Xray-docs-next/docs/en/config/fakedns.md

4.8 KiB

FakeDNS

FakeDNS is used to obtain target domain names by forging DNS, which can reduce the delay in DNS queries and work with transparent proxies to obtain target domain names.

::: warning FakeDNS may contaminate the local DNS and cause "network unreachable" after Xray is closed. :::

FakeDNSObject

FakeDNSObject corresponds to the fakedns item in the configuration file.

{
  "ipPool": "198.18.0.0/16",
  "poolSize": 65535
}

FakeDnsObject can also be configured as an array containing multiple FakeIP Pools. When a DNS query request is received, FakeDNS returns a group of FakeIPs obtained by multiple FakeIP Pools at the same time.

[
  {
    "ipPool": "198.18.0.0/15",
    "poolSize": 65535
  },
  {
    "ipPool": "fc00::/18",
    "poolSize": 65535
  }
]

ipPool: CIDR

FakeDNS will use the IP block specified by this option to allocate addresses.

poolSize: int

Specifies the maximum number of domain name-IP mappings stored by FakeDNS. When the number of mappings exceeds this value, mappings will be eliminated according to the LRU rule. The default is 65535.

::: warning poolSize must be less than or equal to the total number of addresses corresponding to ipPool. :::

::: tip If the dns item in the configuration file sets fakedns, but the configuration file does not set FakeDNSObject, Xray will initialize FakeDNSObject based on the queryStrategy of the DNS component.

When queryStrategy is set to UseIP, the initialized FakeIP Pool is equivalent to

[
  {
    "ipPool": "198.18.0.0/15",
    "poolSize": 32768
  },
  {
    "ipPool": "fc00::/18",
    "poolSize": 32768
  }
]

When queryStrategy is set to UseIPv4, the initialized FakeIP Pool is equivalent to

{
  "ipPool": "198.18.0.0/15",
  "poolSize": 65535
}

When queryStrategy is set to UseIPv6, the initialized FakeIP Pool is equivalent to

{
  "ipPool": "fc00::/18",
  "poolSize": 65535
}

:::

How to use?

FakeDNS is essentially a DNS server that can be used in conjunction with any DNS rules.

Only by routing DNS queries to FakeDNS can it be effective.

{
  "dns": {
    "servers": [
      "fakedns", // fakedns comes first
      "8.8.8.8"
    ]
  },
  "outbounds": [
    {
      "protocol": "dns",
      "tag": "dns-out"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "inboundTag": ["dns-in"], // Intercept DNS traffic from DNS query inbound or from inbound traffic of transparent proxies.
        "port": 53,
        "outboundTag": "dns-out"
      }
    ]
  }
}

When external DNS requests enter the FakeDNS component, it will return IP addresses within its own ipPool as the virtual resolution results of the domain name, and record the mapping relationship between the domain name and the virtual resolution results.

In addition, you need to enable Sniffing in the client for incoming traffic that needs to be proxied, and use the fakedns target address reset.

"sniffing": {
  "enabled": true,
  "destOverride": ["fakedns"], // Use "fakedns", or use it with other sniffer, or directly use "fakedns+others".
  "metadataOnly": false        // When this item is true, destOverride can only use fakedns.
},

::: warning If the FakeIP is not correctly restored to the domain name, the server will not be accessible. :::

Using with other types of DNS

Coexistence with DNS shunting

When using DNS shunting, to give fakedns a higher priority, you need to add the same domains as other types of DNS.

{
  "servers": [
    {
      "address": "fakedns",
      "domains": [
        // consistent with the content used in the shunt below
        "geosite:cn",
        "domain:example.com"
      ]
    },
    {
      "address": "1.2.3.4",
      "domains": ["geosite:cn"],
      "expectIPs": ["geoip:cn"]
    },
    {
      "address": "1.1.1.1",
      "domains": ["domain:example.com"]
    },
    "8.8.8.8"
  ]
}

FakeDNS blacklist

If you do not want certain domain names to use FakeDNS, you can add domains configuration in other types of DNS configurations so that when the specified domain names are matched, other DNS servers have a higher priority than FakeDNS, thereby achieving the FakeDNS blacklist mechanism.

{
  "servers": [
    "fakedns",
    {
      "address": "1.2.3.4",
      "domains": ["domain:do-not-use-fakedns.com"]
    }
  ]
}

FakeDNS whitelist

If you only want certain domain names to use FakeDNS, you can add domains configuration to fakedns so that when the specified domain names are matched, fakedns has a higher priority than other DNS servers, thereby achieving the FakeDNS whitelist mechanism.

{
  "servers": [
    "1.2.3.4",
    {
      "address": "fakedns",
      "domains": ["domain:only-this-use-fakedns.com"]
    }
  ]
}