DNS resolve problem on China Telecom. Failed to connect to cp.cloudflare.com/127.0.0.1:443

[shell12345]

Describe the bug DNS-related bugs. I use China Telecom (wifi or China mobile is fine) I get this error Failed to connect to cp.cloudflare.com/127.0.0.1:443. I resolve DNS on the remote server on bypass china mode ( all route is also fine). I notice the China Telecom will send "127.0.0.1" if request a sensitive domain name. So I think it is a bug that ss send DNS requests to the internet provider. Pls, fix it. A comprise way to solve this problem is to enable private dns. Then, all DNS requests are sent to private DNS, like dns.google. But I did not find a single one to work smoothly under my network (latency or can not connect). related issue #2760.

Smartphone (please complete the following information):

• Android/11
• Device: [oppo findx 3 huawei matepad pro]
• Version: [5.2.5]
• Last version that did not exhibit the issue: [not applicable]

Configuration Put an x inside the [ ] that applies.

• [x ] IPv4 server address
• [ ] IPv6 server address
• [ ] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method:
• Route
  • [ ] All
  • [x] Bypass LAN
  • [x] Bypass China
  • [x] Bypass LAN & China
  • [x] GFW List
  • [x] China List
  • [x] Custom rules
• [ ] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 127.0.0.1
• [ ] DNS over UDP
• Plugin configuration (if applicable):
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context Add any other context about the problem here.

[shell12345]

I think DNS resolve problems last for a long time. I read an issue that said ss will leak DNS to the internet provider, only all route mode is fine. Now, this issue may be more serious, an internet provider like China Telecom will send 127.0.0.1 to local when requests a sensitive domain. So, any advice? Private DNS is just comprised way.

[Mygod]

Use bypass China instead?

[shell12345]

Use bypass China instead?

Thanks for the reply. Two modes works:

1. all route.
2. bypass China. Others encounter the error Failed to connect to cp.cloudflare.com/127.0.0.1:443.

So why bypass china and local failed?

[Mygod]

127.0.0.1 is a LAN address and therefore matches the bypass LAN rule.

[aohanhongzhi]

The same happened to me