Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS出站不尊重内建DNS的queryStrategy设置,可能导致DNS泄露 #1210

Closed
Mukou-Aoi opened this issue Aug 19, 2021 · 1 comment
Closed

DNS出站不尊重内建DNS的queryStrategy设置,可能导致DNS泄露 #1210

Mukou-Aoi opened this issue Aug 19, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@Mukou-Aoi
Copy link

Mukou-Aoi commented Aug 19, 2021
edited
Loading

文档对此功能的说明是:

在处理 DNS 查询时,此出站协议会将 IP 查询(即 A 和 AAAA)转发给内置的 DNS 服务器。

实际测试由DNS出站传入的请求会分别请求两种记录,无视内建DNS的 queryStrategy 设置:

v2ray-core/proxy/dns/dns.go

Lines 226 to 231 in e39a69e

switch qType {
case dnsmessage.TypeA:
ips, err = h.ipv4Lookup.LookupIPv4(domain)
case dnsmessage.TypeAAAA:
ips, err = h.ipv6Lookup.LookupIPv6(domain)
}

不知这是 bug 还是设计上有意为之?

一般来说,这个功能是用来配合透明代理把 UDP:53 流量全部拦截交给 V2Ray 来处理的,是 A 还是 AAAA 取决于原始请求。

当前行为下如果设置了 "queryStrategy": "UseIPv4" 而收到了 AAAA 请求会导致 DNS 泄露。
@Mukou-Aoi Mukou-Aoi changed the title DNS出站不尊重内建DNS的queryStrategy设置 DNS出站不尊重内建DNS的queryStrategy设置,可能导致DNS泄露 Aug 19, 2021
@Mukou-Aoi
Copy link
Author

Mukou-Aoi commented Aug 21, 2021
edited
Loading

应该是需要在 DNS queryStrategy 和 Freedom 的 domainStrategy 同时设置 UseIPv4

代码那里不是 Bug 吧,那里也是对应发起的请求解包后用 V2 的逻辑来处理的,请求时 A 就查 A,请求时 AAAA 就查 AAAA

这里说的问题和 Freedom 出站无关,是 DNS 出站协议 的问题。

在处理 DNS 查询时,此出站协议会将 IP 查询(即 A 和 AAAA)转发给内置的 DNS 服务器。其它类型的查询流量将被转发至它们原本的目标地址。

一般来说这个功能是用来拦截本机 DNS 请求来避免 DNS 泄露的,但并不会尊重 内建 DNSdomainStrategy 设置(若尊重设置,则应该屏蔽 A/AAAA 请求而不是两种请求全部接受)

同时,FakeDNS 默认的地址池也会根据这里的 domainStrategy 设置生成,会导致覆盖不到 A/AAAA 请求的情况。

@database64128 database64128 added the bug Something isn't working label Aug 21, 2021
This was referenced Sep 21, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@database64128 @nekohasekai @Mukou-Aoi