inbounds tun 几个疑问请教

[luweijun1992]

操作系统

Linux

系统版本

Debian 12

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version 1.10.0-alpha.18

Environment: go1.22.4 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: f7c96d9d78c2146e695e4ce7171f1e019850a065
CGO: disabled

描述

Debian 12上部署sing-box IP：192.168.248.220

inbounds

{
    "type": "tun",
    "tag": "tunIn",
    "interface_name": "tun0",
    "address": "172.19.0.1/30",
    "auto_route": true,
    "strict_route": true,
    "stack": "system",
    "sniff": true,
    "sniff_override_destination": true
},

---

问题1： 这里是不是默认会自动劫持DNS的流量啊？ 因为我测试终端网关指向sing-box，dns也指向sing-box，无法解析 测试终端网关指向sing-box，dns随便写了一个互联网dns，可以解析

---

问题2： 测试终端直接向sing-box请求dns解析，使用：dig @192.168.248.220 +short www.qq.com 无法提供解析

---

问题3： 测试终端使用：dig @198.18.1.1 +short www.qq.com 也无法解析 测试终端有静态路由 198.18.0.0/16 指向sing-box sing-box如下回显信息

sing-box[8331]: INFO[0653] [1329986453 0ms] inbound/tun[tunIn]: inbound packet connection from 192.168.5.1:50842
sing-box[8331]: INFO[0653] [1329986453 0ms] inbound/tun[tunIn]: inbound packet connection to 198.18.1.1:53
sing-box[8331]: ERROR[0653] [1329986453 0ms] inbound/tun[tunIn]: missing fakeip context

重现方式

-

日志

No response

支持我们

• [X] 我已经 赞助

完整性要求

• [X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• [X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• [X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[dyhkwong]

你需要在网关起个 direct 入站监听 53 端口并路由到 DNS 出站，否则不要把 DNS 指向网关地址。

[luweijun1992]

你需要在网关起个 direct 入站监听 53 端口并路由到 DNS 出站，否则不要把 DNS 指向网关地址。

如下配置，请帮忙看下。

{
    "dns": {
        "servers": [
            {
                "tag": "AliDNS",
                "address": "udp://223.5.5.5",
                "detour": "directOut"
            },
            {
                "tag": "dnsDirect",
                "address": "https://dns.alidns.com/dns-query",
                "address_resolver": "AliDNS",
                "address_strategy": "ipv4_only",
                "strategy": "ipv4_only",
                "detour": "directOut"
            },
            {
                "tag": "dnsProxy",
                "address": "https://dns.google/dns-query", // Google
                "address_resolver": "dnsDirect",
                "address_strategy": "ipv4_only",
                "strategy": "ipv4_only",
                "detour": "Selector",
                "client_subnet": "1.0.1.0"
            },
            {
                "tag": "FakeIP",
                "address": "fakeip"
            }
        ],
        "fakeip": {
            "enabled": true,
            "inet4_range": "198.18.0.0/16"
        },
        "rules": [
            {
                "outbound": [
                    "any"
                ],
                "server": "dnsDirect"
            },
            {
                "type": "logical",
                "mode": "or",
                "rules": [
                    {
                        "domain_suffix": [
                            "edu.cn",
                            "gov.cm",
                            "com.cn",
                            "net.cn",
                            "org.cn"
                        ]
                    },
                    {
                        "rule_set": "geosite-geolocation-cn"
                    }
                ],
                "server": "dnsDirect"
            },
            {
                "domain_suffix": [
                    "google.com",
                    "github.com",
                    "youtube.com",
                    "openai.com"
                ],
                "rewrite_ttl": 60,
                "server": "FakeIP"
            },
            {
                "rule_set": "geosite-geolocation-!cn",
                "server": "FakeIP"
            }
        ],
        "final": "dnsProxy",
        "strategy": "ipv4_only" // prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only
    },
    "inbounds": [
        {
            "type": "direct",
            "tag": "dnsIn",
            "listen": "::",
            "listen_port": 53,
            "network": "udp"
        },
        {
            "type": "tun",
            "tag": "tunIn",
            "interface_name": "tun0",
            "address": "172.19.0.1/30",
            "gso": true,
            "auto_route": true,
            "auto_redirect": true,
            "strict_route": true,
            "stack": "system",
            "sniff": true,
            "sniff_override_destination": false
        }
    ],
    "outbounds": [
        {
            "type": "direct",
            "tag": "directOut"
        },
        {
            "type": "dns",
            "tag": "dnsOut"
        },
        {
            "type": "shadowsocks",
            "tag": "c6s1",
            "server": "c6s1..com",
            "server_port": ,
            "method": "aes-256-gcm",
            "password": ""
        },
        {
            "type": "shadowsocks",
            "tag": "c6s2",
            "server": "c6s2..com",
            "server_port": ,
            "method": "aes-256-gcm",
            "password": ""
        },
        {
            "type": "vmess",
            "tag": "c6s3",
            "server": "c6s3..com",
            "server_port": ,
            "uuid": "",
            "security": "auto",
            "alter_id": 0
        },
        {
            "type": "vmess",
            "tag": "c6s4",
            "server": "c6s4..com",
            "server_port": ,
            "uuid": "",
            "security": "auto",
            "alter_id": 0
        },
        {
            "type": "vmess",
            "tag": "c6s5",
            "server": "c6s5..com",
            "server_port": ,
            "uuid": "",
            "security": "auto",
            "alter_id": 0
        },
        {
            "type": "vmess",
            "tag": "c6s801",
            "server": "c6s801..com",
            "server_port": ,
            "uuid": "",
            "security": "auto",
            "alter_id": 0
        },
        {
            "type": "urltest",
            "tag": "Auto",
            "outbounds": [
                "c6s1",
                "c6s2",
                "c6s3",
                "c6s4",
                "c6s5",
                "c6s801"
            ],
            "url": "https://www.gstatic.com/generate_204",
            "interval": "3m",
            "tolerance": 50,
            "idle_timeout": "30m",
            "interrupt_exist_connections": false
        },
        {
            "type": "selector",
            "tag": "Selector",
            "outbounds": [
                "Auto",
                "c6s1",
                "c6s2",
                "c6s3",
                "c6s4",
                "c6s5",
                "c6s801"
            ],
            "default": "Auto",
            "interrupt_exist_connections": false
        }
    ],
    "route": {
        "rules": [
            {
                "inbound": "dnsIn",
                "outbound": "dnsOut"
            },
            {
                "protocol": "dns",
                "outbound": "dnsOut"
            },
            {
                "ip_is_private": true,
                "outbound": "directOut"
            },
            {
                "ip_cidr": [
                    "8.8.8.8/32"
                ],
                "outbound": "Selector"
            },
            {
                "rule_set": [
                    "geoip-cn",
                    "geosite-geolocation-cn"
                ],
                "outbound": "directOut"
            }
        ],
        "rule_set": [
            {
                "type": "remote",
                "tag": "cnIP",
                "format": "binary",
                "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo-lite/geoip/cn.srs",
                "download_detour": "c6s1"
            },
            {
                "type": "remote",
                "tag": "cnSite",
                "format": "binary",
                "url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo-lite/geosite/cn.srs",
                "download_detour": "c6s1"
            },
            {
                "type": "remote",
                "tag": "geoip-cn",
                "format": "binary",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
                "download_detour": "c6s1"
            },
            {
                "type": "remote",
                "tag": "geosite-geolocation-cn",
                "format": "binary",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
                "download_detour": "c6s1"
            },
            {
                "type": "remote",
                "tag": "geosite-geolocation-!cn",
                "format": "binary",
                "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs",
                "download_detour": "c6s1"
            }
        ],
        "final": "Selector",
        "auto_detect_interface": true
    }
}