sometimes parse fail

Question

sometimes parse fail

ziyouchutuwenwu opened this issue 4 months ago · comments

192.168.9.253 is local dns server, which contains some private domain, for example: gitlab.xxx.com

dnsproxy -l 127.0.0.1 -u 192.168.9.253 -u 223.5.5.5 -u 223.6.6.6

now set dns server to 127.0.0.1, reup network.

when i ping gitlab.xxx.com, sometimes it's ok, like this

$ ping gitlab.xxx.com
PING gitlab.xxx.com (192.168.9.157) 56(84) 字节的数据。
64 字节，来自 192.168.9.157: icmp_seq=1 ttl=63 时间=0.239 毫秒
64 字节，来自 192.168.9.157: icmp_seq=2 ttl=63 时间=0.391 毫秒
64 字节，来自 192.168.9.157: icmp_seq=3 ttl=63 时间=0.631 毫秒

sometimes , it failed

$ ping gitlab.xxx.com
ping: gitlab.xxx.com: 名称或服务未知

nslookup response, first response is ok, the next failed.

$ nslookup gitlab.xxx.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	gitlab.xxx.com
Address: 192.168.9.157
** server can't find gitlab.xxx.com: NXDOMAIN


$ nslookup gitlab.xxx.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find gitlab.xxx.com: NXDOMAIN

local dns server is stable

$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157


$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157


$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157


$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157


$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157


$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157


$ nslookup gitlab.xxx.com 192.168.9.253
Server:		192.168.9.253
Address:	192.168.9.253#53

Name:	gitlab.xxx.com
Address: 192.168.9.157

Andrey Meshkov · Answer 1 · Tue Feb 27 2024 17:13:05 GMT+0800 (China Standard Time)

dnsproxy just proxies queries, it cannot come up with NXDOMAIN by itself, it just means that the upstream DNS server returned NXDOMAIN to it.

Try enabling verbose logging and troubleshooting it from there.

ziyouchutuwenwu · Answer 2 · Tue Feb 27 2024 17:27:31 GMT+0800 (China Standard Time)

the first response of nslookup will be ok, the next will be failed, i tried many times.

$ nslookup gitlab.xxx.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	gitlab.xxx.com
Address: 192.168.9.157
** server can't find gitlab.xxx.com: NXDOMAIN


mmc at manjaro in ~/Desktop (dev_env) 
$ nslookup gitlab.xxx.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find gitlab.xxx.com: NXDOMAIN

sudo dnsproxy -l 127.0.0.1 -u 192.168.9.253 -u 223.5.5.5 -u 223.6.6.6 -v
2024/02/27 17:25:56 12267#1 [info] Starting dnsproxy v0.65.0
2024/02/27 17:25:56 12267#1 [debug] dnsproxy: upstream at index 0: 192.168.9.253:53
2024/02/27 17:25:56 12267#1 [debug] dnsproxy: upstream at index 1: 223.5.5.5:53
2024/02/27 17:25:56 12267#1 [debug] dnsproxy: upstream at index 2: 223.6.6.6:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: starting dns proxy server
2024/02/27 17:25:56 12267#1 [info] dnsproxy: cache: disabled
2024/02/27 17:25:56 12267#1 [info] dnsproxy: creating udp server socket 127.0.0.1:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: listening to udp://127.0.0.1:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: creating tcp server socket 127.0.0.1:53
2024/02/27 17:25:56 12267#1 [info] dnsproxy: listening to tcp://127.0.0.1:53
2024/02/27 17:25:56 12267#19 [info] dnsproxy: entering tcp listener loop on 127.0.0.1:53
2024/02/27 17:25:56 12267#18 [info] dnsproxy: entering udp listener loop on 127.0.0.1:53
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: handling new udp packet from 127.0.0.1:57633
2024/02/27 17:25:59 12267#5 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 43159
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 A

2024/02/27 17:25:59 12267#5 [debug] dnsproxy: cache: disabled; not caching
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: sending request to 192.168.9.253:53 over udp: A "gitlab.xxx.com."
2024/02/27 17:25:59 12267#5 [debug] bootstrap: dialing 192.168.9.253:53 (1/1)
2024/02/27 17:25:59 12267#5 [debug] bootstrap: connection to 192.168.9.253:53 succeeded in 27.484µs
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: 192.168.9.253:53: response received over udp: "ok"
2024/02/27 17:25:59 12267#5 [debug] dnsproxy: upstream 192.168.9.253:53 successfully finished exchange of ;gitlab.xxx.com.	IN	 A; elapsed 406.939µs
2024/02/27 17:25:59 12267#5 [debug] proxy: replying from upstream: rtt is 429.097µs
2024/02/27 17:25:59 12267#5 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 43159
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 A

;; ANSWER SECTION:
gitlab.xxx.com.	3600	IN	A	192.168.9.157

2024/02/27 17:25:59 12267#6 [debug] dnsproxy: handling new udp packet from 127.0.0.1:51317
2024/02/27 17:25:59 12267#6 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 2425
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 AAAA

2024/02/27 17:25:59 12267#6 [debug] dnsproxy: cache: disabled; not caching
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: sending request to 223.6.6.6:53 over udp: AAAA "gitlab.xxx.com."
2024/02/27 17:25:59 12267#6 [debug] bootstrap: dialing 223.6.6.6:53 (1/1)
2024/02/27 17:25:59 12267#6 [debug] bootstrap: connection to 223.6.6.6:53 succeeded in 17.644µs
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: 223.6.6.6:53: response received over udp: "ok"
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: upstream 223.6.6.6:53 successfully finished exchange of ;gitlab.xxx.com.	IN	 AAAA; elapsed 6.597982ms
2024/02/27 17:25:59 12267#6 [debug] proxy: replying from upstream: rtt is 6.617439ms
2024/02/27 17:25:59 12267#6 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 2425
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 AAAA

;; AUTHORITY SECTION:
xxx.com.	393	IN	SOA	dns15.hichina.com. hostmaster.hichina.com. 2024022709 3600 1200 86400 600

2024/02/27 17:26:01 12267#7 [debug] dnsproxy: handling new udp packet from 127.0.0.1:54534
2024/02/27 17:26:01 12267#7 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 19993
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 A

2024/02/27 17:26:01 12267#7 [debug] dnsproxy: cache: disabled; not caching
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: sending request to 223.5.5.5:53 over udp: A "gitlab.xxx.com."
2024/02/27 17:26:01 12267#7 [debug] bootstrap: dialing 223.5.5.5:53 (1/1)
2024/02/27 17:26:01 12267#7 [debug] bootstrap: connection to 223.5.5.5:53 succeeded in 25.934µs
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: 223.5.5.5:53: response received over udp: "ok"
2024/02/27 17:26:01 12267#7 [debug] dnsproxy: upstream 223.5.5.5:53 successfully finished exchange of ;gitlab.xxx.com.	IN	 A; elapsed 5.894651ms
2024/02/27 17:26:01 12267#7 [debug] proxy: replying from upstream: rtt is 5.918033ms
2024/02/27 17:26:01 12267#7 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 19993
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 A

;; AUTHORITY SECTION:
xxx.com.	373	IN	SOA	dns15.hichina.com. hostmaster.hichina.com. 2024022709 3600 1200 86400 600

^C2024/02/27 17:26:02 12267#1 [info] dnsproxy: stopping dns proxy server
2024/02/27 17:26:02 12267#19 [debug] dnsproxy: tcp connection 127.0.0.1:53 closed
2024/02/27 17:26:02 12267#18 [debug] dnsproxy: udp connection 127.0.0.1:53 closed
2024/02/27 17:26:02 12267#1 [info] dnsproxy: stopped dns proxy server

Andrey Meshkov · Answer 3 · Tue Feb 27 2024 17:38:03 GMT+0800 (China Standard Time)

Here is the upstream responding with NXDOMAIN:

2024/02/27 17:25:59 12267#6 [debug] bootstrap: dialing 223.6.6.6:53 (1/1)
2024/02/27 17:25:59 12267#6 [debug] bootstrap: connection to 223.6.6.6:53 succeeded in 17.644µs
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: 223.6.6.6:53: response received over udp: "ok"
2024/02/27 17:25:59 12267#6 [debug] dnsproxy: upstream 223.6.6.6:53 successfully finished exchange of ;gitlab.xxx.com.	IN	 AAAA; elapsed 6.597982ms
2024/02/27 17:25:59 12267#6 [debug] proxy: replying from upstream: rtt is 6.617439ms
2024/02/27 17:25:59 12267#6 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 2425
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab.xxx.com.	IN	 AAAA

;; AUTHORITY SECTION:
xxx.com.	393	IN	SOA	dns15.hichina.com. hostmaster.hichina.com. 2024022709 3600 1200 86400 600

You need to configure dnsproxy to not send those queries to these upstreams:
https://github.com/AdguardTeam/dnsproxy?tab=readme-ov-file#specifying-upstreams-for-domains