DNS Server no respond

Question

DNS Server no respond

ControlCircuit opened this issue 2 years ago · 6 comments

I deployed SniDust on my Oracle Cloud instance with the following docker compose:

version: '3.3'
services:
    snidust:
        container_name: snidust
        image: 'ghcr.io/seji64/snidust:main'
        environment:
            - ALLOWED_CLIENTS=0.0.0.0/0
            - EXTERNAL_IP=xx.xx.xx.xx
            - SPOOF_ALL_DOMAINS=true
        ports:
            - '443:443'
            - '80:80'
            - '53:5300/udp'
        restart: unless-stopped
        network_mode: host

The Docker start up properly and the logs looks good so far:

Added downstream server 8.8.8.8:853
Added downstream server 8.8.4.4:853
Added downstream server 1.1.1.1:443
Added downstream server 1.0.0.1:443
Listening on 0.0.0.0:5300
dnsdist 1.7.1 comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
ACL allowing queries from: 0.0.0.0/0
Console ACL allowing connections from: 127.0.0.0/8, ::1/128
Webserver launched on 127.0.0.1:8083
Marking downstream 1.1.1.1:443 as 'up'
Marking downstream 1.0.0.1:443 as 'up'
Marking downstream dns.google (8.8.4.4:853) as 'up'
Marking downstream dns.google (8.8.8.8:853) as 'up'
time=2023-04-03T13:13:06.010Z level=WARN msg="Domain list (--domainListPath) is not specified, routing ALL domains through the SNI proxy"
time=2023-04-03T13:13:06.010Z level=INFO msg="server info" public_ip=xx.xx.xx.xx
time=2023-04-03T13:13:06.010Z level=INFO msg="Certificate was not provided, using a self signed cert"
time=2023-04-03T13:13:06.010Z level=INFO msg="Started UDP DNS" service=dns host=0.0.0.0 port=5353
Polled security status of version 1.7.1 at startup, no known issues reported: OK

But there is no repond from the SniDust DNS Server. What I'm doing wrong?

Answer 1 · 2023-04-03T16:35:03.000Z

Probably you did not allow port 53 on the OCI firewall

Answer 2 · 2023-04-03T17:40:15.000Z

I have set for port 53, 80, and 443 a Ingress Rule, each Port for UDP and TCP (see below). On my other Instance I have running a DNS Server which runs flawless on OCI.

Answer 3 · 2023-04-03T18:33:02.000Z

maybe your dnsclient is doing tcp based dns request?
Does DNS work inside the container?

docker exec -it sniDust /bin/ash
dog @127.0.0.1:5300 heise.de

Answer 4 · 2023-04-04T17:28:57.000Z

I have now reinstalled everything on a new OCI instance and now it works. My mistake was that I added the SniDust as a upstream Server in my Adguard Home Server and used the upstream test function. Which always fails, as soon as I simply enter the SniDust as upstream and save it, it works without problems. Conclusion: Adguard home test function is not reliable.
Anyway, thank you for your help and your great effort into SniDust.

Answer 5 · 2023-04-04T17:33:44.000Z

I just found one mistake in your documentation. The Docker Compose doesn't work with this environment specification.

You have to use one of this two notations:

version: '3.3'
services:
    snidust:
        container_name: snidust
        image: 'ghcr.io/seji64/snidust:main'
        environment:
            - ALLOWED_CLIENTS=0.0.0.0/0
            - EXTERNAL_IP=10.111.123.8
            - SPOOF_ALL_DOMAINS=true

version: '3.3'
services:
    snidust:
        container_name: snidust
        image: 'ghcr.io/seji64/snidust:main'
        environment:
            ALLOWED_CLIENTS: '127.0.0.1, 10.111.123.7'
            EXTERNAL_IP: '10.111.123.8'
            SPOOF_ALL_DOMAINS: 'true'

colon and bullet points together does not work

Answer 6 · 2023-04-06T05:39:39.000Z

I updated the docs - thanks for the hint