Routing and freedom outbound ignore Fake DNS by yuhan6665 · Pull Request #696 · v2fly/v2ray-core

yuhan6665 · 2021-02-20T18:31:33Z

See discussion in #406.
Only internal is changed, there is no change in config. Fakedns still function as one of the normal item in dns object.

Turn off fake DNS for request sent from Routing and Freedom outbound. Fake DNS now only apply to DNS outbound. This is important for Android, where VPN service take over all system DNS traffic and pass it to core. "UseIp" option can be used in Freedom outbound to avoid getting fake IP and fail connection

Loyalsoldier · 2021-02-21T16:52:12Z

FakeDNS 不走路由，还有什么意义吗？🤔

yuhan6665 · 2021-02-21T20:42:48Z

FakeDNS 不走路由，还有什么意义吗？🤔

是这样的，V2Ray 大体上要处理3类DNS，1是透明代理或者 Android VPN 发出的DNS(在真正的连接开始之前的DNS)，2是在内部路由时候选择非 asis ，并且没有配到domain而需要IP的DNS，3是选择了freedom outbound之后开始直连的DNS。
其实 Fake DNS 就是为1而生的，2 和 3 拿到fake IP 没有什么意义，只会产生问题。
在 56af71c 中我把其他都关掉了，只剩下1，具体配置和流程(用户仍然需要将前置DNS流量导入DNS outbound)是不变的

darren · 2021-02-22T01:25:58Z

在启用fakedns的情况下，会导致outbounds中以域名作为地址的vmess也走fakeip，例如：

 "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "使用域名example.com",
            "port": 53,
            "users": [
            ]
          },
 ...
  "dns": {
    "servers": [
      {
        "address": "https+local://223.5.5.5/dns-query",
        "domains": [
          "geosite:cn"
        ],
        "expectIPs": [
          "geoip:cn"
        ]
      },
      "fakedns",
      "https+local://1.1.1.1/dns-query",
    ]
  },

结果连接example.com的时候用的是ip 240.0.0.0, 导致失败的连接，这个pr有考虑这个问题吗？

yuhan6665 · 2021-02-22T01:38:16Z

@darren it is possible fixed by this pr. Do you have log when you see this issue? I need to take a look at the log.

darren · 2021-02-22T05:25:40Z

@yuhan6665
可能是我的配置问题，想用一个最简的配置，结果无法复现，如果我能定位到有问题的配置，我新开一个issue吧。

Loyalsoldier · 2021-02-22T05:33:51Z

是这样的，V2Ray 大体上要处理3类DNS，1是透明代理或者 Android VPN 发出的DNS(在真正的连接开始之前的DNS)，2是在内部路由时候选择非 asis ，并且没有配到domain而需要IP的DNS，3是选择了freedom outbound之后开始直连的DNS。
其实 Fake DNS 就是为1而生的，2 和 3 拿到fake IP 没有什么意义，只会产生问题。
在 56af71c 中我把其他都关掉了，只剩下1，具体配置和流程(用户仍然需要将前置DNS流量导入DNS outbound)是不变的

我不太熟悉透明代理的使用场景，这种情况下，是否需要在 func (s *DNS) sortClients(domain string) []*Client 函数中把 FakeDNS 排在第一位？🤔

xiaokangwang · 2021-02-22T13:54:13Z

这个PR在原理上没有什么问题。如果没有这个设置的话，那么就会需要在dns的部分单独设置白名单才能让相关的域名不走fakedns。

yuhan6665 · 2021-02-22T14:26:12Z

是这样的，V2Ray 大体上要处理3类DNS，1是透明代理或者 Android VPN 发出的DNS(在真正的连接开始之前的DNS)，2是在内部路由时候选择非 asis ，并且没有配到domain而需要IP的DNS，3是选择了freedom outbound之后开始直连的DNS。
其实 Fake DNS 就是为1而生的，2 和 3 拿到fake IP 没有什么意义，只会产生问题。
在 56af71c 中我把其他都关掉了，只剩下1，具体配置和流程(用户仍然需要将前置DNS流量导入DNS outbound)是不变的

我不太熟悉透明代理的使用场景，这种情况下，是否需要在 func (s *DNS) sortClients(domain string) []*Client 函数中把 FakeDNS 排在第一位？🤔

确实不放第一个有可能不启用
曾经某个版本Fakedns 是个开关，开的时候会无条件启用，后来 xiaokangwang 大佬改成 DNS 其中一项，我理解是为了增加很多灵活的配置方法，给某些域名开或关，所以不用改用户定义的顺序

app/dns/dns.go

rurirei · 2021-02-22T15:28:07Z

在启用fakedns的情况下，会导致outbounds中以域名作为地址的vmess也走fakeip，例如：

 "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "使用域名example.com",
            "port": 53,
            "users": [
            ]
          },
 ...
  "dns": {
    "servers": [
      {
        "address": "https+local://223.5.5.5/dns-query",
        "domains": [
          "geosite:cn"
        ],
        "expectIPs": [
          "geoip:cn"
        ]
      },
      "fakedns",
      "https+local://1.1.1.1/dns-query",
    ]
  },

结果连接example.com的时候用的是ip 240.0.0.0, 导致失败的连接，这个pr有考虑这个问题吗？

Ref: rurirei/Kitsunebi#6

"dns": { "servers": [ "fakedns", "8.8.8.8" ] },
"outbounds": { "protocol": "dns" },
"routing": [ { "network": "udp", "port": "53", "outboundTag": "dns" } ]

rurirei · 2021-02-22T15:35:18Z

@yuhan6665

2是在内部路由时候选择非 asis ，并且没有配到domain而需要IP的DNS，3是选择了freedom outbound之后开始直连的DNS

non-AsIs dns requests need also FakeDns to effectively parsed, as those are request parsed inside v2ray. as my point only AsIs requests could not be into FakeDns.

Loyalsoldier · 2021-02-23T02:16:01Z

Merge for now. New PRs for other features are welcomed.

yuhan6665 · 2021-02-23T03:11:02Z

@yuhan6665

2是在内部路由时候选择非 asis ，并且没有配到domain而需要IP的DNS，3是选择了freedom outbound之后开始直连的DNS

non-AsIs dns requests need also FakeDns to effectively parsed, as those are request parsed inside v2ray. as my point only AsIs requests could not be into FakeDns.

Setting AsIs in Freedom outbound is probably fine in case of 透明代理 and is hard to fix on Android.

On the other hand, no matter what mode you set, I don't see value getting Fake IP at freedom outbound. It can only cause trouble.

bhoppi · 2021-03-17T11:08:40Z

当前的配置结构还是有些问题，详见讨论 #789 。
而且大佬曾经提出的解决方案（ #406 (comment) ）几乎与我不谋而合，不知为何没有按照这个方案进行实现？

rurirei · 2021-05-08T16:00:18Z

should dns server of v2ray (DoH) meet fakedns as well, is it? @yuhan6665

yuhan6665 · 2021-05-08T23:12:30Z

@rurirei I understand on Android DOH format should work without issue. DOHL will not work unless you list the DNS server and ip in the hosts section.

yuhan6665 force-pushed the fake branch from 983d9f5 to 8b79e51 Compare February 20, 2021 18:55

yuhan6665 added 2 commits February 20, 2021 14:20

Refactor and simplify DNS interface

ed5cea6

yuhan6665 force-pushed the fake branch from 8b79e51 to 56af71c Compare February 20, 2021 19:21

yuhan6665 mentioned this pull request Feb 21, 2021

Fake DNS with full V2 intergration #406

Merged

Loyalsoldier self-assigned this Feb 21, 2021

Loyalsoldier force-pushed the fake branch from f55a146 to 64c9fec Compare February 22, 2021 08:31

Loyalsoldier reviewed Feb 22, 2021

View reviewed changes

app/dns/dns.go Show resolved Hide resolved

Loyalsoldier force-pushed the fake branch from 64c9fec to 3b40189 Compare February 23, 2021 01:44

Minor fixes

44f66f9

Loyalsoldier force-pushed the fake branch from 3b40189 to 44f66f9 Compare February 23, 2021 01:59

Loyalsoldier approved these changes Feb 23, 2021

View reviewed changes

Loyalsoldier merged commit afb8385 into v2fly:master Feb 23, 2021

yuhan6665 mentioned this pull request Feb 26, 2021

Fakedns XTLS/Xray-core#309

Merged

dependabot bot mentioned this pull request Mar 8, 2021

Bump github.com/v2fly/v2ray-core/v4 from 4.35.0 to 4.35.1 v2fly/domain-list-community#457

Merged

Loyalsoldier mentioned this pull request Mar 19, 2021

Feat: add queryStrategy option for DNS #794

Merged

Conversation

yuhan6665 commented Feb 20, 2021

Uh oh!

Loyalsoldier commented Feb 21, 2021

Uh oh!

yuhan6665 commented Feb 21, 2021

Uh oh!

darren commented Feb 22, 2021

Uh oh!

yuhan6665 commented Feb 22, 2021

Uh oh!

darren commented Feb 22, 2021

Uh oh!

Loyalsoldier commented Feb 22, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

xiaokangwang commented Feb 22, 2021

Uh oh!

yuhan6665 commented Feb 22, 2021

Uh oh!

Uh oh!

rurirei commented Feb 22, 2021

Uh oh!

rurirei commented Feb 22, 2021

Uh oh!

Loyalsoldier commented Feb 23, 2021

Uh oh!

yuhan6665 commented Feb 23, 2021

Uh oh!

bhoppi commented Mar 17, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rurirei commented May 8, 2021

Uh oh!

yuhan6665 commented May 8, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Loyalsoldier commented Feb 22, 2021 •

edited

Loading

bhoppi commented Mar 17, 2021 •

edited

Loading