DNS splitting xray #551
Description
I am using xtls/xray-core for bypassing censorship
I have the following repo and configs that contain more details on my setup, however I am struggling with one issue - accurate splitting
I have 2 servers - bridge (external) + portal (inside country)
The splitting happens on portal, but I believe the current solution is suboptimal, I would like to replace IPOnDemand with IPIfNonMatch but not sure if's possible.
So my task is to prevent dns leaks + split correctly on ip address using different dns provides for local/outbound requests and maintain performance. If someone knows the answer, would appreciate the help
portal.json
{
"log": {
"loglevel": "warning"
},
"dns": {
"tag": "dns-proxy",
"servers": [
{
"address": "1.1.1.1",
"domains": [
"geosite:google"
],
"finalQuery": true,
"skipFallback": true
},
{
"tag": "dns-direct",
"address": "77.88.8.8",
"domains": [
"geosite:ru-available-only-inside"
],
"expectIPs": [
"geoip:ru"
],
"skipFallback": true
},
{
"address": "1.1.1.1",
"clientIp": "77.88.8.8",
"skipFallback": false
},
"1.1.1.1"
],
"enableParallelQuery": true
},
"reverse": {
"portals": [
{
"tag": "portal",
"domain": "full:reverse.idbduywebcwe9ocvnew.com"
}
]
},
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"dns-direct"
],
"outboundTag": "direct"
},
{
"type": "field",
"inboundTag": [
"dns-proxy"
],
"outboundTag": "portal"
},
{
"ip": [
"geoip:ru"
],
"type": "field",
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:category-ads"
],
"outboundTag": "block"
},
{
"type": "field",
"inboundTag": [
"incoming",
"client"
],
"outboundTag": "portal"
}
],
"domainStrategy": "IPOnDemand"
},
"inbounds": [
{
"listen": null,
"port": 51800,
"tag": "client",
"protocol": "wireguard",
"settings": {
"mtu": 1420,
"secretKey": "",
"peers": [
{
"privateKey": "",
"publicKey": "",
"allowedIPs": [
"10.0.0.2/32"
]
}
],
"noKernelTun": false
},
"streamSettings": null,
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic",
"fakedns"
],
"metadataOnly": false,
"routeOnly": false
},
"allocate": {
"strategy": "always",
"refresh": 5,
"concurrency": 20
}
},
{
"tag": "incoming",
"port": "443",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "",
"email": "",
"flow": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/api/v1/users",
"mode": "auto"
},
"security": "reality",
"realitySettings": {
"target": "travel.yandex.ru:443",
"serverNames": [
"travel.yandex.ru"
],
"privateKey": "",
"shortIds": [
""
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
bridge.json
{
"log": {
"loglevel": "warning"
},
"dns": {
"servers": [
"tcp+local://1.1.1.1"
]
},
"reverse": {
"bridges": [
{
"tag": "bridge",
"domain": "reverse.idbduywebcwe9ocvnew.com"
}
]
},
"outbounds": [
{
"tag": "outgoing",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "ip_ru_server",
"port": 443,
"users": [
{
"id": "",
"flow": "",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/api/v1/users"
},
"security": "reality",
"realitySettings": {
"serverName": "travel.yandex.ru",
"publicKey": "",
"shortId": "",
"spiderX": "/users",
"fingerprint": "randomized"
}
}
},
{
"tag": "direct",
"protocol": "freedom"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"bridge"
],
"domain": [
"full:reverse.idbduywebcwe9ocvnew.com"
],
"outboundTag": "outgoing"
},
{
"type": "field",
"inboundTag": [
"bridge"
],
"outboundTag": "direct"
}
]
}
}