Router: Use built-in-dns only once for all rules (in "IPOnDemand"/"IPIfNonMatch" mode)#5210
Merged
Router: Use built-in-dns only once for all rules (in "IPOnDemand"/"IPIfNonMatch" mode)#5210
Conversation
Collaborator
|
这次是真的拉了一坨大的,弄出个 Breaking Change 本来非 AsIs 目的是不信任原始请求中的 IP,路由模块自己重新解析一下 你真的只顾自己的伊朗需求,不考虑广泛使用的透明代理等用途吗? |
Collaborator
Author
|
right, i should not change the place of the priority of built-in-dns-result should be higher than original target-ip. Is it okay for you now? |
Collaborator
np |
Collaborator
Author
|
So we reached an agreement. |
Collaborator
|
Yes, caching errors in a single dispatch is acceptable. This PR doesn't break any functionality. And it can resolve the edge case issue you described. I believe performing a DNS lookup for every IP rule is a code defect. The lazy query in the source code design was originally intended to reduce latency. Because if an IP rule cannot be matched due to a parsing error, skipping it and moving to the next IP rule may lead to unexpected behavior. |
Meo597
approved these changes
Oct 7, 2025
Member
|
|
RPRX
changed the title
Member
|
|
Dimas862
pushed a commit
to Dimas862/Xray-core
that referenced
this pull request
Oct 15, 2025
Revert "v25.10.15" This reverts commit b69a376. Revert "VLESS Reverse Proxy: Transfer real Source & Local (IP & port), enabled by default" This reverts commit 12f4a01. Revert "XHTTP client: Change default `maxConcurrency` to 1 for speed testing" This reverts commit 9cc7907. Revert "Router: Use built-in-dns only once for all rules (in "IPOnDemand"/"IPIfNonMatch" mode) (XTLS#5210)" This reverts commit 21a9658. Revert "README.md: Add PasarGuard to Web Panels (XTLS#5224)" This reverts commit 7f436f5. Revert "Update github.com/xtls/reality to 20251014195629" This reverts commit dcfde8d. Revert "Bump golang.org/x/net from 0.44.0 to 0.46.0 (XTLS#5215)" This reverts commit 898db92. Revert "Bump google.golang.org/grpc from 1.75.1 to 1.76.0 (XTLS#5212)" This reverts commit 8dd0e38. Revert "transport/internet/reality/reality.go: Safely get negotiated CurveID in VerifyPeerCertificate()" This reverts commit 40f0a54. Revert "Bump github.com/refraction-networking/utls from 1.8.0 to 1.8.1 (XTLS#5229)" This reverts commit 1762d6c. Revert "Fix shadowsocks2022 memory leak (XTLS#5166)" This reverts commit 1952488. Revert "fix: darwin arm64 always has AESGCMHardwareSupport (XTLS#5176)" This reverts commit 4a825c0. Revert "Bump github.com/quic-go/quic-go from 0.54.1 to 0.55.0 (XTLS#5208)" This reverts commit 514c9e5. Revert "feat(config): add unix socket HTTP config loader support (XTLS#5200)" This reverts commit 2f366ae. Revert "Fix vless reverse panic in vision (XTLS#5189)" This reverts commit c0c88f3. Revert "Bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1 (XTLS#5180)" This reverts commit d0344bc. Revert "Bump google.golang.org/protobuf from 1.36.9 to 1.36.10 (XTLS#5203)" This reverts commit a6ebb30. Revert "Outbound: One endpoint and at most one user only (XTLS#5144)" This reverts commit fe57507. Revert "Config: Outbound proxy config no need to be nested (XTLS#5124)" This reverts commit 83c5370. Revert "Bump google.golang.org/grpc from 1.75.0 to 1.75.1 (XTLS#5129)" This reverts commit 1a48453. Revert "app/dispatcher/default.go: Close link when routedDispatch() failed (XTLS#5131)" This reverts commit 3167e5c. Revert "app/dispatcher/default.go: Add comment on run-time rejecting non-existent outbound tag" This reverts commit 5148c57.
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
we should have the same resolved-IPs for a domain for all IP-rules, otherwise wrong-outbound may be chosen (discussed in #5138).
also, currently, if for example we have 10 IP-rules and our dns-server is unavailable, we wait a long time to choose the outbound (at least 4 seconds for each = 40 seconds!).
so if we encounter an error for an IP-rule (failed to resolve the domain to IP), we should use that for all other IP-rules and don't use built-in-dns again for every IP-rule.
///
also note that, this is only for one-dispatch and everything is reset for the next-dispatch.