Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cname bug #1886

Open
zhengqwe opened this issue Dec 30, 2024 · 8 comments
Open

cname bug #1886

zhengqwe opened this issue Dec 30, 2024 · 8 comments

Comments

@zhengqwe
Copy link

问题现象
查询cname target域名,软件没有任何回应,这种情况最初是在路由器上的smartdns上发现的,之后在ubuntu 24.04虚拟机上测试也能复现

运行环境

  1. 固件型号

  2. 运营商

  3. smartdns来源以及版本
    https://github.com/pymumu/smartdns/releases/download/Release46/smartdns-x86_64

  4. 涉及的配置(注意去除个人相关信息)

bind :5354
server 223.5.5.5
server 2400:3200::1
server 180.184.1.1
server 119.29.29.29
server 8.8.8.8
speed-check-mode ping,tcp:443
response-mode fastest-ip
log-file /var/log/smartdns/smartdns.log
log-level debug

cname /cloudfront.net/d2e1asnsl7br7b.cloudfront.net

重现步骤

  1. 上游DNS配置。

  2. 访问的域名。
    d2e1asnsl7br7b.cloudfront.net

信息收集

  1. 将/var/log/smrtdns.log日志作为附件上传(注意去除个人相关信息)。
[2024-12-30 11:36:59,928][NOTICE][       smartdns.c:640 ] smartdns starting...(Copyright (C) Nick Peng <[email protected]>, build: 1.2024.06.12-2222 (Release46))
[2024-12-30 11:36:59,931][ INFO][     dns_server.c:9013] bind ip :5354, type 0
[2024-12-30 11:36:59,931][DEBUG][      fast_ping.c:1454] ping 2001::, id = 1
[2024-12-30 11:36:59,932][DEBUG][      fast_ping.c:678 ] ping 2001:: end, id 1
[2024-12-30 11:36:59,932][ INFO][     dns_server.c:9330] IPV6 is ready, enable IPV6 features
[2024-12-30 11:36:59,933][ INFO][     dns_client.c:1272] add server 223.5.5.5:53, type: udp
[2024-12-30 11:36:59,933][ INFO][     dns_client.c:1272] add server 2400:3200::1:53, type: udp
[2024-12-30 11:36:59,933][ INFO][     dns_client.c:1272] add server 180.184.1.1:53, type: udp
[2024-12-30 11:36:59,933][ INFO][     dns_client.c:1272] add server 119.29.29.29:53, type: udp
[2024-12-30 11:36:59,933][ INFO][     dns_client.c:1272] add server 8.8.8.8:53, type: udp
[2024-12-30 11:37:02,157][DEBUG][     dns_server.c:7155] recv query packet from 127.0.0.1, len = 47, type = 0
[2024-12-30 11:37:02,157][DEBUG][     dns_server.c:7171] request qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 47, id = 52079, tc = 0, rd = 1, ra = 0, rcode = 0
[2024-12-30 11:37:02,157][DEBUG][     dns_server.c:7196] query d2e1asnsl7br7b.cloudfront.net from 127.0.0.1, qtype: 1, id: 52079, query-num: 1
[2024-12-30 11:37:02,157][ INFO][     dns_server.c:5264] RULE-MATCH, type: 12, domain: d2e1asnsl7br7b.cloudfront.net, rule: cloudfront.net.
[2024-12-30 11:37:02,157][ INFO][     dns_server.c:5908] query d2e1asnsl7br7b.cloudfront.net with cname d2e1asnsl7br7b.cloudfront.net
[2024-12-30 11:37:02,157][ INFO][     dns_server.c:5264] RULE-MATCH, type: 12, domain: d2e1asnsl7br7b.cloudfront.net, rule: cloudfront.net.
[2024-12-30 11:37:16,742][ INFO][       smartdns.c:724 ] stop smartdns by signal 15
[2024-12-30 11:37:16,842][ INFO][       smartdns.c:1219] smartdns exit...
[2024-12-30 11:37:16,843][DEBUG][      dns_cache.c:832 ] write cache file /var/cache/smartdns/smartdns.cache
[2024-12-30 11:37:16,844][DEBUG][      dns_cache.c:875 ] wrote total 0 records.
  1. 如进程异常,请将coredump功能开启,上传coredump信息文件,同时上传配套的smartdns进程文件。
    在自定义界面,开启设置->自定义设置->生成coredump配置,重现问题后提交coredump文件
    coredump文件在/tmp目录下
@PikuZheng
Copy link
Contributor

PikuZheng commented Dec 30, 2024

cloudfront.net 包含 d2e1asnsl7br7b.cloudfront.net ,你这样配置不会导致查询死循环吗

大致测了一下这个是可以的,但可能你的缓存里已经有了记录,所以这样设置不生效。删缓存或等缓存过期后再试试?

@zhengqwe
Copy link
Author

大致测了一下这个是可以的,但可能你的缓存里已经有了记录,所以这样设置不生效。删缓存或等缓存过期后再试试?

就是删缓存测的,并且这种没有响应的查询也根本没有缓存
q是和nslookup功能相似的工具,原版的nslookup不支持非标端口
image
image

@PikuZheng
Copy link
Contributor

bind :5354
server 2400:3200::1

speed-check-mode ping,tcp:443
response-mode fastest-ip
log-file /userdata/smartdns/smartdns-test.log
log-level debug

cname /cloudfront.net/d2e1asnsl7br7b.cloudfront.net

cache-persist no

测试

localhost:~# kdig cloudfront.net @127.0.0.1:5354
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 40100
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; cloudfront.net.              IN      A

;; ANSWER SECTION:
cloudfront.net.         600     IN      CNAME   d2e1asnsl7br7b.cloudfront.net.
d2e1asnsl7br7b.cloudfront.net.  600     IN      A       18.172.50.20
d2e1asnsl7br7b.cloudfront.net.  600     IN      A       18.172.50.75

;; Received 93 B
;; Time 2024-12-30 16:23:07 CST
;; From 127.0.0.1@5354(UDP) in 143.0 ms
localhost:~# kdig something.cloudfront.net @127.0.0.1:5354
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 26143
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; something.cloudfront.net.            IN      A

;; ANSWER SECTION:
something.cloudfront.net.       589     IN      CNAME   d2e1asnsl7br7b.cloudfront.net.
d2e1asnsl7br7b.cloudfront.net.  589     IN      A       18.172.50.20
d2e1asnsl7br7b.cloudfront.net.  589     IN      A       18.172.50.75

;; Received 103 B
;; Time 2024-12-30 16:23:18 CST
;; From 127.0.0.1@5354(UDP) in 0.3 ms

看起来没问题

@PikuZheng
Copy link
Contributor

还有一种可能是你配置的5个上游中有3个都对d2e1asnsl7br7b.cloudfront.net返回soa

@zhengqwe
Copy link
Author

zhengqwe commented Dec 30, 2024

按这个顺序试试:启动smrtdns后先请求something.cloudfront.net有结果,再请求d2e1asnsl7br7b.cloudfront.net也有结果;一旦启动smrtdns后先请求d2e1asnsl7br7b.cloudfront.net就直接GG,之后再请求something.cloudfront.net也无响应(每次启动smrtdns前都清掉缓存),触发条件比较苛刻
也就是在没有请求其他*.cloudfront.net做铺垫的情况下,直接请求d2e1asnsl7br7b.cloudfront.net(cname中的配置本身)就直接GG

aaa@aaa-VMware20-1:~$ sudo smartdns
aaa@aaa-VMware20-1:~$ q A AAAA something.cloudfront.net @127.0.0.1:5354
d2e1asnsl7br7b.cloudfront.net. 10m A 3.165.84.120
d2e1asnsl7br7b.cloudfront.net. 10m A 3.165.84.185
d2e1asnsl7br7b.cloudfront.net. 10m A 3.165.84.50
d2e1asnsl7br7b.cloudfront.net. 10m A 3.165.84.87
something.cloudfront.net. 10m CNAME d2e1asnsl7br7b.cloudfront.net.
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:3e00:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:4200:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:5000:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:600:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:6200:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:7800:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:b800:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 10m AAAA 2600:9000:271a:e000:d:172e:5dc0:21
aaa@aaa-VMware20-1:~$ q A AAAA d2e1asnsl7br7b.cloudfront.net @127.0.0.1:5354
d2e1asnsl7br7b.cloudfront.net. 9m51s A 3.165.84.120
d2e1asnsl7br7b.cloudfront.net. 9m51s A 3.165.84.185
d2e1asnsl7br7b.cloudfront.net. 9m51s A 3.165.84.50
d2e1asnsl7br7b.cloudfront.net. 9m51s A 3.165.84.87
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:3e00:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:4200:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:5000:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:600:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:6200:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:7800:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:b800:d:172e:5dc0:21
d2e1asnsl7br7b.cloudfront.net. 9m51s AAAA 2600:9000:271a:e000:d:172e:5dc0:21
aaa@aaa-VMware20-1:~$ sudo smartdns
aaa@aaa-VMware20-1:~$ q A AAAA d2e1asnsl7br7b.cloudfront.net @127.0.0.1:5354
FATA[0010] read udp 127.0.0.1:52020->127.0.0.1:5354: i/o timeout 
aaa@aaa-VMware20-1:~$ q A AAAA something.cloudfront.net @127.0.0.1:5354
FATA[0010] read udp 127.0.0.1:41580->127.0.0.1:5354: i/o timeout

还有一种可能是你配置的5个上游中有3个都对d2e1asnsl7br7b.cloudfront.net返回soa

这种情况应该不输出任何东西,而不是没有响应直到超时i/o timeout

@PikuZheng
Copy link
Contributor

确实。
先查询 d2e1asnsl7br7b.cloudfront.net ,会匹配到规则 /cloudfront.net/d2e1asnsl7br7b.cloudfront.net 导致死循环
如果只需要将 cloudfront.net 映射到 d2e1asnsl7br7b.cloudfront.net ,可以设置
cname /-.cloudfront.net/d2e1asnsl7br7b.cloudfront.net

@cresky-github
Copy link

根域名映射到子域名?
难道不应该是子域名映射到根域名?

@PikuZheng
Copy link
Contributor

根域名映射到子域名? 难道不应该是子域名映射到根域名?

子到根,子到子都没问题。但是泛子到子、根到子都会有问题 @pymumu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants