search

shadowsocks / ChinaDNS

Protect yourself against DNS poisoning in China.
GNU General Public License v3.0
3.6k stars 1.29k forks source link

Strange phenomenon about the DNS resloving #78

Open hduffddybz opened 9 years ago

hduffddybz commented 9 years ago

I have running ChinaDNS for couple of months,but today I encountered a strange problem that I cannot know how to deal with it. The resolving of DNS abroad can done succeed by means of "dig at /./././ -p /*",but always for the ChinaDNS running on the openwrt, it can only resolve the address abroad when it restart and then all the resolving are all failing !The log print here:

ChinaDNS 1.3.0 Mon Mar 23 10:56:20 2015 request mtalk.google.com Mon Mar 23 10:56:20 2015 response mtalk.google.com from 114.114.114.114:53 - 17 3.194.72.188, filter Mon Mar 23 10:56:20 2015 response mtalk.google.com from 107././.191:5050 - 74.125.129.188, pass Mon Mar 23 10:56:29 2015 request www.google.com.hk Mon Mar 23 10:56:29 2015 response www.google.com.hk from 114.114.114.114:53 - 7 4.125.203.199, filter Mon Mar 23 10:56:29 2015 response www.google.com.hk from 107././.191:5050 - 74.125.239.120, 74.125.239.127, 74.125.239.111, 74.125.239.119, pass Mon Mar 23 10:56:40 2015 request wpad.lan Mon Mar 23 10:56:40 2015 response wpad.lan from 114.114.114.114:53 - delay Mon Mar 23 10:56:40 2015 response wpad.lan from 107././.191:5050 - delay Mon Mar 23 10:56:47 2015 request clients4.google.com Mon Mar 23 10:56:47 2015 response clients4.google.com from 114.114.114.114:53 - 74.125.235.226, filter Mon Mar 23 10:56:48 2015 request clients4.google.com Mon Mar 23 10:56:48 2015 response clients4.google.com from 114.114.114.114:53 - 74.125.235.228, filter Mon Mar 23 10:56:49 2015 request www.google.com.hk Mon Mar 23 10:56:49 2015 response www.google.com.hk from 114.114.114.114:53 - 7 4.125.203.199, filter

Mon Mar 23 13:04:45 2015 request www.google.com.hk Mon Mar 23 13:04:45 2015 request www.google.com.hk Mon Mar 23 13:04:45 2015 request www.google.com.hk Mon Mar 23 13:04:45 2015 response www.google.com.hk from 114.114.114.114:53 - 74.125.204.199, filter Mon Mar 23 13:04:45 2015 response www.google.com.hk from 114.114.114.114:53 - 74.125.204.199, filter Mon Mar 23 13:04:45 2015 response www.google.com.hk from 114.114.114.114:53 - 74.125.204.199, filter

hduffddybz commented 9 years ago

When using ChinaDNS 1.3.1, always encounter the same problem!

hduffddybz commented 9 years ago

when using the command of "dig at 192.168.1.1 www.google.com.hk +trace" it get the output:

error

using the command of "dig at 192.168.1.1 www.google.com.hk",it get the output: error2

and then using the command to test the dns server aboard,it get the output: correct

cokebar commented 9 years ago

same with you

heiybb commented 9 years ago

Also the same problem.

clowwindy commented 9 years ago

You should tunnel your traffic to 8.8.8.8 through either VPN or Shadowsocks. Otherwise, the firewall can simply block any responses from DNS servers.

Why? Each time you restart ChinaDNS, it will use a new source port to send DNS queries. If you don't tunnel DNS queries through VPN, the queries are in just plain text. The firewall needs some time to learn that and remember your source IP and port, but eventually it will block them.

hduffddybz commented 9 years ago

So how to use it in chinadns or just use shadowsocks because I did not find the configuration about dns resolving in chinadns.

hduffddybz commented 9 years ago

OK! Finally I get it, I transfer the abroad dns resolving to shadowsocks, maybe will not encounter this problem.

hduffddybz commented 9 years ago

Sorry! This problem seems cannot be solved.When transfer the abroad dns resolving to shadowsocks all things done well only for serval hours and finally it cannot access it.You can see logs here: Thu Apr 16 07:26:47 2015 request www.dropbox.com Thu Apr 16 07:26:47 2015 request www.dropbox.com Thu Apr 16 07:26:47 2015 response www.dropbox.com from 114.114.114.114:53 - 130.185.72.30, filter Thu Apr 16 07:26:47 2015 response www.dropbox.com from 114.114.114.114:53 - 130.185.72.30, filter Thu Apr 16 07:26:47 2015 response www.dropbox.com from 114.114.114.114:53 - 130.185.72.30, filter

and also strange logs here: Thu Apr 16 07:34:55 2015 request www.xunlei.com Thu Apr 16 07:34:55 2015 response www.xunlei.com from 114.114.114.114:53 - 163.177.79.253, pass Thu Apr 16 07:34:55 2015 response www.xunlei.com from 127.0.0.1:5151 - 163.177.79.253, pass Thu Apr 16 07:37:29 2015 request www.sina.com Thu Apr 16 07:37:29 2015 request www.sina.com Thu Apr 16 07:37:29 2015 response www.sina.com from 114.114.114.114:53 - 202.108.33.60, pass Thu Apr 16 07:37:29 2015 response www.sina.com from 114.114.114.114:53 - 202.108.33.60, pass Thu Apr 16 07:37:29 2015 response www.sina.com from 127.0.0.1:5151 - 12.130.132.30, pass Thu Apr 16 07:37:29 2015 response www.sina.com from 127.0.0.1:5151 - 12.130.132.30, pass

clowwindy commented 9 years ago

Since I don't have the problem here, I guess you have to figure out your problem yourself with tools like ping, tcpdump, dig, etc.

cokebar commented 9 years ago

maybe you can try to use pdnsd as a TCP DNS upstreaming sevice. dnsmasq→ChinaDNS→pdnsd→(TCP)→DNS server abroad. I have a similar phenomena few weeks ago. (Now it disapears) In those days TCP mode is more stable for me. UDP mode leads to strange things in ChinaDNS like you.