Skip to content

dns 规则中的 client_subnet 不生效 #1881

New issue
New issue
Closed
Closed
dns 规则中的 client_subnet 不生效#1881
@trimgop

Description

@trimgop
trimgop
opened on Jun 19, 2024

操作系统

Windows

系统版本

Windows 11 23H2

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序,请提供该程序版本。

No response

版本

sing-box version 1.9.3

Environment: go1.22.4 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

描述

@bottob#1752 中反馈过类似的问题,对最新版本,问题似乎已经解决

但经过我的测试,至少对于http入站,问题仍然存在

重现方式

仿照@bottob的配置

{
  "log": { "level": "debug" },
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8",
        "address_resolver": "local"
      },
      { "tag": "nxdomain", "address": "RCode://success" },
      { "tag": "local", "address": "local" }
    ],
    "rules": [
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          { "domain": "www.baidu.com" },
          { "ip_cidr": ["0.0.0.0/0"] }
        ],
        "server": "google",
        "client_subnet": "114.114.114.114"
      }
    ],
    "final": "nxdomain"
  },
  "inbounds": [
    {
      "tag": "dns-in",
      "type": "direct",
      "listen": "::",
      "listen_port": 7966,
      "sniff": true
    },
    {
      "type": "mixed",
      "listen": "::",
      "listen_port": 1081,
      "sniff": true,
      "domain_strategy": "prefer_ipv4"
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    },
    {
      "tag": "proxy",
      "type": "vless",
      ...
    }
  ],
  "route": {
    "final": "proxy",
    "rules": [
      {
        "inbound": "dns-in",
        "outbound": "dns-out"
      }
    ]
  }
}

dig.exe @127.0.0.1 -p 7966 www.baidu.com 正常返回国内的ip
curl http://www.baidu.com 查看singbox日志,解析地址为国外ip

日志

INFO[0000] router: updated default interface WLAN, index 4
INFO[0000] inbound/direct[dns-in]: tcp server started at [::]:7966
INFO[0000] inbound/direct[dns-in]: udp server started at [::]:7966
INFO[0000] inbound/mixed[1]: tcp server started at [::]:1081
INFO[0000] sing-box started (0.00s)
INFO[0004] [769655664 2ms] inbound/direct[dns-in]: inbound packet connection from 127.0.0.1:64078
DEBUG[0004] [769655664 2ms] router: sniffed packet protocol: dns
DEBUG[0004] [769655664 2ms] router: match[0] inbound=dns-in => dns-out
DEBUG[0004] dns: exchange www.baidu.com. IN A
DEBUG[0004] dns: match[0] domain=www.baidu.com && ip_cidr=0.0.0.0/0 => google
INFO[0004] outbound/vless[proxy]: outbound connection to 8.8.8.8:853
INFO[0004] outbound/vless[proxy]: outbound connection to 8.8.8.8:853
DEBUG[0004] dns: exchanged www.baidu.com NOERROR 300
INFO[0004] dns: exchanged www.baidu.com CNAME www.baidu.com. 300 IN CNAME www.a.shifen.com.
INFO[0004] dns: exchanged www.baidu.com A www.a.shifen.com. 300 IN A 180.101.50.188
INFO[0004] dns: exchanged www.baidu.com A www.a.shifen.com. 300 IN A 180.101.50.242
INFO[0004] dns: exchanged www.baidu.com OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x012c, udp: 512 SUBNET: 114.114.114.114/32/17
DEBUG[0014] [994496668 10.41s] inbound/direct[dns-in]: connection closed: io: read/write on closed pipe | upstream: context canceled
INFO[0015] [2408222431 0ms] inbound/mixed[1]: inbound connection from 127.0.0.1:56989
INFO[0015] [2408222431 0ms] inbound/mixed[1]: inbound connection to www.baidu.com:80
DEBUG[0015] [2408222431 0ms] router: sniffed protocol: http, domain: www.baidu.com
DEBUG[0015] [2408222431 0ms] dns: lookup domain www.baidu.com
DEBUG[0015] [2408222431 1ms] dns: match[0] domain=www.baidu.com && ip_cidr=0.0.0.0/0 => google
DEBUG[0015] dns: exchanged www.baidu.com NOERROR 30
INFO[0015] dns: exchanged www.baidu.com CNAME www.baidu.com. 30 IN CNAME www.a.shifen.com.
INFO[0015] dns: exchanged www.baidu.com CNAME www.a.shifen.com. 30 IN CNAME www.wshifen.com.
INFO[0015] dns: exchanged www.baidu.com A www.wshifen.com. 30 IN A 119.63.197.139
INFO[0015] dns: exchanged www.baidu.com A www.wshifen.com. 30 IN A 119.63.197.151
INFO[0015] [2408222431 177ms] dns: lookup succeed for www.baidu.com: 119.63.197.139 119.63.197.151
DEBUG[0015] [2408222431 179ms] dns: resolved [119.63.197.139 119.63.197.151]
INFO[0015] [2408222431 179ms] outbound/vless[proxy]: outbound connection to 119.63.197.139:80
INFO[0015] [2408222431 321ms] outbound/vless[proxy]: outbound connection to 119.63.197.139:80
DEBUG[0015] [2408222431 471ms] inbound/mixed[1]: connection closed: process connection from 127.0.0.1:56989: read http request: EOF

支持我们

完整性要求

  • 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
  • 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。
  • 我保证提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
  • 我保证提供了完整的配置文件与日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions