前言

为了安全🔐部署了Cloudflare Zero Trust

遇到个困扰我挺久的问题,

搜索🔍无果,最后多方排查解决了.

以下系统环境为Arch Linux,网络环境通过OpenWrt(启用科学工具PassWall)获得.

通过dig命令获取不到 ANSWER SECTION

image-20220915190903487

问题如下:

1
2
3
4
5
6
7
8
9
10
11
Error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z ERR Please try the following things to diagnose this issue:
2022-09-15T08:24:12Z ERR 1. ensure that argotunnel.com is returning "origintunneld" service records.
2022-09-15T08:24:12Z ERR Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com
2022-09-15T08:24:12Z ERR 2. ensure that your DNS resolver is not returning compressed SRV records.
2022-09-15T08:24:12Z ERR See GitHub issue https://github.com/golang/go/issues/27546
2022-09-15T08:24:12Z ERR For example, you could use Cloudflare's 1.1.1.1 as your resolver:
2022-09-15T08:24:12Z ERR https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
2022-09-15T08:24:12Z INF Tunnel server stopped
2022-09-15T08:24:12Z ERR Initiating shutdown error="Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z INF Metrics server stopped

更换DNS等等都不行.最终确定是我OpenWrt上DHCP/DNS配置有合理之处

解决

进入网络,转到高级设置.

定位到过滤无用包(不转发公共域名服务器无法回应的请求)

将其取消选中,保存应用即可.

为啥会这样?

因为目标域名Ping不通,所以认定为无法回应的请求.

就将有关包全部过滤了.