relay中继节点的域名问题

[e6e6]

中继节点出现域名，会出现错误，导致外网断

譬如

proxies:
- name: "ss1"
  type: ss
  server: 111.111.111.111
  port: 20202
  cipher: chacha20-ietf
  password: password
- name: "ss2"
  type: ss
  server: ss2.domain.com
  port: 20202
  cipher: chacha20-ietf
  password: password
proxy-groups:
- name: "relay"
  type: relay
  proxies:
    - "ss1"
    - "ss2"

出现的log

[TCP] dial Proxy (match RuleSet/telegram) to 149.154.175.53:443 error: ParseAddr(\"ss2.domain.com\"): unexpected character (at \"ss2.domain.com\")"

改成ip后，恢复正常

[e6e6]

#===================== 系统信息 =====================#

主机型号: FriendlyElec NanoPi R2S
固件版本: OpenWrt 21.02.1 r16325-88151b8303
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.154
处理器架构: aarch64_generic

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 12843
运行权限: 12843: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.01.02
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: 
Dev内核文件: 不存在
Dev内核运行权限: 否

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/Personal.yaml
启动配置文件: /etc/openclash/Personal.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
DNS远程解析: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

[vernesong]

配置能完整发一下？tg上面，我看看是不是特殊字符还是什么其他问题

[e6e6]

配置能完整发一下？tg上面，我看看是不是特殊字符还是什么其他问题

好的，马上

[e6e6]

配置文件

port: 7890

# SOCKS5 代理端口
socks-port: 7891

# Linux 和 macOS 的 redir 代理端口 (如需使用此功能，请取消注释)
redir-port: 7892

# 出站网卡接口
interface-name: pppoe-wan

# HTTP(S) and SOCKS5 共用端口
mixed-port: 7893

# 本地 SOCKS5/HTTP(S) 服务验证
# authentication:
#  - "user1:pass1"
#  - "user2:pass2"

# Linux 和 macOS 的 tproxy 代理端口
#tproxy-port: 7894

# 允许局域网的连接（可用来共享代理）
allow-lan: true
bind-address: "192.168.6.1"
# 此功能仅在 allow-lan 设置为 true 时生效，支持三种参数：
# "*"                           绑定所有的 IP 地址
# 192.168.122.11                绑定一个的 IPv4 地址
# "[aaaa::a8aa:ff:fe09:57d8]"   绑定一个 IPv6 地址

# 规则模式：rule（规则） / global（全局代理）/ direct（全局直连）
mode: rule

# 关闭ipv6
ipv6: false

# 设置日志输出级别 (默认级别：silent，即不输出任何内容，以避免因日志内容过大而导致程序内存溢出）。
# 5 个级别：silent / info / warning / error / debug。级别越高日志输出量越大，越倾向于调试，若需要请自行开启。
log-level: silent

# clash 的 RESTful API 监听地址
external-controller: 192.168.6.1:9090

# 出站网卡接口
# interface-name: en0

hosts:
##Custom HOSTS##
#  experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
#  static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)
#  NOTE: hosts don't work with `fake-ip`

#  '*.clash.dev': 127.0.0.1
#  'alpha.clash.dev': '::1'
##Custom HOSTS END##

# RESTful API 的口令 (可选)
secret: "personal_password"

external-ui: "/usr/share/openclash/dashboard"
dns:
  use-hosts: true
  enable: true
  ipv6: false
  listen: 127.0.0.1:7874

  # 以下填写的 DNS 服务器将会被用来解析 DNS 服务的域名
  # 仅填写 DNS 服务器的 IP 地址
  default-nameserver:
  - 119.29.29.29
  - 114.114.114.114
  enhanced-mode: redir-host
  fake-ip-range: 198.18.0.1/16 # Fake IP 地址池 (CIDR 形式)
  # use-hosts: true # 查询 hosts 并返回 IP 记录

  fake-ip-filter:
    # 以下域名列表参考自 vernesong/OpenClash 项目，并由 Hackl0us 整理补充
    - '*.lan'
    - '*.localdomain'
    - '*.example'
    - '*.invalid'
    - '*.localhost'
    - '*.test'
    - '*.local'
    - '*.home.arpa'
    - 'time.*.com'
    - 'time.*.gov'
    - 'time.*.edu.cn'
    - 'time.*.apple.com'
    - 'time1.*.com'
    - 'time2.*.com'
    - 'time3.*.com'
    - 'time4.*.com'
    - 'time5.*.com'
    - 'time6.*.com'
    - 'time7.*.com'
    - 'ntp.*.com'
    - 'ntp1.*.com'
    - 'ntp2.*.com'
    - 'ntp3.*.com'
    - 'ntp4.*.com'
    - 'ntp5.*.com'
    - 'ntp6.*.com'
    - 'ntp7.*.com'
    - '*.time.edu.cn'
    - '*.ntp.org.cn'
    - '+.pool.ntp.org'
    - 'time1.cloud.tencent.com'
    - 'music.163.com'
    - '*.music.163.com'
    - '*.126.net'
    - 'musicapi.taihe.com'
    - 'music.taihe.com'
    - 'songsearch.kugou.com'
    - 'trackercdn.kugou.com'
    - '*.kuwo.cn'
    - 'api-jooxtt.sanook.com'
    - 'api.joox.com'
    - 'joox.com'
    - 'y.qq.com'
    - '*.y.qq.com'
    - 'streamoc.music.tc.qq.com'
    - 'mobileoc.music.tc.qq.com'
    - 'isure.stream.qqmusic.qq.com'
    - 'dl.stream.qqmusic.qq.com'
    - 'aqqmusic.tc.qq.com'
    - 'amobile.music.tc.qq.com'
    - '*.xiami.com'
    - '*.music.migu.cn'
    - 'music.migu.cn'
    - '*.msftconnecttest.com'
    - '*.msftncsi.com'
    - 'msftconnecttest.com'
    - 'msftncsi.com'
    - 'localhost.ptlogin2.qq.com'
    - 'localhost.sec.qq.com'
    - '+.srv.nintendo.net'
    - '+.stun.playstation.net'
    - 'xbox.*.microsoft.com'
    - 'xnotify.xboxlive.com'
    - '+.battlenet.com.cn'
    - '+.wotgame.cn'
    - '+.wggames.cn'
    - '+.wowsgame.cn'
    - '+.wargaming.net'
    - 'proxy.golang.org'
    - 'stun.*.*'
    - 'stun.*.*.*'
    - '+.stun.*.*'
    - '+.stun.*.*.*'
    - '+.stun.*.*.*.*'
    - 'heartbeat.belkin.com'
    - '*.linksys.com'
    - '*.linksyssmartwifi.com'
    - '*.router.asus.com'
    - 'mesu.apple.com'
    - 'swscan.apple.com'
    - 'swquery.apple.com'
    - 'swdownload.apple.com'
    - 'swcdn.apple.com'
    - 'swdist.apple.com'
    - 'lens.l.google.com'
    - 'stun.l.google.com'
    - '+.nflxvideo.net'
    - '*.square-enix.com'
    - '*.finalfantasyxiv.com'
    - '*.ffxiv.com'
    - '*.mcdn.bilivideo.cn'
    - '+.github.com'
    - "+.bitbucket.org"

  # 支持 UDP / TCP / DoT / DoH 协议的 DNS 服务，可以指明具体的连接端口号。
  # 所有 DNS 请求将会直接发送到服务器，不经过任何代理。
  # Clash 会使用最先获得的解析记录回复 DNS 请求
  nameserver:
    - https://doh.pub/dns-query
    - https://dns.alidns.com/dns-query

  # 当 fallback 参数被配置时, DNS 请求将同时发送至上方 nameserver 列表和下方 fallback 列表中配置的所有 DNS 服务器.
  # 当解析得到的 IP 地址的地理位置不是 CN 时，clash 将会选用 fallback 中 DNS 服务器的解析结果。
  fallback:
    #- tls://1.0.0.1:853
    #- tls://8.8.8.8:853
    - https://dns.google/dns-query
    - https://cloudflare-dns.com/dns-query
    #- https://public.dns.iij.jp/dns-query
    #- https://jp.tiar.app/dns-query
    #- https://jp.tiarap.org/dns-query
    #- tls://dot.tiar.app

  # 如果使用 nameserver 列表中的服务器解析的 IP 地址在下方列表中的子网中，则它们被认为是无效的，
  # Clash 会选用 fallback 列表中配置 DNS 服务器解析得到的结果。
  #
  # 当 fallback-filter.geoip 为 true 且 IP 地址的地理位置为 CN 时，
  # Clash 会选用 nameserver 列表中配置 DNS 服务器解析得到的结果。
  #
  # 当 fallback-filter.geoip 为 false, 如果解析结果在 fallback-filter.ipcidr 范围内，
  # Clash 会选用 nameserver 列表中配置 DNS 服务器解析得到的结果。
  #
  # 采取以上逻辑进行域名解析是为了对抗 DNS 投毒攻击。
  fallback-filter:
    geoip: false
    ipcidr:
      - 0.0.0.0/8
      - 10.0.0.0/8
      - 100.64.0.0/10
      - 127.0.0.0/8
      - 169.254.0.0/16
      - 172.16.0.0/12
      - 192.0.0.0/24
      - 192.0.2.0/24
      - 192.88.99.0/24
      - 192.168.0.0/16
      - 198.18.0.0/15
      - 198.51.100.0/24
      - 203.0.113.0/24
      - 224.0.0.0/4
      - 240.0.0.0/4
      - 255.255.255.255/32
    domain:
      - '+.google.com'
      - '+.facebook.com'
      - '+.youtube.com'
      - '+.githubusercontent.com'
      - '+.googlevideo.com'
      - '+.archive.org'
      - '+.google.hk'
      - '+.google.com.hk'
      - '+.v2ex.com'
      - '+.inoreader.com'
      - '+.imgur.com'
      - '+.reddit.com'
      - '+.wikipedia.org'
tun:
  enable: false #如果需要启用 TUN 模式，请设置为 true
  stack: system # 或 gvisor
  macOS-auto-route: true
  macOS-auto-detect-interface: true
  dns-hijack:
    - tcp://8.8.8.8:53
    - tcp://8.8.4.4:53
#===================== OpenClash-General-Settings =====================#
proxies:
- name: "🐔上联-jpaws"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "🐔上海AXA-jpaws"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "🌙廣港IPLC-hkqexw"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "长韩Azure"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "深港HGC"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "深港HGC2"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "深港Azure"
  type: ss
  server: 122.122.122.122
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "hkqexw"
  type: ss
  server: ss.hkqexw.domain.com
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
- name: "kroc3"
  type: ss
  server: ss.kroc3.domain.com
  port: 21021
  cipher: chacha20-ietf
  password: "personal_password"
  udp: false
proxy-groups:
- name: "长韩Azure-kroc3"
  type: relay
  proxies:
    - "长韩Azure"
    - "kroc3"
- name: "深港HGC-kroc3"
  type: relay
  proxies:
    - "深港HGC"
    - "kroc3"
- name: "深港HGC2-kroc3"
  type: relay
  proxies:
    - "深港HGC2"
    - "kroc3"
- name: "深港Azure-kroc3"
  type: relay
  proxies:
    - "深港Azure"
    - "kroc3"
- name: "深港HGC-hkqexw"
  type: relay
  proxies:
    - "深港HGC"
    - "hkqexw"
- name: "深港HGC2-hkqexw"
  type: relay
  proxies:
    - "深港HGC2"
    - "hkqexw"
- name: "深港Azure-hkqexw"
  type: relay
  proxies:
    - "深港Azure"
    - "hkqexw"
- name: "CordCloud-kroc3"
  type: url-test
  proxies:
    - "深港Azure-kroc3"
    - "长韩Azure-kroc3"
    - "深港HGC2-kroc3"
    - "深港HGC-kroc3"
  url: 'http://www.gstatic.com/generate_204'
  interval: 300
  tolerance: 100
- name: "CordCloud-hkqexw"
  type: url-test
  proxies:
    - "深港Azure-hkqexw"
    - "深港HGC2-hkqexw"
    - "深港HGC-hkqexw"
  url: 'http://www.gstatic.com/generate_204'
  interval: 300
  tolerance: 100
- name: "COMMON"
  type: fallback
  proxies:
    - "CordCloud-kroc3"
    - "CordCloud-hkqexw"
    - "🐔上海AXA-jpaws"
    - "🐔上联-jpaws"
    - "🌙廣港IPLC-hkqexw"
  url: 'http://www.gstatic.com/generate_204'
  interval: 300
  tolerance: 800
- name: Proxy
  type: select
  proxies:
    - "COMMON"
    - "CordCloud-hkqexw"
    - "CordCloud-kroc3"
    - "🐔上联-jpaws"
    - "🐔上海AXA-jpaws"
    - "🌙廣港IPLC-hkqexw"
    - DIRECT

rule-providers:
  Streaming:
    type: http
    behavior: classical
    path: "./rule_provider/Streaming.yaml"
    url: "https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/StreamingMedia/Streaming.yaml"
    interval: 86400

  apple-proxy:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/Basic/Apple-proxy.yaml"
    path: ./ruleset/Apple-proxy.yaml
    interval: 86400

  apple-direct:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/Basic/Apple-direct.yaml"
    path: ./ruleset/Apple-direct.yaml
    interval: 86400

  cn:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/Basic/CN.yaml"
    path: ./ruleset/CN.yaml
    interval: 86400

  ad-keyword:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/Basic/common-ad-keyword.yaml"
    path: ./ruleset/common-ad-keyword.yaml
    interval: 86400

  foreign:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/Basic/foreign.yaml"
    path: ./ruleset/foreign.yaml
    interval: 86400

  telegram:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/App/social/Telegram.yaml"
    path: ./ruleset/Telegram.yaml
    interval: 86400

  lan:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Clash/Basic/LAN.yaml"
    path: ./ruleset/LAN.yaml
    interval: 86400

rules:

# 自定义开始
- DST-PORT,7000,DIRECT
- DST-PORT,9993,DIRECT

- DOMAIN-SUFFIX,github.com,CordCloud-hkqexw
- DOMAIN-SUFFIX,githubassets.com,CordCloud-hkqexw
- DOMAIN-SUFFIX,githubusercontent.com,CordCloud-hkqexw

- DOMAIN-SUFFIX,evidon.com,DIRECT
- DOMAIN-SUFFIX,freenode.net,DIRECT
- DOMAIN-SUFFIX,hsbc.com.hk,DIRECT
- DOMAIN-SUFFIX,icbc.com.cn,DIRECT
- DOMAIN-SUFFIX,ipv6-test.com,DIRECT
- DOMAIN-SUFFIX,lastpass.com,DIRECT
- DOMAIN-SUFFIX,libera.chat,DIRECT
- DOMAIN-SUFFIX,ooklaserver.net,DIRECT
- DOMAIN-SUFFIX,paypal.com,DIRECT
- DOMAIN-SUFFIX,plex.tv,DIRECT
- DOMAIN-SUFFIX,speedtest.net,DIRECT
- DOMAIN-SUFFIX,uku.im,DIRECT
- DOMAIN-SUFFIX,vfsglobal.com,DIRECT
- DOMAIN-SUFFIX,ziffstatic.com,DIRECT
- DOMAIN,t.hdsky.me,DIRECT
- DOMAIN,tracker.hdsky.me,DIRECT
- DOMAIN,tracker.m-team.cc,DIRECT
- DOMAIN,tracker.totheglory.im,DIRECT

- DOMAIN-SUFFIX,crisp.chat,Proxy
- DOMAIN-SUFFIX,hdchina.org,Proxy
- DOMAIN-SUFFIX,hdsky.me,Proxy
- DOMAIN-SUFFIX,hmbcloud.com,Proxy
- DOMAIN-SUFFIX,hostloc.com,Proxy
- DOMAIN-SUFFIX,idc.wiki,Proxy
- DOMAIN-SUFFIX,m-team.cc,Proxy
- DOMAIN-SUFFIX,nas66.com,Proxy
- DOMAIN-SUFFIX,right.com.cn,Proxy
- DOMAIN-SUFFIX,totheglory.im,Proxy

- DOMAIN-SUFFIX,battle.net,REJECT
# 自定义结束

- RULE-SET,Streaming,CordCloud-hkqexw
- RULE-SET,apple-proxy,Proxy
- RULE-SET,apple-direct,DIRECT
- RULE-SET,cn,DIRECT
- RULE-SET,ad-keyword,REJECT
- RULE-SET,foreign,Proxy
- RULE-SET,telegram,Proxy
- RULE-SET,lan,DIRECT
- GEOIP,CN,DIRECT
- MATCH,Proxy

[vernesong]

• name: "hkqexw" type: ss server: ss.hkqexw.domain.com port: 21021 cipher: chacha20-ietf password: "personal_password" udp: false
• name: "kroc3" type: ss server: ss.kroc3.domain.com port: 21021 cipher: chacha20-ietf password: "personal_password" udp: false

这两个域名？

[e6e6]

• name: "hkqexw" type: ss server: ss.hkqexw.domain.com port: 21021 cipher: chacha20-ietf password: "personal_password" udp: false
• name: "kroc3" type: ss server: ss.kroc3.domain.com port: 21021 cipher: chacha20-ietf password: "personal_password" udp: false

这两个域名？

是两个域名，脱敏于个人持有域名，个人域名并没有被强 这两台是自己的落地机

[vernesong]

域名不要脱敏，可以TG私信我，不然没法测试

[e6e6]

上游 issues

https://github.com/Dreamacro/clash/issues/1901