Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workaround for dnsmasq problem #425

Closed
yichya opened this issue Oct 21, 2024 · 2 comments
Closed

Workaround for dnsmasq problem #425

yichya opened this issue Oct 21, 2024 · 2 comments

Comments

@yichya
Copy link
Owner

yichya commented Oct 21, 2024

openwrt/openwrt#14975 involves a change to dnsmasq configuration path (/tmp/dnsmasq.d -> /tmp/dnsmasq.cfg01411c.d) which breaks DNS configurations for luci-app-xray. Add this to Custom Configurations as a workaround:

return function(config) {
    const fs = require("fs");
    const uci = require("uci");
    const cursor = uci.cursor();
    const first = cursor.get_first("dhcp", "dnsmasq");

    fs.mkdir("/tmp/dnsmasq.d");
    fs.symlink("/tmp/dnsmasq.d/xray.conf", `/tmp/dnsmasq.${first}.d/xray.conf`);   
}
@yichya yichya pinned this issue Oct 21, 2024
@yichya
Copy link
Owner Author

yichya commented Nov 19, 2024

Caution: if you're using OpenWrt with ujail enabled, the workaround above won't work and may even make dnsmasq unable to start at all. Manually edit /etc/init.d/dnsmasq to add /tmp/dnsmasq.d to jail mount before applying workaround above:

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index b864ea9069..7a535f576d 100755
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -1253,7 +1253,7 @@ dnsmasq_start()
 
        procd_add_jail dnsmasq ubus log
        procd_add_jail_mount $CONFIGFILE $DHCPBOGUSHOSTNAMEFILE $DHCPSCRIPT $DHCPSCRIPT_DEPENDS
-       procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE
+       procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE /tmp/dnsmasq.d
        procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir $user_dhcpscript
        procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers
        procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile

A better solution for this problem will be included in version 3.5 of this project (which is not planned before, but seems necessary now).

@yichya
Copy link
Owner Author

yichya commented Nov 22, 2024

#430 includes an option to set dnsmasq integration mode in preview app.

image

If luci-app-xray works correctly, don't change this option. Only try "Per Instance" mode if:

  • You're encountering problems related to dnsmasq: add filter-rr and cache-rr options openwrt/openwrt#14975
    • Select "Default instance"
  • You're using other DNS services like AdGuard Home and it somewhat conflicts with luci-app-xray
    • Select none to disable any dnsmasq integrations
    • Make sure your DNS services are working correctly
    • Use 127.0.0.1:5300 (this is still provided by luci-app-xray) as an upstream server for your DNS services
    • You may not be able to associate domain names in manual transparent proxy under this circumstance (because of being unable to exempt Rebind Protection). Use some public blackholes (for example NYIIX RTBH) to avoid that.
  • You're really setting up multiple dnsmasq instances and only some of them needs luci-app-xray

@yichya yichya mentioned this issue Nov 25, 2024
Open
@yichya yichya closed this as completed Nov 25, 2024
@yichya yichya unpinned this issue Nov 25, 2024
@yichya yichya pinned this issue Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yichya