[Bug] vless节点远程解析DNS概率连接异常 #1596

msbtx · 2024-10-17T16:23:51Z

Verify steps

我已经阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
我未仔细看过文档并解决问题
我未在 Issue Tracker 中寻找过我要提出的问题
我已经使用最新的 Alpha 分支版本测试过，问题依旧存在
我提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
我提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
我提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

操作系统

Linux

系统版本

Linux RT-AX86U-3C08 4.1.52 #2 SMP PREEMPT Sat Sep 28 19:20:15 CST 2024 aarch64 RT-AX86U_Koolcenter_mod

Mihomo 版本

Mihomo Meta v1.18.9 linux arm64 with go1.23.1 Sun Sep 29 09:46:07 UTC 2024
Use tags: with_gvisor

配置文件

proxies:
  - {name: 🇺🇸 US_DV, server: xxx, port: 443, client-fingerprint: safari, type: vless, uuid: xxx, tls: true, tfo: false, servername: xxx, skip-cert-verify: false, network: ws, ws-opts: {path: /xxx, headers: {Host: xxx}}, udp: true}

proxy-groups:
  - name: ♻️ 手动切换2
    type: select
    proxies:
      - 🇺🇸 US_DV

port: 3333
socks-port: 23456
redir-port: 23457
allow-lan: true
mode: rule
log-level: error
external-controller: 192.168.20.1:9990
experimental:
  ignore-resolve-fail: true
  quic-go-disable-ecn: true
external-ui: dashboard
external-ui-name: metacubexd
secret: "clash"
profile:
  store-selected: true
  store-fake-ip: true
ipv6: false

hosts:
  services.googleapis.cn: 74.125.193.94
  time.android.com: 203.107.6.88
  
routing-mark: 255

dns:
  enable: true
  ipv6: false
  listen: :23453
  enhanced-mode: redir-host
  prefer-h3: true
  nameserver-policy:
    "geosite:private,cn,apple-cn": 
      - 202.103.24.68
      - 202.103.44.150
    "geosite:netflix": 
      - 8.8.8.8#♻️ 手动切换3
      - 1.1.1.1#♻️ 手动切换3
  nameserver:
    - 8.8.8.8#♻️ 手动切换2
    - 1.1.1.1#♻️ 手动切换2

tproxy: true
tproxy-port: 23458

描述

这个问题的表现就是DNS解析偶尔卡顿，有的网站出现DNS泄露。同时log报warn：dial xxx error: new vless client error: read tcp

我只记得以前1.16版本是好的，具体什么版本出现的不清楚。

服务端nginx前置tls+ws转xray vless。xray版本：Xray 24.9.30 (Xray, Penetrates Everything.) 3b06af8 (go1.23.1 linux/amd64)

Mihomo报warning的时候，xray log里面可以同步看到异常打印：

重现方式

使用代理节点远程解析UDP类型DNS，较高概率出现

日志

24-10-18 00:12:02[ info ][TCP] 192.168.20.33:1409 --> ssl.gstatic.com:443 match DomainSuffix(gstatic.com) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:12:02[ info ][TCP] 192.168.20.33:1408 --> clients4.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:12:01[ debug ]use specified fingerprint:Safari
24-10-18 00:12:01[ debug ][DNS] ssl.gstatic.com --> [] HTTPS from udp://202.103.44.150:53
24-10-18 00:12:01[ debug ][DNS] ssl.gstatic.com --> [] HTTPS from udp://202.103.24.68:53
24-10-18 00:12:01[ debug ][Rule] use default rules
24-10-18 00:12:01[ debug ][DNS] resolve ssl.gstatic.com HTTPS from udp://202.103.24.68:53
24-10-18 00:12:01[ debug ][DNS] resolve ssl.gstatic.com HTTPS from udp://202.103.44.150:53
24-10-18 00:12:01[ debug ][DNS] cache hit ssl.gstatic.com --> [] HTTPS, expire at 2024-10-18 00:10:13
24-10-18 00:12:01[ debug ]use specified fingerprint:Safari
24-10-18 00:12:01[ debug ][Rule] use default rules
24-10-18 00:12:01[ debug ][DNS] ogs.google.com --> [] HTTPS from udp://1.1.1.1:53
24-10-18 00:12:01[ info ][TCP] 192.168.20.33:1404 --> ogs.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:12:01[ info ][UDP] mihomo --> 8.8.8.8:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:12:00[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:12:00[ debug ]use specified fingerprint:Safari
24-10-18 00:12:00[ debug ]use specified fingerprint:Safari
24-10-18 00:12:00[ debug ]use specified fingerprint:Safari
24-10-18 00:12:00[ info ][TCP] 192.168.20.33:1407 --> dldir1v6.qq.com:443 match DomainSuffix(qq.com) using 🇨🇳 国内网站[DIRECT]
24-10-18 00:12:00[ debug ][DNS] cache hit dldir1v6.qq.com --> [58.42.63.107 58.42.59.234] A, expire at 2024-10-18 00:12:58
24-10-18 00:12:00[ debug ][Rule] use default rules
24-10-18 00:12:00[ debug ][DNS] dldir1v6.qq.com --> [1.194.172.175 1.194.172.174] A from udp://202.103.24.68:53
24-10-18 00:12:00[ debug ][DNS] dldir1v6.qq.com --> [58.42.63.107 58.42.59.234] A from udp://202.103.44.150:53
24-10-18 00:12:00[ debug ][Rule] use default rules
24-10-18 00:12:00[ debug ][DNS] resolve dldir1v6.qq.com A from udp://202.103.24.68:53
24-10-18 00:12:00[ debug ][DNS] resolve dldir1v6.qq.com A from udp://202.103.44.150:53
24-10-18 00:12:00[ debug ][DNS] resolve ogs.google.com HTTPS from udp://8.8.8.8:53
24-10-18 00:12:00[ debug ][DNS] resolve ogs.google.com HTTPS from udp://1.1.1.1:53
24-10-18 00:12:00[ debug ][DNS] cache hit ogs.google.com --> [] HTTPS, expire at 2024-10-18 00:09:23
24-10-18 00:11:58[ info ][TCP] 192.168.20.33:1400 --> play.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:58[ info ][TCP] 192.168.20.33:1402 --> play.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:58[ info ][TCP] 192.168.20.33:1401 --> play.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:58[ debug ][DNS] play.google.com --> [] HTTPS from udp://1.1.1.1:53
24-10-18 00:11:58[ debug ]use specified fingerprint:Safari
24-10-18 00:11:58[ debug ]use specified fingerprint:Safari
24-10-18 00:11:58[ debug ]use specified fingerprint:Safari
24-10-18 00:11:58[ info ][UDP] mihomo --> 8.8.8.8:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:58[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:57[ info ][TCP] 192.168.20.33:1399 --> play.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:57[ debug ][Rule] use default rules
24-10-18 00:11:57[ debug ][Rule] use default rules
24-10-18 00:11:57[ debug ][Rule] use default rules
24-10-18 00:11:57[ debug ]use specified fingerprint:Safari
24-10-18 00:11:57[ debug ]use specified fingerprint:Safari
24-10-18 00:11:57[ debug ]use specified fingerprint:Safari
24-10-18 00:11:57[ warn ][UDP] dial ♻️ 手动切换2 mihomo --> 8.8.8.8:53 error: new vless client error: read tcp 27.16.208.60:38775->154.7.182.96:443: use of closed network connection
24-10-18 00:11:57[ debug ][DNS] accounts.google.com --> [] HTTPS from udp://1.1.1.1:53
24-10-18 00:11:57[ debug ][Rule] use default rules
24-10-18 00:11:57[ info ][TCP] 192.168.20.33:1398 --> accounts.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:57[ debug ][DNS] resolve play.google.com HTTPS from udp://1.1.1.1:53
24-10-18 00:11:57[ debug ][DNS] resolve play.google.com HTTPS from udp://8.8.8.8:53
24-10-18 00:11:57[ debug ][DNS] cache hit play.google.com --> [] HTTPS, expire at 2024-10-18 00:10:09
24-10-18 00:11:57[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:57[ debug ]use specified fingerprint:Safari
24-10-18 00:11:57[ debug ]use specified fingerprint:Safari
24-10-18 00:11:57[ debug ]use specified fingerprint:Safari
24-10-18 00:11:57[ debug ][DNS] ogads-pa.clients6.google.com --> [] HTTPS from udp://1.1.1.1:53
24-10-18 00:11:57[ warn ][UDP] dial ♻️ 手动切换2 mihomo --> 8.8.8.8:53 error: new vless client error: read tcp 27.16.208.60:38770->154.7.182.96:443: use of closed network connection
24-10-18 00:11:57[ debug ][DNS] waa-pa.clients6.google.com --> [] HTTPS from udp://1.1.1.1:53
24-10-18 00:11:57[ debug ][DNS] ogads-pa.clients6.google.com --> [142.250.72.170] A from udp://1.1.1.1:53
24-10-18 00:11:57[ debug ][Rule] use default rules
24-10-18 00:11:57[ debug ][DNS] resolve accounts.google.com HTTPS from udp://8.8.8.8:53
24-10-18 00:11:57[ debug ][DNS] resolve accounts.google.com HTTPS from udp://1.1.1.1:53
24-10-18 00:11:57[ debug ][DNS] cache hit accounts.google.com --> [] HTTPS, expire at 2024-10-18 00:10:01
24-10-18 00:11:57[ info ][UDP] mihomo --> 8.8.8.8:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:57[ info ][TCP] 192.168.20.33:1397 --> waa-pa.clients6.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:57[ info ][TCP] 192.168.20.33:1396 --> ogads-pa.clients6.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:57[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:57[ info ][UDP] mihomo --> 8.8.8.8:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:56[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:56[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ]use specified fingerprint:Safari
24-10-18 00:11:56[ debug ][Rule] use default rules
24-10-18 00:11:56[ debug ][Rule] use default rules
24-10-18 00:11:56[ debug ][DNS] resolve waa-pa.clients6.google.com HTTPS from udp://8.8.8.8:53
24-10-18 00:11:56[ debug ][DNS] resolve waa-pa.clients6.google.com HTTPS from udp://1.1.1.1:53
24-10-18 00:11:56[ debug ][DNS] cache hit waa-pa.clients6.google.com --> [] HTTPS, expire at 2024-10-18 00:09:38
24-10-18 00:11:56[ debug ][DNS] resolve ogads-pa.clients6.google.com A from udp://8.8.8.8:53
24-10-18 00:11:56[ debug ][DNS] resolve ogads-pa.clients6.google.com HTTPS from udp://8.8.8.8:53
24-10-18 00:11:56[ debug ][DNS] resolve ogads-pa.clients6.google.com HTTPS from udp://1.1.1.1:53
24-10-18 00:11:56[ debug ][DNS] resolve ogads-pa.clients6.google.com A from udp://1.1.1.1:53
24-10-18 00:11:56[ debug ][DNS] cache hit ogads-pa.clients6.google.com --> [142.250.72.170] A, expire at 2024-10-18 00:10:18
24-10-18 00:11:56[ debug ][DNS] cache hit ogads-pa.clients6.google.com --> [] HTTPS, expire at 2024-10-18 00:10:08
24-10-18 00:11:55[ info ][TCP] 192.168.20.33:1395 --> www.gstatic.com:443 match DomainSuffix(gstatic.com) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:55[ info ][TCP] 192.168.20.33:1394 --> www.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:55[ debug ][DNS] www.google.com --> [142.251.40.36] A from udp://1.1.1.1:53
24-10-18 00:11:55[ debug ]use specified fingerprint:Safari
24-10-18 00:11:55[ debug ]use specified fingerprint:Safari
24-10-18 00:11:55[ info ][UDP] mihomo --> 8.8.8.8:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:55[ info ][TCP] 192.168.20.33:1392 --> www.google.com:443 match DomainKeyword(google) using 🔍 谷歌服务[🇺🇸 US_DV]
24-10-18 00:11:55[ info ][UDP] mihomo --> 1.1.1.1:53 doesn't match any rule using 🇺🇸 US_DV
24-10-18 00:11:55[ debug ][Rule] use default rules
24-10-18 00:11:55[ debug ][Rule] use default rules
24-10-18 00:11:55[ debug ]use specified fingerprint:Safari
24-10-18 00:11:55[ debug ]use specified fingerprint:Safari
24-10-18 00:11:55[ debug ]use specified fingerprint:Safari
24-10-18 00:11:54[ debug ][Rule] use default rules
24-10-18 00:11:54[ debug ][DNS] resolve www.google.com A from udp://8.8.8.8:53
24-10-18 00:11:54[ debug ][DNS] resolve www.google.com A from udp://1.1.1.1:53
24-10-18 00:11:54[ debug ][DNS] cache hit www.google.com --> [142.250.68.4] A, expire at 2024-10-18 00:10:49
24-10-18 00:11:54[ debug ][DNS] cache hit www.google.com --> [] HTTPS, expire at 2024-10-18 05:23:29
24-10-18 00:11:54[ debug ][DNS] cache hit www.asusrouter.com --> [] HTTPS, expire at 2024-10-18 00:15:08

msbtx · 2024-10-17T16:51:40Z

配置写错了，DNS远程节点#前要空格

dycwuxing · 2024-11-10T02:44:35Z

配置写错了，DNS远程节点#前要空格

是要这样吗？8.8.8.8 #♻️ 手动切换3

psqtdhx · 2024-11-11T06:15:25Z

如果只是为了不泄露DNS，，，，兜底走代理，DNS保留三条配置即可，没必要太复杂
default-nameserver: 配置国内公共dns，不建议用运营商的，实测污染严重

`
default-nameserver: # 用于解析nameserver列表中域名格式的DNS服务器,可使用加密DNS,只能使用纯IP地址,如果nameserver都是纯IP地址DNS可忽略

- "tls://223.5.5.5:853" # 阿里DoT

- "https://120.53.53.53/dns-query" # 腾讯DoH

nameserver: # 除国内网址外,所有域名都由 nameserver 解析

- "tls://8.8.4.4:853"  # GoogleDNS

- "https://1.1.1.1:443/dns-query"  # CloudflareDNS

- "https://doh.opendns.com:443/dns-query"  # OpenDNS

nameserver-policy:

"geosite: cn,private":  # 国内网址

  - "tls://dns.alidns.com"  # 阿里DoT
  
  - "https://120.53.53.53/dns-query"  # 腾讯DoH

`

msbtx · 2024-11-11T06:22:29Z

配置写错了，DNS远程节点#前要空格

是要这样吗？8.8.8.8 #♻️ 手动切换3

是的，我发现新版本的要加空格，以前老版本的不需要加空格

dycwuxing · 2024-11-11T06:26:07Z

配置写错了，DNS远程节点#前要空格

是要这样吗？8.8.8.8 #♻️ 手动切换3

是的，我发现新版本的要加空格，以前老版本的不需要加空格

好吧,谢谢,我还特意去翻了wiki....

msbtx · 2024-11-11T06:27:38Z

，DNS保留三条配置即可，没必要太复杂 default-nameserver: 配置国内公共dns，不建议用运营商的，实测污染严重

感谢建议，我是想着运营商的快一些。另外你写的nameserver全是直连，虽然有tls和doh，但是我实测经常会被墙和干扰，而且变化很快，可能头一两天还行的，第三天就连不上了

psqtdhx · 2024-11-11T07:04:44Z

，DNS保留三条配置即可，没必要太复杂 default-nameserver: 配置国内公共dns，不建议用运营商的，实测污染严重

感谢建议，我是想着运营商的快一些。另外你写的nameserver全是直连，虽然有tls和doh，但是我实测经常会被墙和干扰，而且变化很快，可能头一两天还行的，第三天就连不上了

1111+8844基本够用，可以多写几个，8888偶尔失联，8844目前观察稳定性还可以，偶尔延迟高，基本发现没有失联，网快不快，DNS占的比重不是那么高，我个人认为，稳定不失联比秒开更主要~，低价机场节点失联概率也很高，指定dns出站徒增烦恼

msbtx added the bug Something isn't working label Oct 17, 2024

msbtx closed this as completed Oct 17, 2024

RhythmNz mentioned this issue Feb 12, 2025

[Bug] DNS设置里指定DNS代理会导致错误 vernesong/OpenClash#4324

Open

7 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] vless节点远程解析DNS概率连接异常 #1596

[Bug] vless节点远程解析DNS概率连接异常 #1596

msbtx commented Oct 17, 2024 •

edited

Loading

msbtx commented Oct 17, 2024

dycwuxing commented Nov 10, 2024

psqtdhx commented Nov 11, 2024 •

edited

Loading

msbtx commented Nov 11, 2024

dycwuxing commented Nov 11, 2024

msbtx commented Nov 11, 2024

psqtdhx commented Nov 11, 2024

[Bug] vless节点远程解析DNS概率连接异常 #1596

[Bug] vless节点远程解析DNS概率连接异常 #1596

Comments

msbtx commented Oct 17, 2024 • edited Loading

Verify steps

操作系统

系统版本

Mihomo 版本

配置文件

描述

重现方式

日志

msbtx commented Oct 17, 2024

dycwuxing commented Nov 10, 2024

psqtdhx commented Nov 11, 2024 • edited Loading

msbtx commented Nov 11, 2024

dycwuxing commented Nov 11, 2024

msbtx commented Nov 11, 2024

psqtdhx commented Nov 11, 2024

msbtx commented Oct 17, 2024 •

edited

Loading

psqtdhx commented Nov 11, 2024 •

edited

Loading