FakeDNS return TTL=1 and drop HTTPS QType 65 request

Co-authored-by: qwerr0
XTLS · Feb 21, 2024 · a0f1e1f · a0f1e1f
1 parent c100d35
commit a0f1e1f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go
@@ -199,7 +199,7 @@ func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResu
 			return true
 		}
 		if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
-			destination.Address.Family().IsIP() && fkr0.IsIPInIPPool(destination.Address) {
+			fkr0.IsIPInIPPool(destination.Address) {
 			newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx))
 			return true
 		}
@@ -254,7 +254,7 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin
 					protocol = resComp.ProtocolForDomainResult()
 				}
 				isFakeIP := false
-				if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) {
+				if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(ob.Target.Address) {
 					isFakeIP = true
 				}
 				if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP {
@@ -307,7 +307,7 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De
 				protocol = resComp.ProtocolForDomainResult()
 			}
 			isFakeIP := false
-			if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) {
+			if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(ob.Target.Address) {
 				isFakeIP = true
 			}
 			if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP {

diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go
@@ -27,6 +27,9 @@ func init() {
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		h := new(Handler)
 		if err := core.RequireFeatures(ctx, func(dnsClient dns.Client, policyManager policy.Manager) error {
+			core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
+				h.fdns = fdns
+			})
 			return h.Init(config.(*Config), dnsClient, policyManager)
 		}); err != nil {
 			return nil, err
@@ -41,6 +44,7 @@ type ownLinkVerifier interface {
 
 type Handler struct {
 	client          dns.Client
+	fdns            dns.FakeDNSEngine
 	ownLinkVerifier ownLinkVerifier
 	server          net.Destination
 	timeout         time.Duration
@@ -179,7 +183,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 				if isIPQuery {
 					go h.handleIPQuery(id, qType, domain, writer)
 				}
-				if isIPQuery || h.nonIPQuery == "drop" {
+				if isIPQuery || h.nonIPQuery == "drop" || qType == 65 {
 					b.Release()
 					continue
 				}
@@ -244,6 +248,10 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
 		return
 	}
 
+	if fkr0, ok := h.fdns.(dns.FakeDNSEngineRev0); ok && len(ips) > 0 && fkr0.IsIPInIPPool(net.IPAddress(ips[0])) {
+		ttl = 1
+	}
+
 	switch qType {
 	case dnsmessage.TypeA:
 		for i, ip := range ips {