使用严格路由,会造成wsl2和docker中网络请求缓慢,且在alpine镜像中无法联网 #2957

sqlpxc · 2025-05-07T03:11:18Z

Operating system

Windows

System version

Windows 11 Home 26100.3915

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.12.0-beta.10

Environment: go1.24.2 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_acme,with_clash_api,with_tailscale
Revision: 2fc9dfa9d2defe7e699984cfaefe05de1eaca1b8
CGO: disabled

Description

在sing-box中使用

"inbounds": [
        {
            "address": [
                "172.19.0.1/30"
            ],
            "auto_route": true,
            "strict_route": true,
            "tag": "tun-in",
            "type": "tun"
        }
    ],

在wsl2中使用nat网络模式执行nslookup,结果如下:

$ nslookup baidu.com
Server:         10.255.255.254
Address:        10.255.255.254#53

Non-authoritative answer:
Name:   baidu.com
Address: 110.242.68.66
Name:   baidu.com
Address: 39.156.66.10
;; communications error to 10.255.255.254#53: timed out
;; communications error to 10.255.255.254#53: timed out
;; Got recursion not available from 10.255.255.254

会报timed out错误,并且执行非常缓慢,尝试修改stack为system和gvisor仍然会出现此问题
在docker容器中都可以复现此错误,从而导致curl请求会异常缓慢

但是如果仅仅是部分场景请求缓慢我也就忍了,但是在alpine容器中甚至getaddrinfo直接无法使用
并且大多数时候网络相关的工具会出现问题(我甚至curl都装不上), 部分场景运行结果:

/ # apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.21/main: temporary error (try again later)
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/community/x86_64/APKINDEX.tar.gz
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.21/community: temporary error (try again later)
4 unavailable, 0 stale; 15 distinct packages available
/ # nslookup baidu.com
Server:         192.168.65.7
Address:        192.168.65.7:53

Non-authoritative answer:
Name:   baidu.com
Address: 110.242.68.66
Name:   baidu.com
Address: 39.156.66.10

*** Can't find baidu.com: No answer
/ # apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.21/main: temporary error (try again later)
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/community/x86_64/APKINDEX.tar.gz
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.21/community: temporary error (try again later)
ERROR: unable to select packages:
  curl (no such package):
    required by: world[curl]

在一番探索下,发现关闭严格路由可以解决,
但是关闭严格路由就引入了新的问题,会造成dns泄露,
而且有时会造成dns污染,使用curl请求google有时会被解析到facebook

又在一番探索下,发现手动指定容器和wsl的dns也可以解决,但是这会引入新的问题....

想问一下,不知道有什么较为完美的方法可以解决

Reproduction

{
    "dns": {
        "final": "google-dns",
        "rules": [
            {
                "clash_mode": "Direct",
                "server": "local-dns"
            },
            {
                "clash_mode": "Global",
                "server": "google-dns"
            },
            {
                "rule_set": "geosite-geolocation-cn",
                "server": "local-dns"
            },
            {
                "client_subnet": "1.0.1.0",
                "mode": "and",
                "rules": [
                    {
                        "invert": true,
                        "rule_set": "geosite-geolocation-!cn"
                    },
                    {
                        "rule_set": "geoip-cn"
                    }
                ],
                "server": "google-dns",
                "type": "logical"
            }
        ],
        "servers": [
            {
                "detour": "MSelection",
                "server": "8.8.8.8",
                "tag": "google-dns",
                "type": "udp"
            },
            {
                "server": "114.114.114.114",
                "tag": "local-dns",
                "type": "udp"
            }
        ],
        "strategy": "ipv4_only"
    },
    "experimental": {
        "cache_file": {
            "enabled": true,
            "store_rdrc": true
        },
        "clash_api": {
            "default_mode": "Enhanced",
            "external_controller": "127.0.0.1:9090",
            "external_ui": "dashboard",
            "external_ui_download_detour": "MSelection"
        }
    },
    "inbounds": [
        {
            "address": [
                "172.19.0.1/30"
            ],
            "auto_route": true,
            "strict_route": true,
            "tag": "tun-in",
            "type": "tun"
        }
    ],
    "log": {
        "disabled": false,
        "level": "trace",
        "timestamp": true
    },
    "outbounds": [
        {
            "tag": "direct-out",
            "type": "direct"
        },
        {
            "outbounds": [
                "hk-hy2"
            ],
            "tag": "ASelection",
            "type": "urltest",
            "url": "http://cp.cloudflare.com/generate_204"
        },
        {
            "default": "hk-hy2",
            "outbounds": [
                "direct-out",
                "ASelection",
                "hk-hy2"
            ],
            "tag": "MSelection",
            "type": "selector"
        },
        {
            "default": "MSelection",
            "outbounds": [
                "direct-out",
                "MSelection",
                "hk-hy2"
            ],
            "tag": "GLOBAL",
            "type": "selector"
        },
        {
            "tag": "hk-hy2",
            "type": "hysteria2",
             .......
        }
    ],
    "route": {
        "auto_detect_interface": true,
        "default_domain_resolver": {
            "server": "local-dns",
            "strategy": "ipv4_only"
        },
        "final": "MSelection",
        "find_process": true,
        "rule_set": [
            {
                "format": "binary",
                "tag": "microsoft",
                "type": "remote",
                "url": "https://github.com/SagerNet/sing-geosite/raw/refs/heads/rule-set/geosite-microsoft.srs"
            },
            {
                "format": "binary",
                "tag": "steam@cn",
                "type": "remote",
                "url": "https://github.com/SagerNet/sing-geosite/raw/refs/heads/rule-set/[email protected]"
            },
            {
                "format": "binary",
                "tag": "geosite-geolocation-cn",
                "type": "remote",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs"
            },
            {
                "format": "binary",
                "tag": "geosite-geolocation-!cn",
                "type": "remote",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs"
            },
            {
                "format": "binary",
                "tag": "geoip-cn",
                "type": "remote",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs"
            }
        ],
        "rules": [
            {
                "action": "sniff"
            },
            {
                "action": "hijack-dns",
                "protocol": "dns"
            },
            {
                "action": "reject",
                "process_path_regex": [
                    "^.*AppData\\\\Local\\\\Kingsoft\\\\WPS Office\\\\.*"
                ]
            },
            {
                "clash_mode": "Direct",
                "outbound": "direct-out"
            },
            {
                "clash_mode": "Global",
                "outbound": "GLOBAL"
            },
            {
                "domain_suffix": [
                    "raw.githubusercontent.com",
                    "github.com"
                ],
                "outbound": "MSelection"
            },
            {
                "outbound": "MSelection",
                "rule_set": [
                    "microsoft"
                ]
            },
            {
                "outbound": "direct-out",
                "rule_set": [
                    "geosite-geolocation-cn",
                    "geoip-cn",
                    "steam@cn"
                ]
            },
            {
                "domain_suffix": [
                    "steamserver.net"
                ],
                "outbound": "direct-out"
            }
        ]
    }
}

Logs

Supporter

I am a sponsor

Integrity requirements

I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

The text was updated successfully, but these errors were encountered:

Zxneric · 2025-05-07T03:41:04Z

这是因为 Windows 的智能多宿主导致的，我只想到一个蠢办法。

Get-NetAdapter | Where-Object { $_.Status -eq 'Up' } | ForEach-Object {
    Set-DnsClientServerAddress -InterfaceIndex $_.InterfaceIndex -ServerAddresses ('0.0.0.0', '::')

Get-DnsClient | ForEach-Object { Set-DnsClientServerAddress -InterfaceIndex $_.InterfaceIndex -ResetServerAddresses }

启动前执行第一条重置所有网卡上的DNS，关闭后执行第二条恢复，能workaround一下，具体怎么解决估计还是得去找Windows那一坨文档。

sqlpxc · 2025-05-07T03:48:08Z

这是因为 Windows 的智能多宿主导致的，我只想到一个蠢办法。

Get-NetAdapter | Where-Object { $.Status -eq 'Up' } | ForEach-Object {
Set-DnsClientServerAddress -InterfaceIndex $.InterfaceIndex -ServerAddresses ('0.0.0.0', '::')
Get-DnsClient | ForEach-Object { Set-DnsClientServerAddress -InterfaceIndex $_.InterfaceIndex -ResetServerAddresses }
启动前执行第一条重置所有网卡上的DNS，关闭后执行第二条恢复，能workaround一下，具体怎么解决估计还是得去找Windows那一坨文档。

确实,我现在就是这么干的,我用rust写了一个小工具执行winapi调用,然后运行sing-box,但是如果因为某些原因(比如直接重启)没有还原dhcp设置的话就会造成更麻烦的问题....甚至有时候会忘记自己设置了这个东西

Zxneric · 2025-05-07T03:50:28Z

能看下你的写法吗，我是 go 调 api 没调明白才用的 pwsh

sqlpxc · 2025-05-07T03:56:06Z

能看下你的写法吗，我是 go 调 api 没调明白才用的 pwsh

你要去改 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ 才能配置,winapi没办法直接改好像

dyhkwong · 2025-05-07T13:14:57Z

预期行为，因此此过度杀伤功能并非默认开启。不要开启除非你清楚该功能的副作用。除非你有除了修改所有适配器的 DNS 地址以外更好的方案。

dyhkwong added duplicate This issue or pull request already exists question Further information is requested wontfix This will not be worked on labels May 7, 2025

dyhkwong closed this as not planned Won't fix, can't repro, duplicate, stale May 7, 2025

This comment has been minimized.

Sign in to view

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

使用严格路由,会造成wsl2和docker中网络请求缓慢,且在alpine镜像中无法联网 #2957

使用严格路由,会造成wsl2和docker中网络请求缓慢,且在alpine镜像中无法联网 #2957

sqlpxc commented May 7, 2025

Zxneric commented May 7, 2025

Uh oh!

sqlpxc commented May 7, 2025

Uh oh!

Zxneric commented May 7, 2025

Uh oh!

sqlpxc commented May 7, 2025

Uh oh!

dyhkwong commented May 7, 2025 •

edited

Loading

Uh oh!

This comment has been minimized.

Uh oh!

使用严格路由,会造成wsl2和docker中网络请求缓慢,且在alpine镜像中无法联网 #2957

使用严格路由,会造成wsl2和docker中网络请求缓慢,且在alpine镜像中无法联网 #2957

Comments

sqlpxc commented May 7, 2025

Operating system

System version

Installation type

If you are using a graphical client, please provide the version of the client.

Version

Description

Reproduction

Logs

Supporter

Integrity requirements

Zxneric commented May 7, 2025

Uh oh!

sqlpxc commented May 7, 2025

Uh oh!

Zxneric commented May 7, 2025

Uh oh!

sqlpxc commented May 7, 2025

Uh oh!

dyhkwong commented May 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

This comment has been minimized.

dyhkwong commented May 7, 2025 •

edited

Loading