[Help] 纯 V6 的域名被 END by try_auto_check 这是预期的结果吗

[zkl2333]

在提交之前，请确认

• 我已经尝试执行test.sh并搜索过Issue和discussions和文档，但没有找到相关问题。
• 我正在使用最新的docker镜像版本（可以尝试docker pull sliamb/paopaodns:latest后重新创建容器）。

test.sh脚本自检日志

/data # test.sh
*********************************************************************************

images build time : 2024-07-09 17:01:09 UTC
check for the latest version ,
go to https://github.com/kkkgo/PaoPaoDNS/discussions 
-> test start `1720841203`

[INFO] ALL TEST PASS.✅

-> test end `1720841206`

*********************************************************************************

debug.sh脚本自检日志

/data # debug.sh
### == debug.sh : docker exec -it paopaodns sh ==
-> debug start `1720841228`

[INFO] images build time : 2024-07-09 17:01:09 UTC
[OK]DATA_writeable
[OK]DATA_readable
[INFO] NETWORK
*********************************************************************************

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
51: eth0@if52: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
default via 192.168.10.1 dev eth0 
192.168.10.0/24 dev eth0 scope link  src 192.168.10.2 
PING 223.5.5.5 (223.5.5.5): 56 data bytes
64 bytes from 223.5.5.5: seq=0 ttl=117 time=6.128 ms

--- 223.5.5.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.128/6.128/6.128 ms
PING 119.29.29.29 (119.29.29.29): 56 data bytes
64 bytes from 119.29.29.29: seq=0 ttl=48 time=32.256 ms

--- 119.29.29.29 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 32.256/32.256/32.256 ms
Server:         223.5.5.5
Address:        223.5.5.5#53

Non-authoritative answer:
www.taobao.com  canonical name = www.taobao.com.danuoyi.tbcache.com.
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 122.228.79.211
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 122.228.79.210
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 240e:f7:c010:1401:3::3e8
Name:   www.taobao.com.danuoyi.tbcache.com
Address: 240e:f7:c010:1401:3::3e9

Server:         119.29.29.29
Address:        119.29.29.29#53

Non-authoritative answer:
www.qq.com      canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.22.57
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 101.91.42.232
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:e1:a800:120::36
Name:   ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:e1:a800:120::76

*********************************************************************************

[INFO] ENV
*********************************************************************************

====ENV TEST====
[OK]DATA_writeable-
[OK]DATA_readable-
MEM:220m 450m 500000 750mb
prefPC:68
CORES:-2-
POWCORES:-2-
ulimit :-10240-
FDLIM :-1268-
TZ:-Asia/Shanghai-
UPDATE:-weekly-
DNS_SERVERNAME:-PaoPaoDNS-
SERVER_IP:-none-
ETHIP:-192.168.10.2-
DNSPORT:-53-
SOCKS5:-IP:PORT-
CNAUTO:-yes-
IPV6:-yes-
CNFALL:-yes-
CUSTOM_FORWARD:-198.18.0.2:53-
AUTO_FORWARD:-yes-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-no-
RULES_TTL:-0-
CUSTOM_FORWARD_TTL:-0-
SHUFFLE:-no-
EXPIRED_FLUSH:-yes-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-no-
SAFEMODE:--
QUERY_TIME:-2000ms-
ADDINFO:-yes-
PLATFORM:-Linux paopaodns 5.10.194 #0 SMP Mon Dec 13 10:43:05 2021 x86_64 Linux-
====ENV TEST====
mosdns kkkgo/mosdns:240529.1
total 6M     
   4.0K drwxrwxrwx    3 0        0           4.0K Jul 13 11:26 .
   4.0K drwxr-xr-x    1 0        0           4.0K Jul 13 10:46 ..
 260.0K -rwxrwxrwx    1 0        0         258.4K Jul 13 10:46 Country-only-cn-private.mmdb
   4.0K -rwxrwxrwx    1 0        0            114 Jul 13 11:25 custom_env.ini
   4.0K -rwxrwxrwx    1 0        0            416 Jul 13 11:26 custom_mod.yaml
   4.0K drwxrwxrwx    2 0        0           4.0K Jul 13 11:26 dnscrypt-resolvers
   4.0K -rwxrwxrwx    1 0        0           3.0K Jul 13 10:46 dnscrypt.toml
   4.0K -rwxrwxrwx    1 0        0            328 Mar 26 16:46 force_cn_list.txt
   4.0K -rwxrwxrwx    1 0        0            670 Jul 13 10:46 force_dnscrypt_list.txt
   4.0K -rwxrwxrwx    1 0        0            311 Mar 26 16:46 force_forward_list.txt
   4.0K -rwxrwxrwx    1 0        0            386 Mar 26 16:46 force_nocn_list.txt
   4.0K -rwxrwxrwx    1 0        0            387 Jul 13 10:46 force_recurse_list.txt
  12.0K -rwxrwxrwx    1 0        0          10.0K Jul 13 10:46 mosdns.yaml
   8.0K -rwxrwxrwx    1 0        0           5.7K Jul 13 10:46 redis.conf
   5.3M -rwxrwxrwx    1 0        0           5.3M Jul 13 08:13 redis_dns_v2.rdb
 276.0K -rwxrwxrwx    1 0        0         276.0K Jun 13 15:28 temp-62.rdb
  16.0K -rwxrwxrwx    1 0        0          13.2K Jul  6 03:01 trackerslist.txt
  52.0K -rwxrwxrwx    1 0        0          50.6K Jul 13 10:46 unbound.conf
   4.0K -rwxrwxrwx    1 0        0            289 Mar 26 16:46 unbound_custom.conf
*********************************************************************************

[INFO] PS
*********************************************************************************

PID   USER     TIME  COMMAND
    1 root      0:00 {init.sh} /bin/sh /usr/sbin/init.sh
   36 root      0:00 crond
   70 root      0:00 redis-server unixsocket:/tmp/redis.sock
  154 root      0:00 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
  170 root      0:00 unbound -c /tmp/unbound_forward.conf -p
  181 root      0:00 mosdns start -d /tmp -c /tmp/mosdns.yaml
  194 root      0:00 unbound -c /tmp/unbound_raw.conf -p
  195 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
  196 root      0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
  198 root      0:00 sleep 121
  232 root      0:00 inotifywait -e modify,delete /etc/unbound/named.cache /data/Country-only-cn-private.mmdb /data/force_recurse_list.txt /data/force_dnscrypt_list.txt /data/custom_env.ini /data/force_cn_list.txt /data/force_nocn
  233 root      0:00 tail -f /dev/null
  239 root      0:00 /bin/sh
  344 root      0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
  360 root      0:00 ps -ef
  194 root      0:00 unbound -c /tmp/unbound_raw.conf -p
unbound OK.
  170 root      0:00 unbound -c /tmp/unbound_forward.conf -p
unbound_forward OK.
*********************************************************************************

[INFO] TOP
*********************************************************************************

CPU:   5% usr   0% sys   0% nic  95% idle   0% io   0% irq   0% sirq
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
  154     1 root     S    1211m  32%   2   0% dnscrypt-proxy -config /data/dnscr
  181     1 root     S    1210m  32%   1   0% mosdns start -d /tmp -c /tmp/mosdn
  194     1 root     S     389m  10%   2   0% unbound -c /tmp/unbound_raw.conf -
   70     1 root     S    30676   1%   0   0% redis-server unixsocket:/tmp/redis
  170     1 root     S    20692   1%   2   0% unbound -c /tmp/unbound_forward.co
  195     1 root     S     1712   0%   2   0% {watch_list.sh} /bin/sh /usr/sbin/
  239     0 root     S     1692   0%   0   0% /bin/sh
  196     1 root     S     1632   0%   1   0% {data_update.sh} /bin/sh /usr/sbin
    1     0 root     S     1628   0%   2   0% {init.sh} /bin/sh /usr/sbin/init.s
  344   239 root     S     1624   0%   1   0% {debug.sh} /bin/sh /usr/sbin/debug
  367   344 root     R     1620   0%   0   0% top -n1
  233     1 root     S     1612   0%   0   0% tail -f /dev/null
  198   196 root     S     1608   0%   2   0% sleep 121
  368   344 root     S     1608   0%   2   0% grep %
  232   195 root     S     1068   0%   3   0% inotifywait -e modify,delete /etc/
   36     1 root     S      856   0%   3   0% crond
*********************************************************************************

[INFO] REDIS
*********************************************************************************

used_memory_human:7.28M
used_memory_rss_human:11.96M
used_memory_peak_human:7.28M
total_system_memory_human:3.68G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:750.00M
(integer) 20429
*********************************************************************************

[TEST] IP ROUTE
*********************************************************************************

CN IP URL:
183.156.112.66
-
183.156.112.66
--
183.156.112.66
CN RAW-IP URL:
183.156.112.66
------------------
Non-CN IP URL:
103.156.242.114
-
183.156.112.66
--
23.249.24.30
Non-CN RAW-IP URL:
183.156.112.66
-
183.156.112.66
--
183.156.112.66
---
183.156.112.66
------------------
IP INFO:
183.156.112.66
CN,Hangzhou,Zhejiang
ASN4134/China Telecom
HTTP/1.1 
Mozilla/5.0 Gecko/20100101 Firefox/120.0 https://github.com/kkkgo/PaoPaoDNS
Asia/Shanghai Time: 7/13/2024, 11:27:13 AM
[INFO] force_recurse_list
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
MOSDNS WHOAMI :
MOSDNS akahelp: "ns" "183.156.112.66"
MOSDNS 03k: 183.156.112.66
UNBOUND WHOAMI:
UNBOUND akahelp: "ns" "183.156.112.66"
UNBOUND 03k: 183.156.112.66
*********************************************************************************

[TEST] HIJACK
*********************************************************************************

;; communications error to 9.8.7.5#53: timed out
;; no servers could be reached

;; communications error to 9.8.7.6#53: timed out
;; no servers could be reached

HIJACK 127.0.0.1 = 58.217.249.177
*********************************************************************************

[TEST] DIG-CN [taobao]
*********************************************************************************

MOSDNS CN:
www.taobao.com.danuoyi.tbcache.com.
122.228.79.210
122.228.79.211
UNBOUND CN:
www.taobao.com.danuoyi.tbcache.com.
122.228.79.211
122.228.79.210
[TEST] DIG-NOCN [youtube]
MOSDNS NOCN:
198.18.1.43
DNSCRYPT-UNBOUND NOCN:
youtube-ui.l.google.com.
172.217.18.110
142.250.181.238
DNSCRYPT NOCN:
youtube-ui.l.google.com.
192.178.52.206
142.251.34.14
DNSCRYPT-SOCKS5 NOCN:
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

*********************************************************************************

[TEST] DUAL CN [IPv6=YES will have aaaa,taobao]
*********************************************************************************

www.taobao.com.danuoyi.tbcache.com.
240e:f7:c010:1401:3::3e8
240e:f7:c010:1401:3::3e9
[TEST] DUAL NOCN [IPv6=YES will block aaaa,youtube]
[TEST] ONLY6 [IPv6=only6 will block aaaa if a ok]
checkipv6.synology.com : ip6.03k.org : 6.ipw.cn : 
*********************************************************************************

[info] ALL TEST FINISH.

-> debug end `1720841237`

问题描述和复现步骤

我遇到的问题：

无法访问纯 V6 域名
通过 AUTO_FORWARD_CHECK="no" 可以解决，但很好奇这是预期的结果吗

我的配置为：

CNAUTO="yes"
DNS_SERVERNAME="PaoPaoDNS"
CUSTOM_FORWARD="198.18.0.2:53"
AUTO_FORWARD="yes"
IPV6="yes"
ADDINFO="yes"

这是我的测试：

❯ dig 6.ipw.cn `@192.168.10.2 A -p53

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @192.168.10.2 A -p53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31331
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;6.ipw.cn.                      IN      A

;; ADDITIONAL SECTION:
20240713112632.415.reject.paopaodns. 0 IN TXT   "391ms, END by try_auto_check."

;; Query time: 393 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sat Jul 13 11:26:33 ;; MSG SIZE  rcvd: 103


~
❯ dig 6.ipw.cn `@192.168.10.2 A -p5301

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @192.168.10.2 A -p5301
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22523
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;6.ipw.cn.                      IN      A

;; AUTHORITY SECTION:
ipw.cn.                 0       IN      SOA     ns3.dnsv2.com. level3dnsadmin.dnspod.com. 1714832016 3600 180 1209600 180

;; Query time: 1 msec
;; SERVER: 192.168.10.2#5301(192.168.10.2)
;; WHEN: Sat Jul 13 11:28:33 ;; MSG SIZE  rcvd: 108


~
❯ dig 6.ipw.cn `@192.168.10.2 AAAA -p53

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @192.168.10.2 AAAA -p53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35949
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;6.ipw.cn.                      IN      AAAA

;; ADDITIONAL SECTION:
20240713112935.815.reject.paopaodns. 0 IN TXT   "0ms, END by IPv6=yes, NO CN IP block aaaa."

;; Query time: 1 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sat Jul 13 11:29:36 ;; MSG SIZE  rcvd: 116


~
❯ dig 6.ipw.cn `@192.168.10.2 AAAA -p5301

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @192.168.10.2 AAAA -p5301
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43122
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;6.ipw.cn.                      IN      AAAA

;; ANSWER SECTION:
6.ipw.cn.               57      IN      AAAA    2400:8905::f03c:94ff:fe1c:a95e

;; Query time: 1 msec
;; SERVER: 192.168.10.2#5301(192.168.10.2)
;; WHEN: Sat Jul 13 11:29:39 ;; MSG SIZE  rcvd: 65

[kkkgo]

END by try_auto_check只是因为你去查的是A记录，这个域名确实没有A记录，所以结束了流程。
真正的原因上面已经有写，END by IPv6=yes, NO CN IP block aaaa.，在 IPv6=yes的情况下只允许解析结果为CN的IPv6，非CN的解析结果会被block。
而你查的这个域名结果的确是非CN的解析结果，所以是预期的结果。

[zkl2333]

测试了 CN 纯 V6 的 test6.ustc.edu.cn 解析确实没有问题

但是我将配置改为：

CNAUTO="yes"
DNS_SERVERNAME="PaoPaoDNS"
CUSTOM_FORWARD="198.18.0.2:53"
AUTO_FORWARD="yes"
IPV6="raw"
ADDINFO="yes"

非 CN 的纯 V6 在 AAAA 和 A 都没有结果，我觉得预期应该是返回一个 fakeip：

❯ dig 6.ipw.cn `@192.168.10.2 AAAA -p53

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @192.168.10.2 AAAA -p53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54169
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;6.ipw.cn.                      IN      AAAA

;; Query time: 2 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sat Jul 13 12:17:51 ;; MSG SIZE  rcvd: 26

❯ dig 6.ipw.cn `@192.168.10.2 A -p53

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @192.168.10.2 A -p53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53818
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;6.ipw.cn.                      IN      A

;; ADDITIONAL SECTION:
20240713122310.579.reject.paopaodns. 0 IN TXT   "0ms, END by try_auto_check."

;; Query time: 2 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sat Jul 13 12:23:11 ;; MSG SIZE  rcvd: 101

测试了 fakeip 网关的结果，它只响应 A 记录。我觉得这是导致无法访问的主要原因。

~
❯ dig 6.ipw.cn `@198.18.0.2 AAAA -p53

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @198.18.0.2 AAAA -p53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56242
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;6.ipw.cn.                      IN      AAAA

;; Query time: 3 msec
;; SERVER: 198.18.0.2#53(198.18.0.2)
;; WHEN: Sat Jul 13 12:32:18 ;; MSG SIZE  rcvd: 26


~
❯ dig 6.ipw.cn `@198.18.0.2 A -p53

; <<>> DiG 9.16.50 <<>> 6.ipw.cn @198.18.0.2 A -p53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11646
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;6.ipw.cn.                      IN      A

;; ANSWER SECTION:
6.ipw.cn.               30      IN      A       198.18.30.183

;; Query time: 2 msec
;; SERVER: 198.18.0.2#53(198.18.0.2)
;; WHEN: Sat Jul 13 12:32:23 ;; MSG SIZE  rcvd: 50

综上看，是不是 AUTO_FORWARD_CHECK="yes" 的情况下，非 CN 的纯 V6 无法返回 fakeip。

[kkkgo]

你需要清楚一个事实：IPv6也就是AAAA记录，IPv4就是A记录，这两者并没有什么联系。你查询一个域名A记录或者AAAA记录是分别两个请求。不存在一个请求同时查询两种记录。
“纯V6域名”也就是只有AAAA记录的域名，你查A记录没有结果那就是自然。
至于你的纯V6域名被判断为需要转发到CUSTOM_FORWARD的DNS服务器，从你的CUSTOM_FORWARD那里得到什么结果就是什么结果，你设定的IPV6=raw只是不会对你得到的结果进行干预或者过滤。
AUTO_FORWARD_CHECK的功能就是转发到CUSTOM_FORWARD前先对域名有效性进行检查，如果域名根本就不存在有效的查询请求的记录，就不会进行转发。比如局域网内一个流氓软件不停查询不存在的域名，在你用FAKEIP的场景，那就把你FAKEIP池塞满，或者转发了不该转发的流量。既然你的域名不存在有效的A记录，自然不会转发到CUSTOM_FORWARD。
从结果上来说，你的FAKEIP网关的确不提供AAAA记录，但这一般也没有什么意义，你还需要为他添加IPV6静态路由、为FAKEIP网关添加IPV6地址等，当你折腾这些还不如把你这个纯V6域名添加到force_forward_list.txt。