v1.0.0

proxy/dns/config.pb.go

@@ -0,0 +1,160 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.25.0
+// 	protoc        v3.14.0
+// source: proxy/dns/config.proto
+
+package dns
+
+import (
+	proto "github.com/golang/protobuf/proto"
+	net "github.com/xtls/xray-core/v1/common/net"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// This is a compile-time assertion that a sufficiently up-to-date version
+// of the legacy proto package is being used.
+const _ = proto.ProtoPackageIsVersion4
+
+type Config struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Server is the DNS server address. If specified, this address overrides the
+	// original one.
+	Server *net.Endpoint `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"`
+}
+
+func (x *Config) Reset() {
+	*x = Config{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proxy_dns_config_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Config) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Config) ProtoMessage() {}
+
+func (x *Config) ProtoReflect() protoreflect.Message {
+	mi := &file_proxy_dns_config_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Config.ProtoReflect.Descriptor instead.
+func (*Config) Descriptor() ([]byte, []int) {
+	return file_proxy_dns_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Config) GetServer() *net.Endpoint {
+	if x != nil {
+		return x.Server
+	}
+	return nil
+}
+
+var File_proxy_dns_config_proto protoreflect.FileDescriptor
+
+var file_proxy_dns_config_proto_rawDesc = []byte{
+	0x0a, 0x16, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x64, 0x6e, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x1a, 0x1c, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2f, 0x6e, 0x65, 0x74, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x3b, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x31, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x19, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e,
+	0x65, 0x74, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x42, 0x4f, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61,
+	0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f,
+	0x64, 0x6e, 0x73, 0xaa, 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x2e, 0x44, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_proxy_dns_config_proto_rawDescOnce sync.Once
+	file_proxy_dns_config_proto_rawDescData = file_proxy_dns_config_proto_rawDesc
+)
+
+func file_proxy_dns_config_proto_rawDescGZIP() []byte {
+	file_proxy_dns_config_proto_rawDescOnce.Do(func() {
+		file_proxy_dns_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_proxy_dns_config_proto_rawDescData)
+	})
+	return file_proxy_dns_config_proto_rawDescData
+}
+
+var file_proxy_dns_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_proxy_dns_config_proto_goTypes = []interface{}{
+	(*Config)(nil),       // 0: xray.proxy.dns.Config
+	(*net.Endpoint)(nil), // 1: xray.common.net.Endpoint
+}
+var file_proxy_dns_config_proto_depIdxs = []int32{
+	1, // 0: xray.proxy.dns.Config.server:type_name -> xray.common.net.Endpoint
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_proxy_dns_config_proto_init() }
+func file_proxy_dns_config_proto_init() {
+	if File_proxy_dns_config_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_proxy_dns_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Config); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_proxy_dns_config_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_proxy_dns_config_proto_goTypes,
+		DependencyIndexes: file_proxy_dns_config_proto_depIdxs,
+		MessageInfos:      file_proxy_dns_config_proto_msgTypes,
+	}.Build()
+	File_proxy_dns_config_proto = out.File
+	file_proxy_dns_config_proto_rawDesc = nil
+	file_proxy_dns_config_proto_goTypes = nil
+	file_proxy_dns_config_proto_depIdxs = nil
+}

proxy/dns/config.proto

@@ -0,0 +1,15 @@
+syntax = "proto3";
+
+package xray.proxy.dns;
+option csharp_namespace = "Xray.Proxy.Dns";
+option go_package = "github.com/xtls/xray-core/v1/proxy/dns";
+option java_package = "com.xray.proxy.dns";
+option java_multiple_files = true;
+
+import "common/net/destination.proto";
+
+message Config {
+  // Server is the DNS server address. If specified, this address overrides the
+  // original one.
+  xray.common.net.Endpoint server = 1;
+}

proxy/dns/dns.go

@@ -0,0 +1,330 @@
+// +build !confonly
+
+package dns
+
+import (
+	"context"
+	"io"
+	"sync"
+
+	"golang.org/x/net/dns/dnsmessage"
+
+	"github.com/xtls/xray-core/v1/common"
+	"github.com/xtls/xray-core/v1/common/buf"
+	"github.com/xtls/xray-core/v1/common/net"
+	dns_proto "github.com/xtls/xray-core/v1/common/protocol/dns"
+	"github.com/xtls/xray-core/v1/common/session"
+	"github.com/xtls/xray-core/v1/common/task"
+	"github.com/xtls/xray-core/v1/core"
+	"github.com/xtls/xray-core/v1/features/dns"
+	"github.com/xtls/xray-core/v1/transport"
+	"github.com/xtls/xray-core/v1/transport/internet"
+)
+
+func init() {
+	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
+		h := new(Handler)
+		if err := core.RequireFeatures(ctx, func(dnsClient dns.Client) error {
+			return h.Init(config.(*Config), dnsClient)
+		}); err != nil {
+			return nil, err
+		}
+		return h, nil
+	}))
+}
+
+type ownLinkVerifier interface {
+	IsOwnLink(ctx context.Context) bool
+}
+
+type Handler struct {
+	ipv4Lookup      dns.IPv4Lookup
+	ipv6Lookup      dns.IPv6Lookup
+	ownLinkVerifier ownLinkVerifier
+	server          net.Destination
+}
+
+func (h *Handler) Init(config *Config, dnsClient dns.Client) error {
+	ipv4lookup, ok := dnsClient.(dns.IPv4Lookup)
+	if !ok {
+		return newError("dns.Client doesn't implement IPv4Lookup")
+	}
+	h.ipv4Lookup = ipv4lookup
+
+	ipv6lookup, ok := dnsClient.(dns.IPv6Lookup)
+	if !ok {
+		return newError("dns.Client doesn't implement IPv6Lookup")
+	}
+	h.ipv6Lookup = ipv6lookup
+
+	if v, ok := dnsClient.(ownLinkVerifier); ok {
+		h.ownLinkVerifier = v
+	}
+
+	if config.Server != nil {
+		h.server = config.Server.AsDestination()
+	}
+	return nil
+}
+
+func (h *Handler) isOwnLink(ctx context.Context) bool {
+	return h.ownLinkVerifier != nil && h.ownLinkVerifier.IsOwnLink(ctx)
+}
+
+func parseIPQuery(b []byte) (r bool, domain string, id uint16, qType dnsmessage.Type) {
+	var parser dnsmessage.Parser
+	header, err := parser.Start(b)
+	if err != nil {
+		newError("parser start").Base(err).WriteToLog()
+		return
+	}
+
+	id = header.ID
+	q, err := parser.Question()
+	if err != nil {
+		newError("question").Base(err).WriteToLog()
+		return
+	}
+	qType = q.Type
+	if qType != dnsmessage.TypeA && qType != dnsmessage.TypeAAAA {
+		return
+	}
+
+	domain = q.Name.String()
+	r = true
+	return
+}
+
+// Process implements proxy.Outbound.
+func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.Dialer) error {
+	outbound := session.OutboundFromContext(ctx)
+	if outbound == nil || !outbound.Target.IsValid() {
+		return newError("invalid outbound")
+	}
+
+	srcNetwork := outbound.Target.Network
+
+	dest := outbound.Target
+	if h.server.Network != net.Network_Unknown {
+		dest.Network = h.server.Network
+	}
+	if h.server.Address != nil {
+		dest.Address = h.server.Address
+	}
+	if h.server.Port != 0 {
+		dest.Port = h.server.Port
+	}
+
+	newError("handling DNS traffic to ", dest).WriteToLog(session.ExportIDToError(ctx))
+
+	conn := &outboundConn{
+		dialer: func() (internet.Connection, error) {
+			return d.Dial(ctx, dest)
+		},
+		connReady: make(chan struct{}, 1),
+	}
+
+	var reader dns_proto.MessageReader
+	var writer dns_proto.MessageWriter
+	if srcNetwork == net.Network_TCP {
+		reader = dns_proto.NewTCPReader(link.Reader)
+		writer = &dns_proto.TCPWriter{
+			Writer: link.Writer,
+		}
+	} else {
+		reader = &dns_proto.UDPReader{
+			Reader: link.Reader,
+		}
+		writer = &dns_proto.UDPWriter{
+			Writer: link.Writer,
+		}
+	}
+
+	var connReader dns_proto.MessageReader
+	var connWriter dns_proto.MessageWriter
+	if dest.Network == net.Network_TCP {
+		connReader = dns_proto.NewTCPReader(buf.NewReader(conn))
+		connWriter = &dns_proto.TCPWriter{
+			Writer: buf.NewWriter(conn),
+		}
+	} else {
+		connReader = &dns_proto.UDPReader{
+			Reader: buf.NewPacketReader(conn),
+		}
+		connWriter = &dns_proto.UDPWriter{
+			Writer: buf.NewWriter(conn),
+		}
+	}
+
+	request := func() error {
+		defer conn.Close()
+
+		for {
+			b, err := reader.ReadMessage()
+			if err == io.EOF {
+				return nil
+			}
+
+			if err != nil {
+				return err
+			}
+
+			if !h.isOwnLink(ctx) {
+				isIPQuery, domain, id, qType := parseIPQuery(b.Bytes())
+				if isIPQuery {
+					go h.handleIPQuery(id, qType, domain, writer)
+					continue
+				}
+			}
+
+			if err := connWriter.WriteMessage(b); err != nil {
+				return err
+			}
+		}
+	}
+
+	response := func() error {
+		for {
+			b, err := connReader.ReadMessage()
+			if err == io.EOF {
+				return nil
+			}
+
+			if err != nil {
+				return err
+			}
+
+			if err := writer.WriteMessage(b); err != nil {
+				return err
+			}
+		}
+	}
+
+	if err := task.Run(ctx, request, response); err != nil {
+		return newError("connection ends").Base(err)
+	}
+
+	return nil
+}
+
+func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter) {
+	var ips []net.IP
+	var err error
+
+	switch qType {
+	case dnsmessage.TypeA:
+		ips, err = h.ipv4Lookup.LookupIPv4(domain)
+	case dnsmessage.TypeAAAA:
+		ips, err = h.ipv6Lookup.LookupIPv6(domain)
+	}
+
+	rcode := dns.RCodeFromError(err)
+	if rcode == 0 && len(ips) == 0 && err != dns.ErrEmptyResponse {
+		newError("ip query").Base(err).WriteToLog()
+		return
+	}
+
+	b := buf.New()
+	rawBytes := b.Extend(buf.Size)
+	builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{
+		ID:                 id,
+		RCode:              dnsmessage.RCode(rcode),
+		RecursionAvailable: true,
+		RecursionDesired:   true,
+		Response:           true,
+		Authoritative:      true,
+	})
+	builder.EnableCompression()
+	common.Must(builder.StartQuestions())
+	common.Must(builder.Question(dnsmessage.Question{
+		Name:  dnsmessage.MustNewName(domain),
+		Class: dnsmessage.ClassINET,
+		Type:  qType,
+	}))
+	common.Must(builder.StartAnswers())
+
+	rHeader := dnsmessage.ResourceHeader{Name: dnsmessage.MustNewName(domain), Class: dnsmessage.ClassINET, TTL: 600}
+	for _, ip := range ips {
+		if len(ip) == net.IPv4len {
+			var r dnsmessage.AResource
+			copy(r.A[:], ip)
+			common.Must(builder.AResource(rHeader, r))
+		} else {
+			var r dnsmessage.AAAAResource
+			copy(r.AAAA[:], ip)
+			common.Must(builder.AAAAResource(rHeader, r))
+		}
+	}
+	msgBytes, err := builder.Finish()
+	if err != nil {
+		newError("pack message").Base(err).WriteToLog()
+		b.Release()
+		return
+	}
+	b.Resize(0, int32(len(msgBytes)))
+
+	if err := writer.WriteMessage(b); err != nil {
+		newError("write IP answer").Base(err).WriteToLog()
+	}
+}
+
+type outboundConn struct {
+	access sync.Mutex
+	dialer func() (internet.Connection, error)
+
+	conn      net.Conn
+	connReady chan struct{}
+}
+
+func (c *outboundConn) dial() error {
+	conn, err := c.dialer()
+	if err != nil {
+		return err
+	}
+	c.conn = conn
+	c.connReady <- struct{}{}
+	return nil
+}
+
+func (c *outboundConn) Write(b []byte) (int, error) {
+	c.access.Lock()
+
+	if c.conn == nil {
+		if err := c.dial(); err != nil {
+			c.access.Unlock()
+			newError("failed to dial outbound connection").Base(err).AtWarning().WriteToLog()
+			return len(b), nil
+		}
+	}
+
+	c.access.Unlock()
+
+	return c.conn.Write(b)
+}
+
+func (c *outboundConn) Read(b []byte) (int, error) {
+	var conn net.Conn
+	c.access.Lock()
+	conn = c.conn
+	c.access.Unlock()
+
+	if conn == nil {
+		_, open := <-c.connReady
+		if !open {
+			return 0, io.EOF
+		}
+		conn = c.conn
+	}
+
+	return conn.Read(b)
+}
+
+func (c *outboundConn) Close() error {
+	c.access.Lock()
+	close(c.connReady)
+	if c.conn != nil {
+		c.conn.Close()
+	}
+	c.access.Unlock()
+	return nil
+}

proxy/dns/dns_test.go

@@ -0,0 +1,370 @@
+package dns_test
+
+import (
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/miekg/dns"
+
+	"github.com/xtls/xray-core/v1/app/dispatcher"
+	dnsapp "github.com/xtls/xray-core/v1/app/dns"
+	"github.com/xtls/xray-core/v1/app/policy"
+	"github.com/xtls/xray-core/v1/app/proxyman"
+	_ "github.com/xtls/xray-core/v1/app/proxyman/inbound"
+	_ "github.com/xtls/xray-core/v1/app/proxyman/outbound"
+	"github.com/xtls/xray-core/v1/common"
+	"github.com/xtls/xray-core/v1/common/net"
+	"github.com/xtls/xray-core/v1/common/serial"
+	"github.com/xtls/xray-core/v1/core"
+	dns_proxy "github.com/xtls/xray-core/v1/proxy/dns"
+	"github.com/xtls/xray-core/v1/proxy/dokodemo"
+	"github.com/xtls/xray-core/v1/testing/servers/tcp"
+	"github.com/xtls/xray-core/v1/testing/servers/udp"
+)
+
+type staticHandler struct {
+}
+
+func (*staticHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
+	ans := new(dns.Msg)
+	ans.Id = r.Id
+
+	var clientIP net.IP
+
+	opt := r.IsEdns0()
+	if opt != nil {
+		for _, o := range opt.Option {
+			if o.Option() == dns.EDNS0SUBNET {
+				subnet := o.(*dns.EDNS0_SUBNET)
+				clientIP = subnet.Address
+			}
+		}
+	}
+
+	for _, q := range r.Question {
+		switch {
+		case q.Name == "google.com." && q.Qtype == dns.TypeA:
+			if clientIP == nil {
+				rr, _ := dns.NewRR("google.com. IN A 8.8.8.8")
+				ans.Answer = append(ans.Answer, rr)
+			} else {
+				rr, _ := dns.NewRR("google.com. IN A 8.8.4.4")
+				ans.Answer = append(ans.Answer, rr)
+			}
+
+		case q.Name == "facebook.com." && q.Qtype == dns.TypeA:
+			rr, _ := dns.NewRR("facebook.com. IN A 9.9.9.9")
+			ans.Answer = append(ans.Answer, rr)
+
+		case q.Name == "ipv6.google.com." && q.Qtype == dns.TypeA:
+			rr, err := dns.NewRR("ipv6.google.com. IN A 8.8.8.7")
+			common.Must(err)
+			ans.Answer = append(ans.Answer, rr)
+
+		case q.Name == "ipv6.google.com." && q.Qtype == dns.TypeAAAA:
+			rr, err := dns.NewRR("ipv6.google.com. IN AAAA 2001:4860:4860::8888")
+			common.Must(err)
+			ans.Answer = append(ans.Answer, rr)
+
+		case q.Name == "notexist.google.com." && q.Qtype == dns.TypeAAAA:
+			ans.MsgHdr.Rcode = dns.RcodeNameError
+		}
+	}
+	w.WriteMsg(ans)
+}
+
+func TestUDPDNSTunnel(t *testing.T) {
+	port := udp.PickPort()
+
+	dnsServer := dns.Server{
+		Addr:    "127.0.0.1:" + port.String(),
+		Net:     "udp",
+		Handler: &staticHandler{},
+		UDPSize: 1200,
+	}
+	defer dnsServer.Shutdown()
+
+	go dnsServer.ListenAndServe()
+	time.Sleep(time.Second)
+
+	serverPort := udp.PickPort()
+	config := &core.Config{
+		App: []*serial.TypedMessage{
+			serial.ToTypedMessage(&dnsapp.Config{
+				NameServers: []*net.Endpoint{
+					{
+						Network: net.Network_UDP,
+						Address: &net.IPOrDomain{
+							Address: &net.IPOrDomain_Ip{
+								Ip: []byte{127, 0, 0, 1},
+							},
+						},
+						Port: uint32(port),
+					},
+				},
+			}),
+			serial.ToTypedMessage(&dispatcher.Config{}),
+			serial.ToTypedMessage(&proxyman.OutboundConfig{}),
+			serial.ToTypedMessage(&proxyman.InboundConfig{}),
+			serial.ToTypedMessage(&policy.Config{}),
+		},
+		Inbound: []*core.InboundHandlerConfig{
+			{
+				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
+					Address:  net.NewIPOrDomain(net.LocalHostIP),
+					Port:     uint32(port),
+					Networks: []net.Network{net.Network_UDP},
+				}),
+				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
+					PortRange: net.SinglePortRange(serverPort),
+					Listen:    net.NewIPOrDomain(net.LocalHostIP),
+				}),
+			},
+		},
+		Outbound: []*core.OutboundHandlerConfig{
+			{
+				ProxySettings: serial.ToTypedMessage(&dns_proxy.Config{}),
+			},
+		},
+	}
+
+	v, err := core.New(config)
+	common.Must(err)
+	common.Must(v.Start())
+	defer v.Close()
+
+	{
+		m1 := new(dns.Msg)
+		m1.Id = dns.Id()
+		m1.RecursionDesired = true
+		m1.Question = make([]dns.Question, 1)
+		m1.Question[0] = dns.Question{Name: "google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET}
+
+		c := new(dns.Client)
+		in, _, err := c.Exchange(m1, "127.0.0.1:"+strconv.Itoa(int(serverPort)))
+		common.Must(err)
+
+		if len(in.Answer) != 1 {
+			t.Fatal("len(answer): ", len(in.Answer))
+		}
+
+		rr, ok := in.Answer[0].(*dns.A)
+		if !ok {
+			t.Fatal("not A record")
+		}
+		if r := cmp.Diff(rr.A[:], net.IP{8, 8, 8, 8}); r != "" {
+			t.Error(r)
+		}
+	}
+
+	{
+		m1 := new(dns.Msg)
+		m1.Id = dns.Id()
+		m1.RecursionDesired = true
+		m1.Question = make([]dns.Question, 1)
+		m1.Question[0] = dns.Question{Name: "ipv4only.google.com.", Qtype: dns.TypeAAAA, Qclass: dns.ClassINET}
+
+		c := new(dns.Client)
+		c.Timeout = 10 * time.Second
+		in, _, err := c.Exchange(m1, "127.0.0.1:"+strconv.Itoa(int(serverPort)))
+		common.Must(err)
+
+		if len(in.Answer) != 0 {
+			t.Fatal("len(answer): ", len(in.Answer))
+		}
+	}
+
+	{
+		m1 := new(dns.Msg)
+		m1.Id = dns.Id()
+		m1.RecursionDesired = true
+		m1.Question = make([]dns.Question, 1)
+		m1.Question[0] = dns.Question{Name: "notexist.google.com.", Qtype: dns.TypeAAAA, Qclass: dns.ClassINET}
+
+		c := new(dns.Client)
+		in, _, err := c.Exchange(m1, "127.0.0.1:"+strconv.Itoa(int(serverPort)))
+		common.Must(err)
+
+		if in.Rcode != dns.RcodeNameError {
+			t.Error("expected NameError, but got ", in.Rcode)
+		}
+	}
+}
+
+func TestTCPDNSTunnel(t *testing.T) {
+	port := udp.PickPort()
+
+	dnsServer := dns.Server{
+		Addr:    "127.0.0.1:" + port.String(),
+		Net:     "udp",
+		Handler: &staticHandler{},
+	}
+	defer dnsServer.Shutdown()
+
+	go dnsServer.ListenAndServe()
+	time.Sleep(time.Second)
+
+	serverPort := tcp.PickPort()
+	config := &core.Config{
+		App: []*serial.TypedMessage{
+			serial.ToTypedMessage(&dnsapp.Config{
+				NameServer: []*dnsapp.NameServer{
+					{
+						Address: &net.Endpoint{
+							Network: net.Network_UDP,
+							Address: &net.IPOrDomain{
+								Address: &net.IPOrDomain_Ip{
+									Ip: []byte{127, 0, 0, 1},
+								},
+							},
+							Port: uint32(port),
+						},
+					},
+				},
+			}),
+			serial.ToTypedMessage(&dispatcher.Config{}),
+			serial.ToTypedMessage(&proxyman.OutboundConfig{}),
+			serial.ToTypedMessage(&proxyman.InboundConfig{}),
+			serial.ToTypedMessage(&policy.Config{}),
+		},
+		Inbound: []*core.InboundHandlerConfig{
+			{
+				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
+					Address:  net.NewIPOrDomain(net.LocalHostIP),
+					Port:     uint32(port),
+					Networks: []net.Network{net.Network_TCP},
+				}),
+				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
+					PortRange: net.SinglePortRange(serverPort),
+					Listen:    net.NewIPOrDomain(net.LocalHostIP),
+				}),
+			},
+		},
+		Outbound: []*core.OutboundHandlerConfig{
+			{
+				ProxySettings: serial.ToTypedMessage(&dns_proxy.Config{}),
+			},
+		},
+	}
+
+	v, err := core.New(config)
+	common.Must(err)
+	common.Must(v.Start())
+	defer v.Close()
+
+	m1 := new(dns.Msg)
+	m1.Id = dns.Id()
+	m1.RecursionDesired = true
+	m1.Question = make([]dns.Question, 1)
+	m1.Question[0] = dns.Question{Name: "google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET}
+
+	c := &dns.Client{
+		Net: "tcp",
+	}
+	in, _, err := c.Exchange(m1, "127.0.0.1:"+serverPort.String())
+	common.Must(err)
+
+	if len(in.Answer) != 1 {
+		t.Fatal("len(answer): ", len(in.Answer))
+	}
+
+	rr, ok := in.Answer[0].(*dns.A)
+	if !ok {
+		t.Fatal("not A record")
+	}
+	if r := cmp.Diff(rr.A[:], net.IP{8, 8, 8, 8}); r != "" {
+		t.Error(r)
+	}
+}
+
+func TestUDP2TCPDNSTunnel(t *testing.T) {
+	port := tcp.PickPort()
+
+	dnsServer := dns.Server{
+		Addr:    "127.0.0.1:" + port.String(),
+		Net:     "tcp",
+		Handler: &staticHandler{},
+	}
+	defer dnsServer.Shutdown()
+
+	go dnsServer.ListenAndServe()
+	time.Sleep(time.Second)
+
+	serverPort := tcp.PickPort()
+	config := &core.Config{
+		App: []*serial.TypedMessage{
+			serial.ToTypedMessage(&dnsapp.Config{
+				NameServer: []*dnsapp.NameServer{
+					{
+						Address: &net.Endpoint{
+							Network: net.Network_UDP,
+							Address: &net.IPOrDomain{
+								Address: &net.IPOrDomain_Ip{
+									Ip: []byte{127, 0, 0, 1},
+								},
+							},
+							Port: uint32(port),
+						},
+					},
+				},
+			}),
+			serial.ToTypedMessage(&dispatcher.Config{}),
+			serial.ToTypedMessage(&proxyman.OutboundConfig{}),
+			serial.ToTypedMessage(&proxyman.InboundConfig{}),
+			serial.ToTypedMessage(&policy.Config{}),
+		},
+		Inbound: []*core.InboundHandlerConfig{
+			{
+				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
+					Address:  net.NewIPOrDomain(net.LocalHostIP),
+					Port:     uint32(port),
+					Networks: []net.Network{net.Network_TCP},
+				}),
+				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
+					PortRange: net.SinglePortRange(serverPort),
+					Listen:    net.NewIPOrDomain(net.LocalHostIP),
+				}),
+			},
+		},
+		Outbound: []*core.OutboundHandlerConfig{
+			{
+				ProxySettings: serial.ToTypedMessage(&dns_proxy.Config{
+					Server: &net.Endpoint{
+						Network: net.Network_TCP,
+					},
+				}),
+			},
+		},
+	}
+
+	v, err := core.New(config)
+	common.Must(err)
+	common.Must(v.Start())
+	defer v.Close()
+
+	m1 := new(dns.Msg)
+	m1.Id = dns.Id()
+	m1.RecursionDesired = true
+	m1.Question = make([]dns.Question, 1)
+	m1.Question[0] = dns.Question{Name: "google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET}
+
+	c := &dns.Client{
+		Net: "tcp",
+	}
+	in, _, err := c.Exchange(m1, "127.0.0.1:"+serverPort.String())
+	common.Must(err)
+
+	if len(in.Answer) != 1 {
+		t.Fatal("len(answer): ", len(in.Answer))
+	}
+
+	rr, ok := in.Answer[0].(*dns.A)
+	if !ok {
+		t.Fatal("not A record")
+	}
+	if r := cmp.Diff(rr.A[:], net.IP{8, 8, 8, 8}); r != "" {
+		t.Error(r)
+	}
+}

proxy/dns/errors.generated.go

@@ -0,0 +1,9 @@
+package dns
+
+import "github.com/xtls/xray-core/v1/common/errors"
+
+type errPathObjHolder struct{}
+
+func newError(values ...interface{}) *errors.Error {
+	return errors.New(values...).WithPathObj(errPathObjHolder{})
+}