
00 00 00 00 01 00 00 00 04 00 00 00 00 00 0a 00          ................
00 00 00 00                                              ....

*********************************************************************************

[INFO] ENV
*********************************************************************************

====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:1000m 2000m 1000000 3000mb
prefPC:100
CORES:-4-
POWCORES:-4-
ulimit :-10240-
FDLIM :-1268-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-DNS-
SERVER_IP:-none-
ETHIP:-192.168.5.10-
DNSPORT:-53-
SOCKS5:-IP:PORT-
CNAUTO:-yes-
IPV6:-no-
CNFALL:-no-
CUSTOM_FORWARD:-IP:PORT-
AUTO_FORWARD:-no-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-no-
RULES_TTL:-600-
CUSTOM_FORWARD_TTL:-0-
SHUFFLE:-no-
EXPIRED_FLUSH:-yes-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-no-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-no-
PLATFORM:-Linux dns 5.10.194 #0 SMP Mon Dec 13 10:43:05 2021 x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:240529.1
total 388K   
   4.0K drwxrwxrwx    3 0        0           4.0K Jun 28 13:15 .
   4.0K drwxr-xr-x    1 0        0           4.0K Jun 28 13:15 ..
 260.0K -rw-r--r--    1 0        0         257.0K Jun 28 13:15 Country-only-cn-private.mmdb
   4.0K -rwxrwxrwx    1 0        0            233 Jun 28 11:10 custom_env.ini
   4.0K -rwxrwxrwx    1 0        0            416 Jun 28 13:15 custom_mod.yaml
   4.0K drwxr-xr-x    2 0        0           4.0K Jun 28 13:15 dnscrypt-resolvers
   4.0K -rw-r--r--    1 0        0           3.0K Jun 28 13:15 dnscrypt.toml
   4.0K -rwxrwxrwx    1 0        0            571 Jun 27 18:33 force_dnscrypt_list.txt
   4.0K -rwxrwxrwx    1 0        0            387 Jun 27 18:33 force_recurse_list.txt
   4.0K -rwxrwxrwx    1 0        0            231 Jun 27 20:16 force_ttl_rules.txt
  12.0K -rw-r--r--    1 0        0           9.9K Jun 28 13:15 mosdns.yaml
   8.0K -rw-r--r--    1 0        0           5.7K Jun 28 13:15 redis.conf
  16.0K -rwxrwxrwx    1 0        0          13.2K Jun 28 11:10 trackerslist.txt
  52.0K -rw-r--r--    1 0        0          50.6K Jun 28 13:15 unbound.conf
   4.0K -rwxrwxrwx    1 0        0            289 Jun 27 18:33 unbound_custom.conf
*********************************************************************************

[INFO] PS
*********************************************************************************

PID   USER     TIME  COMMAND
    1 root      0:00 {init.sh} /bin/sh /usr/sbin/init.sh
   22 root      0:00 crond
   57 root      0:00 redis-server unixsocket:/tmp/redis.sock
  381 root      0:00 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
  397 root      0:00 unbound -c /tmp/unbound_forward.conf -p
  408 root      0:00 mosdns start -d /tmp -c /tmp/mosdns.yaml
  424 root      0:00 unbound -c /tmp/unbound_raw.conf -p
  425 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
  426 root      0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
  428 root      0:00 tail -f /dev/null
  429 root      0:00 sleep 206
  459 root      0:00 inotifywait -e modify,delete /etc/unbound/named.cache /data/Country-only-cn-private.mmdb /data/force_recurse_list.txt /data/force_dns
  463 root      0:00 /bin/sh
  858 root      0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
  874 root      0:00 ps -ef
  424 root      0:00 unbound -c /tmp/unbound_raw.conf -p
unbound OK.
  397 root      0:00 unbound -c /tmp/unbound_forward.conf -p
unbound_forward OK.
*********************************************************************************

[INFO] TOP
*********************************************************************************

CPU:   0% usr   0% sys   0% nic 100% idle   0% io   0% irq   0% sirq
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
  381     1 root     S    1211m   7%   1   0% dnscrypt-proxy -config /data/dnscr
  408     1 root     S    1210m   7%   3   0% mosdns start -d /tmp -c /tmp/mosdn
  424     1 root     S     760m   4%   2   0% unbound -c /tmp/unbound_raw.conf -
   57     1 root     S    22592   0%   1   0% redis-server unixsocket:/tmp/redis
  397     1 root     S    20716   0%   2   0% unbound -c /tmp/unbound_forward.co
  425     1 root     S     1708   0%   2   0% {watch_list.sh} /bin/sh /usr/sbin/
  463     0 root     S     1692   0%   0   0% /bin/sh
  426     1 root     S     1632   0%   1   0% {data_update.sh} /bin/sh /usr/sbin
    1     0 root     S     1628   0%   2   0% {init.sh} /bin/sh /usr/sbin/init.s
  858   463 root     S     1624   0%   0   0% {debug.sh} /bin/sh /usr/sbin/debug
  881   858 root     R     1620   0%   2   0% top -n1
  428     1 root     S     1612   0%   2   0% tail -f /dev/null
  429   426 root     S     1608   0%   1   0% sleep 206
  882   858 root     S     1608   0%   1   0% grep %
  459   425 root     S     1068   0%   1   0% inotifywait -e modify,delete /etc/
   22     1 root     S      856   0%   0   0% crond
*********************************************************************************

[INFO] REDIS
*********************************************************************************

used_memory_human:1008.43K
used_memory_rss_human:4.15M
used_memory_peak_human:1010.95K
total_system_memory_human:15.51G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:2.93G
(integer) 8
*********************************************************************************

[TEST] IP ROUTE
*********************************************************************************

CN IP URL:
180.x.x.x
-
180.x.x.x
--
180.x.x.x
CN RAW-IP URL:
180.x.x.x
------------------
Non-CN IP URL:
180.x.x.x
-
180.x.x.x
--
180.x.x.x
Non-CN RAW-IP URL:
180.x.x.x
-
180.x.x.x
--
180.x.x.x
---
180.x.x.x
------------------
IP INFO:
180.x.x.x
CN,Shanghai,Shanghai
ASN4812/China Telecom
HTTP/1.1 
Mozilla/5.0 Gecko/20100101 Firefox/120.0 https://github.com/kkkgo/PaoPaoDNS
Asia/Shanghai Time: 6/28/2024, 1:17:30 PM
[INFO] force_recurse_list
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
MOSDNS WHOAMI :
MOSDNS akahelp: "ns" "180.x.x.x"
MOSDNS 03k: 180.x.x.x
UNBOUND WHOAMI:
UNBOUND akahelp: "ns" "180.x.x.x"
UNBOUND 03k: 180.x.x.x
*********************************************************************************

[TEST] HIJACK
*********************************************************************************

;; communications error to 9.8.7.5#53: timed out
;; no servers could be reached

;; communications error to 9.8.7.6#53: timed out
;; no servers could be reached

HIJACK 127.0.0.1 = 58.217.249.177
*********************************************************************************

[TEST] DIG-CN [taobao]
*********************************************************************************

MOSDNS CN:
www.taobao.com.danuoyi.tbcache.com.
163.181.140.193
163.181.140.192
UNBOUND CN:
www.taobao.com.danuoyi.tbcache.com.
106.227.101.237
106.227.101.236
[TEST] DIG-NOCN [youtube]
MOSDNS NOCN:
youtube-ui.l.google.com.
142.250.113.91
142.250.113.93
DNSCRYPT-UNBOUND NOCN:
youtube-ui.l.google.com.
142.250.114.190
142.250.113.93
DNSCRYPT NOCN:
youtube-ui.l.google.com.
142.250.113.91
142.250.113.93
DNSCRYPT-SOCKS5 NOCN:
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

*********************************************************************************

[TEST] DUAL CN [IPv6=YES will have aaaa,taobao]
*********************************************************************************

[TEST] DUAL NOCN [IPv6=YES will block aaaa,youtube]
[TEST] ONLY6 [IPv6=only6 will block aaaa if a ok]
checkipv6.synology.com : ip6.03k.org : 6.ipw.cn : 
*********************************************************************************

[info] ALL TEST FINISH.

问题描述和复现步骤

启动容器一开始都好,差不多 5 分钟后就开始部分递归查询无结果了。然后就导致国内的查询都走了 dnscrypt。全解析到国外去了。

$ dig @192.168.5.10 -p 5301 www.jd.com

; <<>> DiG 9.16.23-RH <<>> @192.168.5.10 -p 5301 www.jd.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41191
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.jd.com.   IN  A

;; Query time: 5 msec
;; SERVER: 192.168.5.10#5301(192.168.5.10)
;; WHEN: Fri Jun 28 13:22:52 CST 2024
;; MSG SIZE  rcvd: 44

经常出现这种结果

是因为运营商网络问题吗。

wy315700 commented 4 months ago

还有个问题,dnscrypt 能选择连接哪个服务器吗,,5303的 dig 从来就没成功过。

kkkgo commented 4 months ago

1、很明显你的网络环境有问题,你看查询公共DNS都报错,;; Got bad packet: unexpected end of input,至于原因只能自己排查试试,可以尝试docker的host网络模式。 2、5303是用socks5查询的(可选项), 没定义SOCKS5所以不会成功,test.sh也不会因为这个报错。dnscrypt本身是自动优化请求的,不需要手动选择。 3、另外建议开启CNFALL和USE_MARK_DATA,在递归失败的时候就不会导致国内的查询都走了 dnscrypt。

wy315700 commented 4 months ago

;; Got bad packet: unexpected end of input

这个原因应该是我在路由器上拦截了 AAAA 信息。因为ipv6线路带宽很少,不想让机器用v6链接外网。

kkkgo commented 4 months ago

跟AAAA信息没有关系,应该就是你udp通讯有问题。 PaoPaoDNS本身就有IPV6相关设置选项。 你路由器也不可能存在能单独拦截AAAA流量的功能,这不是简单拦截规则就可以做到的,除非把DNS拆包重组,但这样明显不会报错。你可能对路由器自身提供的DNS服务的AAAA过滤功能有误解。

wy315700 commented 4 months ago

爱快路由的 AAAA 过滤的确会过滤所有经过的 UDP53 数据,从里面单独把 AAAA 信息拿掉。。

但是我打开这功能了 Got bad packet: unexpected end of input没了,但是递归解析依然报错

/data # debug.sh

== debug.sh : docker exec -it paopaodns sh ==

-> debug start 1719562261

[INFO] images build time : 2024-06-11 08:21:39 UTC
[OK]DATA_writeable
[OK]DATA_readable
[INFO] NETWORK
*********************************************************************************

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
85: eth0@if86: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    inet 192.168.5.10/24 brd 192.168.5.255 scope global eth0
default via 192.168.5.1 dev eth0 
192.168.5.0/24 dev eth0 scope link  src 192.168.5.10 
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=117 time=6.911 ms

--- 223.5.5.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.911/6.911/6.911 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=53 time=5.194 ms

--- 119.29.29.29 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 5.194/5.194/5.194 ms
Server:         223.5.5.5
Address:        223.5.5.5#53

Non-authoritative answer:
www.taobao.com  canonical name = www.taobao.com.danuoyi.tbcache.com.
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 106.227.101.236
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 106.227.101.237
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 240e:958:2300:213:3::7cf
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 240e:958:2300:213:3::7d0

Server:         119.29.29.29
Address:        119.29.29.29#53

Non-authoritative answer:
www.qq.com      canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.42.232
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.22.57
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:e1:a800:120::36
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:e1:a800:120::76

*********************************************************************************

[INFO] ENV
*********************************************************************************

====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:1000m 2000m 1000000 3000mb
prefPC:100
CORES:-4-
POWCORES:-4-
ulimit :-10240-
FDLIM :-1268-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-Mitako.DNS-
SERVER_IP:-none-
ETHIP:-192.168.5.10-
DNSPORT:-53-
SOCKS5:-IP:PORT-
CNAUTO:-yes-
IPV6:-no-
CNFALL:-no-
CUSTOM_FORWARD:-IP:PORT-
AUTO_FORWARD:-no-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-no-
RULES_TTL:-600-
CUSTOM_FORWARD_TTL:-0-
SHUFFLE:-no-
EXPIRED_FLUSH:-yes-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-no-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-no-
PLATFORM:-Linux dns 5.10.194 #0 SMP Mon Dec 13 10:43:05 2021 x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:240529.1
total 388K   
   4.0K drwxrwxrwx    3 0        0           4.0K Jun 28 13:15 .
   4.0K drwxr-xr-x    1 0        0           4.0K Jun 28 13:15 ..
 260.0K -rwxrwxrwx    1 0        0         257.9K Jun 28 13:34 Country-only-cn-private.mmdb
   4.0K -rwxrwxrwx    1 0        0            233 Jun 28 13:34 custom_env.ini
   4.0K -rwxrwxrwx    1 0        0            416 Jun 28 15:59 custom_mod.yaml
   4.0K drwxrwxrwx    2 0        0           4.0K Jun 28 13:15 dnscrypt-resolvers
   4.0K -rwxrwxrwx    1 0        0           3.0K Jun 28 13:15 dnscrypt.toml
   4.0K -rwxrwxrwx    1 0        0            571 Jun 27 18:33 force_dnscrypt_list.txt
   4.0K -rwxrwxrwx    1 0        0            387 Jun 27 18:33 force_recurse_list.txt
   4.0K -rwxrwxrwx    1 0        0            231 Jun 27 20:16 force_ttl_rules.txt
  12.0K -rwxrwxrwx    1 0        0           9.9K Jun 28 13:15 mosdns.yaml
   8.0K -rwxrwxrwx    1 0        0           5.7K Jun 28 13:15 redis.conf
  16.0K -rwxrwxrwx    1 0        0          13.2K Jun 28 13:34 trackerslist.txt
  52.0K -rwxrwxrwx    1 0        0          50.6K Jun 28 13:15 unbound.conf
   4.0K -rwxrwxrwx    1 0        0            289 Jun 27 18:33 unbound_custom.conf
*********************************************************************************

[INFO] PS
*********************************************************************************

PID   USER     TIME  COMMAND
    1 root      0:00 {init.sh} /bin/sh /usr/sbin/init.sh
   12 root      0:00 crond
   47 root      0:00 redis-server unixsocket:/tmp/redis.sock
  364 root      0:00 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
  381 root      0:00 unbound -c /tmp/unbound_forward.conf -p
  393 root      0:00 mosdns start -d /tmp -c /tmp/mosdns.yaml
  404 root      0:00 unbound -c /tmp/unbound_raw.conf -p
  405 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
  408 root      0:00 tail -f /dev/null
  439 root      0:00 inotifywait -e modify,delete /etc/unbound/named.cache /data/Country-only-cn-private.mmdb /data/force_recurse_list.txt /data/force_dns
  443 root      0:00 /bin/sh
 1951 root      0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
 1967 root      0:00 ps -ef
  404 root      0:00 unbound -c /tmp/unbound_raw.conf -p
unbound OK.
  381 root      0:00 unbound -c /tmp/unbound_forward.conf -p
unbound_forward OK.
*********************************************************************************

[INFO] TOP
*********************************************************************************

CPU:   0% usr   0% sys   0% nic  92% idle   0% io   0% irq   7% sirq
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
  364     1 root     S    1210m   7%   3   0% dnscrypt-proxy -config /data/dnscr
  393     1 root     S    1210m   7%   0   0% mosdns start -d /tmp -c /tmp/mosdn
  404     1 root     S     761m   4%   3   0% unbound -c /tmp/unbound_raw.conf -
   47     1 root     S    22684   0%   3   0% redis-server unixsocket:/tmp/redis
  381     1 root     S    20720   0%   2   0% unbound -c /tmp/unbound_forward.co
  405     1 root     S     1708   0%   1   0% {watch_list.sh} /bin/sh /usr/sbin/
  443     0 root     S     1696   0%   0   0% /bin/sh
    1     0 root     S     1628   0%   2   0% {init.sh} /bin/sh /usr/sbin/init.s
 1951   443 root     S     1624   0%   3   0% {debug.sh} /bin/sh /usr/sbin/debug
 1974  1951 root     R     1620   0%   0   0% top -n1
  408     1 root     S     1612   0%   2   0% tail -f /dev/null
 1975  1951 root     S     1608   0%   1   0% grep %
  439   405 root     S     1068   0%   2   0% inotifywait -e modify,delete /etc/
   12     1 root     S      856   0%   1   0% crond
*********************************************************************************

[INFO] REDIS
*********************************************************************************

used_memory_human:1.02M
used_memory_rss_human:4.32M
used_memory_peak_human:1.18M
total_system_memory_human:15.51G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:2.93G
(integer) 13
*********************************************************************************

[TEST] IP ROUTE
*********************************************************************************

CN IP URL:
180.158.x.x
-
180.158.x.x
--
180.158.x.x
CN RAW-IP URL:
180.158.x.x
------------------
Non-CN IP URL:
180.158.x.x
-
180.158.x.x
--
180.158.x.x
Non-CN RAW-IP URL:
180.158.x.x
-
180.158.x.x
--
180.158.x.x
---
180.158.x.x
------------------
IP INFO:
180.158.x.x
CN,Shanghai,Shanghai
ASN4812/China Telecom
HTTP/1.1 
Mozilla/5.0 Gecko/20100101 Firefox/120.0 https://github.com/kkkgo/PaoPaoDNS
Asia/Shanghai Time: 6/28/2024, 4:11:10 PM
[INFO] force_recurse_list
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
MOSDNS WHOAMI :
MOSDNS akahelp: "ns" "180.158.x.x"
MOSDNS 03k: 180.158.x.x
UNBOUND WHOAMI:
UNBOUND akahelp: "ns" "180.158.x.x"
UNBOUND 03k: 180.158.x.x
*********************************************************************************

[TEST] HIJACK
*********************************************************************************

;; communications error to 9.8.7.5#53: timed out
;; no servers could be reached

;; communications error to 9.8.7.6#53: timed out
;; no servers could be reached

HIJACK 127.0.0.1 = 58.217.249.177
*********************************************************************************

[TEST] DIG-CN [taobao]
*********************************************************************************

MOSDNS CN:
www.taobao.com.danuoyi.tbcache.com.
163.181.145.217
163.181.145.218
UNBOUND CN:
unbound_raw FAILED.
*********************************************************************************

[TEST] DIG-NOCN [youtube]
MOSDNS NOCN:
youtube-ui.l.google.com.
142.250.68.46
142.250.72.174
DNSCRYPT-UNBOUND NOCN:
youtube-ui.l.google.com.
142.250.188.238
172.217.12.142
DNSCRYPT NOCN:
youtube-ui.l.google.com.
142.250.138.93
142.250.115.190
DNSCRYPT-SOCKS5 NOCN:
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

*********************************************************************************

[TEST] DUAL CN [IPv6=YES will have aaaa,taobao]
*********************************************************************************

[TEST] DUAL NOCN [IPv6=YES will block aaaa,youtube]
[TEST] ONLY6 [IPv6=only6 will block aaaa if a ok]
checkipv6.synology.com : ip6.03k.org : 6.ipw.cn : 
*********************************************************************************

[info] ALL TEST FINISH.

-> debug end 1719562272

wy315700 commented 4 months ago

还有一个很奇怪的现象 递归失败以后不会去重试。

tcpdump -i eth0 -nt -s 500 port domain

没有发现任何流量去请求外部的 53 端口

kkkgo commented 4 months ago

debug.sh没能看出什么有异常的日志,递归失败只能是网络条件问题了,已知的手段只有尽量减少nat层数。 如果你想知道实际上发生了什么,你可以编辑/data/unbound.conf,把verbosity: 0修改为verbosity: 3或者verbosity: 5,然后启动容器后,先执行killall unbound,再执行debug.sh,你就可以看到unbound的实时执行日志(日志内容很多,不必贴出来,多半是THROWAWAY之类的错误,没啥参考价值)。

wy315700 commented 4 months ago

看来网络环境还是不支持自建递归

kkkgo commented 4 months ago

https://github.com/kkkgo/PaoPaoDNS/discussions/131

wy315700 commented 4 months ago

忽然想到一种配置方法。用EDNS Client Subnet把终端的 IP 传递给权威服务器。 这样我就可以用ipv6来连接权威服务器了。

但是 unbound 目前好像没有提供固定Subnet IP 的方法,只能接受传递过来的Subnet IP。

kkkgo commented 4 months ago

unbound本身就支持ipv6递归,只要你为容器提供ipv6地址。 EDNS Client Subnet对于搭建本地递归服务器没有意义,因为他发出的请求的就是真实IP。如果你特意使用云服务中转,并不是所有权威服务器都支持,或者说,这样做和你使用公共DNS没有太大区别。

wy315700 commented 4 months ago

我是这个意思,我的ipv4是电信线路,ipv6是移动的线路,我需要用ipv6进行解析,但是要把电信的ipv4d IP 地址带出去。 因为电信的下行有 1000m,移动的下行只有 10m。

另外再问个问题,dnscrypt能指定节点吗,不想解析到欧洲去

kkkgo commented 4 months ago

1、这样做和你使用公共DNS没有太大区别; 2、你可以指定socks5,强制使用socks5查询则加上@(文档有写)。dnscrypt会选择连接性最快的2个节点查询,你可以提供给对应目的地的SOCKS5代理。