[Spotify not working حل مشکل اسپاتیفای] Intercepting DNS traffic to solve issues with some apps like spotify (using fakeDNS)

[pulsarice]

برای راه ساده حل مشکل اسپاتیفای این کامنت رو ببینید

Spotify blocks requests from many datacenter IPs and we have to route its traffic through Warp.
For some reason, xray can't sniff the domain name in some of Spotify's requests. The only solution that I have found is to use fakeDNS.
But using fakeDNS for all domains can cause DNS corruption and make some apps misbehave after VPN disconnection.
The solution is to intercept DNS traffic on port 53 and forward it to core's built-in DNS and using fakeDNS only for those specific domains.

Currently I'm doing it by manually editing the config file.
It would be nice if these configurations could be implemented in the GUI:

{
  "dns": {
    "tag": "dns_inbound",
    "queryStrategy": "UseIPv4",
    "servers": [
      "8.8.8.8",
      "1.1.1.1",
      {
        "address": "fakedns",
        "domains": [ //specifying domains which should be answered via fakedns
          "domain:spotify.com"
        ],
        "skipFallback": true // avoid using fakedns for all other domains
      }
    ]
  },
  "outbounds": [
    {
      "tag": "direct"
    },
    {
      "tag": "proxy",
    },
    {
      "protocol": "dns", // any DNS request routed to this outbound will be served by internal DNS server. It will also provide DNS caching.
      "tag": "dns-out"
    },
    {
      "tag": "warp",
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "dns_inbound"
        ],
        "outboundTag": "proxy" // setting default outbound for internal DNS server's traffic.
      },
      {
        "type": "field",
        "port": "53", // intercepting clients' DNS traffic
        "outboundTag": "dns-out"
      },
      {
        "type": "field",
        "port": "853", // blocking dns over TLS so the client falls back to unencrypted DNS
        "outboundTag": "blocked"
      },
      {
        "type": "field",
        "outboundTag": "warp",
        "domain": [
          "domain:spotify.com" // now that all requests to Spotify is detected correctly, we can route it to warp
        ]
      }
    ]
  },
  "fakedns": [ // this part is optional as xray-core will automatically assign a pool for fakedns when it's called upon.
    {
      "ipPool": "198.18.0.0/16",
      "poolSize": 65535
    }
  ]
}

[TheLordOfTheKings]

+1

[alireza0]

The only option which is not available in the panel is skipFallback. It is now added.
I can't find a general way to add other options which have only one function.
Do you have any idea ?

Just needs to pin this issue for advanced users.

[pulsarice]

The only option which is not available in the panel is skipFallback. It is now added.

Thanks

I can't find a general way to add other options which have only one function. Do you have any idea ?

I practically know nothing about coding and don't know any side effects this might have. but this is my suggestion:

Upon enabling fakedns and adding it to dns part of config.json, enable "skipFallback": true to prevent other domains to be resolved by fakedns.
Add the needed dns outbound

    {
      "protocol": "dns",
      "tag": "dns-out"
    }

and these are the minimum routing rules needed to make fakedns function:

    {
        "type": "field",
        "inboundTag": [
          "dns_inbound" 
        ],
        "outboundTag": "userdefined"
      }, 
      {
        "type": "field",
        "port": "53", 
        "outboundTag": "dns-out"
      }

The first rule is needed to prevent routing loop caused by the next rule. we don't want to route dns traffic generated by core back to itself.
There's another problem, we don't know what outbound/balancer we should use to route that traffic.
Therefore I think it's a good idea to add a user configurable outbound/balancer tag for traffic generated by internal dns. (under DNS tab of Xray config in UI) because if the x-ui is running on a domestic server, the core's internal dns traffic will be routed to the first outbound (usually direct which will be prone to dns poisoning) unless specified in routing rules.
I know it's a hassle to implement these and also might break something else!

[alireza0]

There is a fact here, when it is configurable and all needed parameters are exist, then it is enough.
Admin only needs one time configuration.

This panel should not force admins to configure in one predefined way. Each admin has separated config and their desired solution.
For example please think about these situations:

• DNS related routing rules need to be in correct order between other rules.
• DNS outbound could be different on each solution.
• Multiple inbounds and outbounds in a complex solution could not be handled by one basic setting.

Therefore keep it open to configure by admin could be more useful (in my opinion).

[alireza0]

Thanks again
Closing this issue...
Please open new issue in case of new bug/enhancements

[pulsarice]

Thanks for your attention to this matter

[pulsarice]

یک راه راحت‌تر برای حل مشکل اسپاتیفای هست بدون نیاز به fakedns.
علاوه بر اون رول که domain:spotify.com رو انداختید روی مسیر warp، باید یه رول جدید هم ایجاد کنید و ترافیک پورت 4070 رو ببرید روی وارپ.

  {
    "type": "field",
    "port": "4070",
    "outboundTag": "warp"
  }