search

vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
16.64k stars 3.08k forks source link

遇到问题:Watchdog: Force Reset DNS Hijack. #1415

Closed yushaw closed 3 years ago

yushaw commented 3 years ago

hi, 我这边使用 AdGuard Home 作为上游 DNS,目前遇到了这个问题。

一直正常使用,但是最近一次停电重启之后:

  1. OpenClash 的 General Setting 的选项消失;
  2. 直接重装 OpenClash 之后依然无法翻过 GFW,墙内正常;
  3. 看日志发现一直在提示 Force Reset DNS Hijack.

能否帮忙查看是否设置问题,谢谢。

OpenClash 调试日志

生成时间: 2021-06-24 12:35:58 插件版本: v0.42.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息


#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: OpenWrt 21.02.0-rc1 r16046-59980f7aaf
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.111
处理器架构: x86_64

#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT

#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 3074
运行权限: 3074: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.05.08
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: 
Game内核文件: 不存在
Game内核运行权限: 否

Dev内核版本: v1.6.0-12-gc35cb24
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/AmyClash.yaml
启动配置文件: /etc/openclash/AmyClash.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
redir-port: 7892
mixed-port: 7893
allow-lan: true
mode: rule
log-level: silent
ipv6: false
hosts:
  services.googleapis.cn: 216.58.200.67
  www.google.cn: 216.58.200.67
external-controller: 0.0.0.0:9090
clash-for-android:
  append-system-dns: false
profile:
  tracing: true
  store-selected: true
dns:
  enable: true
  listen: 127.0.0.1:7874
  default-nameserver:
  - 223.5.5.5
  - 1.0.0.1
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-filter:
**隐藏**
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
interface-name: eth0

#===================== 防火墙设置 =====================#

#NAT chain

# Generated by iptables-save v1.8.7 on Thu Jun 24 12:36:00 2021
*nat
:PREROUTING ACCEPT [1226:164259]
:INPUT ACCEPT [1541:107206]
:OUTPUT ACCEPT [818:54911]
:POSTROUTING ACCEPT [865:58635]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Thu Jun 24 12:36:00 2021

#Mangle chain

# Generated by iptables-save v1.8.7 on Thu Jun 24 12:36:00 2021
*mangle
:PREROUTING ACCEPT [462736:711498602]
:INPUT ACCEPT [462285:711385883]
:FORWARD ACCEPT [70:22970]
:OUTPUT ACCEPT [376303:674496220]
:POSTROUTING ACCEPT [376372:674518614]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Thu Jun 24 12:36:00 2021

#===================== IPSET状态 =====================#

Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.199.1   0.0.0.0         UG    0      0        0 eth0
192.168.199.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
#ip route list
default via 192.168.199.1 dev eth0 proto static 
192.168.199.0/24 dev eth0 proto kernel scope link src 192.168.199.10 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7893                 :::*                    LISTEN      3074/clash
tcp        0      0 :::9090                 :::*                    LISTEN      3074/clash
tcp        0      0 :::7890                 :::*                    LISTEN      3074/clash
tcp        0      0 :::7891                 :::*                    LISTEN      3074/clash
tcp        0      0 :::7892                 :::*                    LISTEN      3074/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           3074/clash
udp        0      0 :::35677                :::*                                3074/clash
udp        0      0 :::47091                :::*                                3074/clash
udp        0      0 :::59958                :::*                                3074/clash
udp        0      0 :::7891                 :::*                                3074/clash
udp        0      0 :::7892                 :::*                                3074/clash
udp        0      0 :::7893                 :::*                                3074/clash

#===================== 测试本机DNS查询 =====================#

#===================== resolv.conf.d =====================#

# Interface lan
nameserver 192.168.199.10

#===================== 测试本机网络连接 =====================#

#===================== 测试本机网络下载 =====================#

#===================== 最近运行日志 =====================#

2021-06-24 11:47:24 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:48:24 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:49:24 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:50:24 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:51:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:52:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:53:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:54:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:55:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:56:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:57:25 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:58:26 Watchdog: Force Reset DNS Hijack.
2021-06-24 11:59:26 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:00:26 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:01:26 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:02:26 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:03:27 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:04:27 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:05:27 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:06:27 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:07:28 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:08:28 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:09:28 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:10:28 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:11:28 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:12:29 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:13:29 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:14:29 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:15:29 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:16:29 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:17:29 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:18:30 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:19:30 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:20:30 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:21:30 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:22:31 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:23:31 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:24:31 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:25:31 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:26:31 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:27:32 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:28:32 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:29:32 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:30:08 Reload OpenClash Firewall Rules
2021-06-24 12:30:32 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:31:33 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:32:33 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:33:33 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:34:33 Watchdog: Force Reset DNS Hijack.
2021-06-24 12:35:33 Watchdog: Force Reset DNS Hijack.
yushaw commented 3 years ago

AdGuard Home 设置为"重新定向 53 到 AdGuard Home" 后解决..

yushaw commented 3 years ago

emm 并没有...

vernesong commented 3 years ago

做dnsmasq的上游就行了,clash的nameserver填ad

yushaw commented 3 years ago

对的,就是这么做的。

11

其中 192.168.199.10 是 openwrt 的地址,5353 时 Adguard Home 的监听端口,使用的是同一个地址。

22
vernesong commented 3 years ago

插件的DNS劫持关了啊

yushaw commented 3 years ago

插件的DNS劫持关了啊

关了之后 YouTube 可以打开,但是视频不能看;Telegram 没问题;twitter 没法打开。请问可能是哪里出问题了?

vernesong commented 3 years ago

ad的上游用clash的7874,clash用114

yushaw commented 3 years ago

就是把 clash 挪到 ad 的上游?我试了下还是不行,决定重装下看看。谢啦

vernesong commented 3 years ago

1420