New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FakeIP启用后,日志里有IP,但是dig
或nslookup
没有结果,浏览器中也提示找不到IP,打不开对应网站
#475
Comments
dns-hijack? |
劫持已经成功了,直接运行 还是说fakeip有特殊的劫持方式? |
try dig @172.20.0.2 www.google.com ? |
# dig www.google.com @172.20.0.2
;; communications error to 172.20.0.2#53: timed out
;; communications error to 172.20.0.2#53: timed out
;; communications error to 172.20.0.2#53: timed out
; <<>> DiG 9.18.11 <<>> www.google.com @172.20.0.2
;; global options: +cmd
;; no servers could be reached |
无法重现,请提供完整配置。 |
{
"log": {
"disabled": false,
"level": "info",
"timestamp": false
},
"dns": {
"servers": [
{
"tag": "_dns_ali",
"address": "tls://223.5.5.5",
"detour": "_direct"
},
{
"tag": "_dns_cf",
"address": "tls://1.1.1.1",
"detour": "_selector"
},
{
"tag": "_dns_fake",
"address": "fakeip"
},
{
"tag": "_dns_block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": [
"category-ads-all"
],
"server": "_dns_block",
"disable_cache": true
},
{
"domain": [
"www.google.com"
],
"server": "_dns_fake"
},
{
"geosite": [
"apple",
"google",
"jsdelivr"
],
"server": "_dns_cf"
},
{
"geosite": [
"cn"
],
"server": "_dns_ali"
}
],
"final": "_dns_cf",
"reverse_mapping": true,
"fakeip": {
"enabled": true,
"inet4_range": "172.20.0.1/24",
"inet6_range": "fdfe:dcba:9876::1/18"
}
},
"inbounds": [
{
"tag": "_dns_in",
"type": "direct",
"listen": "::1",
"listen_port": 15353,
"network": "udp"
},
{
"tag": "_tun_in",
"type": "tun",
"inet4_address": "172.20.0.1/16",
"auto_route": true,
"strict_route": true,
"sniff": true,
"exclude_uid": [
411,
5567
]
}
],
"outbounds": [
{
"tag": "_direct",
"type": "direct"
},
{
"tag": "_block",
"type": "block"
},
{
"tag": "_dns_out",
"type": "dns"
},
{
"tag": "JP",
"type": "urltest",
"outbounds": [
"JP 1",
"JP 2"
],
"url": "http://cp.cloudflare.com/generate_204",
"interval": "10s",
"tolerance": 1500
},
{
"tag": "_proxy",
"type": "urltest",
"outbounds": [
"JP",
"US"
],
"url": "http://cp.cloudflare.com/generate_204",
"interval": "10s",
"tolerance": 1500
},
{
"tag": "_selector",
"type": "selector",
"outbounds": [
"_proxy",
"JP",
"_direct",
"JP 1",
"JP 2",
"US"
]
},
{
"tag": "Apple",
"type": "selector",
"outbounds": [
"_selector",
"_proxy",
"JP",
"_direct",
"JP 1",
"JP 2",
"US"
]
},
{
"tag": "PayPal",
"type": "selector",
"outbounds": [
"_direct",
"_selector",
"_proxy",
"JP",
"JP 1",
"JP 2",
"US"
]
},
{
"tag": "Telegram",
"type": "selector",
"outbounds": [
"_selector",
"_proxy",
"JP",
"_direct",
"JP 1",
"JP 2",
"US"
]
},
{
"tag": "YouTube",
"type": "selector",
"outbounds": [
"_selector",
"_proxy",
"JP",
"_direct",
"JP 1",
"JP 2",
"US"
]
},
{
"tag": "JP 1",
"type": "vless",
"server": "JP 1 IP",
"server_port": 443,
"uuid": "JP 1 UUID",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "dl.acm.org",
"ech": {
"enabled": false
},
"utls": {
"enabled": true,
"fingerprint": "ios"
},
"reality": {
"enabled": true,
"public_key": "JP 1 PUB_KEY",
"short_id": "JP 1 SHORT_ID"
}
},
"packet_encoding": "xudp"
},
{
"tag": "JP 2",
"type": "vless",
"server": "JP 2 IP",
"server_port": 443,
"uuid": "JP 2 UUID",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "dl.acm.org",
"ech": {
"enabled": false
},
"utls": {
"enabled": true,
"fingerprint": "ios"
},
"reality": {
"enabled": true,
"public_key": "JP 2 PUB_KEY",
"short_id": "JP 2 SHORT_ID"
}
},
"packet_encoding": "xudp"
},
{
"tag": "US",
"type": "vless",
"server": "US",
"server_port": 443,
"uuid": "US UUID",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "captive.apple.com",
"ech": {
"enabled": false
},
"utls": {
"enabled": true,
"fingerprint": "ios"
},
"reality": {
"enabled": true,
"public_key": "US PUB_KEY",
"short_id": "US SHORT_ID"
}
},
"packet_encoding": "xudp"
}
],
"route": {
"geoip": {
"path": "/var/etc/geoip.db",
"download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db",
"download_detour": "_proxy"
},
"geosite": {
"path": "/var/etc/geosite.db",
"download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db",
"download_detour": "_proxy"
},
"rules": [
{
"protocol": "dns",
"outbound": "_dns_out"
},
{
"inbound": [
"_dns_in"
],
"outbound": "_dns_out"
},
{
"geoip": [
"private"
],
"geosite": [
"private"
],
"outbound": "_direct"
},
{
"process_name": [
"/usr/sbin/tcping"
],
"outbound": "_direct"
},
{
"source_ip_cidr": [
"10.10.0.4",
"10.10.5.0/24"
],
"outbound": "_direct"
},
{
"protocol": [
"quic"
],
"outbound": "_block"
},
{
"domain_suffix": [
"cloudflareinsights.com",
"homebizprosite.info",
"googletagmanager.com",
"api.segment.io"
],
"domain": [
"clientstream.launchdarkly.com"
],
"geosite": [
"category-ads-all"
],
"outbound": "_block"
},
{
"geosite": [
"apple"
],
"outbound": "Apple"
},
{
"geosite": [
"paypal"
],
"outbound": "PayPal"
},
{
"geosite": [
"telegram"
],
"geoip": [
"telegram"
],
"outbound": "Telegram"
},
{
"geosite": [
"youtube"
],
"outbound": "YouTube"
},
{
"geosite": [
"google",
"jsdelivr"
],
"ip_cidr": [
"8.8.4.4",
"8.8.8.8",
"208.67.222.222",
"208.67.220.220",
"1.1.1.1",
"1.1.1.2",
"1.0.0.1",
"9.9.9.9",
"149.112.112.112"
],
"outbound": "_proxy"
},
{
"geosite": [
"tld-cn",
"category-games@cn"
],
"outbound": "_direct"
},
{
"domain_suffix": [
"lg.extravm.com",
"gubo.org",
"lg.v.ps",
"speedtest.v.ps"
],
"domain_keyword": [
"lg.virmach",
"ping.vultr"
],
"outbound": "_direct"
},
{
"domain_suffix": [
"argotunnel.com",
"cftunnel.com"
],
"ip_cidr": [
"198.41.128.0/17",
"198.41.192.0/21",
"198.41.200.0/21"
],
"outbound": "_direct"
},
{
"geosite": [
"javdb"
],
"domain_suffix": [
"acg18.moe",
"hanime1.me",
"hxcy.moe",
"iwara.tv",
"missav.com",
"nhentai.net"
],
"outbound": "US"
},
{
"domain_suffix": [
"kenfiles.com",
"kfs.space",
"fs20917.kfs.space"
],
"outbound": "US"
},
{
"geosite": [
"geolocation-!cn"
],
"outbound": "_selector"
},
{
"geosite": [
"cn"
],
"geoip": [
"cn"
],
"outbound": "_direct"
}
],
"final": "_selector",
"auto_detect_interface": true
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui": "/opt/sing-box/clash",
"secret": "password",
"store_selected": true,
"store_fakeip": true,
"cache_file": "/opt/sing-box/clash/cache.db"
}
}
} 我这套配置是使用在openwrt上的,sing-box监听本地15353端口,并设置为dnsmasq上游完成dns解析 # uci show dhcp | grep 15353
dhcp.@dnsmasq[0].server='127.0.0.1#15353' '::1#15353' fakeip以外都能如预期分流dns并得到正确解析结果,只有fakeip如前述,没有结果返回。 刚才又指定解析端口,测试得到了解析结果。 # dig www.google.com -p 15353
;; communications error to 127.0.0.1#15353: connection refused
;; communications error to 127.0.0.1#15353: connection refused
;; communications error to 127.0.0.1#15353: connection refused
; <<>> DiG 9.18.11 <<>> www.google.com -p 15353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11775
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 259 IN A 172.20.0.6
;; Query time: 15 msec
;; SERVER: ::1#15353(::1) (UDP)
;; WHEN: Sun Mar 26 12:06:10 CST 2023
;; MSG SIZE rcvd: 62 看起来可能是这种设置dnsmasq上游的方法,仅对fakeip工作不正常。 |
有 dnsmasq 在出错时产生的日志吗? |
再次测试,把dnsmasq的默认端口改成53以外,sing-box直接监听 # dig www.google.com
; <<>> DiG 9.18.11 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26505
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 600 IN A 172.20.0.7
;; Query time: 47 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Mar 26 12:18:12 CST 2023
;; MSG SIZE rcvd: 62 但是浏览器中不能正常打开 |
刚才复查dnsmasq的设置,发现启用了 此时 # dig www.google.com
; <<>> DiG 9.18.11 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65433
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 487 IN A 172.20.0.10
;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Mar 26 13:05:35 CST 2023
;; MSG SIZE rcvd: 62 |
应该是我没能正确理解文档中的下述描述。
我以为 |
您可以尝试添加 DNS 规则以屏蔽 DNSSEC 检查。具体来说,添加一条 |
感谢回复。
之后 以前用过*ray系的fakedns,应该是没有触发过openwrt的 |
请尝试 inet4_range 修改为与 tun.inet4_address 不重合的值。
不是指 tun 地址必须包含,auto_route 启用时默认路由所有地址(除非与别的接口冲突)。 |
感谢建议,已经重新设置,目前没有问题了。 |
Welcome
Description of the problem
FakeIP启用后,日志里有IP。
但是
dig
或nslookup
没有结果,浏览器中也提示找不到IP,打不开对应网站。Version of sing-box
Server and client configuration file
fakeip以外的dns服务器均正常工作
Server and client log file
dig
没有解析结果nslookup
没有解析结果对应日志
(
dig
或者nslookup
是不是应该解析出172.20.0.5
这个fakeip?)The text was updated successfully, but these errors were encountered: