一个Xray终极DNS分流配置
转载来自@lnbiuc
流程图
配置文件
{
"log": {
"loglevel": "debug",
"dnsLog": true,
"maskAddress": ""
},
"dns": {
"servers": [
// 非CN预分流:先用1.1.1.1查询,检查是否为非CN IP
{
"address": "1.1.1.1",
"domains": [
"geosite:geolocation-!cn"
],
"expectIPs": [
"geoip:!cn"
],
"tag": "dns-proxy",
"skipFallback": false
},
// 非CN预分流失败后fallback:使用223.5.5.5查询,要求CN IP
{
"address": "223.5.5.5",
"domains": [
"geosite:geolocation-!cn"
],
"expectIPs": [
"geoip:cn"
],
"tag": "dns-direct",
"skipFallback": false
},
// 非CN预分流最终查询:8.8.8.8带ECS,作为最终查询
{
"address": "8.8.8.8",
"clientIP": "国外ECS",
// ECS IP,请自行配置
"domains": [
"geosite:geolocation-!cn"
],
"tag": "dns-proxy",
"skipFallback": true,
"finalQuery": true
},
// CN预分流:先用223.5.5.5查询,检查是否为CN IP
{
"address": "223.5.5.5",
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
],
"tag": "dns-direct",
"skipFallback": false
},
// CN预分流失败后fallback:使用1.1.1.1查询,要求非CN IP
{
"address": "1.1.1.1",
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:!cn"
],
"tag": "dns-proxy",
"skipFallback": false
},
// CN预分流最终查询:8.8.8.8带ECS,作为最终查询
{
"address": "8.8.8.8",
"clientIP": "国内ECS",
// ECS IP,请自行配置
"domains": [
"geosite:cn"
],
"tag": "dns-proxy",
"skipFallback": true,
"finalQuery": true
},
// 预分流失败的域名:优先使用1.1.1.1查询
{
"address": "1.1.1.1",
"unexpectedIPs": [
"geoip:cn"
],
"tag": "dns-proxy",
"skipFallback": false
},
// 预分流失败的域名fallback:使用223.5.5.5重新查询(当1.1.1.1返回CN IP时)
{
"address": "223.5.5.5",
"expectIPs": [
"geoip:cn"
],
"tag": "dns-direct",
"skipFallback": false
},
// 预分流失败的域名最终查询:8.8.8.8带ECS(当返回非CN IP时)
{
"address": "8.8.8.8",
"clientIP": "国外ECS",
"expectIPs": [
"geoip:!cn"
],
"tag": "dns-proxy",
"skipFallback": true,
"finalQuery": true
}
],
"tag": "dns-proxy",
"enableParallelQuery": false,
"disableCache": true,
"disableFallback": false
},
"inbounds": [
{
"tag": "dns-in",
"protocol": "dokodemo-door",
"port": 1053,
"settings": {
"address": "127.0.0.1",
"port": 53,
"network": "udp"
}
}
],
"outbounds": [
{
"protocol": "dns",
"settings": {
"nonIPQuery": "skip"
},
"tag": "dns-out"
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "proxy",
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "127.0.0.1",
"port": 10001,
"method": "2022-blake3-aes-128-gcm",
"password": "buQ8PWlBCqsBLl7Ql7wVbw=="
}
]
}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"network": "tcp,udp",
"inboundTag": [
"dns-in"
],
"outboundTag": "dns-out"
},
{
"inboundTag": [
"dns-direct"
],
"outboundTag": "direct"
},
{
"inboundTag": [
"dns-proxy"
],
"outboundTag": "proxy"
}
]
}
}
配置思想
- 预分流CN和非CN,但是由于域名列表是人为维护的,有错误也有滞后性,所以不可能100%准确,需要手动修正
- 修正方式,使用expectIPs进行修正,如果修正失败,则使用带ECS查询进行fallback处理
参考文献
https://xtls.github.io/document/level-1/routing-with-dns.html#利用-xray-core-dns-模块实现精准分流
https://vio.moe/posts/wo-de-dns-pei-zhi-ji-qiao/
PS
默认关闭了DNS缓存,建议上层启用
评论