xishang0128
commented
5 months ago 贴出完整dns配置以及规则,这点信息不足以确认
Closed anonylake closed 5 months ago
xishang0128
commented
5 months ago 贴出完整dns配置以及规则,这点信息不足以确认
anonylake
commented
5 months ago dns:
enable: true
prefer-h3: true
listen: 0.0.0.0:53
ipv6: true
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "+.lan"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "msftconnecttest.com"
- "msftncsi.com"
- "localhost.ptlogin2.qq.com"
- "localhost.sec.qq.com"
- "stun.*.*"
- "stun.*.*.*"
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- "+.pvp.net"
default-nameserver:
- https://223.5.5.5/dns-query
proxy-server-nameserver:
- https://dns.alidns.com/dns-query
nameserver:
- https://dns.google/dns-query
- https://cloudflare-dns.com/dns-query
nameserver-policy:
"rule-set:cn_domain,lan_domain":
- https://dns.alidns.com/dns-queryrules:
- RULE-SET,lan_ip,🇨🇳,no-resolve
- RULE-SET,cn_ip,🇨🇳,no-resolve
- RULE-SET,lan_domain,🇨🇳
- RULE-SET,cn_main,🇨🇳
- RULE-SET,cn_domain,🇨🇳
- MATCH,🚀 Proxy上面的配置文件中我的DNS监听端口设置为53,经测试,设置为配置示例中的1053也会发生mihomo解析
time="2024-04-01T08:43:19.1303708+08:00" level=debug msg="[DNS] accounts.google.com --> [142.251.10.84] A from https://cloudflare-dns.com:443/dns-query"
time="2024-04-01T08:43:19.1303708+08:00" level=debug msg="[DNS] accounts.google.com --> [2404:6800:4003:c0f::54] AAAA from https://cloudflare-dns.com:443/dns-query"另外补充一下使用的规则集(其中类型为classical的cn_main规则集中使用的是域名关键词和进程名匹配,不含ipcidr)
rule-providers:
lan_domain:
<<: *domain
url: https://raw.githubusercontent.com/DustinWin/ruleset_geodata/clash-ruleset/private.yaml
path: ./providers/ruleset/lan_domain.yaml
cn_domain:
<<: *domain
url: https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/cn.yaml
path: ./providers/ruleset/cn_domain.yaml
lan_ip:
<<: *ip
url: https://raw.githubusercontent.com/DustinWin/ruleset_geodata/clash-ruleset/privateip.yaml
path: ./providers/ruleset/lan_ip.yaml
cn_ip:
<<: *ip
url: https://raw.githubusercontent.com/DustinWin/ruleset_geodata/clash-ruleset/cnip.yaml
path: ./providers/ruleset/cn_ip.yaml
cn_main:
<<: *classical
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/ChinaMax/ChinaMax.yaml
path: ./providers/ruleset/cn_main.yaml
ForestL18
commented
5 months ago 你这也没有关于Google域名的规则啊,走最后的match肯定会通过DNS解析的
anonylake
commented
5 months ago 你这也没有关于Google域名的规则啊,走最后的match肯定会通过DNS解析的
time="2024-04-01T10:59:26.0852269+08:00" level=info msg="[TCP] 198.18.0.1:13319(msedge.exe) --> ogs.google.com:443 match RuleSet(free_world) using 🚀 Proxy[🇸🇬 新加坡 03 | 深港专线]"`time="2024-04-01T10:59:26.1442414+08:00" level=debug msg="[DNS] resolve www.google.com from https://dns.google:443/dns-query"
time="2024-04-01T10:59:26.1442414+08:00" level=debug msg="[DNS] resolve www.google.com from https://cloudflare-dns.com:443/dns-query"你这也没有关于Google域名的规则啊,走最后的match肯定会通过DNS解析的
希望可以给出代码实现的大致范围,我去参考一下。经过重新确认,在文档中没有看到有关描述。
xishang0128
commented
5 months ago dns: enable: true prefer-h3: true listen: 0.0.0.0:53 ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter: - "+.lan" - "+.msftconnecttest.com" - "+.msftncsi.com" - "msftconnecttest.com" - "msftncsi.com" - "localhost.ptlogin2.qq.com" - "localhost.sec.qq.com" - "stun.*.*" - "stun.*.*.*" - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.pvp.net" default-nameserver: - https://223.5.5.5/dns-query proxy-server-nameserver: - https://dns.alidns.com/dns-query nameserver: - https://dns.google/dns-query - https://cloudflare-dns.com/dns-query nameserver-policy: "rule-set:cn_domain,lan_domain": - https://dns.alidns.com/dns-queryrules: - RULE-SET,lan_ip,🇨🇳,no-resolve - RULE-SET,cn_ip,🇨🇳,no-resolve - RULE-SET,lan_domain,🇨🇳 - RULE-SET,cn_main,🇨🇳 - RULE-SET,cn_domain,🇨🇳 - MATCH,🚀 Proxy
cn main包含ip规则,域名匹配ip规则时会触发dns解析,这是正常行为
ForestL18
commented
5 months ago 你这也没有关于Google域名的规则啊,走最后的match肯定会通过DNS解析的
time="2024-04-01T10:59:26.0852269+08:00" level=info msg="[TCP] 198.18.0.1:13319(msedge.exe) --> ogs.google.com:443 match RuleSet(free_world) using 🚀 Proxy[🇸🇬 新加坡 03 | 深港专线]"`time="2024-04-01T10:59:26.1442414+08:00" level=debug msg="[DNS] resolve www.google.com from https://dns.google:443/dns-query" time="2024-04-01T10:59:26.1442414+08:00" level=debug msg="[DNS] resolve www.google.com from https://cloudflare-dns.com:443/dns-query"
你把完整规则放出来,有可能与你的规则有关,规则漏了某些域名
anonylake
commented
5 months ago dns: enable: true prefer-h3: true listen: 0.0.0.0:53 ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter: - "+.lan" - "+.msftconnecttest.com" - "+.msftncsi.com" - "msftconnecttest.com" - "msftncsi.com" - "localhost.ptlogin2.qq.com" - "localhost.sec.qq.com" - "stun.*.*" - "stun.*.*.*" - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.pvp.net" default-nameserver: - https://223.5.5.5/dns-query proxy-server-nameserver: - https://dns.alidns.com/dns-query nameserver: - https://dns.google/dns-query - https://cloudflare-dns.com/dns-query nameserver-policy: "rule-set:cn_domain,lan_domain": - https://dns.alidns.com/dns-queryrules: - RULE-SET,lan_ip,🇨🇳,no-resolve - RULE-SET,cn_ip,🇨🇳,no-resolve - RULE-SET,lan_domain,🇨🇳 - RULE-SET,cn_main,🇨🇳 - RULE-SET,cn_domain,🇨🇳 - MATCH,🚀 Proxycn main包含ip规则,域名匹配ip规则时会触发dns解析,这是正常行为
似乎并没有IP规则,注释里面列出的是整个chinamax系列的规则数目
# NAME: ChinaMax
# AUTHOR: blackmatrix7
# REPO: https://gitlab.com/blackmatrix7/ios_rule_script
# UPDATED: 2024-04-01 02:12:03
# DOMAIN: 454
# DOMAIN-KEYWORD: 13
# DOMAIN-SUFFIX: 76173
# IP-CIDR: 8047
# IP-CIDR6: 3672
# PROCESS-NAME: 14
# TOTAL: 88373
payload:
- DOMAIN-KEYWORD,.tmall.com
- DOMAIN-KEYWORD,alicdn
- DOMAIN-KEYWORD,alipay
- DOMAIN-KEYWORD,aliyun
- DOMAIN-KEYWORD,baidu
- DOMAIN-KEYWORD,beplay
- DOMAIN-KEYWORD,officecdn
- DOMAIN-KEYWORD,taobao
- DOMAIN-KEYWORD,bilibili
- DOMAIN-KEYWORD,hnagroup
- DOMAIN-KEYWORD,stripe
- DOMAIN-KEYWORD,weibo
- DOMAIN-KEYWORD,qiyi
- PROCESS-NAME,com.taobao.taobao
- PROCESS-NAME,com.bilibili.app.blue
- PROCESS-NAME,com.bilibili.app.in
- PROCESS-NAME,com.bilibili.comic
- PROCESS-NAME,com.bilibili.comic.intl
- PROCESS-NAME,tv.danmaku.bili
- PROCESS-NAME,tv.danmaku.bilibilihd
- PROCESS-NAME,com.zhiliaoapp.musically
- PROCESS-NAME,com.jjwxc.reader
- PROCESS-NAME,com.xiaomi.mibrain.speech
- PROCESS-NAME,小米云服务.exe
- PROCESS-NAME,Thunder
- PROCESS-NAME,Thunder.exe
- PROCESS-NAME,com.qiyi.videodns: enable: true prefer-h3: true listen: 0.0.0.0:53 ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter: - "+.lan" - "+.msftconnecttest.com" - "+.msftncsi.com" - "msftconnecttest.com" - "msftncsi.com" - "localhost.ptlogin2.qq.com" - "localhost.sec.qq.com" - "stun.*.*" - "stun.*.*.*" - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.pvp.net" default-nameserver: - https://223.5.5.5/dns-query proxy-server-nameserver: - https://dns.alidns.com/dns-query nameserver: - https://dns.google/dns-query - https://cloudflare-dns.com/dns-query nameserver-policy: "rule-set:cn_domain,lan_domain": - https://dns.alidns.com/dns-queryrules: - RULE-SET,lan_ip,🇨🇳,no-resolve - RULE-SET,cn_ip,🇨🇳,no-resolve - RULE-SET,lan_domain,🇨🇳 - RULE-SET,cn_main,🇨🇳 - RULE-SET,cn_domain,🇨🇳 - MATCH,🚀 Proxycn main包含ip规则,域名匹配ip规则时会触发dns解析,这是正常行为
似乎并没有IP规则,注释里面列出的是整个chinamax系列的规则数目
# NAME: ChinaMax # AUTHOR: blackmatrix7 # REPO: https://gitlab.com/blackmatrix7/ios_rule_script # UPDATED: 2024-04-01 02:12:03 # DOMAIN: 454 # DOMAIN-KEYWORD: 13 # DOMAIN-SUFFIX: 76173 # IP-CIDR: 8047 # IP-CIDR6: 3672 # PROCESS-NAME: 14 # TOTAL: 88373 payload: - DOMAIN-KEYWORD,.tmall.com - DOMAIN-KEYWORD,alicdn - DOMAIN-KEYWORD,alipay - DOMAIN-KEYWORD,aliyun - DOMAIN-KEYWORD,baidu - DOMAIN-KEYWORD,beplay - DOMAIN-KEYWORD,officecdn - DOMAIN-KEYWORD,taobao - DOMAIN-KEYWORD,bilibili - DOMAIN-KEYWORD,hnagroup - DOMAIN-KEYWORD,stripe - DOMAIN-KEYWORD,weibo - DOMAIN-KEYWORD,qiyi - PROCESS-NAME,com.taobao.taobao - PROCESS-NAME,com.bilibili.app.blue - PROCESS-NAME,com.bilibili.app.in - PROCESS-NAME,com.bilibili.comic - PROCESS-NAME,com.bilibili.comic.intl - PROCESS-NAME,tv.danmaku.bili - PROCESS-NAME,tv.danmaku.bilibilihd - PROCESS-NAME,com.zhiliaoapp.musically - PROCESS-NAME,com.jjwxc.reader - PROCESS-NAME,com.xiaomi.mibrain.speech - PROCESS-NAME,小米云服务.exe - PROCESS-NAME,Thunder - PROCESS-NAME,Thunder.exe - PROCESS-NAME,com.qiyi.video
看岔了,有没有完整日志,不要截断
anonylake
commented
5 months ago dns: enable: true prefer-h3: true listen: 0.0.0.0:53 ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter: - "+.lan" - "+.msftconnecttest.com" - "+.msftncsi.com" - "msftconnecttest.com" - "msftncsi.com" - "localhost.ptlogin2.qq.com" - "localhost.sec.qq.com" - "stun.*.*" - "stun.*.*.*" - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.pvp.net" default-nameserver: - https://223.5.5.5/dns-query proxy-server-nameserver: - https://dns.alidns.com/dns-query nameserver: - https://dns.google/dns-query - https://cloudflare-dns.com/dns-query nameserver-policy: "rule-set:cn_domain,lan_domain": - https://dns.alidns.com/dns-queryrules: - RULE-SET,lan_ip,🇨🇳,no-resolve - RULE-SET,cn_ip,🇨🇳,no-resolve - RULE-SET,lan_domain,🇨🇳 - RULE-SET,cn_main,🇨🇳 - RULE-SET,cn_domain,🇨🇳 - MATCH,🚀 Proxycn main包含ip规则,域名匹配ip规则时会触发dns解析,这是正常行为
似乎并没有IP规则,注释里面列出的是整个chinamax系列的规则数目
# NAME: ChinaMax # AUTHOR: blackmatrix7 # REPO: https://gitlab.com/blackmatrix7/ios_rule_script # UPDATED: 2024-04-01 02:12:03 # DOMAIN: 454 # DOMAIN-KEYWORD: 13 # DOMAIN-SUFFIX: 76173 # IP-CIDR: 8047 # IP-CIDR6: 3672 # PROCESS-NAME: 14 # TOTAL: 88373 payload: - DOMAIN-KEYWORD,.tmall.com - DOMAIN-KEYWORD,alicdn - DOMAIN-KEYWORD,alipay - DOMAIN-KEYWORD,aliyun - DOMAIN-KEYWORD,baidu - DOMAIN-KEYWORD,beplay - DOMAIN-KEYWORD,officecdn - DOMAIN-KEYWORD,taobao - DOMAIN-KEYWORD,bilibili - DOMAIN-KEYWORD,hnagroup - DOMAIN-KEYWORD,stripe - DOMAIN-KEYWORD,weibo - DOMAIN-KEYWORD,qiyi - PROCESS-NAME,com.taobao.taobao - PROCESS-NAME,com.bilibili.app.blue - PROCESS-NAME,com.bilibili.app.in - PROCESS-NAME,com.bilibili.comic - PROCESS-NAME,com.bilibili.comic.intl - PROCESS-NAME,tv.danmaku.bili - PROCESS-NAME,tv.danmaku.bilibilihd - PROCESS-NAME,com.zhiliaoapp.musically - PROCESS-NAME,com.jjwxc.reader - PROCESS-NAME,com.xiaomi.mibrain.speech - PROCESS-NAME,小米云服务.exe - PROCESS-NAME,Thunder - PROCESS-NAME,Thunder.exe - PROCESS-NAME,com.qiyi.video看岔了,有没有完整日志,不要截断
日志已上传 mihomo log.txt
xishang0128
commented
5 months ago @anonylake google搜索终端重定向输出
anonylake
commented
5 months ago @anonylake google搜索终端重定向输出
mihomo log.txt 谢谢提醒
xishang0128
commented
5 months ago anonylake
commented
5 months ago @xishang0128 好的,谢谢解答
ForestL18
commented
5 months ago @anonylake google搜索终端重定向输出
mihomo log.txt 谢谢提醒
udp连接触发的dns解析,是正常行为,不是所有服务端都能接受udp域名传递,所以需要在客户端解析
我记得之前是必须在本地客户端解析UDP数据包域名的。现在已经支持UDP域名传递了是吗?什么样的服务端能够支持呢?
xishang0128
commented
5 months ago @anonylake google搜索终端重定向输出
mihomo log.txt 谢谢提醒
udp连接触发的dns解析,是正常行为,不是所有服务端都能接受udp域名传递,所以需要在客户端解析
我记得之前是必须在本地客户端解析UDP数据包域名的。现在已经支持UDP域名传递了是吗?什么样的服务端能够支持呢?
仅sing-box客户端支持,其他客户端为确保兼容性基本都不支持
ForestL18
commented
5 months ago @anonylake google搜索终端重定向输出
mihomo log.txt 谢谢提醒
我刚刚也看到UDP请求的日志 time="2024-04-01T13:44:05.5581435+08:00" level=info msg="[UDP] 198.18.0.1:60481(msedge.exe) --> www.google.com:443 match using 🚀 Proxy[🇸🇬 新加坡 02 | 深港专线]"
你可以把浏览器quic关了或者用规则拦截quic流量
ForestL18
commented
5 months ago @anonylake google搜索终端重定向输出
mihomo log.txt 谢谢提醒
我记得之前是必须在本地客户端解析UDP数据包域名的。现在已经支持UDP域名传递了是吗?什么样的服务端能够支持呢?
仅sing-box客户端支持,其他客户端为确保兼容性基本都不支持
好的,谢谢大佬解答。想问下这种UDP传递域名到服务端会不会引入额外的延迟啊🤔
Verify steps
Mihomo version
Mihomo Meta alpha-56ed901 windows amd64
What OS are you seeing the problem on?
Windows
Mihomo config
Mihomo log
Description
根据文档中DNS的解析流程,当域名匹配到基于域名的代理规则时,域名通过代理服务器解析并建立连接,并无本地解析的流程(为确保不解析,我同时给ipcider规则集也设置了no-resolve跳过解析)。
但是在log中发现mihomo内核还是调用了DNS配置中的nameserver对该域名进行了解析。为了确认内核是否使用该解析结果,我设置了错误的nameserver(10.0.0.1),发现无论解析成功与否都能顺利访问该域名对应的服务。
进一步确认,我在删除了nameserver设置和将nameserver设置为国内DNS服务的情况下分别进行了测试,mihomo使用了国内的DNS服务解析了目标域名,但是通过DNS泄露测试发现,DNS并未泄露,使用的是代理服务器所在地区的DNS服务。