FakeDNS
FakeDNS obtains target domain names by forging DNS responses. It can reduce latency during DNS queries and assist transparent proxies in acquiring target domain names.
WARNING
FakeDNS may pollute the local DNS cache, causing "no network access" after Xray is closed.
FakeDNSObject
FakeDNSObject corresponds to the fakedns item in the configuration file.
{
"ipPool": "198.18.0.0/16",
"poolSize": 65535
}2
3
4
FakeDnsObject can also be configured as an array containing multiple FakeIP Pools. When a DNS query request is received, FakeDNS will return a set of FakeIPs derived from multiple FakeIP Pools simultaneously.
[
{
"ipPool": "198.18.0.0/15",
"poolSize": 65535
},
{
"ipPool": "fc00::/18",
"poolSize": 65535
}
]2
3
4
5
6
7
8
9
10
ipPool: CIDR
FakeDNS will allocate addresses using the IP block specified in this option.
poolSize: int
Specifies the maximum number of Domain-IP mappings stored by FakeDNS. When the number of mappings exceeds this value, mappings will be evicted according to LRU rules. Default is 65535.
WARNING
poolSize must be less than or equal to the total number of addresses in the ipPool.
TIP
If fakedns is set in the dns item of the configuration file but FakeDnsObject is not configured, Xray will initialize FakeDnsObject based on the queryStrategy of the DNS component.
When queryStrategy is UseIP, the initialized FakeIP Pool is equivalent to:
[
{
"ipPool": "198.18.0.0/15",
"poolSize": 32768
},
{
"ipPool": "fc00::/18",
"poolSize": 32768
}
]2
3
4
5
6
7
8
9
10
When queryStrategy is UseIPv4, the initialized FakeIP Pool is equivalent to:
{
"ipPool": "198.18.0.0/15",
"poolSize": 65535
}2
3
4
When queryStrategy is UseIPv6, the initialized FakeIP Pool is equivalent to:
{
"ipPool": "fc00::/18",
"poolSize": 65535
}2
3
4
How to use?
FakeDNS is essentially a DNS Server that can be used in conjunction with any DNS rules.
It only works when DNS queries are routed to FakeDNS.
{
"dns": {
"servers": [
"fakedns", // fakedns comes first
"8.8.8.8"
]
},
"outbounds": [
{
"protocol": "dns",
"tag": "dns-out"
}
],
"routing": {
"rules": [
{
"inboundTag": ["dns-in"], // Hijack DNS traffic from DNS query entry points, or hijack DNS traffic from transparent proxy inbounds.
"port": 53,
"outboundTag": "dns-out"
}
]
}
}2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
When an external DNS request enters the FakeDNS component, it returns an IP address within its ipPool as the fictitious resolution result for the domain and records the mapping between the domain and the fictitious IP.
Additionally, you need to enable Sniffing on the inbound of the client that receives traffic to be proxied, and use fakedns for destination address resetting.
"sniffing": {
"enabled": true,
"destOverride": ["fakedns"], // Use "fakedns", or combine with other sniffers
"metadataOnly": false // When this is true, destOverride can only use fakedns
}2
3
4
5
WARNING
If the FakeIP is not correctly reverted to the domain name, connection to the server will fail.
Using with other DNS types
Coexisting with DNS Routing
When using DNS routing (traffic splitting), to ensure fakedns has high priority, you need to add the same domains to it as you would for other DNS types.
{
"servers": [
{
"address": "fakedns",
"domains": [
// Consistent with the content used for routing below
"geosite:cn",
"domain:example.com"
]
},
{
"address": "1.2.3.4",
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
{
"address": "1.1.1.1",
"domains": ["domain:example.com"]
},
"8.8.8.8"
]
}2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
FakeDNS Blacklist
If you do not want certain domains to use FakeDNS, you can add domains configuration to other types of DNS servers. This gives other DNS servers higher priority than FakeDNS when matching specific domains, thereby implementing a FakeDNS blacklist mechanism.
{
"servers": [
"fakedns",
{
"address": "1.2.3.4",
"domains": ["domain:do-not-use-fakedns.com"]
}
]
}2
3
4
5
6
7
8
9
FakeDNS Whitelist
If you want only certain domains to use FakeDNS, you can add domains configuration to fakedns. This gives fakedns higher priority than other DNS servers when matching specific domains, thereby implementing a FakeDNS whitelist mechanism.
{
"servers": [
"1.2.3.4",
{
"address": "fakedns",
"domains": ["domain:only-this-use-fakedns.com"]
}
]
}2
3
4
5
6
7
8
9
