gfw_resist_HTTPS_proxy
gfw_resist_HTTPS_proxy copied to clipboard
GFW-knocker
serverless json
Hi What's the purpose of forwarding all packets with destination port of 8443 to internal DNS server?
"inboundTag": [
"socks-in",
"http-in"
],
"type": "field",
"port": "8443",
"outboundTag": "dns-out",
"enabled": true
},
I changed it to port 53 and now all of the udp dns traffic generated by system and apps, will go through Xray-core's internal dns server and I can actually open many websites that were blocked by dns+sni filtering, like google play.
Hi What's the purpose of forwarding all packets with destination port of 8443 to internal DNS server?
"inboundTag": [ "socks-in", "http-in" ], "type": "field", "port": "8443", "outboundTag": "dns-out", "enabled": true },I changed it to port 53 and now all of the udp dns traffic generated by system and apps, will go through Xray-core's internal dns server and I can actually open many websites that were blocked by dns+sni filtering, like google play.
thank you very much for your suggestion i haven't notice that before. can you please test if this this routing rule actually do anything? i mean if you delete that , still you able to open those site or not?
Yes I have tested it.
- If I keep the original one, on v2rayNG with default configuration of VPN DNS=1.1.1.1, dns requests directly go out to UDP 1.1.1.1:53 and the censorship system sees the plain request and poisons it. it returns the answer 10.10.34.36 or something in 10.10.0.0/16 range for some blocked domains. (I tested it using Net Analyzer app by querying dns).
- If I delete the rule, the same happens.
- in both previous cases, google play application fails to load. (play.google.com website works but not the app)
- If I change 8443 to 53 in the aforementioned part, when I try to resolve dns, correct answers return and dns poisoning is bypassed and I can use google play to download and update apps.