domain resolve problem - DNS not working

zerodwide commented 4 years ago

What version of shadowsocks-libev are you using?

shadowsocks-libev 3.3.4 (also tested on latest docker and pip, same result)

What operating system are you using?

Ubuntu 16.04 LTS on esxi virtual machine, hosted on hetzner dedicated server virtual machine on esxi is routeable by setting virtual MAC. with dhcp it will get proper ip and network settings

What did you do?

after reading FAQ and other issues, i found similar problem which was caused by not setting server or dns, so i tried to set server ip, dns addresses (8.8.8.8 or 4.2.2.4 or hetzner dns 213.133.98.98), and all possible configuration has been tested. for example only server address, only dns address, both of them at the same time, changing timeout, password, server port, method, but no result!
tested port accessibility which is open, tested on telnet, and also i can get response with ip request only! so problem is just with dns resolving
checked /etc/resolv.conf which perfectly has hetzner dns
ping to any domain works fine in server
squid3 proxy server is running on server and working fine
setting interface with -i parameter which is ens160 in my server
i thought may be the problem is with virtual Ethernet driver on esxi, which was VMX3, so i changed it to E1000, same result.
disabled dhcp and set static ip.
restarted server.
started docker on another linux virtual machine on dedicated server, same result!
really freaked out! after 6 hours :)

What did you expect to see?

client is android 9, which is perfectly fine by connecting to someone elses server but when i connect to my server, only i can see web sites with ip address, by domain timeout response come to browser on phone

What did you see instead?

in server log, i don't even see log which try to connect to domain name! but connecting to ip, shows the ip ( [443] connect to [IP_ADDRESS_OF_SITE_WITH_IP]:80 ) for all of other requests just shows new connection from client!

running with root user:

 $ ss-server -c c.json -v
 2020-04-05 15:45:46 INFO: initializing ciphers... aes-256-gcm
 2020-04-05 15:45:46 INFO: tcp server listening at xxxxxxxxxx:443
 2020-04-05 15:45:46 INFO: running from root user
 2020-04-05 15:45:50 INFO: new connection from client, 1 opened client connections
 2020-04-05 15:45:50 INFO: new connection from client, 2 opened client connections
 2020-04-05 15:45:50 INFO: new connection from client, 3 opened client connections
 2020-04-05 15:45:50 INFO: new connection from client, 4 opened client connections
 2020-04-05 15:52:02 INFO: [443] connect to [IP_ADDRESS_OF_SITE_WITH_IP]:80
 2020-04-05 15:52:02 INFO: new connection to remote, 1 opened remote connections
 2020-04-05 15:52:02 INFO: new connection from client, 13 opened client connections
 2020-04-05 15:52:03 INFO: new connection from client, 14 opened client connections
 2020-04-05 15:52:03 INFO: new connection from client, 15 opened client connections
 2020-04-05 15:52:03 INFO: new connection from client, 16 opened client connections
 2020-04-05 15:52:03 INFO: new connection from client, 17 opened client connections

What is your config in detail (with all sensitive info masked)?

config c.json:

    "server":"xxxxxxxxxxxx",
    "server_port":443,
    "password":"xxxxxxxxxxxxxx",
    "method":"aes-256-gcm"

this is ifconfig of all adapters:


 docker0   Link encap:Ethernet  HWaddr xx:42:xx:xx:82:d3

          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::xxxx:4dff:fed7:xxxx/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:127 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:15504 (15.5 KB)

ens160    Link encap:Ethernet  HWaddr 00:xx:56:xx:xx:xx
          inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.xx  Mask:255.255.255.192
          inet6 addr: xxxx::xxxx:xxxx:fe00:5e11/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:256961 errors:0 dropped:0 overruns:0 frame:0
          TX packets:209895 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:148350414 (148.3 MB)  TX bytes:155379378 (155.3 MB)
          Interrupt:18 Memory:fd4a0000-fd4c0000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:33379 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33379 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21485664 (21.4 MB)  TX bytes:21485664 (21.4 MB)

veth3ef032c Link encap:Ethernet  HWaddr 72:7c:70:2d:51:c6
          inet6 addr: fe80::707c:70ff:fe2d:51c6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:23257 (23.2 KB)

zerodwide commented 4 years ago

it is very strange! i installed ShadowSocksR by https://www.tipsforchina.com/how-to-setup-a-fast-shadowsocks-server-on-vultr-vps-the-easy-way.html#install on the same server, with https://github.com/shadowsocksrr/shadowsocksr-android/releases client on android and ShadowSocksR is working with no dns issue!

i should mention the client is located in iran and server is in germany, does shadowsocks blockable in iran? if yes, so why some other servers are just working fine with shadowsocks on native shadowsocks android app flawlessly?

Can shadowsocks get blocked, and still working only by send response from ip addresses and failing on domain resolving?

RebelliousWhiz commented 4 years ago

Hi mate,

Did you specify the DNS in shadowsocks config?

You can add -d "8.8.8.8" to your ss-server -c c.json -v or add "nameserver": "8.8.8.8" to your c.json.

Let's see how it works.

parsalotfy commented 4 years ago

@madeye Did the solution @RebelliousWhiz just said , work ? I have same problem , same data center (Hetzner) . . . . Both of servers (default server of app and my hetzner server) have no internet connection... I think in Iran we have problem with Hetzner because I couldn't connect to my L2TP in my hetzner server before, after a week trying ...

Screenshot (171)

but there are other L2TP's those working !

parsalotfy commented 4 years ago

@RebelliousWhiz the default dns is 8.8.8.8 in shadowsocks in docker, but it still not working...

vanyaindigo commented 4 years ago

https://overclockers.ru/blog/Indigo81/show/31739/shadowsocks-cherez-cloudflare-cdn-povyshaem-bezopasnost-v-seti

zerodwide commented 4 years ago

Hi mate,

Did you specify the DNS in shadowsocks config?

You can add -d "8.8.8.8" to your ss-server -c c.json -v or add "nameserver": "8.8.8.8" to your c.json.

Let's see how it works.

sorry for answering late, yes i have tried that too, no luck! i switched to ShadowSocksR which is perfectly working without being banned/tracked/detected for couple of months, i have experienced that openvpn server will be detected and get banned within a month

shadowsocks / shadowsocks-libev