search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.44k stars 8.95k forks source link

Specify record type in dns query #1379

Closed astrataro closed 5 years ago

astrataro commented 7 years ago

When using 6in4 tunneling, it is reasonable to query AAAA address for some IPv6 sites remotely. But IPv6 DNS might also return an A record. Like in this config:

  "dns" : {
    "servers" : [
      "2001:4860:4860::8888",
      "2001:4860:4860::8844"
    ]
  },
  "outbound" : {
    "protocol": "freedom",
    "settings": {},
    "tag": "direct"
  },
  "outboundDetour": [
    {
      "sendThrough": "TUNNEL_IPV6_ADDRESS",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      },
      "tag": "direct-v6"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [
        {
          "type": "field",
          "domain": [
            "google",
            "facebook"
            ],
            "outboundTag": "direct-v6"
        }
      ]
    }
  }

v2ray routes google and facebook to direct-v6, and resolves IP from 2001:4860:4860::8888 through tunnelled ipv6 interface. However, DNS server might return A records, but direct-v6 cannot access any IPv4 address, resulting in access failure.

Also, in some other situations, as some sites like Netflix blocks many public tunnel broker services like HE, it is needed to query for the A-only record for these sites.

For complex cases, I think adding "recordType"(default not specified) and "dnsTag" for DNS server groups in DNS section, and corresponding settings for Freedom protocol will solve most problems. Although as many sites have A-only records or even AAAA-only records, and specifying dnsTag in Freedom protocol setting seems to break the structure of v2ray, I'm not sure if it is a good idea for general use, but it does work for all the cases I can think of, if combined with current routing feature.

Another method is putting "dnsTag" in Route section. However, I am afraid it might conflict with the use of "domainStrategy" in Freedom settings.

A better way might be adding a "domainRule" part in DNS section. In this case, "recordType" could be used only for specific domains, while "preferredRecordType" should be used for general queries in case some sites do not have dual-stack records:

"dns": {
  "hosts": {
    "baidu.com": "127.0.0.1"
  },
  "servers": [
    {
      "address": [
        "8.8.8.8",
        "8.8.4.4"
      ]
    },
    {
      "address": [
        "2001:4860:4860::8888",
        "2001:4860:4860::8844"
      ],
      "preferredRecordType": "AAAA"
    },
  ],
  "domainRule": [
    {
      "domain": [
        "netflix",
        "nflximg",
        "nflxext",
        "nflxvideo",
        "nflxso"
      ],
      "address": [
        "8.8.8.8"
      ],
      "recordType": "A"
    },
    {
      "domain": [
        "google",
        "facebook.com"
      ],
      "address": [
        "2001:470:20::2",
        "74.82.42.42"
      ],
      "recordType": "AAAA"
    },
  ]
}

Anyway, all the solutions above have the risk of breaking the backward compatibility. To keep backward compatibility, we can add "preferredRecordType" for all dns server with current format, and "domainRule" part:

"dns": {
  "hosts": {
    "baidu.com": "127.0.0.1"
  },
  "servers": [
    "8.8.8.8",
    "8.8.4.4",
    "2001:4860:4860::8888",
    "2001:4860:4860::8844"
  ],
  "preferredRecordType": "A",
  "domainRule": [
    {
      "domain": [
        "netflix",
        "nflximg",
        "nflxext",
        "nflxvideo",
        "nflxso"
      ],
      "address": [
        "8.8.8.8"
      ],
      "recordType": "A"
    },
    {
      "domain": [
        "google",
        "facebook.com"
      ],
      "address": [
        "2001:470:20::2",
        "74.82.42.42"
      ],
      "recordType": "AAAA"
    },
  ]
}
DarienRaymond commented 6 years ago

I prefer to add an option in Freedom, say "UseIPv6", to connect to an IPv6 address of the domain. It may fail when the domain doesn't have any IPv6 addresses. The existing "UseIP" option stays unchanged.

VictoriaRaymond commented 5 years ago

Implemented

MrSaeid007 commented 1 year ago

I prefer to add an option in Freedom, say "UseIPv6", to connect to an IPv6 address of the domain. It may fail when the domain doesn't have any IPv6 addresses. The existing "UseIP" option stays unchanged.

Hi guys. Can someone tell me how to use DNS object in V2rayN app? For example Google DOT? (Dns.google) @astrataro @DarienRaymond @VictoriaRaymond @korzonek @fcying