xray 域名空解析导致死循环

[kulongwangzhi85]

版本为1.5.10
xray dns服务器使用fakedns disableFallback： false
因此最后会在fakedns中，得到一个fake ip

帮助

对于空域名大家是如何配置

临时应对

在路由配置中,将空域名添加 blackhole，进行拦截。
不知会不会太麻烦

        {
          "type": "field",
          "network": "udp,tcp",
          "domain": [
	    "domain:adservice.google.cn"
          ],
          "outboundTag": "discard"
        },

添加后，暂时没看到有死循环了

现象：

iphone手机，访问google首页，会解析adservice.google.cn，手工使用nslookup解析得到NXDOMAIN

root@Gateway:/tmp# nslookup adservice.google.cn 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

** server can't find adservice.google.cn: NXDOMAIN

root@Gateway:/tmp# nslookup adservice.google.cn 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find adservice.google.cn: NXDOMAIN

xray dns服务器配置

"dns": {
    "disableCache": false,
    "disableFallback": false,
    "disableFallbackIfMatch": true,
    "queryStrategy": "UseIPv4",
"servers": [
      {
        "address": "1.1.1.1",
        "domains": [
	  "domain:xxx.xx"
        ],
	"skipFallback": true,
        "port": 53
      },
      {
        "address": "127.0.0.1",
        "port": 5353,
	"skipFallback": true,
        "domains": [
          "geosite:cloudflare",
          "geosite:apple-cn",
          "geosite:google-cn",
          "geosite:category-games@cn",
          "geosite:cn"
        ],
	"expectIPs": [
           "geoip:cloudflare",
           "geoip:cn"
	]
      },
      {
        "address": "fakedns",
        "domains": [
          "geosite:google",
          "geosite:geolocation-!cn",
	  "geosite:gfw"
        ]
      },
      {
        "address": "127.0.0.1",
	"skipFallback": true,
        "port": 5353
      },
      "8.8.8.8"
    ]
  },

xray 路由配置

"routing": {
    "domainStrategy": "IPIfNonMatch",
    "domainMatcher": "hybrid",
    "rules": [
        {
          "type": "field",
          "inboundTag": [
            "dns-in"
          ],
          "network": "udp,tcp",
          "outboundTag": "dns-out"
        },
        {
          "type": "field",
          "network": "udp,tcp",
          "ip": [
            "193.168.0.0/16",
            "fd22::/64"
          ],
          "outboundTag": "discard"
        },
        {
          "type": "field",
          "outboundTag": "direct",
          "domain": [
	    "full:cc.guocl.cc"
          ],
          "network": "udp,tcp"
        },
        {
          "type": "field",
          "outboundTag": "direct",
          "ip": [
            "192.168.2.0/24",
            "192.168.3.0/24",
            "192.168.8.0/24",
            "fd11:66::/64",
            "fd11:88::/64",
            "fe80::/16",
            "ff02::/16",
            "geoip:private",
	    "geoip:cn"
          ],
          "network": "udp,tcp"
        },
        {
          "type": "field",
          "outboundTag": "grpc-proxy",
          "ip": [
	    "8.8.8.8/32",
	    "8.8.4.4/32",
	    "1.1.1.1/32",
	    "1.0.0.1/32",
	    "geoip:!cn"
          ],
          "network": "udp,tcp"
        },
        {
          "type": "field",
          "outboundTag": "direct",
          "domain": [
            "geosite:cloudflare",
            "geosite:apple-cn",
	    "geosite:cn"
          ],
          "network": "udp,tcp"
        },
        {
          "type": "field",
          "outboundTag": "grpc-proxy",
          "domain": [
            "geosite:google",
            "geosite:geolocation-!cn",
	    "geosite:gfw"
          ],
          "network": "udp,tcp"
        },
        {
          "type": "field",
          "domain": [
            "geosite:category-ads-all"
          ],
          "outboundTag": "discard"
        }
    ]
  }

xray 死循环时的log

2022/08/29 09:07:20 [Info] app/dns: UDP:127.0.0.1:5353 got answer: adservice.google.cn. TypeA -> [] 36.808798ms
2022/08/29 09:07:20 [Debug] app/dns: UDP:127.0.0.1:5353 updating IP records for domain:adservice.google.cn.
2022/08/29 09:07:20 [Info] app/dns: failed to lookup ip for domain adservice.google.cn at server UDP:127.0.0.1:5353 > rcode: 3
2022/08/29 09:07:20 [Info] [3203655206] proxy/freedom: failed to get IP address for domain adservice.google.cn > rcode: 3
2022/08/29 09:07:20 [Info] [3203655206] transport/internet/tcp: dialing TCP to tcp:adservice.google.cn:443
2022/08/29 09:07:20 [Debug] transport/internet: dialing to tcp:adservice.google.cn:443
2022/08/29 09:07:20 [Debug] [989588837] proxy/dokodemo: processing connection from: 127.0.0.1:60511
2022/08/29 09:07:20 [Info] [989588837] proxy/dokodemo: received request for 127.0.0.1:60511
2022/08/29 09:07:20 [Debug] [2843293000] proxy/dokodemo: processing connection from: 127.0.0.1:60736
2022/08/29 09:07:20 [Info] [2843293000] proxy/dokodemo: received request for 127.0.0.1:60736
2022/08/29 09:07:20 [Info] [989588837] app/dispatcher: taking detour [dns-out] for [udp:127.0.0.1:5353]
2022/08/29 09:07:20 [Info] [2843293000] app/dispatcher: taking detour [dns-out] for [udp:127.0.0.1:5353]
2022/08/29 09:07:20 [Info] [989588837] proxy/dns: handling DNS traffic to udp:8.8.8.8:53
2022/08/29 09:07:20 [Info] [2843293000] proxy/dns: handling DNS traffic to udp:8.8.8.8:53
2022/08/29 09:07:20 [Debug] app/dns: domain adservice.google.cn matches following rules: [geosite:google(DNS idx:2) geosite:gfw(DNS idx:2) geosite:cn(DNS idx:1) geosite:google(DNS idx:2)]
2022/08/29 09:07:20 [Debug] app/dns: domain adservice.google.cn will use DNS in order: [FakeDNS UDP:127.0.0.1:5353 UDP:8.8.8.8:53]
2022/08/29 09:07:20 [Info] app/dns: FakeDNS got answer: adservice.google.cn -> [193.168.129.44]
2022/08/29 09:07:20 [Debug] [2097412112] proxy/dokodemo: processing connection from: 192.168.2.1:36750
2022/08/29 09:07:20 [Info] [2097412112] proxy/dokodemo: received request for 192.168.2.1:36750
2022/08/29 09:07:20 [Info] [2097412112] app/dispatcher: fake dns got domain: adservice.google.cn for ip: 193.168.129.44
2022/08/29 09:07:20 [Info] [2097412112] app/dispatcher: sniffed domain: adservice.google.cn
2022/08/29 09:07:20 [Info] [2097412112] app/dispatcher: taking detour [direct] for [tcp:adservice.google.cn:443]
2022/08/29 09:07:20 [Info] [2097412112] proxy/freedom: opening connection to tcp:adservice.google.cn:443
2022/08/29 09:07:20 [Debug] app/dns: domain adservice.google.cn matches following rules: [geosite:google(DNS idx:2) geosite:gfw(DNS idx:2) geosite:cn(DNS idx:1) geosite:google(DNS idx:2)]
2022/08/29 09:07:20 [Debug] app/dns: domain adservice.google.cn will use DNS in order: [FakeDNS UDP:127.0.0.1:5353 UDP:8.8.8.8:53]
2022/08/29 09:07:20 [Debug] app/dns: skip DNS resolution for domain adservice.google.cn at server FakeDNS
2022/08/29 09:07:20 [Debug] app/dns: UDP:127.0.0.1:5353 cache HIT adservice.google.cn -> [] > rcode: 3
2022/08/29 09:07:20 [Info] app/dns: failed to lookup ip for domain adservice.google.cn at server UDP:127.0.0.1:5353 > rcode: 3
2022/08/29 09:07:20 [Info] [2097412112] proxy/freedom: failed to get IP address for domain adservice.google.cn > rcode: 3
2022/08/29 09:07:20 [Info] [2097412112] transport/internet/tcp: dialing TCP to tcp:adservice.google.cn:443
2022/08/29 09:07:20 [Debug] transport/internet: dialing to tcp:adservice.google.cn:443
2022/08/29 09:07:20 [Debug] [722512318] proxy/dokodemo: processing connection from: 127.0.0.1:51861
2022/08/29 09:07:20 [Info] [722512318] proxy/dokodemo: received request for 127.0.0.1:51861
2022/08/29 09:07:20 [Debug] [2872462502] proxy/dokodemo: processing connection from: 127.0.0.1:45541
2022/08/29 09:07:20 [Info] [2872462502] proxy/dokodemo: received request for 127.0.0.1:45541
2022/08/29 09:07:20 [Info] [2872462502] app/dispatcher: taking detour [dns-out] for [udp:127.0.0.1:5353]

[kulongwangzhi85]

这两天调整了防火墙的配置，好像再没发现问题了。😄