[Bug] yacd面板只显示ip，不显示域名，分流失效，fakeip一样

xiankaiyao commented 1 year ago

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
[X] Meaningful 我提交的不是无意义的催促更新或修复请求

OpenClash Version

v0.45.103-beta

Bug on Environment

Lean

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

最初用的redir模式，用了一段时间，yacd面板都显示ip，不显示域名，分流都失效了。现在切换fake ip模式下还是同样的结果，nslookup显示如下，服务器是不是被劫持了啊，请求大佬帮忙看看怎么办。

Describe the Bug

C:\Users\lenovo>nslookup www.baidu.com 服务器: cmcc.wifi Address: fe80::1

非权威应答: 名称: www.a.shifen.com Addresses: 39.156.66.18 39.156.66.14 Aliases: www.baidu.com

C:\Users\lenovo>nslookup www.google.com 服务器: cmcc.wifi Address: fe80::1

非权威应答: 名称: www.google.com Addresses: 2a03:2880:f102:183:face:b00c:0:25de 210.209.84.142

OpenClash Log

OpenClash 调试日志

生成时间: 2023-04-07 22:35:44 插件版本: v0.45.103-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: Hewlett-Packard HP Mini 110-3500 - Intel(R) Atom(TM) CPU N570 @ 1.66GHz : 2 Core 4 Thread
固件版本: OpenWrt SNAPSHOT r5783-be949a6fe
LuCI版本: git-23.061.31098-da92698-1
内核版本: 5.15.94
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
内核：Meta
进程pid: 4120
运行权限: 4120: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: Meta

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.02.16
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.13.0-7-g4ffc999
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g2f992e9
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/2.yaml
启动配置文件: /etc/openclash/2.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
interface-name: br-lan
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 223.5.5.5
  - https://doh.pub/dns-query
  - https://223.5.5.5/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
sniffer:
  enable: true
  parse-pure-ip: true
profile:
  store-selected: true

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Fri Apr  7 22:35:54 2023
*nat
:PREROUTING ACCEPT [1781:242384]
:INPUT ACCEPT [1197:148098]
:OUTPUT ACCEPT [2050:218186]
:POSTROUTING ACCEPT [2427:244022]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_VPN_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_VPN_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i ztppi2llpa -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -s 192.168.192.0/24 -j MASQUERADE
-A POSTROUTING -o ztppi2llpa -j MASQUERADE
-A POSTROUTING -s 192.168.192.0/24 -j MASQUERADE
-A POSTROUTING -o ztppi2llpa -j MASQUERADE
-A POSTROUTING -s 192.168.192.0/24 -j MASQUERADE
-A POSTROUTING -o ztppi2llpa -j MASQUERADE
-A POSTROUTING -s 192.168.192.0/24 -j MASQUERADE
-A POSTROUTING -o ztppi2llpa -j MASQUERADE
-A POSTROUTING -s 192.168.192.0/24 -j MASQUERADE
-A POSTROUTING -o ztppi2llpa -j MASQUERADE
-A POSTROUTING -o ztppi2llpa -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o ztppi2llpa -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_postrouting
-A openclash -p tcp -m tcp --sport 5244 -j RETURN
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -p tcp -m tcp --sport 10240 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 5244 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -p tcp -m tcp --sport 10240 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule
-A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Fri Apr  7 22:35:54 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Fri Apr  7 22:35:54 2023
*mangle
:PREROUTING ACCEPT [194287:22269223]
:INPUT ACCEPT [47683:13624597]
:FORWARD ACCEPT [148159:8889406]
:OUTPUT ACCEPT [42266:33699840]
:POSTROUTING ACCEPT [191486:42744421]
:openclash - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A openclash -p udp -m udp --sport 4500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Fri Apr  7 22:35:54 2023

### OpenClash Config

_No response_

### Expected Behavior

希望能正确显示域名

### Screenshots

_No response_

vernesong commented 1 year ago

插件设置，DNS劫持改为防火墙

xiankaiyao commented 1 year ago

插件设置，DNS劫持改为防火墙

刚试了也不行，还是只显示ip，而且防火墙转发没法用绕过大陆了。

LimonChoms commented 1 year ago

参考#3172

xiankaiyao commented 1 year ago

dns设置的是旁路由dns，没错

ljbkevin commented 1 year ago

同样问题，PC端和手机IOS端的网络设置完全一样，网关和DNS均为旁路由，但是手机IOS端可以分流，面板显示域名，PC端就不行。。。纳了闷了刚修改插件设置，DNS劫持改为防火墙转发，目前测试问题已解决。

ghost commented 1 year ago

你们是不是使用了 ADGH 解析dns？

ghost commented 1 year ago

参考#3172

与终端机网关 dns设置无关，我的机器始终指向旁路由，一样全是解析的IP。

scegg commented 1 year ago

覆盖设置，Meta最后三项嗅探全部打开。但无需调整自定义的内容（3个大文本框保持默认）。重新启用一次看看。

shot

至少手头的版本为0.45.103-234的路由器（非旁路由）均有此问题，且都可以用这一招搞定。原因未知。

xiankaiyao commented 1 year ago

没用，只有openclash

xiankaiyao commented 1 year ago

改成防火墙转发，绕过大陆ip就不能用了

xiankaiyao commented 1 year ago

谢谢，我试试

cutbuzz commented 1 year ago

覆盖设置，Meta最后三项嗅探全部打开。但无需调整自定义的内容（3个大文本框保持默认）。重新启用一次看看。

至少手头的版本为0.45.103-234的路由器（非旁路由）均有此问题，且都可以用这一招搞定。原因未知。

我也是这个问题可是按照你的方法依旧是这样

cutbuzz commented 1 year ago

插件设置，DNS劫持改为防火墙

用FAKI-IP模式就正常显示域名分流用redir模式就会出现全部纯ip不走代理的情况

cutbuzz commented 1 year ago

改成防火墙转发，绕过大陆ip就不能用了

解决了吗我改防火墙还是这样

xiankaiyao commented 1 year ago

改成防火墙转发，绕过大陆ip就不能用了

解决了吗我改防火墙还是这样

解决了，把光猫的ipv6关闭，重新刷一遍openwrt固件，重置电脑dns解决

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

chenmin600383 commented 5 months ago

覆盖设置，Meta最后三项嗅探全部打开。但无需调整自定义的内容（3个大文本框保持默认）。重新启用一次看看。

至少手头的版本为0.45.103-234的路由器（非旁路由）均有此问题，且都可以用这一招搞定。原因未知。

感谢，我已经弄了一整天了，最后照你的方法弄好了

SandMioB commented 1 month ago

覆盖设置，Meta最后三项嗅探全部打开。但无需调整自定义的内容（3个大文本框保持默认）。重新启用一次看看。

至少手头的版本为0.45.103-234的路由器（非旁路由）均有此问题，且都可以用这一招搞定。原因未知。

卧槽！大哥我跪谢啊！折腾了一天了，都要绝望了，我是家里所有无线连到主路由的设备都没问题，就我电脑有问题全是IP（我电脑直接连光猫的，光猫vlan到主路由单线复用）。万幸搜到这篇链接看到大哥你给的救命方案啊……实在太感谢了！真的就很离谱，我之前折腾的时候试过前2个都打勾了没用，还真就必须把这第3个也勾起来……关键啥内容都不填就只是默认，它就好了……真就纯纯的BUG吧这个问题最早我是在v0.45.87-beta遇到的，之前是0.45.78就没这问题，更新后就电脑全IP。后来嫌麻烦就一直老版本用，昨天clash崩了想想升级到最新版再试试，没想到还是电脑全IP。搞了一天真头大了，生无可恋了，没想到是这么离谱的情况……

189889 commented 1 month ago

覆盖设置，Meta最后三项嗅探全部打开。但无需调整自定义的内容（3个大文本框保持默认）。重新启用一次看看。

至少手头的版本为0.45.103-234的路由器（非旁路由）均有此问题，且都可以用这一招搞定。原因未知。

我也是这个问题可是按照你的方法依旧是这样神医

vernesong / OpenClash