search

v2fly / v2ray-core

A platform for building proxies to bypass network restrictions.
https://v2fly.org
MIT License
29.46k stars 4.66k forks source link

“dns”下的“host”设置无效 #773

Closed picklefan closed 3 years ago

picklefan commented 3 years ago

你正在使用哪个版本的 V2Ray?

V2Ray 4.35.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.16 linux/amd64) A unified platform for anti-censorship. 2021/03/11 01:10:48 Using config from STDIN 2021/03/11 01:10:48 [Info] github.com/v2fly/v2ray-core/v4/main/jsonem: Reading config: stdin:

你的使用场景是什么?

chrome 通过 VMess

你看到的异常现象是什么?

host 无法匹配 域名或IP

你期待看到的正常表现是怎样的?

"dns": { "hosts": { "domain:zhu.com": "google.com" }, //当我输入zhu.com的时候,他应该使用Google.com来解析(当该项的地址为域名时,会使用此域名进行 IP 解析,而不使用原始域名https://www.v2fly.org/config/dns.html#dnsobject)

请附上你的配置

服务端配置: { "log": { "access": "/var/log/v2ray/access.log", "error": "/var/log/v2ray/error.log", "loglevel": "debug"

},
"routing": {
    "domainStrategy": "UseIP",
    "domainMatcher": "hybrid",
    "rules": [],
    "balancers": []
},
"dns": {
    "hosts": {
    "domain:zhu.com": "google.com"
},
    "servers": [

        "quic+local://dns.adguard.com",
        "8.8.8.8",
        "8.8.8.4",
        "https://1.1.1.1/dns-query"

]

},

"inbounds": [
    {
        "port": 443,
        "protocol": "vmess",
        "settings": {

            "clients": [
                {
                    "id": "29d2a01a-b081-4a5d-b77e-45f3e01ac164",
                     "alterId": 57
                }
            ]
        }
    }
],
"outbounds": [
    {
        "protocol": "freedom",
        "settings": {}
    }
]

}

// 在这里附上服务器端配置文件

客户端配置: 客户端配置无关紧要,这个问题不应该和客户端有任何关系。

// 在这里附上客户端配置

请附上出错时软件输出的错误日志

服务器端错误日志: 2021/03/11 01:48:07 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/proxy/vmess/inbound: received request for tcp:zhu.com:80 2021/03/11 01:48:07 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/app/dispatcher: default route for tcp:zhu.com:80 2021/03/11 01:48:07 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/proxy/freedom: opening connection to tcp:zhu.com:80 2021/03/11 01:48:07 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:07 [Warning] github.com/v2fly/v2ray-core/v4/proxy/vmess/encoding: Critical Warning: potentially invalid user: a non VMessAEAD connection is received. From 2022 Jan 1st, this kind of connection will be rejected by default. You should update or replace your client software now. 2021/03/11 01:48:07 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/proxy/vmess/inbound: received request for tcp:zhu.com:80 2021/03/11 01:48:07 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/app/dispatcher: default route for tcp:zhu.com:80 2021/03/11 01:48:07 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/proxy/freedom: opening connection to tcp:zhu.com:80 2021/03/11 01:48:07 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:22 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:22 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:38 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:38 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:42 [Info] [1582210667] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80 2021/03/11 01:48:42 [Info] [4102618292] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:80

// 在这里附上服务器端日志

客户端错误日志: 2021/03/10 22:48:07 tcp:127.0.0.1:62673 accepted tcp:zhu.com:80 [proxy] 2021/03/10 22:48:07 tcp:127.0.0.1:62674 accepted tcp:zhu.com:80 [proxy]

// 在这里附上客户端日志

请附上访问日志

// 在这里附上服务器端日志
2021/03/11 01:48:07 110.87.92.110:17659 accepted tcp:zhu.com:80
2021/03/11 01:48:07 110.87.92.110:17660 accepted tcp:zhu.com:80
2021/03/11 01:48:55 110.87.92.110:17744 accepted tcp:d.dropbox.com:443
2021/03/11 01:48:55 110.87.92.110:17745 accepted tcp:detectportal.firefox.com:80
2021/03/11 01:48:56 110.87.92.110:17749 accepted tcp:detectportal.firefox.com:80
2021/03/11 01:48:57 110.87.92.110:17750 accepted tcp:detectportal.firefox.com:80
2021/03/11 01:49:16 110.87.92.110:17775 accepted tcp:zhu.com:80
2021/03/11 01:50:37 110.87.92.110:17880 accepted tcp:clients4.google.com:443

//输入https://zhu.com时的日志

2021/03/11 02:10:35 [Info] [286288645] github.com/v2fly/v2ray-core/v4/proxy/vmess/inbound: received request for tcp:zhu.com:443
2021/03/11 02:10:35 [Info] [286288645] github.com/v2fly/v2ray-core/v4/app/dispatcher: default route for tcp:zhu.com:443
2021/03/11 02:10:35 [Info] [286288645] github.com/v2fly/v2ray-core/v4/proxy/freedom: opening connection to tcp:zhu.com:443
2021/03/11 02:10:35 [Info] [286288645] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:443
2021/03/11 02:10:50 [Info] [286288645] github.com/v2fly/v2ray-core/v4/transport/internet/tcp: dialing TCP to tcp:zhu.com:443

其它相关的配置文件(如 Nginx)和相关日志

如果 V2Ray 无法启动,请附上 --test 命令的输出

如果 V2Ray 服务运行异常,请附上 journal 日志

database64128 commented 3 years ago 
"routing": {
    "domainStrategy": "UseIP",

This is incorrect. See https://www.v2fly.org/config/routing.html

database64128 commented 3 years ago

"domain:zhu.com": "google.com"

This is not how you use hosts. Your request will be rejected by Google's server due to the invalid SNI (zhu.com).

picklefan commented 3 years ago 
"routing": {
    "domainStrategy": "UseIP",

This is incorrect. See https://www.v2fly.org/config/routing.html

But the document says I should use "Useip" other than the default setting.

WARNING

For outbounds with freedom protocol, the default value of domainStrategy is AsIs, therefore the DNS settings will not be >applied to this outbound by default. If necessary, it should be configured as UseIP.

database64128 commented 3 years ago

But the document says I should use "Useip" other than the default setting.

UseIP is only used in outbound settings. See https://www.v2fly.org/config/protocols/freedom.html#outboundconfigurationobject. For example: 

{
    "protocol": "freedom",
    "settings": {
        "domainStrategy": "UseIP"
    },
    "tag": "direct"
},

But I'm pretty sure you don't actually want UseIP. What you're attempting to do is just not possible in practice. It's never going to work the way you want it to.

Loyalsoldier commented 3 years ago

There are two domainStrategys, one in routing, the other in freedom outbound.

The one in routing has three options "AsIs" | "IPIfNonMatch" | "IPOnDemand". The one in freedom outbound has four options "AsIs" | "UseIP" | "UseIPv4" | "UseIPv6".

For outbounds with freedom protocol, the default value of domainStrategy is AsIs, therefore the DNS settings will not be applied to this outbound by default. If necessary, it should be configured as UseIP.

The meaning of the above sentence states that DNS settings will not apply to freedom outbound if the domainStrategy in freedom outbound is using the default value AsIs.

picklefan commented 3 years ago

"domain:zhu.com": "google.com"

This is not how you use hosts. Your request will be rejected by Google's server due to the invalid SNI (zhu.com).

Why, I assumed when I type zhu.com in my browser, the V2ray should request google.com instead.

hosts: map{string: address}

Static IP list, its value is a series of "domain name": "address". The address can be an IP or domain name. When resolving a >domain name, if the domain name matches an item in this list when the address of the item is an IP, the resolution result is the >IP of the item, and the following servers are not used for resolution; when the address is a domain name, this domain name will >be used for IP resolution instead of the original domain name.

picklefan commented 3 years ago

There are two domainStrategys, one in routing, the other in freedom outbound.

The one in routing has three options "AsIs" | "IPIfNonMatch" | "IPOnDemand". The one in freedom outbound has four options "AsIs" | "UseIP" | "UseIPv4" | "UseIPv6".

For outbounds with freedom protocol, the default value of domainStrategy is AsIs, therefore the DNS settings will not be applied to this outbound by default. If necessary, it should be configured as UseIP.

The meaning of the above sentence states that DNS settings will not apply to freedom outbound if the domainStrategy in freedom outbound is using the default value AsIs. OK, thanks, I see it now.

picklefan commented 3 years ago

But the document says I should use "Useip" other than the default setting.

UseIP is only used in outbound settings. See https://www.v2fly.org/config/protocols/freedom.html#outboundconfigurationobject. For example:

{
    "protocol": "freedom",
    "settings": {
        "domainStrategy": "UseIP"
    },
    "tag": "direct"
},

But I'm pretty sure you don't actually want UseIP. What you're attempting to do is just not possible in practice. It's never going to work the way you want it to.

Yes, you are right, I can use it to jump to my own site. But why can't google.

picklefan commented 3 years ago

"domain:zhu.com": "google.com"

This is not how you use hosts. Your request will be rejected by Google's server due to the invalid SNI (zhu.com).

Got it. Thanks a lot.

database64128 commented 3 years ago

Yes, you are right, I can use it to jump to my own site. But why can't google.

Because you didn't configure your web server to enforce a server name. A common practice is to configure a default server to return 404 for requests with a server name not matched by any other server. For example, with nginx, we can do:

http {
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  _;

        if ($host = zhu.com) {
            return 301 https://$host$request_uri;
        }

        return 404;
    }

    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  zhu.com;
    }
}
picklefan commented 3 years ago

Yes, you are right, I can use it to jump to my own site. But why can't google.

Because you didn't configure your web server to enforce a server name. A common practice is to configure a default server to return 404 for requests with a server name not matched by any other server. For example, with nginx, we can do:

http {
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  _;

        if ($host = zhu.com) {
            return 301 https://$host$request_uri;
        }

        return 404;
    }

    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  zhu.com;
    }
}

Well, I thought when I put request zhu.com to V2ray it would turn my request as google.com to DNS. Guess I thought it wrong. Though I think the document is confusing in that part.