[Bug] openwrt tun mixed stack unable to hijack dns about mihomo HOT 4 OPEN

It works fine on my device. I suggest checking if it's an issue with the local device/system.

from mihomo.

It works fine on my device. I suggest checking if it's an issue with the local device/system.

What to check?
I tried openclash it works but it use manual route and some services don't get routed like local dns and other net service.

ip a | grep utun
8: utun: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UNKNOWN group default qlen 500
    inet 198.18.0.1/30 brd 198.18.0.3 scope global utun

EDIT:
I checked again. Apparently it does routed the traffic but failed to hijack DNS request.
Openclash actually replace dnsmasq forward DNS to mihomo :7874 so it works. But curl seems to not use dnsmasq (127.0.0.1:53). So it failed.
dig with random DNS server also always timed out. With system/gvisor dig is fine.

~# curl -vv google.com
* Could not resolve host: google.com
* Closing connection
curl: (6) Could not resolve host: google.com

~# curl -vv google.com --interface utun
* Host google.com:80 was resolved.
* IPv6: (none)
* IPv4: 172.253.118.102, 172.253.118.100, 172.253.118.139, 172.253.118.101, 172.253.118.113, 172.253.118.138
*   Trying 172.253.118.102:80...
* socket successfully bound to interface 'utun'
* Connected to google.com (172.253.118.102) port 80
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 302 Found
< Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgRoHJqWGJ-zkLIGIinItgvMhX6eUMNNkBxIvu0DGEWQCCysuUzXEOIh05okgGz6L9y5635oEDIBcloBQw
< Date: Wed, 15 May 2024 02:10:39 GMT
< Pragma: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Content-Type: text/html; charset=UTF-8
< Server: HTTP server (unknown)
< Content-Length: 347
< X-XSS-Protection: 0
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com/sorry/index?continue=http://google.com/&amp;q=EgRoHJqWGJ-zkLIGIinItgvMhX6eUMNNkBxIvu0DGEWQCCysuUzXEOIh05okgGz6L9y5635oEDIBcloBQw">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact

from mihomo.

@lux5am Check the resolv.conf file to ensure it does not contain private addresses, as private addresses cannot be hijacked.

from mihomo.

@xishang0128
I always checked ignore resolv file in DHCP setting tho since it's connected to my isp router/modem and provide DHCP with its own DNS (192.168.0.1) so indeed it can't be hijacked.

I tried with kdig @8.8.8.8 or any random server it also timeout. But sometimes it works. Which is strange.

Switched to gvisor everything is fine.

The same with system. The problem only when using mixed stack.

Turned off mihomo also no problem. My ISP actually hijack all DNS request at UDP:53 for censorship. So I use mihomo with fallback to doh.

So plain UDP with non censored domain should be fast. When using doh it should also responded in less than 1sec. So timeout should not be there.

It seems mihomo do hijack the DNS request but failed to response DNS request properly or something in between when using mixed stack.

I remember the problem occured only a few months ago. So I switched to gvisor. I reported to sing-box project since it's more appropriate to report sing problem in there, and it's closed immedietly without explanation as usual.
I suspected there's some changes in sing-tun or related library that mihomo uses. Since sing-box also suffer the same issue.

I enabled debug log and there's nothing about DNS in the log when using mixed stack. Switched to gvisor it immediately flooded with DNS hijack log.

from mihomo.