关于部署Cloudflare Zero Trust遇到的问题浅记录📝

前言

为了安全🔐部署了Cloudflare Zero Trust

遇到个困扰我挺久的问题,

搜索🔍无果,最后多方排查解决了.

以下系统环境为Arch Linux,网络环境通过OpenWrt(启用科学工具PassWall)获得.

通过dig命令获取不到 `ANSWER SECTION`

问题如下:

Error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z ERR Please try the following things to diagnose this issue:
2022-09-15T08:24:12Z ERR   1. ensure that argotunnel.com is returning "origintunneld" service records.
2022-09-15T08:24:12Z ERR      Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com
2022-09-15T08:24:12Z ERR   2. ensure that your DNS resolver is not returning compressed SRV records.
2022-09-15T08:24:12Z ERR      See GitHub issue https://github.com/golang/go/issues/27546
2022-09-15T08:24:12Z ERR      For example, you could use Cloudflare's 1.1.1.1 as your resolver:
2022-09-15T08:24:12Z ERR      https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
2022-09-15T08:24:12Z INF Tunnel server stopped
2022-09-15T08:24:12Z ERR Initiating shutdown error="Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z INF Metrics server stopped

更换DNS等等都不行.最终确定是我OpenWrt上DHCP/DNS配置有不合理之处

解决

进入网络,转到高级设置.

定位到过滤无用包(不转发公共域名服务器无法回应的请求)

将其取消选中,保存应用即可.

为啥会这样?

因为目标域名Ping不通,所以认定为无法回应的请求.

就将有关包全部过滤了.

DNS被劫持

如果你在用v2raya等代理工具,如果开启了,supervisor或者防止DNS污染等选项,很有可能导致cloudflared处于不可用或降级状态.

解决

关闭即可,如果你需要防止DNS污染功能,那么可能需要你进一步尝试,来让cloudflared正常工作(本人这里没时间具体测试,直接关了).

前言

为了安全🔐部署了Cloudflare Zero Trust

遇到个困扰我挺久的问题,

搜索🔍无果,最后多方排查解决了.

以下系统环境为Arch Linux,网络环境通过OpenWrt(启用科学工具PassWall)获得.

通过dig命令获取不到 `ANSWER SECTION`

问题如下:

Error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z ERR Please try the following things to diagnose this issue:
2022-09-15T08:24:12Z ERR   1. ensure that argotunnel.com is returning "origintunneld" service records.
2022-09-15T08:24:12Z ERR      Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com
2022-09-15T08:24:12Z ERR   2. ensure that your DNS resolver is not returning compressed SRV records.
2022-09-15T08:24:12Z ERR      See GitHub issue https://github.com/golang/go/issues/27546
2022-09-15T08:24:12Z ERR      For example, you could use Cloudflare's 1.1.1.1 as your resolver:
2022-09-15T08:24:12Z ERR      https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
2022-09-15T08:24:12Z INF Tunnel server stopped
2022-09-15T08:24:12Z ERR Initiating shutdown error="Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z INF Metrics server stopped

更换DNS等等都不行.最终确定是我OpenWrt上DHCP/DNS配置有不合理之处

解决

进入网络,转到高级设置.

定位到过滤无用包(不转发公共域名服务器无法回应的请求)

将其取消选中,保存应用即可.

为啥会这样?

因为目标域名Ping不通,所以认定为无法回应的请求.

就将有关包全部过滤了.

DNS被劫持

如果你在用v2raya等代理工具,如果开启了,supervisor或者防止DNS污染等选项,很有可能导致cloudflared处于不可用或降级状态.

解决

关闭即可,如果你需要防止DNS污染功能,那么可能需要你进一步尝试,来让cloudflared正常工作(本人这里没时间具体测试,直接关了).

前言

为了安全🔐部署了Cloudflare Zero Trust

遇到个困扰我挺久的问题,

搜索🔍无果,最后多方排查解决了.

以下系统环境为Arch Linux,网络环境通过OpenWrt(启用科学工具PassWall)获得.

通过dig命令获取不到 `ANSWER SECTION`

问题如下:

Error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z ERR Please try the following things to diagnose this issue:
2022-09-15T08:24:12Z ERR   1. ensure that argotunnel.com is returning "origintunneld" service records.
2022-09-15T08:24:12Z ERR      Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com
2022-09-15T08:24:12Z ERR   2. ensure that your DNS resolver is not returning compressed SRV records.
2022-09-15T08:24:12Z ERR      See GitHub issue https://github.com/golang/go/issues/27546
2022-09-15T08:24:12Z ERR      For example, you could use Cloudflare's 1.1.1.1 as your resolver:
2022-09-15T08:24:12Z ERR      https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
2022-09-15T08:24:12Z INF Tunnel server stopped
2022-09-15T08:24:12Z ERR Initiating shutdown error="Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on **.1:53: no such host"
2022-09-15T08:24:12Z INF Metrics server stopped

更换DNS等等都不行.最终确定是我OpenWrt上DHCP/DNS配置有不合理之处

解决

进入网络,转到高级设置.

定位到过滤无用包(不转发公共域名服务器无法回应的请求)

将其取消选中,保存应用即可.

为啥会这样?

因为目标域名Ping不通,所以认定为无法回应的请求.

就将有关包全部过滤了.

DNS被劫持

如果你在用v2raya等代理工具,如果开启了,supervisor或者防止DNS污染等选项,很有可能导致cloudflared处于不可用或降级状态.

解决

关闭即可,如果你需要防止DNS污染功能,那么可能需要你进一步尝试,来让cloudflared正常工作(本人这里没时间具体测试,直接关了).

关于部署Cloudflare Zero Trust遇到的问题浅记录📝

前言

通过dig命令获取不到 ANSWER SECTION

解决

为啥会这样?

DNS被劫持

解决

关于部署Cloudflare Zero Trust遇到的问题浅记录📝

前言

通过dig命令获取不到 ANSWER SECTION

解决

为啥会这样?

DNS被劫持

解决

关于部署Cloudflare Zero Trust遇到的问题浅记录📝

前言

通过dig命令获取不到 ANSWER SECTION

解决

为啥会这样?

DNS被劫持

解决

通过dig命令获取不到 `ANSWER SECTION`

通过dig命令获取不到 `ANSWER SECTION`

通过dig命令获取不到 `ANSWER SECTION`