DNS 是不是没有匹配rule_set规则集呀，还是说我配置错了？

[tenauge]

Operating system

Windows

System version

win10

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.0

Environment: go1.22.3 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 5ff7006326e8a876d33d92b26ebd2671cdd48b9f
CGO: disabled

Description

在 DNS 配置了规则集，但访问国内网站发现仍然走的是 cf 的 1.1.1.1。如果配置了geosite:"cn"，又能正常走223.5.5.5。如果是我的配置有问题，希望有大佬指正下。

Reproduction

配置文件 windows-config.json:

{
    "dns": {
        "servers": [
            {
                "tag": "alidns",
                "address": "https://223.5.5.5/dns-query",
                "detour": "direct"
            },
            {
                "tag": "cf",
                "address": "https://1.1.1.1/dns-query",
                "detour": "proxy"
            },
            {
                "tag": "block",
                "address": "rcode://success"
            }
        ],
        "rules": [
            {
                "domain_suffix": [
                    ".cn"
                ],
                "rule_set": [
                    "geoip-cn",
                    "geosite-cn"
                ],
                "rule_set_ipcidr_match_source": false,
                "server": "alidns",
                "disable_cache": false
            },
            {
                "rule_set": [
                    "geosite-category-ads-all"
                ],
                "server": "block",
                "disable_cache": false
            }
        ],
        "final": "cf",
        "strategy": "ipv4_only",
        "disable_cache": false,
        "disable_expire": false,
        "independent_cache": false
    },
    "inbounds": [
        {
            "type": "mixed",
            "tag": "mixed-in",
            "listen": "::",
            "listen_port": 11113,
            "tcp_fast_open": true,
            "udp_fragment": true,
            "sniff": true,
            "sniff_override_destination": true,
            "sniff_timeout": "300ms",
            "set_system_proxy": true
        }
    ],
    "outbounds": [
        {
            "type": "vless",
            "tag": "proxy",
            "server": "192.111.1.4",
            "server_port": 443,
            "uuid": "xxx-xxx",
            "flow": "",
            "tls": {
                "enabled": true,
                "server_name": "example.com",
                "alpn": [
                    "http/1.1"
                ],
                "utls": {
                    "enabled": true,
                    "fingerprint": "chrome"
                }
            },
            "transport": {
                "type": "ws",
                "path": "/xxx",
                "headers": {
                    "Host": "example.com"
                },
                "max_early_data": 0,
                "early_data_header_name": ""
            },
            "multiplex": {
                "enabled": true,
                "protocol": "smux",
                "max_connections": 1,
                "min_streams": 4,
                "padding": false,
                "brutal": {
                    "enabled": true,
                    "up_mbps": 100,
                    "down_mbps": 300
                }
            },
            "packet_encoding": "xudp"
        },
        {
            "type": "direct",
            "tag": "direct"
        },
        {
            "type": "block",
            "tag": "block"
        },
        {
            "type": "dns",
            "tag": "dns-out"
        }
    ],
    "route": {
        "rules": [
            {
                "protocol": "dns",
                "outbound": "dns-out"
            },
            {
                "ip_is_private": true,
                "outbound": "direct"
            },
            {
                "domain_suffix": [
                    ".cn"
                ],
                "rule_set": "geoip-cn",
                "outbound": "direct"
            },
            {
                "rule_set": "geosite-cn",
                "outbound": "direct"
            },
            {
                "rule_set": "geosite-category-ads-all",
                "outbound": "block"
            }
        ],
        "rule_set": [
            {
                "tag": "geoip-cn",
                "type": "remote",
                "format": "binary",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
                "download_detour": "proxy"
            },
            {
                "tag": "geosite-cn",
                "type": "remote",
                "format": "binary",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs",
                "download_detour": "proxy"
            },
            {
                "tag": "geosite-category-ads-all",
                "type": "remote",
                "format": "binary",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads-all.srs",
                "download_detour": "proxy"
            }
        ],
        "final": "proxy",
        "auto_detect_interface": true
    },
    "experimental": {
        "cache_file": {
            "enabled": true
        }
    }
}

Logs

INFO[0001] [2024529858 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:3670
INFO[0001] [2024529858 0ms] inbound/mixed[mixed-in]: inbound connection to content-autofill.googleapis.com:443
DEBUG[0001] [2024529858 1ms] router: sniffed protocol: tls, domain: content-autofill.googleapis.com
INFO[0001] [2024529858 1ms] outbound/vless[proxy]: outbound multiplex connection to content-autofill.googleapis.com:443
INFO[0001] [2024529858 301ms] outbound/vless[proxy]: outbound connection to sp.mux.sing-box.arpa:444
DEBUG[0001] outbound/vless[proxy]: failed to enable TCP Brutal at client: TCP Brutal is only supported on Linux
INFO[0002] [4022800690 0ms] inbound/mixed[mixed-in]: inbound connection from 127.0.0.1:3673
INFO[0002] [4022800690 0ms] inbound/mixed[mixed-in]: inbound connection to api.bilibili.com:443
DEBUG[0002] [4022800690 1ms] router: sniffed protocol: tls, domain: api.bilibili.com
DEBUG[0002] [4022800690 1ms] router: match[3] rule_set=geosite-cn => direct
INFO[0002] [4022800690 2ms] outbound/direct[direct]: outbound connection to api.bilibili.com:443
DEBUG[0002] [4022800690 2ms] dns: lookup domain api.bilibili.com
DEBUG[0002] [4022800690 2ms] outbound/vless[proxy]: outbound multiplex connection to 1.1.1.1:443
DEBUG[0003] [4022800690 202ms] dns: exchanged api.bilibili.com NOERROR 79
DEBUG[0003] [4022800690 203ms] dns: exchanged api.bilibili.com CNAME api.bilibili.com. 79 IN CNAME a.w.bilicdn1.com.
DEBUG[0003] [4022800690 203ms] dns: exchanged api.bilibili.com CNAME a.w.bilicdn1.com. 79 IN CNAME i.w.bilicdn1.com.
DEBUG[0003] [4022800690 203ms] dns: exchanged api.bilibili.com A i.w.bilicdn1.com. 79 IN A 164.52.39.42
DEBUG[0003] [4022800690 203ms] dns: exchanged api.bilibili.com A i.w.bilicdn1.com. 79 IN A 164.52.39.44
DEBUG[0003] [4022800690 203ms] dns: exchanged api.bilibili.com A i.w.bilicdn1.com. 79 IN A 164.52.39.43
DEBUG[0003] [4022800690 204ms] dns: exchanged api.bilibili.com A i.w.bilicdn1.com. 79 IN A 103.151.151.134
DEBUG[0003] [4022800690 205ms] dns: exchanged api.bilibili.com A i.w.bilicdn1.com. 79 IN A 164.52.28.62
DEBUG[0003] [4022800690 205ms] dns: exchanged api.bilibili.com A i.w.bilicdn1.com. 79 IN A 103.151.151.133
DEBUG[0003] [4022800690 206ms] dns: lookup succeed for api.bilibili.com: 164.52.39.42 164.52.39.44 164.52.39.43 103.151.151.134 164.52.28.62 103.151.151.133

Supporter

• [ ] I am a sponsor

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[dyhkwong]

domain_suffix 和 geosite 是或的关系，但 domain_suffix 和 ruleset 不是。