shadowsocks-rust DnsRelay improvements

trafficstars

[x] Allow DNS relay to work as a standalone server
[x] Uses the same UDP socket for listening to send reponse packets instead of creating one for every queries. related code
[x] Send TCP DNS queries directly to remote ssserver instead of sending to another socks5 sslocal process

Mar 15 '20 16:03 zonyitoo

Asking for comments @madeye @Mygod .

Reverse IP ACL lookup can be enabled by a separated feature, as suggested in #210 . Only enable it for sslocal integration.

Mar 15 '20 16:03 zonyitoo

Question: Why DNS queries are proxied to remote_dns_addr in TCP protocol but UDP to local_dns_addr? @madeye

Mar 15 '20 17:03 zonyitoo

It should be configurable :)

Mar 15 '20 18:03 Mygod

Many shadowsocks servers don't enable UDP relay, so we forward the DNS query via TCP to the remote server.

Mar 15 '20 22:03 madeye

Many shadowsocks servers don't enable UDP relay, so we forward the DNS query via TCP to the remote server.

So it should be configurable then.

Mar 16 '20 04:03 zonyitoo

Ok, next step,

[ ] uses trust-dns-client for higher level APIs
[ ] making DNS queries sent by TCP/UDP configurable

Mar 17 '20 14:03 zonyitoo

Should we reuse trust-dns-client to implement DNS relay? @madeye

Mar 18 '20 05:03 zonyitoo

If possible, it would be very nice.

With trust-dns-client, it maybe possible to handle hosts file as well.

Mar 18 '20 06:03 madeye

But that will end up to link most of the trust-dns, binary size will be large.

Mar 18 '20 06:03 zonyitoo

The binary size is not a concern for me.

@Mygod what do you think?

Mar 18 '20 08:03 madeye

Could we reuse the global DNS resolver? @madeye , the one in src/relay/dns_resolver/

Mar 18 '20 13:03 zonyitoo

What are you asking? If global resolver can handle the complexity of things we need to do then sure?

Mar 18 '20 13:03 Mygod

dns_relay send queries simultaneously by direct connections and proxy connections. For direct connections, they actually work the same as trust-dns-resolver internally but lack of many other things, such as lookup strategies (ipv4only, ipv6only, ipv4thenipv6, ...). So I was thinking about we should reuse this library rather than implementing all by ourselves.

On the other hand, if dns_relay is only for proxying DNS queries without any higher level functions, then we should use trust-dns-client.

Mar 18 '20 13:03 zonyitoo

Direct queries need to use local_dns_path on Android, no? On other platform, it is safe to use system resolver.

Mar 18 '20 13:03 Mygod

local_dns_path is not used anywhere in this project.

Mar 18 '20 14:03 zonyitoo

That's because it's still WIP...

Mar 18 '20 14:03 Mygod

Okay... I will keep it until madeye finishes all his works.

Mar 18 '20 14:03 zonyitoo

It would certainly be nice if we can reuse trust dns, e.g. connection reuse that they already have: https://github.com/bluejekyll/trust-dns/pull/1058

May 10 '20 06:05 Mygod

Yes, I also highly suggest that we can use trust-dns-client.

May 10 '20 08:05 zonyitoo

Its API allows customization of the underlying connection.

May 10 '20 08:05 zonyitoo

I looked at trust-dns and it is actually less customizable than you think (without changing its source code that is). Since in rust every subclass has to be sealed via enums, we cannot extend its interface other than reusing TcpStream. Unfortunately (a) it requires us to implement trust_dns_proto::tcp::Connect which is a very restrictive interface/trait (its async fn only takes a SocketAddr, no way to pass PathBuf, let alone ProxyStream); (b) all fields of TcpStream are private so we cannot get too far.

A preliminary attempt at hacking things together: https://gist.github.com/Mygod/2532e73063986635ce1f43db4e5825dd

May 10 '20 18:05 Mygod

Opened an upstream issue: https://github.com/bluejekyll/trust-dns/issues/1100

May 10 '20 18:05 Mygod

shadowsocks-rust shadowsocks-rust copied to clipboard

DnsRelay improvements

shadowsocks-rust
shadowsocks-rust copied to clipboard