Always get "Error LANrx: invalid DNS section counts: 1 0 0 1, dropped" when using `dig`

Question

Always get "Error LANrx: invalid DNS section counts: 1 0 0 1, dropped" when using `dig`

rampageX opened this issue 4 years ago · comments

I test fdns on my VM debian 10. fdns build and run with no error, but when i test it with dig, it's always failed with error: "Error LANrx: invalid DNS section counts: 1 0 0 1, dropped"

Input:
dig @127.1.1.1 twitter.com

; <<>> DiG 9.16.8 <<>> @127.1.1.1 twitter.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Log:

~/src/fdns# fdns

Testing server fossdaily
   Tags: Australia, AsiaPacific, adblocker
   Error: server fossdaily failed

Testing server dnslify2
   Tags: AsiaPacific, Singapore
   SSL/TLS connection: 104.39 ms
   DoH query average: 20.01 ms
   DoH/Do53 bandwidth ratio: 2.04
   Keepalive: 20 to 25 seconds

Testing server commsone4
   Tags: Yekaterinburg, Russia, AsiaPacific, adblocker
   SSL/TLS connection: 149.15 ms
   DoH query average: 30.04 ms
   DoH/Do53 bandwidth ratio: 2.60
   Keepalive: 550 to 590 seconds
fdns starting
connecting to dnslify2 server
listening on 127.1.1.1
345 filter entries added from /usr/local/etc/fdns/trackers
7415 filter entries added from /usr/local/etc/fdns/fp-trackers
50788 filter entries added from /usr/local/etc/fdns/adblocker
10265 filter entries added from /usr/local/etc/fdns/coinblocker
07:27:17 (0) SSL connection opened
07:27:17 (2) SSL connection opened
07:27:17 (1) SSL connection opened
07:27:17 (0) h2 transport up
07:27:17 (1) h2 transport up
07:27:17 (2) h2 transport up
07:27:33 (2) Error LANrx: invalid DNS section counts: 1 0 0 1, dropped
07:27:38 (2) Error LANrx: invalid DNS section counts: 1 0 0 1, dropped
07:27:43 (2) Error LANrx: invalid DNS section counts: 1 0 0 1, dropped
^Csignal 2 caught, shutting down all resolvers

BTW: Can we manually specified the listen ip:port and fallback dns server's IP:PORT?

netblue30 · Answer 1 · Sun Oct 25 2020 20:52:52 GMT+0800 (China Standard Time)

Bug! Thanks for reporting it.

netblue30 · Answer 2 · Sun Nov 01 2020 20:10:03 GMT+0800 (China Standard Time)

I'll have to document it in the man page.

dig attaches to the query a DNS cookie in the "additional" section of the packet. We filter out and drop such requests, and we let through only regular queries generated by regular applications. We also drop anything else but A and AAAA requests, so most of the request options dig provides will be filtered out.

When using dig from behind fdns, send the query to a specific server using @server-ip-address on the command line. This way you bypass fdns. For example:

$ dig @9.9.9.9 debian.org

netblue30 · Answer 3 · Thu Nov 05 2020 02:29:22 GMT+0800 (China Standard Time)

just to remember to document it!

M. Dietrich · Answer 4 · Sun Jul 24 2022 17:56:56 GMT+0800 (China Standard Time)

i use dig to test the setup, so a @... is exactly not what i want to do... ;)

do you know a way to tell dig to do request that fdns would not filter out? maybe that should be documented as well?

M. Dietrich · Answer 5 · Fri Nov 25 2022 23:47:22 GMT+0800 (China Standard Time)

its not only dig that does it, go seems to suffer from that too:

main.go:29:2: maunium.net/go/mauflag@v1.0.0: Get "https://proxy.golang.org/maunium.net/go/mauflag/@v/v1.0.0.zip": dial tcp: lookup proxy.golang.org on 127.0.0.1:53: read udp 127.0.0.1:48660->127.0.0.1:53: i/o timeout

(with corresponding logs from fdns). why does fdns drop such requests?