FakeDNS
The fakeDns block configures one or more synthetic IP pools used by sniffing-aware routing. The DNS server hands out an address from the pool for each looked-up domain, and the routing engine maps the address back to its original domain when it sees the connection.
Shape
fakeDns has a polymorphic JSON shape: it is either a single pool object or an array of pool objects.
// Single pool:
{
"fakeDns": { "ipPool": "198.18.0.0/15", "poolSize": 65535 }
}
// Multiple pools (most common — one for v4, one for v6):
{
"fakeDns": [
{ "ipPool": "198.18.0.0/15", "poolSize": 32768 },
{ "ipPool": "fc00::/18", "poolSize": 32768 }
]
}The pool element fields are:
| Field | Type | Default | Description |
|---|---|---|---|
ipPool | string (CIDR) | (required) | CIDR block from which fake addresses are handed out. |
poolSize | int64 | (required) | Number of addresses to use from the CIDR (LRU size). |
Auto-population
Xray also adds a default FakeDNS block automatically if your DNS section references the special fakedns server but no fakeDns block exists — see FakeDNSPostProcessingStage.Process in infra/conf/fakedns.go:73. The defaults are 198.18.0.0/15 for IPv4 and fc00::/18 for IPv6, each sized 32768 in dual-stack mode (65535 in single-stack).
Notes
- The legal JSON shapes are detected by trial-unmarshal in
UnmarshalJSON(infra/conf/fakedns.go:36-47). Mixed input (e.g. an object with a stray list field) errors out at parse time. - For the routing engine to actually rewrite to the original domain, the matching inbound must enable sniffing with
destOverrideincluding"fakedns"or"fakedns+others"— Xray prints a warning on startup if it cannot find such an inbound (infra/conf/fakedns.go:128-139).
Source: infra/conf/fakedns.go:13-48 · v26.6.1 (94ffd50)