search

chika0801 / Xray-examples

Xray 配置示例
https://github.com/XTLS/Xray-core
506 stars 97 forks source link

Sniffing Object #11

Closed hawshemi closed 10 months ago

hawshemi commented 10 months ago

In the docs https://xtls.github.io/config/inbound.html#sniffingobject , About destOverride parameter, in you examples only the three http tls quic are there. why you did not included fakedns in it?

Like this:

"destOverride": ["http", "tls", "quic", "fakedns"],

OR

"destOverride": ["fakedns+others"]

Are there any downsides to incule the fakedns option? and turning on the Fake DNS on the clients like v2rayNG or NekoBox ?

chika0801 commented 10 months ago

In the docs https://xtls.github.io/config/inbound.html#sniffingobject , About destOverride parameter, in you examples only the three http tls quic are there. why you did not included fakedns in it?

The parameter, fakedns, is usually used on the client side. And the client is a transparent proxy environment to be used. For example this link https://github.com/chika0801/Xray-examples/blob/main/v2rayNG_custom_fakedns.json

So in the configuration example file I posted, the only thing written on the server side is http tls quic , because the server side I am imagining is a HTTP/socks proxy-like environment, and there is no difference between when you write fakedns and when you don't write it.

Are there any downsides to incule the fakedns option? and turning on the Fake DNS on the clients like v2rayNG or NekoBox ?

fakedns (clash client configuration in the name is fakeip) , generally used for transparent proxy environment, such as the client to use TUN, or the general working mode of the Android client APP, to reduce the DNS request issued by the programme this a RTT time.

If you are not in mainland China, usually with or without it makes no difference, your network is relatively smooth. You can search related fakeip article knowledge.

hawshemi commented 10 months ago

We are in Iran. and Iran's GFW is somewhat similar to China's. Most users here use v2rayNG or NekoBox. but FakeDNS options are disabled by default. should we use it? I don't think there are security issues for using it (VPN server being detected or ip/dns leak problems and ...)

chika0801 commented 10 months ago

Because with a client like v2rayNG, the default settings that the program author gives you after you install it may be a more conservative and traditional setup. The author is only responsible for the basic use, some advanced use, the user needs to learn to set up their own.

I've been using fakedns myself. The purpose of using it is to return Fakedns to domains that are banned by the firewall when they hit, to reduce DNS queries in a transparent proxy environment. (This part is the knowledge of network transparent proxy work process)

Translated with www.DeepL.com/Translator (free version)

hawshemi commented 10 months ago

Thanks.