Xray-core 启用 fakedns 后，路由无法如期直连被解析为内网 ip 的域名

xray 服务端&客户端版本均为 1.4.4 其中客户端为 Android ，直接使用 core 而非套壳 app

路由已配置 geoip:private 直连，域名策略为 IPIfNonMatch ，但在访问诸如 imis.qq.com 之类的被解析为 127.0.0.1 的网址时，未能如期直连

虽然可以通过手动添加域名规则到路由表里实现直连，但考虑到类似的域名颇多，还是解析为 ip 再连接更一劳永逸

该问题在使用透明代理时亦存在 https://github.com/Asterisk4Magisk/Xray4Magisk/issues/57

Sep 22 '21 09:09 Aniark

fake ip的速度优势就体现在这里吧缺点就是只有域名分流规则生效

Oct 04 '21 10:10 hfdem

可否贴一下配置呢?

Oct 08 '21 03:10 firerflystar

可否贴一下配置呢?

base.json { "log": { "access": "/data/adb/xray/run/access.log", "loglevel": "none", "dnsLog": true }, "inbounds": [ { "tag": "proxy-in", "port": 65535, "listen": "0.0.0.0", "protocol": "dokodemo-door", "settings": { "network": "tcp,udp", "followRedirect": true }, "streamSettings": { "sockopt": { "tproxy": "tproxy" } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "fakedns" ], "metadataOnly": false } } ], "outbounds": [ { "tag": "direct", "protocol": "freedom" }, { "tag": "dns-out", "protocol": "dns" }, { "tag": "block", "protocol": "blackhole", "settings": {"response": {"type": "none"}} } ] } dns.json { "dns": { "servers": ["fakedns"] } } proxy.json { "outbounds": [ { "tag": "proxy", "protocol": "VLESS", "settings": { "vnext": [ { "address": "1.1.1.1", "port": 443, "users": [ { "id": "00000000-0000-0000-0000-000000000000", "alterId": 0, "email": "[email protected]", "security": "none", "encryption": "none", "flow": "xtls-rprx-splice" } ] } ], "servers": null, "response": null }, "streamSettings": { "network": "tcp", "security": "xtls", "xtlsSettings": { "allowInsecure": false, "serverName": "one.one.one.one" }, "tcpSettings": null, "sockopt": { "domainStrategy": "UseIPv4" } }, "mux": { "concurrency": -1, "enabled": false } } ] } routing.json { "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "port": 53, "inboundTag": [ "proxy-in" ], "outboundTag": "dns-out" }, { "type": "field", "outboundTag": "direct", "protocol": [ "bittorrent" ] }, { "domain": [ "geosite:category-ads-all" ], "outboundTag": "block", "type": "field" }, { "domain": [ "geosite:geolocation-!cn" ], "outboundTag": "proxy", "type": "field" }, { "ip": [ "geoip:cn", "geoip:private" ], "outboundTag": "direct", "type": "field" }, { "domain": [ "geosite:cn", "geosite:private" ], "outboundTag": "direct", "type": "field" }, { "network": "tcp,udp", "outboundTag": "proxy", "type": "field" } ] } }

以上是透明代理的配置还有一种使用场景是修改入站为 HTTP ，然后添加该代理地址到 APN 配置内

题外话：使用 v2rayng 在配置绕过局域网地址的情况下倒是可以如期直连

Oct 08 '21 04:10 Aniark

既然V2RAYNG可以那问题是不是出在防火墙规则上呢? iptables的规则能否一起贴出

Oct 08 '21 05:10 firerflystar

既然V2RAYNG可以那问题是不是出在防火墙规则上呢? iptables的规则能否一起贴出

https://github.com/Asterisk4Magisk/Xray4Magisk

透明代理实现由以上项目提供

Oct 08 '21 07:10 Aniark

Xray4Magisk, 还没有用过, 可以试下路由配置透明代理, 我这边是正常的 ,DNS-OUT出站需要打上标记, IPTABLES规则让它直连 ``` { "tag": "Dns-Out", "protocol": "dns", "settings": { "address": "1.1.1.1" }, "streamSettings": { "sockopt": { "mark": 2 } } }

Oct 08 '21 11:10 firerflystar

@firerflystar Android 上不能在 outbound 打标记

Oct 08 '21 11:10 CerteKim

~~更换手机 rom 后，可以正常直连了~~

~~出现问题的 rom 为官方版 MIUI V12.0.1.0.QFLCNXM~~

~~无此问题的 rom 为民间改版 MIUI by xiaomi.eu V12.0.1.0.QFLCNXM~~

经过进一步的测试，发现在用 wifi 时可以正常直连，用数据网络时则不行，与 rom 无关

Oct 09 '21 14:10 Aniark