search

apernet / hysteria

Hysteria is a powerful, lightning fast and censorship resistant proxy.
https://v2.hysteria.network/
MIT License
13.83k stars 1.56k forks source link

DNS (Resolver) tag in server side config has no effect #1111

Open robin98 opened 1 month ago

robin98 commented 1 month ago

Describe the bug I tried the resolver tag on my server side config at /etc/hysteria/config.yaml like this; but this method didn't work for my clients as their resolver didn't change from alibaba to any other DNS resolver I specified.

listen: :8443

tls:
  cert: /opt/cert/xxxx/fullchain.pem
  key: /opt/cert/xxxx/privkey.pem

auth:
  type: password
  password: xxxx

masquerade:
  type: proxy
  proxy:
    url: https://xxxx.com/
    rewriteHost: true

resolver:
  type: udp
  udp:
    addr: 9.9.9.9:53
    timeout: 10s

Logs

dns

Device and Operating System ubuntu server 22.04.4

haruue commented 1 month ago

If you use Hysteria client with transparent proxy (e.g. redirect/proxy/tun), name resolving is done on client side, so server side DNS setting & domain ACL will not work in this case.

We have plan to introduce feature known as "sniffing" or "deep packet inspection" on server side to extract hostname from SNI in ClientHello and resolve it again. This will be able to fix the problem, but not available now.

eddiehex commented 1 month ago

If you use Hysteria client with transparent proxy (e.g. redirect/proxy/tun), name resolving is done on client side, so server side DNS setting & domain ACL will not work in this case.

We have plan to introduce feature known as "sniffing" or "deep packet inspection" on server side to extract hostname from SNI in ClientHello and resolve it again. This will be able to fix the problem, but not available now.

If I enable the sniffing in the client side, will ACL work?