search

rnetx / cdns

https://rnetx.github.io/cdns
Other
19 stars 1 forks source link

ecs+doh解析超时 error: dns: bad rdata #6

Open unicser opened 11 months ago

unicser commented 11 months ago

版本:

cdns v0.0.2-beta.2-0-g4db8df2
plugin matcher: script, domain, geosite, ip, maxminddb
plugin executor: rdns, rediscache, script, ecs, ipset, memcache

配置文件:

log:
  level: debug

upstreams:
  - tag: DNSPOD
    type: https
    address: 120.53.53.53
    path: /dns-query

plugin-executors:
  - tag: ecs
    type: ecs
    args:
      ipv4: 115.192.128.0
      ipv6: 240e:390:602:5a90::0
      mask4: 24
      mask6: 60

workflows:
  - tag: main
    rules:
      - exec:
          - plugin:
              tag: ecs
          - upstream: DNSPOD
          - return

listeners:
  - tag: listener-udp
    type: udp
    listen: '[::]:5353'
    workflow: main

解析错误:

# dig a g.cn @localhost -p5353
;; communications error to ::1#5353: timed out
;; communications error to ::1#5353: timed out
;; communications error to ::1#5353: timed out
;; communications error to 127.0.0.1#5353: timed out

; <<>> DiG 9.18.11 <<>> a g.cn @localhost -p5353
;; global options: +cmd
;; no servers could be reached

日志:

[2023-11-22 03:12:47] [Info] [listener/listener-udp] [499009532 0ms] new request: IN A g.cn.
[2023-11-22 03:12:47] [Debug] [workflow/main] [499009532 0ms] rule[0] exec
[2023-11-22 03:12:47] [Debug] [workflow/main] [499009532 0ms] run exec[0]
[2023-11-22 03:12:47] [Debug] [plugin-executor/ecs] [499009532 0ms] add ecs: 115.192.128.0/24
[2023-11-22 03:12:47] [Debug] [workflow/main] [499009532 0ms] plugin: plugin executor [ecs]: continue
[2023-11-22 03:12:47] [Debug] [workflow/main] [499009532 0ms] run exec[1]
[2023-11-22 03:12:47] [Info] [upstream/DNSPOD] [499009532 0ms] exchange: IN A g.cn.
[2023-11-22 03:12:47] [Error] [upstream/DNSPOD] [499009532 13ms] exchange failed: IN A g.cn., error: dns: bad rdata
[2023-11-22 03:12:47] [Info] [upstream/DNSPOD] [499009532 13ms] exchange: IN A g.cn.
[2023-11-22 03:12:47] [Error] [upstream/DNSPOD] [499009532 26ms] exchange failed: IN A g.cn., error: dns: bad rdata
[2023-11-22 03:12:47] [Info] [upstream/DNSPOD] [499009532 26ms] exchange: IN A g.cn.
[2023-11-22 03:12:47] [Error] [upstream/DNSPOD] [499009532 39ms] exchange failed: IN A g.cn., error: dns: bad rdata
[2023-11-22 03:12:47] [Debug] [workflow/main] [499009532 39ms] upstream: upstream [DNSPOD] exchange failed: dns: bad rdata
[2023-11-22 03:12:47] [Error] [workflow/main] [499009532 39ms] run exec[1]: run failed: dns: bad rdata
[2023-11-22 03:12:47] [Error] [workflow/main] [499009532 39ms] rule[0] exec failed: dns: bad rdata
[2023-11-22 03:12:47] [Error] [listener/listener-udp] [499009532 39ms] handle request failed: IN A g.cn., error: dns: bad rdata
0xffffharry commented 11 months ago

这似乎是 DNSPOD 端的问题,更换为 GoogleDNS 8.8.8.8 和 AliDNS 223.5.5.5 并没有问题

配置:

log:
  level: debug

upstreams:
  - tag: DNSPOD
    type: https
    address: 223.5.5.5

plugin-executors:
  - tag: ecs
    type: ecs
    args:
      ipv4: 115.192.128.0
      ipv6: 240e:390:602:5a90::0
      mask4: 24
      mask6: 60

workflows:
  - tag: main
    rules:
      - exec:
          - plugin:
              tag: ecs
          - upstream: DNSPOD
          - return

listeners:
  - tag: listener-udp
    type: udp
    listen: '[::]:5353'
    workflow: main

dig 结果:

***@***:***$ dig a g.cn @localhost -p5353

; <<>> DiG 9.16.1-Ubuntu <<>> a g.cn @localhost -p5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29427
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: 115.192.128.0/24/24
;; QUESTION SECTION:
;g.cn.                          IN      A

;; ANSWER SECTION:
g.cn.                   207     IN      A       220.181.174.162

;; Query time: 39 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Thu Nov 23 11:29:14 CST 2023
;; MSG SIZE  rcvd: 64

日志:

[2023-11-23 11:28:49] [Info] [core] cdns unknown
[2023-11-23 11:28:49] [Info] [core] plugin matcher: maxminddb, script, domain, geosite, ip
[2023-11-23 11:28:49] [Info] [core] plugin executor: ecs, ipset, memcache, rdns, rediscache, script
[2023-11-23 11:28:49] [Info] [core] core is starting...
[2023-11-23 11:28:49] [Info] [listener/listener-udp] udp listener: listen [::]:5353
[2023-11-23 11:28:49] [Info] [core] core is started, cost: 0ms
[2023-11-23 11:28:51] [Info] [listener/listener-udp] [649012813 0ms] new request: IN A g.cn.
[2023-11-23 11:28:51] [Debug] [workflow/main] [649012813 0ms] rule[0] exec
[2023-11-23 11:28:51] [Debug] [workflow/main] [649012813 0ms] run exec[0]
[2023-11-23 11:28:51] [Debug] [plugin-executor/ecs] [649012813 0ms] add ecs: 115.192.128.0/24
[2023-11-23 11:28:51] [Debug] [workflow/main] [649012813 0ms] plugin: plugin executor [ecs]: continue
[2023-11-23 11:28:51] [Debug] [workflow/main] [649012813 0ms] run exec[1]
[2023-11-23 11:28:51] [Info] [upstream/DNSPOD] [649012813 0ms] exchange: IN A g.cn.
[2023-11-23 11:28:51] [Debug] [upstream/DNSPOD] new tcp connection
[2023-11-23 11:29:09] [Info] [upstream/DNSPOD] [649012813 17635ms] exchange success: IN A g.cn.
[2023-11-23 11:29:09] [Debug] [workflow/main] [649012813 17635ms] run exec[2]
[2023-11-23 11:29:09] [Debug] [workflow/main] [649012813 17635ms] return: return all
[2023-11-23 11:29:09] [Debug] [workflow/main] [649012813 17635ms] run exec[2]: return all
[2023-11-23 11:29:09] [Debug] [workflow/main] [649012813 17635ms] rule[0]: return all
[2023-11-23 11:29:09] [Info] [listener/listener-udp] [649012813 17635ms] handle request success: IN A g.cn.
unicser commented 11 months ago

但是去掉ecs解析正常

配置:

log:
  level: debug

upstreams:
  - tag: DNSPOD
    type: https
    address: 120.53.53.53
    path: /dns-query

workflows:
  - tag: main
    rules:
      - exec:
          - upstream: DNSPOD
          - return

listeners:
  - tag: listener-udp
    type: udp
    listen: '[::]:5353'
    workflow: main

dig解析:

# dig a g.cn @localhost -p5353                                                                                                                                                                                                            

; <<>> DiG 9.18.11 <<>> a g.cn @localhost -p5353                                                                                                                                                                                                                    
;; global options: +cmd                                                                                                                                                                                                                                             
;; Got answer:                                                                                                                                                                                                                                                      
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5958                                                                                                                                                                                                            
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1                                                                                                                                                                                                

;; OPT PSEUDOSECTION:                                                                                                                                                                                                                                               
; EDNS: version: 0, flags:; udp: 1232                                                                                                                                                                                                                               
; COOKIE: 8305a2b984a1a553 (echoed)                                                                                                                                                                                                                                 
; PAD: (403 bytes)                                                                                                                                                                                                                                                  
;; QUESTION SECTION:                                                                                                                                                                                                                                                
;g.cn.                          IN      A

;; ANSWER SECTION:
g.cn.                   35      IN      A       180.163.151.34

;; Query time: 129 msec
;; SERVER: ::1#5353(localhost) (UDP)
;; WHEN: Thu Nov 23 21:22:10 CST 2023
;; MSG SIZE  rcvd: 472

日志:

[2023-11-23 13:22:10] [Info] [listener/listener-udp] [712816881 0ms] new request: IN A g.cn.
[2023-11-23 13:22:10] [Debug] [workflow/main] [712816881 0ms] rule[0] exec
[2023-11-23 13:22:10] [Debug] [workflow/main] [712816881 0ms] run exec[0]
[2023-11-23 13:22:10] [Info] [upstream/DNSPOD] [712816881 0ms] exchange: IN A g.cn.
[2023-11-23 13:22:10] [Debug] [upstream/DNSPOD] new tcp connection
[2023-11-23 13:22:10] [Info] [upstream/DNSPOD] [712816881 123ms] exchange success: IN A g.cn.
[2023-11-23 13:22:10] [Debug] [workflow/main] [712816881 124ms] run exec[1]
[2023-11-23 13:22:10] [Debug] [workflow/main] [712816881 124ms] return: return all
[2023-11-23 13:22:10] [Debug] [workflow/main] [712816881 124ms] run exec[1]: return all
[2023-11-23 13:22:10] [Debug] [workflow/main] [712816881 124ms] rule[0]: return all
[2023-11-23 13:22:10] [Info] [listener/listener-udp] [712816881 124ms] handle request success: IN A g.cn.
0xffffharry commented 11 months ago

已修复错误,请尝试最新commit b75d685

目前已知问题:dig 会附加 EDNS Cookie 选项,似乎会导致与 EDNS ClientSubnet 冲突(DNSPOD),可使用 +nocookie 禁用

dig a g.cn @localhost -p5353 +nocookie

测试结果:

$ dig a g.cn @127.0.0.1 -p 5353 +nocookie

; <<>> DiG 9.16.1-Ubuntu <<>> a g.cn @127.0.0.1 -p 5353 +nocookie
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45044
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: 115.192.128.0/24/16
; PAD: (404 bytes)
;; QUESTION SECTION:
;g.cn.                          IN      A

;; ANSWER SECTION:
g.cn.                   300     IN      A       180.163.151.34

;; Query time: 199 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Thu Nov 23 23:02:04 CST 2023
;; MSG SIZE  rcvd: 472
unicser commented 11 months ago

试了一下新的commit,如果首次dig请求不加+nocookie仍然出现超时,但如果首次请求加+nocookie则返回正常,再次请求即使不加+nocookie也正常。

首次请求不加+nocookie日志:

[2023-11-24 01:48:55] [Info] [listener/listener-udp] [356859713 0ms] new request: IN A g.cn.
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] rule[0] exec
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] run exec[0]
[2023-11-24 01:48:55] [Debug] [plugin-executor/ecs] [356859713 0ms] add ecs: 115.192.128.0/24
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] plugin: plugin executor [ecs]: continue
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] run exec[1]
[2023-11-24 01:48:55] [Info] [upstream/DNSPOD] [356859713 0ms] exchange: IN A g.cn.
[2023-11-24 01:48:55] [Error] [upstream/DNSPOD] [785091408 5013ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:48:55] [Info] [upstream/DNSPOD] [785091408 5013ms] exchange: IN A g.cn.
[2023-11-24 01:48:55] [Error] [upstream/DNSPOD] [297057434 10028ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:48:55] [Info] [upstream/DNSPOD] [297057434 10028ms] exchange: IN A g.cn.
[2023-11-24 01:49:00] [Error] [upstream/DNSPOD] [297057434 15006ms] exchange failed: IN A g.cn., error: send http request failed: Post "https://120.53.53.53/dns-query": context deadline exceeded
[2023-11-24 01:49:00] [Debug] [workflow/main] [297057434 15006ms] upstream: upstream [DNSPOD] exchange failed: context deadline exceeded
[2023-11-24 01:49:00] [Error] [workflow/main] [297057434 15007ms] run exec[1]: run failed: context deadline exceeded
[2023-11-24 01:49:00] [Error] [workflow/main] [297057434 15007ms] rule[0] exec failed: context deadline exceeded
[2023-11-24 01:49:00] [Error] [listener/listener-udp] [297057434 15007ms] handle request failed: IN A g.cn., error: context deadline exceeded
[2023-11-24 01:49:00] [Error] [upstream/DNSPOD] [356859713 5014ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:49:00] [Info] [upstream/DNSPOD] [356859713 5014ms] exchange: IN A g.cn.
[2023-11-24 01:49:00] [Error] [upstream/DNSPOD] [785091408 10030ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:49:00] [Info] [upstream/DNSPOD] [785091408 10030ms] exchange: IN A g.cn.
[2023-11-24 01:49:05] [Error] [upstream/DNSPOD] [785091408 15005ms] exchange failed: IN A g.cn., error: send http request failed: Post "https://120.53.53.53/dns-query": context deadline exceeded
[2023-11-24 01:49:05] [Debug] [workflow/main] [785091408 15006ms] upstream: upstream [DNSPOD] exchange failed: context deadline exceeded
[2023-11-24 01:49:05] [Error] [workflow/main] [785091408 15006ms] run exec[1]: run failed: context deadline exceeded
[2023-11-24 01:49:05] [Error] [workflow/main] [785091408 15006ms] rule[0] exec failed: context deadline exceeded
[2023-11-24 01:49:05] [Error] [listener/listener-udp] [785091408 15006ms] handle request failed: IN A g.cn., error: context deadline exceeded
[2023-11-24 01:49:05] [Error] [upstream/DNSPOD] [356859713 10038ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:49:05] [Info] [upstream/DNSPOD] [356859713 10039ms] exchange: IN A g.cn.
[2023-11-24 01:49:10] [Error] [upstream/DNSPOD] [356859713 15005ms] exchange failed: IN A g.cn., error: send http request failed: Post "https://120.53.53.53/dns-query": context deadline exceeded
[2023-11-24 01:49:10] [Debug] [workflow/main] [356859713 15006ms] upstream: upstream [DNSPOD] exchange failed: context deadline exceeded
[2023-11-24 01:49:10] [Error] [workflow/main] [356859713 15006ms] run exec[1]: run failed: context deadline exceeded
[2023-11-24 01:49:10] [Error] [workflow/main] [356859713 15006ms] rule[0] exec failed: context deadline exceeded
[2023-11-24 01:49:10] [Error] [listener/listener-udp] [356859713 15006ms] handle request failed: IN A g.cn., error: context deadline exceeded
0xffffharry commented 11 months ago

试了一下新的commit,如果首次dig请求不加+nocookie仍然出现超时,但如果首次请求加+nocookie则返回正常,再次请求即使不加+nocookie也正常。

首次请求不加+nocookie日志:

[2023-11-24 01:48:55] [Info] [listener/listener-udp] [356859713 0ms] new request: IN A g.cn.
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] rule[0] exec
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] run exec[0]
[2023-11-24 01:48:55] [Debug] [plugin-executor/ecs] [356859713 0ms] add ecs: 115.192.128.0/24
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] plugin: plugin executor [ecs]: continue
[2023-11-24 01:48:55] [Debug] [workflow/main] [356859713 0ms] run exec[1]
[2023-11-24 01:48:55] [Info] [upstream/DNSPOD] [356859713 0ms] exchange: IN A g.cn.
[2023-11-24 01:48:55] [Error] [upstream/DNSPOD] [785091408 5013ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:48:55] [Info] [upstream/DNSPOD] [785091408 5013ms] exchange: IN A g.cn.
[2023-11-24 01:48:55] [Error] [upstream/DNSPOD] [297057434 10028ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:48:55] [Info] [upstream/DNSPOD] [297057434 10028ms] exchange: IN A g.cn.
[2023-11-24 01:49:00] [Error] [upstream/DNSPOD] [297057434 15006ms] exchange failed: IN A g.cn., error: send http request failed: Post "https://120.53.53.53/dns-query": context deadline exceeded
[2023-11-24 01:49:00] [Debug] [workflow/main] [297057434 15006ms] upstream: upstream [DNSPOD] exchange failed: context deadline exceeded
[2023-11-24 01:49:00] [Error] [workflow/main] [297057434 15007ms] run exec[1]: run failed: context deadline exceeded
[2023-11-24 01:49:00] [Error] [workflow/main] [297057434 15007ms] rule[0] exec failed: context deadline exceeded
[2023-11-24 01:49:00] [Error] [listener/listener-udp] [297057434 15007ms] handle request failed: IN A g.cn., error: context deadline exceeded
[2023-11-24 01:49:00] [Error] [upstream/DNSPOD] [356859713 5014ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:49:00] [Info] [upstream/DNSPOD] [356859713 5014ms] exchange: IN A g.cn.
[2023-11-24 01:49:00] [Error] [upstream/DNSPOD] [785091408 10030ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:49:00] [Info] [upstream/DNSPOD] [785091408 10030ms] exchange: IN A g.cn.
[2023-11-24 01:49:05] [Error] [upstream/DNSPOD] [785091408 15005ms] exchange failed: IN A g.cn., error: send http request failed: Post "https://120.53.53.53/dns-query": context deadline exceeded
[2023-11-24 01:49:05] [Debug] [workflow/main] [785091408 15006ms] upstream: upstream [DNSPOD] exchange failed: context deadline exceeded
[2023-11-24 01:49:05] [Error] [workflow/main] [785091408 15006ms] run exec[1]: run failed: context deadline exceeded
[2023-11-24 01:49:05] [Error] [workflow/main] [785091408 15006ms] rule[0] exec failed: context deadline exceeded
[2023-11-24 01:49:05] [Error] [listener/listener-udp] [785091408 15006ms] handle request failed: IN A g.cn., error: context deadline exceeded
[2023-11-24 01:49:05] [Error] [upstream/DNSPOD] [356859713 10038ms] exchange failed: IN A g.cn., error: invalid http response status code: 502
[2023-11-24 01:49:05] [Info] [upstream/DNSPOD] [356859713 10039ms] exchange: IN A g.cn.
[2023-11-24 01:49:10] [Error] [upstream/DNSPOD] [356859713 15005ms] exchange failed: IN A g.cn., error: send http request failed: Post "https://120.53.53.53/dns-query": context deadline exceeded
[2023-11-24 01:49:10] [Debug] [workflow/main] [356859713 15006ms] upstream: upstream [DNSPOD] exchange failed: context deadline exceeded
[2023-11-24 01:49:10] [Error] [workflow/main] [356859713 15006ms] run exec[1]: run failed: context deadline exceeded
[2023-11-24 01:49:10] [Error] [workflow/main] [356859713 15006ms] rule[0] exec failed: context deadline exceeded
[2023-11-24 01:49:10] [Error] [listener/listener-udp] [356859713 15006ms] handle request failed: IN A g.cn., error: context deadline exceeded

无法复现,我这里正常

你可以尝试更换 DNS 服务器