Possible issue on dns resolution

[webaddicto]

Hello,

I am using microsocks in a Debian 12 OS and all works fine, except one thing:

Sometimes with some websites the socks5 connection fails with "host unreachable" error:

socks connect tcp 1.2.3.4:1080->www.hugedomains.com:443: unknown error host unreachable

I found that another user reported a similar issue in the past:
#40 (comment)

And the suggested solution to edit /etc/gai.conf and uncomment this line:

precedence ::ffff:0:0/96 100

But I still get occasional "host unreachable" errors.

Here is the "host" output for both domains:

host 10ksolutions.com
10ksolutions.com is an alias for traff-1.hugedomains.com.
traff-1.hugedomains.com is an alias for hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com.
hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com has address 52.71.57.184
hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com has address 54.209.32.212

host www.hugedomains.com
www.hugedomains.com has address 104.26.7.37
www.hugedomains.com has address 172.67.70.191
www.hugedomains.com has address 104.26.6.37
www.hugedomains.com has IPv6 address 2606:4700:20::ac43:46bf
www.hugedomains.com has IPv6 address 2606:4700:20::681a:625
www.hugedomains.com has IPv6 address 2606:4700:20::681a:725

Any idea as to why it is failing in this case?

PS: I am running microsocks like this:

microsocks -p 1080

And the VPS has both IPv4 and IPv6 address.

[rofl0r]

"host unreachable" is usually an indicator of network stability issues. the target may be temporarily overloaded, or your side has some connectivity issues.

[webaddicto]

Thanks for the information.

I've made additional testings and after running microsocks with the -b option like this:

microsocks -b '0.0.0.0' -q -p 1080

Then, so far, I have not got that "host unreachable" error again.

If I run it without the -b option, I get that errors again.

Do you know why this can happen?

[rofl0r]

in that case, it'd might make sense to watch the DNS traffic using e.g. wireshark for when that happens. is it using v4 or v6 when the problem arises? or, does connecting to any of the resolved ips directly result in issues too ?

[webaddicto]

I made some tests and here are the results:

ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.xxx.xxx.xxx  netmask 255.255.255.0  broadcast 192.xxx.xxx.255
        inet6 2a03:xxx:xx:xxxx::1  prefixlen 48  scopeid 0x0<global>
        inet6 fe80::xxxx:xx:xxxx:399  prefixlen 64  scopeid 0x20<link>
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 3780828  bytes 1267905233 (1.1 GiB)
        RX errors 0  dropped 39  overruns 0  frame 0
        TX packets 2425307  bytes 1113453905 (1.0 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 397  bytes 36312 (35.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 397  bytes 36312 (35.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 2606:4700:4700::1111

dig +short www.hugedomains.com @1.1.1.1
104.26.6.37
172.67.70.191
104.26.7.37

dig +short www.hugedomains.com @2606:4700:4700::1111
104.26.7.37
104.26.6.37
172.67.70.191

ping 104.26.6.37
PING 104.26.6.37 (104.26.6.37) 56(84) bytes of data.
64 bytes from 104.26.6.37: icmp_seq=1 ttl=59 time=11.4 ms
64 bytes from 104.26.6.37: icmp_seq=2 ttl=59 time=11.5 ms
64 bytes from 104.26.6.37: icmp_seq=3 ttl=59 time=11.5 ms
--- 104.26.6.37 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 11.404/11.458/11.518/0.046 ms

ping 172.67.70.191
PING 172.67.70.191 (172.67.70.191) 56(84) bytes of data.
64 bytes from 172.67.70.191: icmp_seq=1 ttl=59 time=20.3 ms
64 bytes from 172.67.70.191: icmp_seq=2 ttl=59 time=20.6 ms
64 bytes from 172.67.70.191: icmp_seq=3 ttl=59 time=20.4 ms
--- 172.67.70.191 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 20.294/20.420/20.566/0.111 ms

ping 104.26.7.37
PING 104.26.7.37 (104.26.7.37) 56(84) bytes of data.
64 bytes from 104.26.7.37: icmp_seq=1 ttl=59 time=13.7 ms
64 bytes from 104.26.7.37: icmp_seq=2 ttl=59 time=14.5 ms
64 bytes from 104.26.7.37: icmp_seq=3 ttl=59 time=13.8 ms
--- 104.26.7.37 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 13.730/13.992/14.467/0.336 ms

curl -4 -I "https://www.hugedomains.com/" -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"
HTTP/2 403
date: Fri, 27 Dec 2024 11:28:38 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 27 Dec 2024 11:28:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: xxx-FRA
server-timing: cfL4;desc="?proto=TCP&rtt=16211&min_rtt=15998&rtt_var=4671&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3396&recv_bytes=784&delivery_rate=181022&cwnd=252&unsent_bytes=0&cid=xxx&ts=81&x=0"

curl -6 -I "https://www.hugedomains.com/" -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"
HTTP/2 403
date: Fri, 27 Dec 2024 11:28:42 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 27 Dec 2024 11:28:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: xxx-MXP
server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1048&rtt_var=635&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3396&recv_bytes=784&delivery_rate=3361596&cwnd=253&unsent_bytes=0&cid=xxx&ts=53&x=0"

Without using the "-b 0.0.0.0" option I can occasionally get the "host unreachable" errors.

But not always, generally on the first time I visit that domain or when I test some concurrent visits.

I have now changed VPS to see if there was a sort of network issue on this one.

Will keep update in case I find something.