RULES_TTL实现的自定义域名解析忽然失效了

[Edmondguo]

为了实现在内网可以用域名访问内网机器，我配置了RULES_TTL:-600-，force_ttl_rules.txt内添加一行：example.site@@homelab.example.site，域名解析配置了homelab.example.site的解析结果为192.168.0.3，是Nginx Proxy Manager反代的地址，也是paopaodns docker所在宿主机的地址。截止昨天运行了几个月没有问题。

昨天忽然内网无法通过域名访问了，尝试test.sh，失败；重新拉最新镜像重启paopaodns，test.sh成功，此时尝试

nslookup nas.example.site 192.168.0.3
Server:         192.168.0.3
Address:        192.168.0.3#53

Non-authoritative answer:
Name:   nas. example.site
Address: 公网IP

paopaodns解析出的结果是公网IP，而之前正常的时候应该是192.168.0.3这个homelab.example.site的IP，请问为什么force_ttl_rules.txt配置的功能忽然不生效了？

== debug.sh : docker exec -it paopaodns sh ==

-> debug start 1714898196

[INFO] images build time : 2024-05-03 06:13:39 UTC
[OK]DATA_writeable
[OK]DATA_readable
[INFO] NETWORK
*********************************************************************************

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
default via 172.17.0.1 dev eth0 
172.17.0.0/16 dev eth0 scope link  src 172.17.0.3 
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=117 time=5.773 ms

--- 223.5.5.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 5.773/5.773/5.773 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=54 time=6.511 ms

--- 119.29.29.29 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.511/6.511/6.511 ms
Server:         223.5.5.5
Address:        223.5.5.5#53

Non-authoritative answer:
www.taobao.com  canonical name = www.taobao.com.danuoyi.tbcache.com.
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 222.186.18.183
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 222.186.18.188
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 240e:978:a07:2:3::3df
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 240e:978:a07:2:3::3e0

Server:         119.29.29.29
Address:        119.29.29.29#53

Non-authoritative answer:
www.qq.com      canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.22.57
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.42.232
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:e1:a800:120::36
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:e1:a800:120::76

*********************************************************************************

[INFO] ENV
*********************************************************************************

====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:400m 800m 500000 900mb
prefPC:82
CORES:-2-
POWCORES:-2-
ulimit :-1048576-
FDLIM :-4096-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-PaoPaoDNS,blog.03k.org-
SERVER_IP:-192.168.0.3-
ETHIP:-172.17.0.3-
DNSPORT:-53-
SOCKS5:-192.168.0.4:1080-
CNAUTO:-yes-
IPV6:-no-
CNFALL:-yes-
CUSTOM_FORWARD:-192.168.0.4:53-
AUTO_FORWARD:-yes-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-yes-
RULES_TTL:-600-
CUSTOM_FORWARD_TTL:-0-
SHUFFLE:-no-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-yes-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-no-
PLATFORM:-Linux b0f0868db68a 6.2.16-3-pve #1 SMP PREEMPT_DYNAMIC PVE 6.2.16-3 (2023-06-17T05:58Z) x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:240322.2
total 241M   
   4.0K drwxrwxrwx    3 0        0           4.0K May  5 16:24 .
   4.0K drwxr-xr-x    1 0        0           4.0K May  5 14:24 ..
 260.0K -rw-r--r--    1 0        0         256.3K May  5 14:24 Country-only-cn-private.mmdb
   4.0K -rwxrwxrwx    1 0        0            233 May  4 03:04 custom_env.ini
   4.0K -rwxrwxrwx    1 0        0            416 May  5 14:24 custom_mod.yaml
   4.0K drwxr-xr-x    2 0        0           4.0K May  5 14:24 dnscrypt-resolvers
   4.0K -rw-r--r--    1 0        0           3.0K May  5 14:24 dnscrypt.toml
   4.0K -rwxrwxrwx    1 0        0           4.0K Dec  9 15:55 dubug.sh
   4.0K -rwxrwxrwx    1 0        0            340 Dec  9 15:35 force_cn_list.txt
   4.0K -rw-r--r--    1 0        0            445 May  5 14:24 force_dnscrypt_list.txt
   4.0K -rwxrwxrwx    1 0        0            276 Dec 21 09:55 force_forward_list.txt
   4.0K -rwxrwxrwx    1 0        0            407 Dec  9 15:35 force_nocn_list.txt
   4.0K -rw-r--r--    1 0        0            387 May  5 14:24 force_recurse_list.txt
   4.0K -rwxrwxrwx    1 0        0             39 Jan 30 16:32 force_ttl_rules.txt
   1.2M -rw-r--r--    1 0        0           1.2M May  5 14:26 global_mark.dat
  12.0K -rw-r--r--    1 0        0           9.8K May  5 14:24 mosdns.yaml
   4.0K -rwxrwxrwx    1 0        0           1.4K Dec 21 23:47 ppgw.ini
   8.0K -rw-r--r--    1 0        0           5.7K May  5 14:24 redis.conf
 239.8M -rw-r--r--    1 0        0         239.7M May  5 16:24 redis_dns_v2.rdb
  16.0K -rwxrwxrwx    1 0        0          12.5K May  5 14:26 trackerslist.txt
  52.0K -rw-r--r--    1 0        0          50.5K May  5 14:24 unbound.conf
   4.0K -rwxrwxrwx    1 0        0            289 Dec  9 15:35 unbound_custom.conf
*********************************************************************************

[INFO] PS
*********************************************************************************

PID   USER     TIME  COMMAND
    1 root      0:00 {init.sh} /bin/sh /usr/sbin/init.sh
   23 root      0:00 crond
   55 root      0:18 redis-server unixsocket:/tmp/redis.sock
  312 root      0:01 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
  313 root      0:03 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt_socks.toml
  330 root      0:00 unbound -c /tmp/unbound_forward.conf -p
  339 root      0:06 mosdns start -d /tmp -c /tmp/mosdns.yaml
  350 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
  356 root      0:00 tail -f /dev/null
  357 root      0:04 unbound -c /tmp/unbound_raw.conf -p
  855 root      0:00 inotifywait -e modify,delete /etc/unbound/named.cache /data/Country-only-cn-private.mmdb /data/force_recurse_list.txt /data/force_dnscrypt_list.txt /data/custom_env.ini /data/force_cn_list.txt /data/force_nocn_list.txt /data/global_mark.dat /data/trackerslist.txt /data/force_forward_list.txt /data/force_ttl_rules.txt
 1258 root      0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
 1283 root      0:00 ps -ef
  357 root      0:04 unbound -c /tmp/unbound_raw.conf -p
unbound OK.
  330 root      0:00 unbound -c /tmp/unbound_forward.conf -p
unbound_forward OK.
*********************************************************************************

[INFO] TOP
*********************************************************************************

CPU:  10% usr   7% sys   0% nic  80% idle   2% io   0% irq   0% sirq
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
  357     1 root     S    1220m  15%   2   3% unbound -c /tmp/unbound_raw.conf -
  339     1 root     S    1210m  15%   3   0% mosdns start -d /tmp -c /tmp/mosdn
  313     1 root     S    1210m  15%   2   0% dnscrypt-proxy -config /data/dnscr
  312     1 root     S    1210m  15%   3   0% dnscrypt-proxy -config /data/dnscr
   55     1 root     S     339m   4%   2   0% redis-server unixsocket:/tmp/redis
  330     1 root     S    20808   0%   3   0% unbound -c /tmp/unbound_forward.co
  350     1 root     S     1712   0%   3   0% {watch_list.sh} /bin/sh /usr/sbin/
    1     0 root     S     1632   0%   3   0% {init.sh} /bin/sh /usr/sbin/init.s
 1258     0 root     S     1628   0%   3   0% {debug.sh} /bin/sh /usr/sbin/debug
 1290  1258 root     R     1624   0%   3   0% top -n1
  356     1 root     S     1616   0%   2   0% tail -f /dev/null
 1291  1258 root     S     1612   0%   3   0% grep %
  855   350 root     S     1072   0%   2   0% inotifywait -e modify,delete /etc/
   23     1 root     S      860   0%   3   0% crond
*********************************************************************************

[INFO] REDIS
*********************************************************************************

used_memory_human:266.92M
used_memory_rss_human:321.24M
used_memory_peak_human:266.94M
total_system_memory_human:7.59G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:900.00M
233185
*********************************************************************************

[TEST] IP ROUTE
*********************************************************************************

CN IP URL:
124.78.27.219
-
124.78.27.219
--
124.78.27.219
CN RAW-IP URL:
124.78.27.219
------------------
Non-CN IP URL:
218.190.230.186
-
218.190.230.186
--
218.190.230.186
Non-CN RAW-IP URL:
124.78.27.219
-
124.78.27.219
--
124.78.27.219
---
124.78.27.219
------------------
IP INFO:
124.78.27.219
CN,Shanghai,Shanghai
ASN4812/China Telecom
HTTP/1.1 
Mozilla/5.0 Gecko/20100101 Firefox/120.0 https://github.com/kkkgo/PaoPaoDNS
Asia/Shanghai Time: 5/5/2024, 4:36:41 PM
[INFO] force_recurse_list
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
MOSDNS WHOAMI :
MOSDNS akahelp: "ns" "124.78.27.219"
MOSDNS 03k: 124.78.27.219
UNBOUND WHOAMI:
UNBOUND akahelp: "ns" "124.78.27.219"
UNBOUND 03k: 124.78.27.219
*********************************************************************************

[TEST] HIJACK
*********************************************************************************

;; communications error to 9.8.7.5#53: timed out
;; no servers could be reached

;; communications error to 9.8.7.6#53: timed out
;; no servers could be reached

HIJACK 127.0.0.1 = 58.217.249.177
*********************************************************************************

[TEST] DIG-CN [taobao]
*********************************************************************************

MOSDNS CN:
www.taobao.com.danuoyi.tbcache.com.
222.186.18.183
222.186.18.188
UNBOUND CN:
www.taobao.com.danuoyi.tbcache.com.
222.186.18.188
222.186.18.183
[TEST] DIG-NOCN [youtube]
MOSDNS NOCN:
7.0.0.88
DNSCRYPT-UNBOUND NOCN:
youtube-ui.l.google.com.
172.217.167.78
142.250.66.238
DNSCRYPT NOCN:
;; communications error to 127.0.0.1#5302: timed out
youtube-ui.l.google.com.
142.251.221.78
DNSCRYPT-SOCKS5 NOCN:
youtube-ui.l.google.com.
172.217.24.110
172.217.24.238
*********************************************************************************

CUSTOM_FORWARD TEST [youtube]:
7.0.0.88
CUSTOM_FORWARD TEST [taobao]:
7.0.160.197
*********************************************************************************

[TEST] DUAL CN [IPv6=YES will have aaaa,taobao]
*********************************************************************************

[TEST] DUAL NOCN [IPv6=YES will block aaaa,youtube]
[TEST] ONLY6 [IPv6=only6 will block aaaa if a ok]
checkipv6.synology.com : ip6.03k.org : 6.ipw.cn : 
*********************************************************************************

[info] ALL TEST FINISH.

-> debug end 1714898210

[Edmondguo]

就在刚刚，尝试

nslookup nas. example.site 192.168.0.3
Server:         192.168.0.3
Address:        192.168.0.3#53

Non-authoritative answer:
Name:   nas. example.site
Address: 192.168.0.3

返回值忽然又成功了。。期间没有其他操作。

[kkkgo]

看起来就是查询超时了。你规则是转发到哪里。

[Edmondguo]

这是在paopaodns上的配置：

我配置了RULES_TTL:-600-，force_ttl_rules.txt内添加一行：example.site@@homelab.example.site

这是在阿里云域名解析处加的记录

除此之外没有了
另外我在别的网络环境（公司的mac）测试了下nas.example.site homelab.example.site的dns解析，结果是没有问题的

[kkkgo]

你试试dig指定-p5302端口看看是否有结果。

[kkkgo]

我注意到你的规则可能会引起混乱和冲突。
example.site@@homelab.example.site
由于homelab.example.site也属于example.site，因此可能会造成死循环导致查询超时。
如果你想实现这个效果，其实你可以直接写.example.site@@192.168.0.3试试

[Edmondguo]

哇，果然是这样！我改成.example.site@@192.168.0.3果然可以了！
我之前也有这个疑惑，前面这个是包含后面的，为什么会work，之前有时候在内网点了之后打不开，刷新一下就好了，从昨天开始才变成完全不可用的状态。

[kkkgo]

你用子域名嵌套子域名是没问题的。你用主域名嵌套子域名，那只能是恰好子域名有缓存就不会有死循环。