在 MacOS 系统中,网站被系统的 DNS 污染成 0.0.0.0 时, TUN 模式下,打开被污染的网站时,不会有任何日志输出, 但是 rule-set 却能正常的下载回来
sudo sing-box run -c config.mac.fakeip.clash_ui.json
+0800 2024-05-26 11:57:43 INFO router: updated default interface en9, index 7
+0800 2024-05-26 11:57:43 DEBUG router: updating rule-set chrome-doh from URL: https://gist.githubusercontent.com/xmdhs/71fc5ff6ef29f5ecaf2c52b8de5c3172/raw/chrome-doh.json
+0800 2024-05-26 11:57:43 DEBUG router: updating rule-set geoip-cn from URL: https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs
+0800 2024-05-26 11:57:43 INFO outbound/hysteria2[hy2-gia]: outbound connection to gist.githubusercontent.com:443
+0800 2024-05-26 11:57:43 DEBUG router: updating rule-set AdGuardSDNSFilter from URL: https://raw.githubusercontent.com/xmdhs/sing-box-ruleset/rule-set/AdGuardSDNSFilter.srs
+0800 2024-05-26 11:57:43 INFO outbound/hysteria2[hy2-gia]: outbound connection to raw.githubusercontent.com:443
+0800 2024-05-26 11:57:43 INFO outbound/hysteria2[hy2-gia]: outbound connection to raw.githubusercontent.com:443
+0800 2024-05-26 11:57:43 DEBUG router: updating rule-set geosite-cn from URL: https://raw.githubusercontent.com/xmdhs/sing-geosite/rule-set-Loyalsoldier/geosite-geolocation-cn.srs
+0800 2024-05-26 11:57:43 INFO outbound/hysteria2[hy2-gia]: outbound connection to raw.githubusercontent.com:443
+0800 2024-05-26 11:57:44 INFO router: updated rule-set chrome-doh
+0800 2024-05-26 11:57:44 INFO router: updated rule-set geosite-cn
+0800 2024-05-26 11:57:44 INFO router: updated rule-set geoip-cn
+0800 2024-05-26 11:57:44 INFO router: updated rule-set AdGuardSDNSFilter
+0800 2024-05-26 11:57:44 INFO clash-api: restful api listening at [::]:9090
使用 mixed 端口代理时,可以正常访问,日志如下
+0800 2024-05-26 12:06:17 INFO [2842266992 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:54362
+0800 2024-05-26 12:06:17 INFO [2842266992 1ms] inbound/mixed[mixed-in]: inbound connection to raw.githubusercontent.com:80
+0800 2024-05-26 12:06:17 DEBUG [2842266992 1ms] router: sniffed protocol: http, domain: raw.githubusercontent.com
+0800 2024-05-26 12:06:17 DEBUG [2842266992 1ms] router: match[2] domain_keyword=git => proxy
+0800 2024-05-26 12:06:17 INFO [2842266992 2ms] outbound/hysteria2[hy2-gia]: outbound connection to raw.githubusercontent.com:80
+0800 2024-05-26 12:06:17 INFO [79787410 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:54364
+0800 2024-05-26 12:06:17 INFO [79787410 0ms] inbound/mixed[mixed-in]: inbound connection to raw.githubusercontent.com:443
+0800 2024-05-26 12:06:17 DEBUG [79787410 1ms] router: sniffed protocol: tls, domain: raw.githubusercontent.com
+0800 2024-05-26 12:06:17 DEBUG [79787410 1ms] router: match[2] domain_keyword=git => proxy
+0800 2024-05-26 12:06:17 INFO [79787410 1ms] outbound/hysteria2[hy2-gia]: outbound connection to raw.githubusercontent.com:443
+0800 2024-05-26 12:06:17 INFO [1339437910 0ms] inbound/tun[0]: inbound connection from 172.19.0.1:54365
+0800 2024-05-26 12:06:17 INFO [1339437910 0ms] inbound/tun[0]: inbound connection to 223.5.5.5:853
+0800 2024-05-26 12:06:17 DEBUG [1339437910 1ms] router: sniffed protocol: tls, domain: dns.alidns.com
+0800 2024-05-26 12:06:17 DEBUG [1339437910 1ms] router: match[1] rule_set=[geoip-cn geosite-cn] || ip_is_private=true || domain_suffix=.cn => direct
+0800 2024-05-26 12:06:17 INFO [1339437910 1ms] outbound/direct[direct]: outbound connection to dns.alidns.com:853
+0800 2024-05-26 12:06:17 DEBUG [1339437910 1ms] dns: lookup domain dns.alidns.com
+0800 2024-05-26 12:06:17 DEBUG [1339437910 1ms] dns: match[3] rule_set=[geoip-cn geosite-cn] || domain_suffix=.cn => google
+0800 2024-05-26 12:06:18 INFO [3838349070 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:54367
+0800 2024-05-26 12:06:18 INFO [3838349070 0ms] inbound/mixed[mixed-in]: inbound connection to github.com:443
+0800 2024-05-26 12:06:18 DEBUG [3838349070 1ms] router: sniffed protocol: tls, domain: github.com
+0800 2024-05-26 12:06:18 DEBUG [3838349070 1ms] router: match[2] domain_keyword=git => proxy
+0800 2024-05-26 12:06:18 INFO [3838349070 1ms] outbound/hysteria2[hy2-gia]: outbound connection to github.com:443
+0800 2024-05-26 12:06:18 DEBUG [1339437910 162ms] dns: exchanged dns.alidns.com NOERROR 3556
+0800 2024-05-26 12:06:18 DEBUG [1339437910 162ms] dns: exchanged dns.alidns.com A dns.alidns.com. 3556 IN A 223.5.5.5
+0800 2024-05-26 12:06:18 DEBUG [1339437910 162ms] dns: exchanged dns.alidns.com A dns.alidns.com. 3556 IN A 223.6.6.6
+0800 2024-05-26 12:06:18 DEBUG [1339437910 162ms] dns: lookup succeed for dns.alidns.com: 223.5.5.5 223.6.6.6
+0800 2024-05-26 12:06:18 INFO [7743462 0ms] inbound/tun[0]: inbound connection from 172.19.0.1:54369
+0800 2024-05-26 12:06:18 INFO [7743462 0ms] inbound/tun[0]: inbound connection to 13.107.246.73:443
### Supporter
- [ ] I am a [sponsor](https://github.com/sponsors/nekohasekai/)
### Integrity requirements
- [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
- [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
- [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
Operating system
macOS
System version
13.6.6 (22G630) m2 chip
Installation type
Original sing-box Command Line
If you are using a graphical client, please provide the version of the client.
1.8.14
Version
Description
在 MacOS 中,如果网站被系统的 DNS 污染成 0.0.0.0 时 ( 比如 raw.githubusercontent.com 这个域名 ) inbound 使用 TUN 模式无法正确的劫持 DNS 请求, 并且无法通过 outbound 访问域名被污染的网站。
联通运营商直接下发到路由的 DNS 服务查询就会返回如下地址
MacOS 系统手动切换成其他公共 DNS (比如 114 / ali 之类)可以解决这个问题,,或是浏览器开启 DoH 也可以绕过这个问题,但使用 TUN 模式就是为了系统级别的代理,不能设置 DoH/DoT 时,遇到这个问题很困扰
Reproduction
配置文件如下
Logs
在 MacOS 系统中,网站被系统的 DNS 污染成 0.0.0.0 时, TUN 模式下,打开被污染的网站时,不会有任何日志输出, 但是 rule-set 却能正常的下载回来
使用 mixed 端口代理时,可以正常访问,日志如下