v1.5.1 增强程序稳定性

EdgeDNS/internal/nodes/api_stream.go

@@ -225,7 +225,7 @@ func (this *APIStream) handleCheckLocalFirewall(message *pb.NSNodeStreamMessage)
 			"version": version,
 		}
 
-		var protectionConfig = sharedNodeConfig.DDoSProtection
+		var protectionConfig = dnsNodeConfig().DDoSProtection
 		err = firewalls.SharedDDoSProtectionManager.Apply(protectionConfig)
 		if err != nil {
 			this.replyFail(message.RequestId, dataMessage.Name+"was installed, but apply DDoS protection config failed: "+err.Error())

EdgeDNS/internal/nodes/dns_node.go

@@ -34,6 +34,7 @@ import (
 	"regexp"
 	"runtime"
 	"runtime/debug"
+	"sync/atomic"
 	"syscall"
 	"time"
 )
@@ -46,7 +47,18 @@ var sharedDomainManager *DomainManager
 var sharedRecordManager *RecordManager
 var sharedRouteManager *RouteManager
 var sharedKeyManager *KeyManager
-var sharedNodeConfig = &dnsconfigs.NSNodeConfig{}
+
+var sharedNodeConfig atomic.Pointer[dnsconfigs.NSNodeConfig]
+
+func init() {
+	// 初始化默认空配置
+	sharedNodeConfig.Store(&dnsconfigs.NSNodeConfig{})
+}
+
+// dnsNodeConfig 返回当前 DNS 节点配置（并发安全）
+func dnsNodeConfig() *dnsconfigs.NSNodeConfig {
+	return sharedNodeConfig.Load()
+}
 
 func NewDNSNode() *DNSNode {
 	return &DNSNode{
@@ -105,13 +117,19 @@ func (this *DNSNode) Start() {
 	events.Notify(events.EventStart)
 
 	// 监控状态
-	go NewNodeStatusExecutor().Listen()
+	goman.New(func() {
+		NewNodeStatusExecutor().Listen()
+	})
 
 	// 连接API
-	go NewAPIStream().Start()
+	goman.New(func() {
+		NewAPIStream().Start()
+	})
 
 	// 启动
-	go this.start()
+	goman.New(func() {
+		this.start()
+	})
 
 	// Hold住进程
 	logs.Println("[DNS_NODE]started")
@@ -224,7 +242,7 @@ func (this *DNSNode) listenSock() error {
 	}
 
 	// 启动监听
-	go func() {
+	goman.New(func() {
 		this.sock.OnCommand(func(cmd *gosock.Command) {
 			switch cmd.Code {
 			case "pid":
@@ -262,7 +280,7 @@ func (this *DNSNode) listenSock() error {
 		if err != nil {
 			logs.Println("NODE", err.Error())
 		}
-	}()
+	})
 
 	events.On(events.EventQuit, func() {
 		logs.Println("[DNS_NODE]", "quit unix sock")
@@ -317,9 +335,9 @@ func (this *DNSNode) start() {
 		return
 	}
 
-	sharedNodeConfig = config
+	sharedNodeConfig.Store(config)
 
-	configs.SharedNodeConfig = config
+	configs.SharedNodeConfig.Store(config)
 	events.Notify(events.EventReload)
 
 	sharedNodeConfigManager.reload(config)
@@ -343,29 +361,47 @@ func (this *DNSNode) start() {
 		return
 	}
 
-	go sharedNodeConfigManager.Start()
+	goman.New(func() {
+		sharedNodeConfigManager.Start()
+	})
 
 	sharedDomainManager = NewDomainManager(db, config.ClusterId)
-	go sharedDomainManager.Start()
+	goman.New(func() {
+		sharedDomainManager.Start()
+	})
 
 	sharedRecordManager = NewRecordManager(db)
-	go sharedRecordManager.Start()
+	goman.New(func() {
+		sharedRecordManager.Start()
+	})
 
 	sharedRouteManager = NewRouteManager(db)
-	go sharedRouteManager.Start()
+	goman.New(func() {
+		sharedRouteManager.Start()
+	})
 
 	sharedKeyManager = NewKeyManager(db)
-	go sharedKeyManager.Start()
+	goman.New(func() {
+		sharedKeyManager.Start()
+	})
 
 	agents.SharedManager = agents.NewManager(db)
-	go agents.SharedManager.Start()
+	goman.New(func() {
+		agents.SharedManager.Start()
+	})
 
-	// 发送通知，这里发送通知需要在DomainManager、RecordeManager等加载完成之后
-	time.Sleep(1 * time.Second)
+	// 等待所有 Manager 初始加载完成后再发送通知
+	<-sharedDomainManager.readyCh
+	<-sharedRecordManager.readyCh
+	<-sharedRouteManager.readyCh
+	<-sharedKeyManager.readyCh
+	<-agents.SharedManager.ReadyCh
 	events.Notify(events.EventLoaded)
 
 	// 启动循环
-	go this.loop()
+	goman.New(func() {
+		this.loop()
+	})
 }
 
 // 更新配置Loop
@@ -439,8 +475,9 @@ func (this *DNSNode) updateDDoS(rpcClient *rpc.RPCClient) error {
 		return err
 	}
 	if len(resp.DdosProtectionJSON) == 0 {
-		if sharedNodeConfig != nil {
-			sharedNodeConfig.DDoSProtection = nil
+		var cfg = dnsNodeConfig()
+		if cfg != nil {
+			cfg.DDoSProtection = nil
 		}
 	} else {
 		var ddosProtectionConfig = &ddosconfigs.ProtectionConfig{}
@@ -449,8 +486,9 @@ func (this *DNSNode) updateDDoS(rpcClient *rpc.RPCClient) error {
 			return fmt.Errorf("decode DDoS protection config failed: %w", err)
 		}
 
-		if sharedNodeConfig != nil {
-			sharedNodeConfig.DDoSProtection = ddosProtectionConfig
+		var cfg = dnsNodeConfig()
+		if cfg != nil {
+			cfg.DDoSProtection = ddosProtectionConfig
 		}
 
 		err = firewalls.SharedDDoSProtectionManager.Apply(ddosProtectionConfig)

EdgeDNS/internal/nodes/listen_manager.go

@@ -3,6 +3,7 @@
 package nodes
 
 import (
+	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	teaconst "github.com/TeaOSLab/EdgeDNS/internal/const"
@@ -27,7 +28,7 @@ func init() {
 	sharedListenManager = NewListenManager()
 
 	events.On(events.EventReload, func() {
-		sharedListenManager.Update(sharedNodeConfig)
+		sharedListenManager.Update(dnsNodeConfig())
 	})
 	events.On(events.EventQuit, func() {
 		_ = sharedListenManager.ShutdownAll()
@@ -161,6 +162,12 @@ func (this *ListenManager) Update(config *dnsconfigs.NSNodeConfig) {
 			this.serverMap[fullAddr] = server
 			this.locker.Unlock()
 			go func() {
+				defer func() {
+					if r := recover(); r != nil {
+						remotelogs.Error("LISTEN_MANAGER", fmt.Sprintf("goroutine panic: %v", r))
+					}
+				}()
+
 				remotelogs.Println("LISTEN_MANAGER", "listen '"+fullAddr+"'")
 				err = server.ListenAndServe()
 				if err != nil {
@@ -194,6 +201,11 @@ func (this *ListenManager) Update(config *dnsconfigs.NSNodeConfig) {
 
 	// 添加端口到firewalld
 	go func() {
+		defer func() {
+			if r := recover(); r != nil {
+				remotelogs.Error("LISTEN_MANAGER", fmt.Sprintf("firewalld goroutine panic: %v", r))
+			}
+		}()
 		this.addToFirewalld(serverAddrs)
 	}()
 }

EdgeDNS/internal/nodes/manager_domain.go

@@ -13,6 +13,7 @@ import (
 	"github.com/iwind/TeaGo/types"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 )
 
@@ -22,11 +23,13 @@ type DomainManager struct {
 	namesMap  map[string]map[int64]*models.NSDomain // domain name => { domainId => domain }
 	clusterId int64
 
-	db      *dbs.DB
-	version int64
-	locker  *sync.RWMutex
+	db              *dbs.DB
+	version         int64
+	locker          *sync.RWMutex
+	dbWriteFailures atomic.Int64 // DB 写入累计失败次数
 
 	notifier chan bool
+	readyCh  chan struct{} // 初始加载完成后关闭
 }
 
 // NewDomainManager 获取域名管理器对象
@@ -38,6 +41,7 @@ func NewDomainManager(db *dbs.DB, clusterId int64) *DomainManager {
 		clusterId: clusterId,
 		notifier:  make(chan bool, 8),
 		locker:    &sync.RWMutex{},
+		readyCh:   make(chan struct{}),
 	}
 }
 
@@ -65,6 +69,9 @@ func (this *DomainManager) Start() {
 		}
 	}
 
+	// 通知初始加载完成
+	close(this.readyCh)
+
 	// 更新
 	var ticker = time.NewTicker(20 * time.Second)
 	for {
@@ -244,7 +251,8 @@ func (this *DomainManager) processDomain(domain *pb.NSDomain) {
 		if this.db != nil {
 			err := this.db.DeleteDomain(domain.Id)
 			if err != nil {
-				remotelogs.Error("DOMAIN_MANAGER", "delete domain from db failed: "+err.Error())
+				count := this.dbWriteFailures.Add(1)
+				remotelogs.Error("DOMAIN_MANAGER", "delete domain from db failed (total failures: "+types.String(count)+"): "+err.Error())
 			}
 		}
 
@@ -255,17 +263,20 @@ func (this *DomainManager) processDomain(domain *pb.NSDomain) {
 	if this.db != nil {
 		exists, err := this.db.ExistsDomain(domain.Id)
 		if err != nil {
-			remotelogs.Error("DOMAIN_MANAGER", "query failed: "+err.Error())
+			count := this.dbWriteFailures.Add(1)
+			remotelogs.Error("DOMAIN_MANAGER", "query failed (total failures: "+types.String(count)+"): "+err.Error())
 		} else {
 			if exists {
 				err = this.db.UpdateDomain(domain.Id, domain.NsCluster.Id, domain.UserId, domain.Name, domain.TsigJSON, domain.Version)
 				if err != nil {
-					remotelogs.Error("DOMAIN_MANAGER", "update failed: "+err.Error())
+					count := this.dbWriteFailures.Add(1)
+					remotelogs.Error("DOMAIN_MANAGER", "update failed (total failures: "+types.String(count)+"): "+err.Error())
 				}
 			} else {
 				err = this.db.InsertDomain(domain.Id, domain.NsCluster.Id, domain.UserId, domain.Name, domain.TsigJSON, domain.Version)
 				if err != nil {
-					remotelogs.Error("DOMAIN_MANAGER", "insert failed: "+err.Error())
+					count := this.dbWriteFailures.Add(1)
+					remotelogs.Error("DOMAIN_MANAGER", "insert failed (total failures: "+types.String(count)+"): "+err.Error())
 				}
 			}
 		}

EdgeDNS/internal/nodes/manager_key.go

@@ -22,6 +22,7 @@ type KeyManager struct {
 	version int64
 
 	notifier chan bool
+	readyCh  chan struct{} // 初始加载完成后关闭
 }
 
 // NewKeyManager 获取密钥管理器
@@ -31,6 +32,7 @@ func NewKeyManager(db *dbs.DB) *KeyManager {
 		zoneKeyMap:   map[int64]*models.NSKeys{},
 		db:           db,
 		notifier:     make(chan bool, 8),
+		readyCh:      make(chan struct{}),
 	}
 }
 
@@ -58,6 +60,9 @@ func (this *KeyManager) Start() {
 		}
 	}
 
+	// 通知初始加载完成
+	close(this.readyCh)
+
 	// 更新
 	var ticker = time.NewTicker(1 * time.Minute)
 	for {

EdgeDNS/internal/nodes/manager_node_config.go

@@ -6,6 +6,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -87,8 +88,8 @@ func (this *NodeConfigManager) Loop() error {
 	if err != nil {
 		return err
 	}
-	sharedNodeConfig = config
-	configs.SharedNodeConfig = config
+	sharedNodeConfig.Store(config)
+	configs.SharedNodeConfig.Store(config)
 
 	this.reload(config)
 
@@ -180,6 +181,12 @@ func (this *NodeConfigManager) changeAPINodeAddrs(apiNodeAddrs []*serverconfigs.
 
 		// 异步检测，防止阻塞
 		go func(v int64) {
+			defer func() {
+				if r := recover(); r != nil {
+					remotelogs.Error("NODE", fmt.Sprintf("goroutine panic: %v", r))
+				}
+			}()
+
 			// 测试新的API节点地址
 			if rpcClient.TestEndpoints(addrs) {
 				config.RPCEndpoints = addrs

EdgeDNS/internal/nodes/manager_record.go

@@ -9,7 +9,9 @@ import (
 	"github.com/TeaOSLab/EdgeDNS/internal/models"
 	"github.com/TeaOSLab/EdgeDNS/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeDNS/internal/rpc"
+	"github.com/iwind/TeaGo/types"
 	"sync"
+	"sync/atomic"
 	"time"
 )
 
@@ -17,11 +19,13 @@ import (
 type RecordManager struct {
 	recordsMap map[int64]*models.DomainRecords // domainId => RecordsMap
 
-	db      *dbs.DB
-	locker  sync.RWMutex
-	version int64
+	db              *dbs.DB
+	locker          sync.RWMutex
+	version         int64
+	dbWriteFailures atomic.Int64 // DB 写入累计失败次数
 
 	notifier chan bool
+	readyCh  chan struct{} // 初始加载完成后关闭
 }
 
 // NewRecordManager 获取新记录管理器对象
@@ -30,6 +34,7 @@ func NewRecordManager(db *dbs.DB) *RecordManager {
 		db:         db,
 		recordsMap: map[int64]*models.DomainRecords{},
 		notifier:   make(chan bool, 8),
+		readyCh:    make(chan struct{}),
 	}
 }
 
@@ -57,6 +62,9 @@ func (this *RecordManager) Start() {
 		}
 	}
 
+	// 通知初始加载完成
+	close(this.readyCh)
+
 	// 更新
 	var ticker = time.NewTicker(30 * time.Second)
 	for {
@@ -158,7 +166,7 @@ func (this *RecordManager) FindRecords(domainId int64, routeCodes []string, reco
 	this.locker.RLock()
 	domainRecords, ok := this.recordsMap[domainId]
 	if ok {
-		records, routeCode = domainRecords.Find(routeCodes, recordName, recordType, sharedNodeConfig.Answer, strictMode)
+		records, routeCode = domainRecords.Find(routeCodes, recordName, recordType, dnsNodeConfig().Answer, strictMode)
 	}
 	this.locker.RUnlock()
 	return
@@ -190,7 +198,8 @@ func (this *RecordManager) processRecord(record *pb.NSRecord) {
 		if this.db != nil {
 			err := this.db.DeleteRecord(record.Id)
 			if err != nil {
-				remotelogs.Error("RECORD_MANAGER", "delete record from db failed: "+err.Error())
+				count := this.dbWriteFailures.Add(1)
+				remotelogs.Error("RECORD_MANAGER", "delete record from db failed (total failures: "+types.String(count)+"): "+err.Error())
 			}
 		}
 
@@ -201,7 +210,8 @@ func (this *RecordManager) processRecord(record *pb.NSRecord) {
 	if this.db != nil {
 		exists, err := this.db.ExistsRecord(record.Id)
 		if err != nil {
-			remotelogs.Error("RECORD_MANAGER", "query failed: "+err.Error())
+			count := this.dbWriteFailures.Add(1)
+			remotelogs.Error("RECORD_MANAGER", "query failed (total failures: "+types.String(count)+"): "+err.Error())
 		} else {
 			var routeIds = []string{}
 			for _, route := range record.NsRoutes {
@@ -211,12 +221,14 @@ func (this *RecordManager) processRecord(record *pb.NSRecord) {
 			if exists {
 				err = this.db.UpdateRecord(record.Id, record.NsDomain.Id, record.Name, record.Type, record.Value, record.MxPriority, record.SrvPriority, record.SrvWeight, record.SrvPort, record.CaaFlag, record.CaaTag, record.Ttl, record.Weight, routeIds, record.Version)
 				if err != nil {
-					remotelogs.Error("RECORD_MANAGER", "update failed: "+err.Error())
+					count := this.dbWriteFailures.Add(1)
+					remotelogs.Error("RECORD_MANAGER", "update failed (total failures: "+types.String(count)+"): "+err.Error())
 				}
 			} else {
 				err = this.db.InsertRecord(record.Id, record.NsDomain.Id, record.Name, record.Type, record.Value, record.MxPriority, record.SrvPriority, record.SrvWeight, record.SrvPort, record.CaaFlag, record.CaaTag, record.Ttl, record.Weight, routeIds, record.Version)
 				if err != nil {
-					remotelogs.Error("RECORD_MANAGER", "insert failed: "+err.Error())
+					count := this.dbWriteFailures.Add(1)
+					remotelogs.Error("RECORD_MANAGER", "insert failed (total failures: "+types.String(count)+"): "+err.Error())
 				}
 			}
 		}

EdgeDNS/internal/nodes/manager_route.go

@@ -31,6 +31,7 @@ type RouteManager struct {
 	locker  sync.RWMutex
 
 	notifier chan bool
+	readyCh  chan struct{} // 初始加载完成后关闭
 
 	ispRouteMap   map[string]string // name => code
 	chinaRouteMap map[string]string // name => code
@@ -45,6 +46,7 @@ func NewRouteManager(db *dbs.DB) *RouteManager {
 		userRouteMap: map[int64][]int64{},
 
 		notifier: make(chan bool, 8),
+		readyCh:  make(chan struct{}),
 
 		ispRouteMap:   map[string]string{},
 		chinaRouteMap: map[string]string{},
@@ -79,6 +81,9 @@ func (this *RouteManager) Start() {
 		}
 	}
 
+	// 通知初始加载完成
+	close(this.readyCh)
+
 	// 更新
 	var ticker = time.NewTicker(1 * time.Minute)
 	for {

EdgeDNS/internal/nodes/ns_access_log_queue.go

@@ -3,6 +3,7 @@ package nodes
 import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeDNS/internal/accesslogs"
+	"github.com/TeaOSLab/EdgeDNS/internal/goman"
 	"github.com/TeaOSLab/EdgeDNS/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeDNS/internal/rpc"
 	"strconv"
@@ -24,7 +25,9 @@ func NewNSAccessLogQueue() *NSAccessLogQueue {
 	queue := &NSAccessLogQueue{
 		queue: make(chan *pb.NSAccessLog, maxSize),
 	}
-	go queue.Start()
+	goman.New(func() {
+		queue.Start()
+	})
 
 	return queue
 }
@@ -93,10 +96,11 @@ Loop:
 	var clusterId int64
 	var needWriteFile = true
 	var needReportAPI = true
-	if sharedNodeConfig != nil {
-		clusterId = sharedNodeConfig.ClusterId
-		if sharedNodeConfig.AccessLogWriteTargets != nil {
-			targets := sharedNodeConfig.AccessLogWriteTargets
+	var cfg = dnsNodeConfig()
+	if cfg != nil {
+		clusterId = cfg.ClusterId
+		if cfg.AccessLogWriteTargets != nil {
+			targets := cfg.AccessLogWriteTargets
 			needWriteFile = targets.File || targets.ClickHouse
 			needReportAPI = targets.MySQL
 		}

EdgeDNS/internal/nodes/server.go

@@ -31,7 +31,11 @@ import (
 	"time"
 )
 
-var sharedRecursionDNSClient = &dns.Client{}
+var sharedRecursionDNSClient = &dns.Client{
+	Timeout:      5 * time.Second,
+	ReadTimeout:  3 * time.Second,
+	WriteTimeout: 2 * time.Second,
+}
 
 type httpContextKey struct {
 	key string
@@ -171,9 +175,70 @@ func (this *Server) init() error {
 	return nil
 }
 
+// addECSOption 向 DNS 请求中添加 EDNS Client Subnet (ECS) 信息
+// addECSOption 向 DNS 请求中设置 EDNS Client Subnet (ECS)。
+// 如果请求已携带 ECS 则覆盖（避免双 ECS 导致上游 malformed request）。
+func addECSOption(req *dns.Msg, clientIP string) {
+	if len(clientIP) == 0 {
+		return
+	}
+
+	ip := net.ParseIP(clientIP)
+	if ip == nil {
+		return
+	}
+
+	var ecs = &dns.EDNS0_SUBNET{
+		Code: dns.EDNS0SUBNET,
+	}
+	if ip.To4() != nil {
+		ecs.Family = 1 // IPv4
+		ecs.SourceNetmask = 24
+		ecs.Address = ip.To4()
+	} else {
+		ecs.Family = 2 // IPv6
+		ecs.SourceNetmask = 56
+		ecs.Address = ip
+	}
+
+	// 查找或创建 OPT 记录
+	var opt = req.IsEdns0()
+	if opt == nil {
+		req.SetEdns0(4096, false)
+		opt = req.IsEdns0()
+	}
+	if opt != nil {
+		// 删除已有的 ECS option，避免出现双 EDNS0_SUBNET
+		var filtered []dns.EDNS0
+		for _, o := range opt.Option {
+			if o.Option() != dns.EDNS0SUBNET {
+				filtered = append(filtered, o)
+			}
+		}
+		opt.Option = append(filtered, ecs)
+	}
+}
+
+// stripECSFromExtra 从 Extra section 中移除 OPT 记录里的 EDNS0_SUBNET，
+// 防止服务端注入的 ECS 信息回传给下游客户端（隐私泄露风险）。
+func stripECSFromExtra(extra []dns.RR) []dns.RR {
+	for _, rr := range extra {
+		if opt, ok := rr.(*dns.OPT); ok {
+			var filtered []dns.EDNS0
+			for _, o := range opt.Option {
+				if o.Option() != dns.EDNS0SUBNET {
+					filtered = append(filtered, o)
+				}
+			}
+			opt.Option = filtered
+		}
+	}
+	return extra
+}
+
 // 查询递归DNS
-func (this *Server) lookupRecursionDNS(req *dns.Msg, resp *dns.Msg) error {
-	var config = sharedNodeConfig.RecursionConfig
+func (this *Server) lookupRecursionDNS(req *dns.Msg, resp *dns.Msg, clientIP string) error {
+	var config = dnsNodeConfig().RecursionConfig
 	if config == nil {
 		return nil
 	}
@@ -182,6 +247,9 @@ func (this *Server) lookupRecursionDNS(req *dns.Msg, resp *dns.Msg) error {
 	}
 
 	// 是否允许
+	if len(req.Question) == 0 {
+		return nil
+	}
 	var domain = strings.TrimSuffix(req.Question[0].Name, ".")
 	if len(config.DenyDomains) > 0 && configutils.MatchDomains(config.DenyDomains, domain) {
 		return nil
@@ -190,6 +258,9 @@ func (this *Server) lookupRecursionDNS(req *dns.Msg, resp *dns.Msg) error {
 		return nil
 	}
 
+	// 携带客户端真实 IP（ECS）向上游查询
+	addECSOption(req, clientIP)
+
 	if config.UseLocalHosts {
 		// TODO 需要缓存文件内容
 		resolveConfig, err := dns.ClientConfigFromFile("/etc/resolv.conf")
@@ -206,7 +277,12 @@ func (this *Server) lookupRecursionDNS(req *dns.Msg, resp *dns.Msg) error {
 		if err != nil {
 			return err
 		}
-		resp.Answer = r.Answer
+		if r != nil {
+			resp.Rcode = r.Rcode
+			resp.Answer = r.Answer
+			resp.Ns = r.Ns
+			resp.Extra = stripECSFromExtra(r.Extra)
+		}
 	} else if len(config.Hosts) > 0 {
 		var host = config.Hosts[rands.Int(0, len(config.Hosts)-1)]
 		if host.Port <= 0 {
@@ -216,7 +292,12 @@ func (this *Server) lookupRecursionDNS(req *dns.Msg, resp *dns.Msg) error {
 		if err != nil {
 			return err
 		}
-		resp.Answer = r.Answer
+		if r != nil {
+			resp.Rcode = r.Rcode
+			resp.Answer = r.Answer
+			resp.Ns = r.Ns
+			resp.Extra = stripECSFromExtra(r.Extra)
+		}
 	}
 
 	return nil
@@ -270,7 +351,8 @@ func (this *Server) parseAction(questionName string, remoteAddr *string) (string
 // 记录日志
 func (this *Server) addLog(networking string, question dns.Question, domainId int64, routeCode string, record *models.NSRecord, isRecursive bool, writer dns.ResponseWriter, remoteAddr string, err error) {
 	// 访问日志
-	var accessLogRef = sharedNodeConfig.AccessLogRef
+	var nodeConfig = dnsNodeConfig()
+	var accessLogRef = nodeConfig.AccessLogRef
 	if accessLogRef != nil && accessLogRef.IsOn {
 		if domainId == 0 && !accessLogRef.LogMissingDomains {
 			return
@@ -282,7 +364,7 @@ func (this *Server) addLog(networking string, question dns.Question, domainId in
 
 		var now = time.Now()
 		var pbAccessLog = &pb.NSAccessLog{
-			NsNodeId:     sharedNodeConfig.Id,
+			NsNodeId:     nodeConfig.Id,
 			RemoteAddr:   remoteAddr,
 			NsDomainId:   domainId,
 			QuestionName: question.Name,
@@ -428,8 +510,14 @@ func (this *Server) handleDNSMessage(writer dns.ResponseWriter, req *dns.Msg) {
 		domain, recordName = sharedDomainManager.SplitDomain(fullName)
 		if domain == nil {
 			// 检查递归DNS
-			if sharedNodeConfig.RecursionConfig != nil && sharedNodeConfig.RecursionConfig.IsOn {
-				err := this.lookupRecursionDNS(req, resp)
+			var recursionConfig = dnsNodeConfig().RecursionConfig
+			if recursionConfig != nil && recursionConfig.IsOn {
+				// 提取客户端 IP 用于 ECS
+				var clientIP = remoteAddr
+				if clientHost, _, splitErr := net.SplitHostPort(clientIP); splitErr == nil && len(clientHost) > 0 {
+					clientIP = clientHost
+				}
+				err := this.lookupRecursionDNS(req, resp, clientIP)
 				if err != nil {
 					this.addLog(networking, question, 0, "", nil, true, writer, remoteAddr, err)
 				} else {
@@ -459,7 +547,7 @@ func (this *Server) handleDNSMessage(writer dns.ResponseWriter, req *dns.Msg) {
 
 			// 是否为NS记录，用于验证域名所有权
 			if question.Qtype == dns.TypeNS {
-				var hosts = sharedNodeConfig.Hosts
+				var hosts = dnsNodeConfig().Hosts
 				var l = len(hosts)
 				var record = &models.NSRecord{
 					Id:   0,
@@ -518,7 +606,7 @@ func (this *Server) handleDNSMessage(writer dns.ResponseWriter, req *dns.Msg) {
 		}
 
 		// 解析Agent
-		if sharedNodeConfig.DetectAgents {
+		if dnsNodeConfig().DetectAgents {
 			agents.SharedQueue.Push(clientIP)
 		}
 
@@ -569,7 +657,7 @@ func (this *Server) handleDNSMessage(writer dns.ResponseWriter, req *dns.Msg) {
 		}
 
 		// 对 NS.example.com NS|SOA 处理
-		if (question.Qtype == dns.TypeNS || (question.Qtype == dns.TypeSOA && len(records) == 0)) && lists.ContainsString(sharedNodeConfig.Hosts, fullName) {
+		if (question.Qtype == dns.TypeNS || (question.Qtype == dns.TypeSOA && len(records) == 0)) && lists.ContainsString(dnsNodeConfig().Hosts, fullName) {
 			var recordDNSType string
 			switch question.Qtype {
 			case dns.TypeNS:
@@ -663,7 +751,7 @@ func (this *Server) handleDNSMessage(writer dns.ResponseWriter, req *dns.Msg) {
 					}
 				case dnsconfigs.RecordTypeNS:
 					if record.Id == 0 {
-						var hosts = sharedNodeConfig.Hosts
+						var hosts = dnsNodeConfig().Hosts
 						var l = len(hosts)
 						if l > 0 {
 							// 随机
@@ -900,8 +988,9 @@ func (this *Server) handleHTTPJSONAPI(writer http.ResponseWriter, req *http.Requ
 
 // 组合SOA回复信息
 func (this *Server) composeSOAAnswer(question dns.Question, record *models.NSRecord, resp *dns.Msg) {
-	var config = sharedNodeConfig.SOA
-	var serial = sharedNodeConfig.SOASerial
+	var nodeCfg = dnsNodeConfig()
+	var config = nodeCfg.SOA
+	var serial = nodeCfg.SOASerial
 
 	if config == nil {
 		config = dnsconfigs.DefaultNSSOAConfig()
@@ -909,7 +998,7 @@ func (this *Server) composeSOAAnswer(question dns.Question, record *models.NSRec
 
 	var mName = config.MName
 	if len(mName) == 0 {
-		var hosts = sharedNodeConfig.Hosts
+		var hosts = nodeCfg.Hosts
 		var l = len(hosts)
 		if l > 0 {
 			var index = rands.Int(0, l-1)
@@ -919,7 +1008,7 @@ func (this *Server) composeSOAAnswer(question dns.Question, record *models.NSRec
 
 	var rName = config.RName
 	if len(rName) == 0 {
-		rName = sharedNodeConfig.Email
+		rName = nodeCfg.Email
 	}
 	rName = strings.ReplaceAll(rName, "@", ".")
 

EdgeDNS/internal/nodes/task_sync_api_nodes.go

@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeDNS/internal/configs"
 	teaconst "github.com/TeaOSLab/EdgeDNS/internal/const"
 	"github.com/TeaOSLab/EdgeDNS/internal/events"
+	"github.com/TeaOSLab/EdgeDNS/internal/goman"
 	"github.com/TeaOSLab/EdgeDNS/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeDNS/internal/rpc"
 	"github.com/TeaOSLab/EdgeDNS/internal/utils"
@@ -20,7 +21,9 @@ func init() {
 
 	events.On(events.EventStart, func() {
 		task := NewSyncAPINodesTask()
-		go task.Start()
+		goman.New(func() {
+			task.Start()
+		})
 	})
 }
 
@@ -52,7 +55,8 @@ func (this *SyncAPINodesTask) Start() {
 
 func (this *SyncAPINodesTask) Loop() error {
 	// 如果有节点定制的API节点地址
-	var hasCustomizedAPINodeAddrs = sharedNodeConfig != nil && len(sharedNodeConfig.APINodeAddrs) > 0
+	var nodeConfig = dnsNodeConfig()
+	var hasCustomizedAPINodeAddrs = nodeConfig != nil && len(nodeConfig.APINodeAddrs) > 0
 
 	config, err := configs.LoadAPIConfig()
 	if err != nil {

EdgeDNS/internal/nodes/upgrade_manager.go

@@ -29,6 +29,12 @@ func init() {
 
 	events.On(events.EventStart, func() {
 		go func() {
+			defer func() {
+				if r := recover(); r != nil {
+					remotelogs.Error("UPGRADE_MANAGER", fmt.Sprintf("goroutine panic: %v", r))
+				}
+			}()
+
 			rpcClient, err := rpc.SharedRPC()
 			if err != nil {
 				remotelogs.Error("UPGRADE_MANAGER", err.Error())