[Bug Report] Nodes' domain resolve failure without fallback resolver #890
Description
Checks
- I have searched the existing issues
- I have read the documentation
- Is it your first time sumbitting an issue
Current Behavior
If dns upstream in dae cannot be connected directly, such as cloudfare in chian, node's domain reslove will be failed with following logs.
Some related logs:
Sep 27 08:20:13 nixos-desktop dae[54944]: level=debug msg="Rewrite dial target to domain" from="140.82.114.4:443" to="github.com:443"
Sep 27 08:20:13 nixos-desktop dae[54944]: level=debug msg="Rewrite dial target to domain" from="140.82.114.4:443" to="github.com:443"
Sep 27 08:20:13 nixos-desktop dae[54944]: level=warning msg="handleConn: failed to dial 140.82.114.4:443: failed to select dialer from group speed (tcp6): no alive dialer"
Sep 27 08:20:13 nixos-desktop dae[54944]: level=debug msg="Connectivity Check Failed" err="Head "http://cp.cloudflare.com": [Ws]: dial to node address: dial tcp: lookup node_domain on 127.0.0.53:53: server misbehaving" network=tcp4 node="node name"
If I change my dns from 1.1.1.1 to alidns, nodes can be selected correctly, why I think the issue is caused by dns rosolve on node's domain.
According to #784, as my understanding, it should be fallback to fallback_resolver, but it uses 1.1.1.1 still. Furthermore, I set prefer 4 in my configuration below, but it failed on ipv6. By the way, I have disable ipv6, that sysctl net.ipv6.conf.enp9s0.disable_ipv6 returns net.ipv6.conf.enp9s0.disable_ipv6 = 0.
I can add direct(must) rule for node's domain in routing and dns to route these requests though my expect. However, nodes domain may be changed time by time, and configuration must be updated everytime nodes change.
I can add direct(must) to my dns address as well, but all traffic won't go through dae's dns.
Expected Behavior
Cloud dae make dns requests for node domain through fallback or system dns directly? Or make fallback_resolver work in a such case.
Or, similar to mihomo, could we bypass dns requests to direct, proxy or other rules according to nodes and dns upstream's domain explictly and automatically?
Steps to Reproduce
Part of the failure configuration.
global {
dial_mode: domain
fallback_resolver: '114.114.114.114:53'
}
dns {
ipversion_prefer: 4
upstream {
cloudfare: "https://1.1.1.1/dns-query"
google: "https://8.8.8.8/dns-query"
alidns: "https://dns.alidns.com/dns-query"
}
routing {
request {
fallback: cloudfare
}
response {
fallback: accept
}
}
}
routing {
dip(geoip:private) -> direct
pname(iwd) -> direct
pname(systemd-resolved) -> direct
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
fallback: proxy
}
And the following config can work:
dns {
ipversion_prefer: 4
upstream {
cloudfare: "https://1.1.1.1:443/dns-query"
google: "https://8.8.8.8:443/dns-query"
alidns: "https://dns.alidns.com:443/dns-query"
}
routing {
request {
fallback: alidns
}
response {
ip(geoip:private) && !qname(geosite:cn) -> cloudfare
fallback: accept
}
}
}
Environment
- Dae version (use
dae --version):
dae version 1.0.0
go runtime go1.25.0 linux/amd64
Copyright (c) 2022-2025 @daeuniverse
License GNU AGPLv3 <https://github.com/daeuniverse/dae/blob/main/LICENSE>
- OS (e.g
cat /etc/os-release):
ANSI_COLOR="0;38;2;126;186;228"
BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues"
BUILD_ID="25.11.20250913.c23193b"
CPE_NAME="cpe:/o:nixos:nixos:25.11"
DEFAULT_HOSTNAME=nixos
DOCUMENTATION_URL="https://nixos.org/learn.html"
HOME_URL="https://nixos.org/"
ID=nixos
ID_LIKE=""
IMAGE_ID=""
IMAGE_VERSION=""
LOGO="nix-snowflake"
NAME=NixOS
PRETTY_NAME="NixOS 25.11 (Xantusia)"
SUPPORT_URL="https://nixos.org/community.html"
VARIANT=""
VARIANT_ID=""
VENDOR_NAME=NixOS
VENDOR_URL="https://nixos.org/"
VERSION="25.11 (Xantusia)"
VERSION_CODENAME=xantusia
VERSION_ID="25.11"
- Kernel (e.g.
uname -a):Linux nixos-desktop 6.16.7 #1-NixOS SMP PREEMPT_DYNAMIC Thu Sep 11 15:23:23 UTC 2025 x86_64 GNU/Linux - Others: Nothing
Anything else?
No response