最新版使用 fakeipDNS 时，国内直连网址不通

[jaydong2016]

操作系统

Android

系统版本

MIUI 14 Android 13

安装类型

sing-box for Android 图形客户端程序

如果您使用图形客户端程序，请提供该程序版本。

1.12.0-alpha.4

版本

描述

使用 fakeip DNS 时，国内直连网址不通，
baidu.com 和 qq.com 等国内直连网址均访问失败
国外网址访问正常
似乎是 direct 有问题

重现方式

{
  "log": {
    "level": "debug"
  },
  "dns": {
    "servers": [
      {
        "type": "tls",
        "tag": "dns_proxy",
        "server": "8.8.8.8",
        "server_port": 0
      },
      {
        "type": "udp",
        "tag": "dns_resolver",
        "detour": "DIRECT",
        "server": "223.5.5.5",
        "server_port": 0
      },
      {
        "type": "fakeip",
        "tag": "dns_fakeip",
        "inet4_range": "198.18.0.0/15",
        "inet6_range": "fc00::/18"
      }
    ],
    "rules": [
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "domain_suffix": [
          "baidu.com",
          "linux.do",
          "tzfile.com",
          "pan666.net"
        ],
        "server": "dns_fakeip",
        "rewrite_ttl": 1
      },
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "rule_set": "geolocation-cn",
        "server": "dns_fakeip",
        "rewrite_ttl": 1
      },
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "server": "dns_fakeip",
        "rewrite_ttl": 1
      }
    ],
    "final": "dns_proxy",
    "strategy": "ipv4_only",
    "independent_cache": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "0.0.0.0",
      "listen_port": 8888
    },
    {
      "type": "tun",
      "tag": "tun-in",
      "mtu": 9000,
      "address": "172.18.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "mixed",
      "platform": {
        "http_proxy": {
          "enabled": true,
          "server": "127.0.0.1",
          "server_port": 8888
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "DIRECT"
    },
    {
      "type": "hysteria2",
      "tag": "hy2-racknerd",
      "server": "",
      "server_port": 62888,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "926fea47-9b0f-4b69-9c01-96bdbca32c3e",
      "tls": {
        "enabled": true,
        "server_name": "www.bing.com",
        "insecure": true,
        "alpn": "h3"
      }
    },
    {
      "type": "selector",
      "tag": "🚀 节点选择",
      "outbounds": [
        "hy2-racknerd",
        "DIRECT"
      ]
    },
    {
      "type": "selector",
      "tag": "GLOBAL",
      "outbounds": [
        "hy2-racknerd",
        "DIRECT"
      ]
    },
    {
      "type": "selector",
      "tag": "🐟 漏网之鱼",
      "outbounds": [
        "🚀 节点选择",
        "DIRECT",
        "hy2-racknerd"
      ]
    }
  ],
  "route": {
    "rules": [
      {
        "action": "sniff"
      },
      {
        "type": "logical",
        "mode": "or",
        "rules": [
          {
            "protocol": "dns"
          },
          {
            "port": 53
          }
        ],
        "action": "hijack-dns"
      },
      {
        "ip_is_private": true,
        "outbound": "DIRECT"
      },
      {
        "domain_suffix": [
          "baidu.com",
         
          "linux.do",
          "tzfile.com",
          "pan666.net"
        ],
        "outbound": "DIRECT"
      },
      {
        "rule_set": [
          "geolocation-cn",
          "cn-ip"
        ],
        "outbound": "DIRECT"
      }
    ],
    "rule_set": [
      {
        "type": "remote",
        "tag": "geolocation-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/lyc8503/sing-box-rules/refs/heads/rule-set-geosite/geosite-geolocation-cn.srs",
        "download_detour": "GLOBAL"
      },
      {
        "type": "remote",
        "tag": "openai",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/lyc8503/sing-box-rules/refs/heads/rule-set-geosite/geosite-openai.srs",
        "download_detour": "GLOBAL"
      },
      {
        "type": "remote",
        "tag": "cn-ip",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/lyc8503/sing-box-rules/refs/heads/rule-set-geoip/geoip-cn.srs",
        "download_detour": "GLOBAL"
      }
    ],
    "final": "🐟 漏网之鱼",
    "auto_detect_interface": true,
    "default_domain_resolver": "dns_proxy"
  },
  "experimental": {
    "cache_file": {
      "enabled": true,
      "path": "cache012.db",
      "store_fakeip": true
    }
  }
}

日志

[0071] [2091017378 Oms] router: match[1]
protocol=dns ll port=53 => hijack-dns
[0071] [2091017378 Oms] dns: exchange
www.baidu.com. IN A
[0071] [2091017378 Oms]
dns: match[1] query_type=[A AAAA]
domain_suffix=[baidu.com eu.org 644566.xyZ..] =>
route(dns_fakeip,rewrite-ttl=1)
[0071] [2091017378 Oms] dns: match[1] =>
route(dns_fakeip,rewrite-ttl=1)
[0071] [2091017378 Oms] dns: exchanged
www.baidu.com NOERROR 1
INFO[0071] [2091017378 Oms] dns: exchanged A
www.baidu.com.1IN A 198.18.0.17
ERROR[0076][895590739 5.0s] dns: exchange
failed for www.baidu.com. IN HTTPS: dial tcp
8.8.8.8:853: i/o timeout
ERROR[0076] [2354319482 5.0s] connection: open
outbound connection: dial tcp 198.18.0.17:443: i/o
timeout
[0076] router: found fakeip domain:
日志

支持我们

• 我已经 赞助

完整性要求

• 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[ggttam]

你用假的IP来直连怎么连的上啊，假IP给代理用的。
{
"type": "tls",
"tag": "dns_proxy",
"server": "8.8.8.8",
"detour": "hy2-racknerd",
"server_port": 0
},

  {
    "query_type": [
      "A",
      "AAAA"
    ],
    "domain_suffix": [
      "baidu.com",
      "linux.do",
      "tzfile.com",
      "pan666.net"
    ],
    "server": "dns_resolver",  //或者  "dns_proxy"
    "rewrite_ttl": 1
  },
  {
    "query_type": [
      "A",
      "AAAA"
    ],
    "rule_set": "geolocation-cn",
    "server": "dns_resolver",
    "rewrite_ttl": 1
  },

[jaydong2016]

1.11 的 FakeIP 是可以这样的用的，新版难道改了不能了？

[ggttam]

1.11用默认的出站链接DNS，就你配置的漏网之鱼链接8888
1.12你不设置出站就是默认直连，所以你8888没连上
你的8888DNS服务器加上"detour": "hy2-racknerd"就跟1.11一样能用了
只是国内网站用8888解析不推荐，那样抖音等视频软件分到的IP很远就会卡，解析也很慢

[jaydong2016]

我等 FakeIP 修复再试了🥲

[crazyhandofnoth]

1.11用默认的出站链接DNS，就你配置的漏网之鱼链接8888 1.12你不设置出站就是默认直连，所以你8888没连上 你的8888DNS服务器加上"detour": "hy2-racknerd"就跟1.11一样能用了 只是国内网站用8888解析不推荐，那样抖音等视频软件分到的IP很远就会卡，解析也很慢

  "dns": {
    "servers": [
      {
        "type": "udp",
        "server": "8.8.8.8",
        "detour": "outside"
      },
      {
        "tag": "fakeip",
        "inet4_range": "198.18.0.0/15",
        "inet6_range": "fc00::/18",
        "type": "fakeip"
      },
      {
        "tag": "ali",
        "type": "udp",
        "server": "223.5.5.5",
       // "detour": "direct"
      }

大师，是说这样吗
1.12.0的外部DNS必须加detour，不然就是直连？内部DNS可省略detour?

[kkocdko]

确实是有此问题。目前可以 workaround

{
  "dns": {
    "servers": [
      { "tag": "local", "type": "local", "detour": "direct" },
      { "tag": "fakeip", "type": "fakeip", "inet4_range": "198.18.0.0/15", "inet6_range": "fc00::/18" }
    ],
    "rules": [
      { "process_name": "sing-box", "server": "local" }, // avoid direct outbound be solved by fakeip
      { "query_type": ["A", "AAAA"], "server": "fakeip" }
    ],
    "strategy": "prefer_ipv4",
    "independent_cache": true
  }
}