daeuniverse / dae

eBPF-based Linux high-performance transparent proxy solution.
GNU Affero General Public License v3.0
3.36k stars 206 forks source link

[Bug Report] 搭配 mihomo dns 泄露 #596

Closed iamdennisme closed 4 months ago

iamdennisme commented 4 months ago

Checks

Current Behavior

DNS 泄露,chatgpt 等被识别出是大陆地区了

Expected Behavior

希望知道怎么 DNS 不泄露,可以正常访问 chatgpt 等

Steps to Reproduce

Environment

Dae version: v0.7.0 OS : Alpine Kernel: Linux localhost 6.6.42-0-virt #1-Alpine SMP PREEMPT_DYNAMIC 2024-07-25 10:49:31 x86_64 Linux

Anything else?

具体情况

nas 虚拟机 apline 部署了 dae 和 mihomo。其他设备使用配置网关来使用 目前的情况是网络都是通的,分流都是 OK 的,但是看起来有 DNS 泄露,chatgpt 等成功屏蔽了我

配置

node { HK: 'socks5://localhost:7890' JP: 'socks5://localhost:7891' }

group { HK { filter: name(HK) policy: min_moving_avg }

JP {
    filter: name(JP)
    policy: min_moving_avg
}

}

dns { upstream { googledns: 'tcp://dns.google.com:53' alidns: 'udp://dns.alidns.com:53' } routing { request { qname(geosite:category-ads) -> reject qname(geosite:category-ads-all) -> reject qname(geosite:cn) -> alidns fallback: googledns } response { upstream(googledns) -> accept !qname(geosite:cn) && ip(geoip:private) -> googledns fallback: accept } } }

routing { pname(NetworkManager) -> direct dip(224.0.0.0/3, 'ff00::/8') -> direct

dip(geoip:private) -> direct
ip(geoip:cn) -> direct
domain(geosite:cn) -> direct

domain(geosite:bing) -> JP
domain(geosite:openai) -> JP

domain(geosite:category-ads) -> block

fallback: HK

}

- clash 配置

listeners:

dae-prow[bot] commented 4 months ago

Thanks for opening this issue!

iamdennisme commented 4 months ago

搭配 mihomo 的原因是 Vless-Reality 暂时不支持

MarksonHon commented 4 months ago

@iamdennisme 进群聊: t.me/daeuniverse

mzz2017 commented 4 months ago

看一下日志,有没有 dns 查询