Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns 规则中的 client_subnet 不生效 #1881

Closed
4 of 5 tasks
trimgop opened this issue Jun 19, 2024 · 1 comment · May be fixed by SagerNet/sing-dns#18
Closed
4 of 5 tasks

dns 规则中的 client_subnet 不生效 #1881

trimgop opened this issue Jun 19, 2024 · 1 comment · May be fixed by SagerNet/sing-dns#18

Comments

@trimgop
Copy link

trimgop commented Jun 19, 2024
edited
Loading

操作系统

Windows

系统版本

Windows 11 23H2

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序,请提供该程序版本。

No response

版本

sing-box version 1.9.3

Environment: go1.22.4 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

描述

@bottob#1752 中反馈过类似的问题,对最新版本,问题似乎已经解决

但经过我的测试,至少对于http入站,问题仍然存在

重现方式

仿照@bottob的配置

{
  "log": { "level": "debug" },
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8",
        "address_resolver": "local"
      },
      { "tag": "nxdomain", "address": "RCode://success" },
      { "tag": "local", "address": "local" }
    ],
    "rules": [
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          { "domain": "www.baidu.com" },
          { "ip_cidr": ["0.0.0.0/0"] }
        ],
        "server": "google",
        "client_subnet": "114.114.114.114"
      }
    ],
    "final": "nxdomain"
  },
  "inbounds": [
    {
      "tag": "dns-in",
      "type": "direct",
      "listen": "::",
      "listen_port": 7966,
      "sniff": true
    },
    {
      "type": "mixed",
      "listen": "::",
      "listen_port": 1081,
      "sniff": true,
      "domain_strategy": "prefer_ipv4"
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    },
    {
      "tag": "proxy",
      "type": "vless",
      ...
    }
  ],
  "route": {
    "final": "proxy",
    "rules": [
      {
        "inbound": "dns-in",
        "outbound": "dns-out"
      }
    ]
  }
}

dig.exe @127.0.0.1 -p 7966 www.baidu.com 正常返回国内的ip
curl http://www.baidu.com 查看singbox日志,解析地址为国外ip

日志

INFO[0000] router: updated default interface WLAN, index 4
INFO[0000] inbound/direct[dns-in]: tcp server started at [::]:7966
INFO[0000] inbound/direct[dns-in]: udp server started at [::]:7966
INFO[0000] inbound/mixed[1]: tcp server started at [::]:1081
INFO[0000] sing-box started (0.00s)
INFO[0004] [769655664 2ms] inbound/direct[dns-in]: inbound packet connection from 127.0.0.1:64078
DEBUG[0004] [769655664 2ms] router: sniffed packet protocol: dns
DEBUG[0004] [769655664 2ms] router: match[0] inbound=dns-in => dns-out
DEBUG[0004] dns: exchange www.baidu.com. IN A
DEBUG[0004] dns: match[0] domain=www.baidu.com && ip_cidr=0.0.0.0/0 => google
INFO[0004] outbound/vless[proxy]: outbound connection to 8.8.8.8:853
INFO[0004] outbound/vless[proxy]: outbound connection to 8.8.8.8:853
DEBUG[0004] dns: exchanged www.baidu.com NOERROR 300
INFO[0004] dns: exchanged www.baidu.com CNAME www.baidu.com. 300 IN CNAME www.a.shifen.com.
INFO[0004] dns: exchanged www.baidu.com A www.a.shifen.com. 300 IN A 180.101.50.188
INFO[0004] dns: exchanged www.baidu.com A www.a.shifen.com. 300 IN A 180.101.50.242
INFO[0004] dns: exchanged www.baidu.com OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x012c, udp: 512 SUBNET: 114.114.114.114/32/17
DEBUG[0014] [994496668 10.41s] inbound/direct[dns-in]: connection closed: io: read/write on closed pipe | upstream: context canceled
INFO[0015] [2408222431 0ms] inbound/mixed[1]: inbound connection from 127.0.0.1:56989
INFO[0015] [2408222431 0ms] inbound/mixed[1]: inbound connection to www.baidu.com:80
DEBUG[0015] [2408222431 0ms] router: sniffed protocol: http, domain: www.baidu.com
DEBUG[0015] [2408222431 0ms] dns: lookup domain www.baidu.com
DEBUG[0015] [2408222431 1ms] dns: match[0] domain=www.baidu.com && ip_cidr=0.0.0.0/0 => google
DEBUG[0015] dns: exchanged www.baidu.com NOERROR 30
INFO[0015] dns: exchanged www.baidu.com CNAME www.baidu.com. 30 IN CNAME www.a.shifen.com.
INFO[0015] dns: exchanged www.baidu.com CNAME www.a.shifen.com. 30 IN CNAME www.wshifen.com.
INFO[0015] dns: exchanged www.baidu.com A www.wshifen.com. 30 IN A 119.63.197.139
INFO[0015] dns: exchanged www.baidu.com A www.wshifen.com. 30 IN A 119.63.197.151
INFO[0015] [2408222431 177ms] dns: lookup succeed for www.baidu.com: 119.63.197.139 119.63.197.151
DEBUG[0015] [2408222431 179ms] dns: resolved [119.63.197.139 119.63.197.151]
INFO[0015] [2408222431 179ms] outbound/vless[proxy]: outbound connection to 119.63.197.139:80
INFO[0015] [2408222431 321ms] outbound/vless[proxy]: outbound connection to 119.63.197.139:80
DEBUG[0015] [2408222431 471ms] inbound/mixed[1]: connection closed: process connection from 127.0.0.1:56989: read http request: EOF

支持我们

完整性要求

  • 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
  • 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。
  • 我保证提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
  • 我保证提供了完整的配置文件与日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。
@TargetLocked TargetLocked mentioned this issue Jul 14, 2024
Open
@trimgop trimgop mentioned this issue Jul 28, 2024
Closed
@trimgop
Copy link
Author

trimgop commented Aug 12, 2024

Fixed since 1.10.0-alpha.28

@trimgop trimgop closed this as completed Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: missing context in lookupToExchange TargetLocked/sing-dns
1 participant
@trimgop