Manually Specifying DoH Server IP Address for 'default-nameserver' in 'mihomo' Configuration

[hamedsbt]

Verify steps

• [X] 我已经在 Issue Tracker 中找过我要提出的请求 I have searched on the issue tracker for a related feature request.
• [X] 我已经仔细看过 Documentation 并无法找到这个功能 I have read the documentation and was unable to solve the issue.

Description

In my region, almost all known DNS over HTTPS (DoH) servers have been blocked using a DNS filtering method, where all DNS requests are forwarded to blocking systems. However, they are still accessible by their IP addresses. I've tried to use a DoH server with its IP address directly in the config:

dns:
  default-nameserver:
    - https://178.33.54.170:443/dns-query

But I received this error: re-creating the http client due to requesting https://178.33.54.170:443/dns-query: Get "https://178.33.54.170:443/dns-query?dns=AAABAAABAAAAAAAAA2RvcQhjYXB0bmVtbwJpbgAAHAAB": tls: failed to verify certificate: x509: cannot validate certificate for 178.33.54.170 because it doesn't contain any IP SANs

As you might have guessed, I need to define that server IP address manually. However, accessing and modifying the OS hosts file is not an ideal or user-friendly solution.

Therefore, we should instruct "mihomo" on how to specify the IP address for the specific DoH host of "default-nameserver".

Possible Solution

dns:
    default-nameserver-policy:
      'doh.myserver1.com': '178.33.54.170'
      'doh.myserver2.com': '185.16.19.99'

    default-nameserver:
      - https://doh.myserver1.com/dns-query
      - https://doh.myserver2.com/dns-query

[dqbpqdpb]

Commit 4b9fdac has introduced support for skip-cert-verify. You can try writing it like this:

• https://178.33.54.170/dns-query#skip-cert-verify=true

[hamedsbt]

@xuelide Hi, thank you for your help. Does it work for tls://78.157.42.100/#skip-cert-verify=true too?

[dqbpqdpb]

@hamedsbt no，only DOH