Closed Mustang0394 closed 2 months ago
如何让路由规则里面阻止部分的优先级能高于直连?
默认就是 阻止 优先级高于直连。如果有疑问可以导出配置分析。
如何能让程序在直连DNS时能使用系统的DNS请求,以便让系统hosts发挥效果?
Core 貌似不支持此功能,只能看你的应用会不会读 hosts
@arm64v8a
这是我的配置,已删去服务器配置信息
{
"dns": {
"independent_cache": true,
"rules": [
{
"domain": [],
"domain_keyword": [],
"domain_regex": [],
"domain_suffix": [],
"geosite": ["cn"],
"server": "dns-direct"
}
],
"servers": [
{
"address": "https://1.0.0.1/dns-query",
"address_resolver": "dns-local",
"detour": "proxy",
"strategy": "prefer_ipv4",
"tag": "dns-remote"
},
{
"address": "underlying://0.0.0.0",
"address_resolver": "dns-local",
"detour": "direct",
"strategy": "prefer_ipv4",
"tag": "dns-direct"
},
{
"address": "underlying://0.0.0.0",
"detour": "direct",
"tag": "dns-local"
}
]
},
"inbounds": [
{
"domain_strategy": "prefer_ipv4",
"listen": "0.0.0.0",
"listen_port": 8080,
"sniff": true,
"sniff_override_destination": true,
"tag": "mixed-in",
"type": "mixed"
}
],
"log": { "level": "info" },
"outbounds": [
{
"domain_strategy": "prefer_ipv4",
"flow": "xtls-rprx-vision",
"packet_encoding": "xudp",
"server": "1.1.1.1",
"server_port": 443,
"tag": "proxy",
"tls": {
"enabled": true,
"reality": {
"enabled": true,
"public_key": "",
"short_id": ""
},
"server_name": "",
"utls": { "enabled": true, "fingerprint": "chrome" }
},
"type": "vless",
"uuid": ""
},
{ "tag": "direct", "type": "direct" },
{ "tag": "bypass", "type": "direct" },
{ "tag": "block", "type": "block" },
{ "tag": "dns-out", "type": "dns" }
],
"route": {
"auto_detect_interface": false,
"final": "proxy",
"geoip": { "path": "C:/nekoray/current/geoip.db" },
"geosite": { "path": "C:/nekoray/current/geosite.db" },
"rules": [
{ "outbound": "dns-out", "protocol": "dns" },
{ "geoip": ["cn", "private"], "ip_cidr": [], "outbound": "bypass" },
{
"domain": [],
"domain_keyword": [],
"domain_regex": [],
"domain_suffix": [
"appcenter.ms",
"app-measurement.com",
"firebase.io",
"crashlytics.com",
"google-analytics.com",
"baidu.com"
],
"geosite": ["category-ads-all"],
"outbound": "block"
},
{
"domain": [],
"domain_keyword": [],
"domain_regex": [],
"domain_suffix": [],
"geosite": ["cn"],
"outbound": "bypass"
},
{
"network": "udp",
"outbound": "block",
"port": [135, 137, 138, 139, 5353]
},
{ "ip_cidr": ["224.0.0.0/3", "ff00::/8"], "outbound": "block" },
{ "outbound": "block", "source_ip_cidr": ["224.0.0.0/3", "ff00::/8"] }
]
}
}
我就是用浏览器测试的,添加好阻止baidu.com以后,浏览器访问baidu.com还能正常访问,nekoray的日志显示如下:
INFO[0210] [3400323124 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:57918
INFO[0210] [3400323124 0ms] inbound/mixed[mixed-in]: inbound connection to baidu.com:443
INFO[0210] dns: exchanged baidu.com A baidu.com. 265 IN A 110.xx.xx.xx
INFO[0210] dns: exchanged baidu.com A baidu.com. 265 IN A 39.xx.xx.xx
INFO[0210] [3400323124 16ms] dns: lookup succeed for baidu.com: 110.xx.xx.xx 39.xx.xx.xx
INFO[0210] [3400323124 16ms] outbound/direct[bypass]: outbound connection to baidu.com:443
ERROR[0211] [1891941574 2m4s] inbound/mixed[mixed-in]: process connection from 127.0.0.1:57147: download: write tcp4 127.0.0.1:18080->127.0.0.1:57147: wsasend: An established connection was aborted by the software in your host machine.
ERROR[0211] [2913265583 2m2s] inbound/mixed[mixed-in]: process connection from 127.0.0.1:57752: download: write tcp4 127.0.0.1:18080->127.0.0.1:57752: wsasend: An established connection was aborted by the software in your host machine.
INFO[0211] [1648053959 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:57920
INFO[0211] [1648053959 0ms] inbound/mixed[mixed-in]: inbound connection to www.baidu.com:443
INFO[0211] dns: exchanged www.baidu.com CNAME www.baidu.com. 28 IN CNAME www.a.shifen.com.
INFO[0211] dns: exchanged www.baidu.com A www.a.shifen.com. 28 IN A 182.xx.xx.xx
INFO[0211] dns: exchanged www.baidu.com A www.a.shifen.com. 28 IN A 182.xx.xx.xx
INFO[0211] [1648053959 16ms] dns: lookup succeed for www.baidu.com: 182.xx.xx.xx 182.xx.xx.xx
INFO[0211] [1648053959 16ms] outbound/direct[bypass]: outbound connection to www.baidu.com:443
多试了几次,找到了问题。
当 首选项 - 路由设置 - 通用 - 域名策略
这里如果设置成prefer_ipv4
,这时候直连的优先级会高于阻止。如果把这选项保持默认留空,那么阻止的优先级会高于直连
不过我还是不太明白为啥这里的域名策略
会影响路由的优先级
多试了几次,找到了问题。 当
首选项 - 路由设置 - 通用 - 域名策略
这里如果设置成prefer_ipv4
,这时候直连的优先级会高于阻止。如果把这选项保持默认留空,那么阻止的优先级会高于直连不过我还是不太明白为啥这里的
域名策略
会影响路由的优先级
我的理解是域名策略设置成prefer_ipv4
后,baidu.com会在入站时被解析成ip地址然后在路由规则处匹配geoip:cn
走直连
系统代理,不管路由规则怎么写域名策略设置成空白后,都不会发起DNS请求
描述问题
domain:baidu.com
加入到简易路由中“阻止-域名”的部分,发现并没有任何屏蔽的效果。如果我同时把简易路由
预设里附带的geoip:cn
和geosite:cn
规则删除,这时候屏蔽会起到效果所以我想咨询下:
阻止
部分的优先级能高于直连
?谢谢
预期行为:
实际行为:
如何复现
提供有帮助的截图,录像,文字说明,订阅链接等。
日志
如果有日志,请上传。请在文档内查看导出日志的详细步骤。