DNS请求经路由后会导致部分域名响应体超过512B致使域名解析失败

[yvvw]

Operating system

Linux

System version

openwrt linux 5.15

Installation type

Command Line

Version

sing-box version 1.8.4

Description

当 dns请求 经 路由 转发到 dns解析 再返回时，部分cname解析链过长的域名（例如 cn-beijing-data.aliyundrive.net）响应体超出512B大小，导致dns解析失败，windows不受影响

Reproduction

使用下面配置启动，分别执行 nslookup cn-beijing-data.aliyundrive.net 127.0.0.1:1053 和 dig -p 1053 @127.0.0.1 cn-beijing-data.aliyundrive.net

{
  "log": {
    "level": "trace"
  },
  "inbounds": [
    {
      "tag": "in-dns",
      "type": "direct",
      "listen": "::",
      "listen_port": 1053
    }
  ],
  "outbounds": [
    {
      "tag": "out-direct",
      "type": "direct"
    },
    {
      "tag": "out-dns",
      "type": "dns"
    }
  ],
  "dns": {
    "servers": [
      {
        "tag": "dns-direct",
        "detour": "out-direct",
        "address": "223.5.5.5"
      }
    ],
    "final": "dns-direct",
    "strategy": "ipv4_only"
  },
  "route": {
    "rules": [
      {
        "inbound": "in-dns",
        "outbound": "out-dns"
      }
    ],
    "final": "out-direct"
  }
}

linux nslookup 解析报错

root@OpenWrt ~$ nslookup cn-beijing-data.aliyundrive.net 127.0.0.1:1053
Server:         127.0.0.1:1053
Address:        127.0.0.1:1053

Non-authoritative answer:

Non-authoritative answer:
*** Can't find cn-beijing-data.aliyundrive.net: Parse error

linux dig 解析成功 响应体596B大小

root@OpenWrt ~$ dig -p 1053 @127.0.0.1 cn-beijing-data.aliyundrive.net 
; <<>> DiG 9.18.11 <<>> -p 1053 @127.0.0.1 cn-beijing-data.aliyundrive.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35264
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cn-beijing-data.aliyundrive.net. IN    A

;; ANSWER SECTION:
cn-beijing-data.aliyundrive.net. 22 IN  CNAME   ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.
ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com. 22 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com.
ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.223
ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.224
ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.222
ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.221

;; Query time: 0 msec
;; SERVER: 127.0.0.1#1053(127.0.0.1) (UDP)
;; WHEN: Sun Dec 17 07:00:54 CST 2023
;; MSG SIZE  rcvd: 596

Logs

INFO[0000] router: updated default interface pppoe-wan, index 9
INFO[0000] inbound/direct[in-dns]: tcp server started at [::]:1053
INFO[0000] inbound/direct[in-dns]: udp server started at [::]:1053
INFO[0000] sing-box started (0.00s)
INFO[0007] [2502643726 0ms] inbound/direct[in-dns]: inbound packet connection from 127.0.0.1:59813
DEBUG[0007] [2502643726 0ms] router: match[0] inbound=in-dns => out-dns
DEBUG[0007] dns: exchange cn-beijing-data.aliyundrive.net. IN AAAA
DEBUG[0007] dns: strategy rejected
DEBUG[0007] dns: exchange cn-beijing-data.aliyundrive.net. IN A
INFO[0007] outbound/direct[out-direct]: outbound packet connection to 223.5.5.5:53
DEBUG[0007] dns: exchanged cn-beijing-data.aliyundrive.net NOERROR 26
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net CNAME cn-beijing-data.aliyundrive.net. 26 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com. 26 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com.
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.223
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.224
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.222
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.221
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net. CNAME cn-beijing-data.aliyundrive.net. 26 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net. CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com. 26 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com.
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.223
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.224
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.222
INFO[0007] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 26 IN A 49.7.85.221
INFO[0010] [3641164960 0ms] inbound/direct[in-dns]: inbound packet connection from 127.0.0.1:54532
DEBUG[0010] [3641164960 0ms] router: match[0] inbound=in-dns => out-dns
DEBUG[0010] dns: exchange cn-beijing-data.aliyundrive.net. IN A
DEBUG[0010] dns: cached cn-beijing-data.aliyundrive.net NOERROR 22
INFO[0010] dns: cached cn-beijing-data.aliyundrive.net CNAME cn-beijing-data.aliyundrive.net. 22 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.
INFO[0010] dns: cached cn-beijing-data.aliyundrive.net CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com. 22 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com.
INFO[0010] dns: cached cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.223
INFO[0010] dns: cached cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.224
INFO[0010] dns: cached cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.222
INFO[0010] dns: cached cn-beijing-data.aliyundrive.net A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.221
INFO[0010] dns: exchanged cn-beijing-data.aliyundrive.net. CNAME cn-beijing-data.aliyundrive.net. 22 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.
INFO[0010] dns: exchanged cn-beijing-data.aliyundrive.net. CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com. 22 IN CNAME ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com.
INFO[0010] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.223
INFO[0010] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.224
INFO[0010] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.222
INFO[0010] dns: exchanged cn-beijing-data.aliyundrive.net. A ccp-bj29-bj-1592982087.oss-enet-ds.aliyuncs.com.gds.alibabadns.com. 22 IN A 49.7.85.221

[nekohasekai]

此 127.0.0.1:53 DNS 服务器在 OpenWRT 上通常是 dnsmasq，而不是 sing-box。请检查您的 dnsmasq 设置以确定问题。

[nekohasekai]

tun 不能劫持发往本地的请求。另外如果我没有记错的话，OpenWRT 上的 dnsmasq 默认通过防火墙规则劫持了所有 plain DNS 请求，优先级在 auto route 之前。

[yvvw]

关闭本issue在 #1417 讨论