github.com/igoogolx/clash@v1.19.8/docs/configuration/dns.md

github.com/igoogolx/clash@v1.19.8/docs/configuration/dns.md (about)

     1  ---
     2  sidebarTitle: Clash DNS
     3  sidebarOrder: 6
     4  ---
     5  
     6  # Clash DNS
     7  
     8  Since some parts of Clash run on the Layer 3 (Network Layer), they would've been impossible to obtain domain names of the packets for rule-based routing.
     9  
    10  *Enter fake-ip*. It enables rule-based routing, minimises the impact of DNS pollution attack and improves network performance, sometimes drastically.
    11  
    12  ## fake-ip
    13  
    14  The concept of "fake IP" addresses is originated from [RFC 3089](https://tools.ietf.org/rfc/rfc3089):
    15  
    16  > A "fake IP" address is used as a key to look up the corresponding "FQDN" information.
    17  
    18  The default CIDR for the fake-ip pool is `198.18.0.1/16`, a reserved IPv4 address space, which can be changed in `dns.fake-ip-range`.
    19  
    20  When a DNS request is sent to the Clash DNS, the core allocates a *free* fake-ip address from the pool, by managing an internal mapping of domain names and their fake-ip addresses.
    21  
    22  Take an example of accessing `http://google.com` with your browser.
    23  
    24  1. The browser asks Clash DNS for the IP address of `google.com`
    25  2. Clash checks the internal mapping and returned `198.18.1.5`
    26  3. The browser sends an HTTP request to `198.18.1.5` on `80/tcp`
    27  4. When receiving the inbound packet for `198.18.1.5`, Clash looks up the internal mapping and realises the client is actually sending a packet to `google.com`
    28  5. Depending on the rules:
    29  
    30      1. Clash may just send the domain name to an outbound proxy like SOCKS5 or shadowsocks and establish the connection with the proxy server
    31  
    32      2. or Clash might look for the real IP address of `google.com`, in the case of encountering a `SCRIPT`, `GEOIP`, `IP-CIDR` rule, or the case of DIRECT outbound
    33  
    34  Being a confusing concept, I'll take another example of accessing `http://google.com` with the cURL utility:
    35  
    36  ```txt{2,3,5,6,8,9}
    37  $ curl -v http://google.com
    38  <---- cURL asks your system DNS (Clash) about the IP address of google.com
    39  ----> Clash decided 198.18.1.70 should be used as google.com and remembers it
    40  *   Trying 198.18.1.70:80...
    41  <---- cURL connects to 198.18.1.70 tcp/80
    42  ----> Clash will accept the connection immediately, and..
    43  * Connected to google.com (198.18.1.70) port 80 (#0)
    44  ----> Clash looks up in its memory and found 198.18.1.70 being google.com
    45  ----> Clash looks up in the rules and sends the packet via the matching outbound
    46  > GET / HTTP/1.1
    47  > Host: google.com
    48  > User-Agent: curl/8.0.1
    49  > Accept: */*
    50  > 
    51  < HTTP/1.1 301 Moved Permanently
    52  < Location: http://www.google.com/
    53  < Content-Type: text/html; charset=UTF-8
    54  < Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ahELFt78xOoxhySY2lQ34A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    55  < Date: Thu, 11 May 2023 06:52:19 GMT
    56  < Expires: Sat, 10 Jun 2023 06:52:19 GMT
    57  < Cache-Control: public, max-age=2592000
    58  < Server: gws
    59  < Content-Length: 219
    60  < X-XSS-Protection: 0
    61  < X-Frame-Options: SAMEORIGIN
    62  < 
    63  <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
    64  <TITLE>301 Moved</TITLE></HEAD><BODY>
    65  <H1>301 Moved</H1>
    66  The document has moved
    67  <A HREF="http://www.google.com/">here</A>.
    68  </BODY></HTML>
    69  * Connection #0 to host google.com left intact
    70  ```
    71  
    72  <!-- TODO: nameserver, fallback, fallback-filter, hosts, search-domains, fake-ip-filter, nameserver-policy -->