search

wolf-joe / ts-dns

Telescope DNS,灵活快速的DNS分组转发器
MIT License
316 stars 30 forks source link

Lost CNAME record when answering dns requests? #23

Closed wd closed 4 years ago

wd commented 4 years ago

I'm a new user for ts-dns, it's really a useful tool, but I meet a problem.

Request results from 114.114.114.114, you can see there is an CNAME record.

$ dig @114.114.114.114 www.baidu.com                                                                                                        (base) 193ms  Mon May 18 11:57:48 2020

; <<>> DiG 9.10.6 <<>> @114.114.114.114 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5539
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com.                 IN      A

;; ANSWER SECTION:
www.baidu.com.          42      IN      CNAME   www.a.shifen.com.
www.a.shifen.com.       126     IN      A       220.181.38.150
www.a.shifen.com.       126     IN      A       220.181.38.149

;; Query time: 26 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon May 18 11:58:29 CST 2020
;; MSG SIZE  rcvd: 101

Results from ts-dns, the CNAME record lost.

$ dig @127.0.0.1 www.baidu.com                                                                                                                     (base)  Mon May 18 11:58:29 2020

; <<>> DiG 9.10.6 <<>> @127.0.0.1 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14184
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com.                 IN      A

;; ANSWER SECTION:
www.a.shifen.com.       220     IN      A       220.181.38.150

;; Query time: 62 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 18 11:58:36 CST 2020
;; MSG SIZE  rcvd: 74

Here is my config, are there something wrong with my config? version 0.14.0 on MACOS.

listen = ":53/udp"  # 监听端口,支持指定tcp/udp,不指定时默认同时监听tcp&udp
gfwlist = "gfwlist.txt"  # gfwlist文件路径,release包中已预下载。官方地址:https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
gfwlist_b64 = true  # 是否使用base64解码gfwlist文件,默认为true
cnip = "cn-cidrs.txt"  # 中国ip网段列表,用于辅助域名分组
disable_ipv6 = true  # 禁用IPv6地址解析,默认为false

hosts_files = ["/etc/hosts"]  # hosts文件路径,支持多hosts

[query_log]
file = "/dev/null"  # dns请求日志文件,值为/dev/null时不记录,值为空时记录到stdout
ignore_qtypes = ["DNSKEY", "NS"]  # 不记录指定类型的dns请求,默认为空
ignore_cache = false # 不记录命中缓存的dns请求,默认为false
ignore_hosts = true # 不记录命中hosts的dns请求,默认为false

[cache]  # dns缓存配置
size = 4096  # 缓存大小,为负数时禁用缓存
min_ttl = 60  # 最小ttl,单位为秒
max_ttl = 86400  # 最大ttl,单位为秒

[groups] # 对域名进行分组
  [groups.clean]  # 必选分组,默认域名所在分组
  dns = ["223.5.5.5:53", "114.114.114.114/tcp"]  # DNS服务器列表,默认使用53端口
  concurrent = true  # 并发请求dns服务器列表

  fastest_v4 = true  # 选择ping值最低的ipv4地址作为响应,启用且使用icmp ping时建议以root权限允许本程序
  tcp_ping_port = 80  # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping

  [groups.dirty]  # 必选分组,匹配GFWList的域名会归类到该组
  dns = ["8.8.8.8", "1.1.1.1"]  # 如不想用socks5代理解析时推荐使用国外非53端口dns
rampageX commented 4 years ago

fastest_v4 = false

wd commented 4 years ago

It's working after I set this option to false. I think maybe the author could consider to avoid this problem even the options is set to true. When the results is just a CNAME, simply give it to the client, and the client will request A record for the CNAME again. Or maybe just return the fasted ipv4 address along with the CNAME record, it could be more faster.

wd commented 4 years ago

Add more informations about why I report this issue. If dns server didn't answer CNAME record like it does in my first post, client will report errors, so it's very import to return CNAME.

$ curl http://www.baidu.com 
curl: (6) Could not resolve host: www.baidu.com
wolf-joe commented 4 years ago 
[groups]
  [groups.baidu]
  dns = ["114.114.114.114"]
  fastest_v4 = true
  rules = ["baidu.com"]
$ dig baidu.com                      
...
;; ANSWER SECTION:
baidu.com.      501 IN  A   220.181.38.148

;; Query time: 142 msec
...
$ 
$ curl http://www.baidu.com -I
HTTP/1.1 200 OK
Accept-Ranges: bytes
...
time="2020-05-18T15:24:19+08:00" level=info msg="match by rules" domain=baidu.com. group=baidu src=127.0.0.1 type=A

typically, upstream dns servers (like 114.114.114.114) will recursive resolve CNAME record automatically, local client (include ts-dns) not need CNAME record(at least in my use cases).

wd commented 4 years ago

You use baidu.com in your example, would you mind to check dig www.baidu.com ? As I understand, local dns should return a CNAME record for www.baidu.com, which is www.a.shifen.com, and a A record for www.a.shifen.com, which is 220.181.38.149, that's should be the correct results, not only return A record for www.a.shifen.com.

This is the result when I use your configs.

$ dig  www.baidu.com

; <<>> DiG 9.10.6 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com.                 IN      A

;; ANSWER SECTION:
www.a.shifen.com.       60      IN      A       220.181.38.149

;; Query time: 141 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 18 17:03:30 CST 2020
;; MSG SIZE  rcvd: 74

$ curl http://www.baidu.com -I
curl: (6) Could not resolve host: www.baidu.com
wolf-joe commented 4 years ago 
➜  ~ dig www.baidu.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36387
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
www.a.shifen.com.   242 IN  A   220.181.38.149

;; Query time: 128 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 18 17:49:41 CST 2020
;; MSG SIZE  rcvd: 74

➜  ~ curl http://www.baidu.com -v 2>&1 | grep Connected
* Connected to www.baidu.com (220.181.38.149) port 80 (#0)
time="2020-05-18T17:49:40+08:00" level=info msg="match by rules" domain=www.baidu.com. group=baidu src=127.0.0.1 type=A
time="2020-05-18T17:49:43+08:00" level=info msg="hit cache" domain=www.baidu.com. src=127.0.0.1 type=A
wd commented 4 years ago

Oh, that's weird, I use MacOS, not only the curl command is not working, chrome and safari are not working also. Do you have some suggest about how I can debug this issue?

image

wd commented 4 years ago

I have tried on an ubuntu virtual machine run on my laptop, and set the dns to the same dns, the curl works perfectly. I think this is a OSX related issue only.

wolf-joe commented 4 years ago

v0.14.1 released: keep Non-A records (like CNAME) after enable fastest_v4

wd commented 4 years ago

Confirmed, the issue has gone. Thanks.

$ dig www.baidu.com

; <<>> DiG 9.10.6 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54348
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com.                 IN      A

;; ANSWER SECTION:
www.baidu.com.          133     IN      CNAME   www.a.shifen.com.
www.a.shifen.com.       133     IN      A       220.181.38.150

;; Query time: 54 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 19 12:55:11 CST 2020
;; MSG SIZE  rcvd: 117

wd @ ~ ❯❯❯ curl www.baidu.com
<!DOCTYPE html>
...
wolf-joe commented 4 years ago

ubuntu user, got same issue after upgrade chrome version to v83, also fixed use ts-dns v0.14.1.