不兼容xray1.5.0

[Vohrt]

描述bug

xray 1.5.0版本已经正式发布，由于对DNS协议有所更改可能导致插件出现问题，其中在xray doh 关闭缓存模式下最为明显，其他模式也有间歇性DNS查询中断问题 主要问题就是间歇性查询中断，触发概率不定。之前pdnsd模式下发现似乎尝试解析一个空域名就有大概率触发bug，后换成xray模式，虽然比pdnsd稳定一些但是还是有间歇中断的情况。

复现步骤

过滤模式 Xray DoH 解析被代理的域名列表通过TCP节点请求DNS DoH 请求地址CloudFlare-Security EDNS Client Subnet 查询策略 UseIPv4 缓存解析结果 false

ChinaDNS-NG true

日志信息

2021/12/27 14:10:58 127.0.0.1:47448 accepted udp:1.1.1.2:53 [dns-out] 2021/12/27 14:10:58 127.0.0.1:52581 accepted udp:1.1.1.2:53 [dns-out] 2021/12/27 14:10:58 127.0.0.1:46875 accepted udp:1.1.1.2:53 [dns-out] 2021/12/27 14:10:58 192.168.2.164:35831 accepted tcp:142.250.199.106:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:00 [Error] app/dns: failed to retrieve response for www.youtube.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:00 [Error] app/dns: failed to retrieve response for www.youtube.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:00 [Error] app/dns: failed to retrieve response for youtube.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:00 [Error] app/dns: failed to retrieve response for youtube.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:00 127.0.0.1:47475 accepted udp:1.1.1.2:53 [dns-out] 2021/12/27 14:11:00 127.0.0.1:60082 accepted udp:1.1.1.2:53 [dns-out] 2021/12/27 14:11:00 192.168.2.164:35843 accepted tcp:142.250.196.110:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:00 192.168.2.164:35844 accepted tcp:142.251.42.174:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:00 [Error] app/dns: failed to retrieve response for i.ytimg.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:00 [Error] app/dns: failed to retrieve response for i.ytimg.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:00 192.168.2.164:35845 accepted tcp:142.251.42.174:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:02 [Error] app/dns: failed to retrieve response for fonts.gstatic.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:02 [Error] app/dns: failed to retrieve response for yt3.ggpht.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:02 [Error] app/dns: failed to retrieve response for yt3.ggpht.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:02 192.168.2.164:35857 accepted tcp:216.58.220.99:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:03 192.168.2.164:35866 accepted tcp:216.58.197.206:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:04 127.0.0.1:42925 accepted udp:1.1.1.2:53 [dns-out] 2021/12/27 14:11:04 192.168.2.164:35878 accepted tcp:151.101.196.193:443 [364f5965c758491ba3e8662e53a72449] 2021/12/27 14:11:07 [Error] app/dns: failed to retrieve response for clients4.google.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:07 [Error] app/dns: failed to retrieve response for clients4.google.com. > Post "https://security.cloudflare-dns.com/dns-query": context canceled 2021/12/27 14:11:07 192.168.2.164:35894 accepted tcp:142.250.x.x:443 [364f5965c758491ba3e8662e53a72449]

[Vohrt]

关联 #1617 ，之前由于1.5.0在测试被移到discussion中

[Vohrt]

2021/12/27 14:01:47 [Warning] [4179651506] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:54184->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:38522->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:54648->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:50344->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:53456->[::1]:53: read: connection refused] > common/retry: all retry attempts failed 2021/12/27 14:01:48 [Warning] [2909441016] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:40053->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:51817->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:44003->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:36577->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:39439->[::1]:53: read: connection refused] > common/retry: all retry attempts failed 2021/12/27 14:01:48 [Warning] [1724234348] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:51817->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:53417->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:55868->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:36577->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:39439->[::1]:53: read: connection refused] > common/retry: all retry attempts failed 2021/12/27 14:01:48 [Warning] [3186204822] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:57251->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:56375->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:59066->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:35481->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:58335->[::1]:53: read: connection refused] > common/retry: all retry attempts failed 2021/12/27 14:01:48 [Warning] [2796406793] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:37039->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:33985->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:52773->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:44486->[::1]:53: read: connection refused dial tcp: lookup [passwall server ip] on [::1]:53: read udp [::1]:56122->[::1]:53: read: connection refused] > common/retry: all retry attempts failed 2021/12/27 14:01:49 192.168.2.164:32518 accepted tcp:104.17.254.46:443 [364f5965c758491ba3e8662e53a72449]

[BOBINIUNIU]

这个问题一直都存在啊，很早就有了，但是找不出原因，因为比较难复现。就是网页打不开，浏览器报DNS故障，多刷新几次又能打开 个人经验跟DNS缓存有关系。

1. 我之前将DNS缓存设置为1000，出现的概率会大些，现在改为默认的150就少很多。
2. 不要勾选 “缓存解析结果”
3. Samba，传输文件后会把内存吃满。虽然Linux会自动释放但是明显感觉内存被吃满后速度要慢些，重启后立刻快了。不知道是否跟内存有关系，还未验证。

[xiaorouji]

我个人认为是节点断流导致的概率大一些

[BOBINIUNIU]

我个人认为是节点断流导致的概率大一些

我开始也认为是节点问题，但是有时候是国内的网站也打不开，nslookup显示无法解析。 请问passwall的缓存结果是缓存到dnsmasq里吗？如果在dnsmasq里把 cache size 设置为0，passwall的缓存功能还有效吗。才疏学浅看不懂代码，不知道这两者是什么工作原理。 ssr plus+pndsd也有这个问题，而且出现得更加频繁。passwall要稳定一些，不选缓存解析结果几乎不会出现这个问题。

[Vohrt]

我个人认为是节点断流导致的概率大一些

同一时间的使用同一节点的其他路由器可以排除这个问题。连到另一台机器上的设备没有dns解析问题。 另一个路由器插件是luci-app-vssr。

出现问题时，已有的链接都不会断开。且新发起的链接（如果不需要解析域名或者域名已缓存/在HOST中），无论ip在墙内还是墙外均能够正常链接。只有新的DNS查询，不论查询域名在墙内还是墙外，都查询不成功

[Vohrt]

补充，刚发现tcp udp均设置全局模式后，所有dns查询全部失败，所有网页都打不开。 但如果设置除中国，国内和youtube又都能够正常访问，证明节点工作正常，不知和此问题是否有关。

[smallprogram]

补充，刚发现tcp udp均设置全局模式后，所有dns查询全部失败，所有网页都打不开。 但如果设置除中国，国内和youtube又都能够正常访问，证明节点工作正常，不知和此问题是否有关。

拿源码测试一下你就知道了。

[xiaorouji]

@BOBINIUNIU passwall的缓存解析结果是远程DNS服务的缓存（其实如果dnsmasq开了缓存，这个可以不打钩）

[BOBINIUNIU]

@BOBINIUNIU passwall的缓存解析结果是远程DNS服务的缓存（其实如果dnsmasq开了缓存，这个可以不打钩）

感谢大佬回复，新年快乐。passwall的代理方式是dns全劫持，所以当节点不稳定的时候就会导致dnsmasq没有响应。如此一来就可以解释为什么节点不稳，国内解析也会受影响。 一点点个人经验：不要折腾DNS，全默认就好。不要安装其他的dns插件，包括China dns，快不快还是看梯子。