DNS 入站不完全，配置文件中写入 DNS 相关配置后，依旧会使用系统 DNS 进行域名解析

[n-WN]

操作系统

macOS

系统版本

14.5 (23F79)

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version 1.10.0-beta.7

Environment: go1.23.1 darwin/arm64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 100d971218e5af521cd9e81b54bcd701840201fc
CGO: disabled

描述

> cat /etc/resolv.conf

#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
nameserver {{路由器地址}}

重现方式

尝试使用 singbox 管理 DNS，启动

sudo sing-box run -c profile.json

执行 curl https://raw.githubusercontent.com

此 DNS 解析过程未在 Debug level 的 log 中显示，推测 sing-box 未处理此条请求。尝试清理本机 DNS 缓存，未解决问题

> curl https://raw.githubusercontent.com
curl: (7) Failed to connect to raw.githubusercontent.com port 443 after 80 ms: Couldn't connect to server

profile.json

{
    "log": {
        "disabled": false,
        "level": "debug",
        "timestamp": true
    },
    "dns": {
        "servers": [
            {
                "tag": "ali",
                "address": "h3://dns.alidns.com/dns-query",
                "address_resolver": "dns_resolver",
                "detour": "direct"
            },
            {
                "tag": "block",
                "address": "rcode://success"
            },
            {
                "tag": "dns_resolver",
                "address": "223.5.5.5",
                "strategy": "ipv4_only",
                "detour": "direct"
            }
        ],
        "rules": [
            {
                "outbound": "any",
                "server": "dns_resolver"
            },
            {
                "clash_mode": "global",
                "server": "remote_Cloudflare"
            },
            {
                "clash_mode": "direct",
                "server": "ali"
            }
        ],
        "strategy": "ipv4_only"
    },
    "route": {
        "rules": [
            {
                "protocol": "dns",
                "outbound": "dns-out"
            },
            {
                "clash_mode": "direct",
                "outbound": "direct"
            }
        ],
        "rule_set": [
        ],
        "auto_detect_interface": true
    },
    "inbounds": [
        {
            "type": "tun",
            "tag": "tun-in",
            "mtu": 9000,
            "inet4_address": "172.19.0.1/30",
            "auto_route": true,
            "strict_route": true,
            "endpoint_independent_nat": true,
            "stack": "mixed",
            "sniff": true,
            "sniff_override_destination": true
        }
    ],
    "outbounds": [
        {
            "type": "direct",
            "tag": "direct"
        },
        {
            "type": "block",
            "tag": "block"
        },
        {
            "type": "dns",
            "tag": "dns-out"
        }
    ],
    "experimental": {
        "cache_file": {
            "enabled": true
        }
    }
}

日志

No response

支持我们

• [ ] 我已经 赞助

完整性要求

• [X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• [X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• [X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[dyhkwong]

sing-box 原始命令行程序（以及其他同类软件）在 macOS 上无法劫持发往局域网的 DNS。没有可行的解决方法。更改网卡 DNS 为公共 DNS 或者换用基于 Network Extension 的 sing-box UI 客户端。