[Bug] 绕过大陆域名会使 fake-ip-filter 中的域名重定向至本机 IP

[Journalist-HK]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.129-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-mipsle-softfloat

To Reproduce

使用 fake ip 模式，打开绕过中国 IP（域名），将域名加入 fake-ip-filter，用浏览器访问该域名。

Describe the Bug

nslookup 能够返回正确的 IP，但用浏览器访问该域名出现证书错误，实际上访问了路由器本机（192.168.1.1）。

后续的测试发现，将 Luci 停掉即可正常访问（service nginx stop）。疑问：我的路由器安装的是 Nginx 后端而不是 uHTTPd，可能和默认的 Nginx 配置存在关系。但是我没有测试 uHTTPd 会不会有这个问题。固件使用 https://firmware-selector.openwrt.org/ 直接生成，就装了 luci-ssl-nginx 和必要的依赖。

海外域名（比如我配置中的 vivox.com、xboxlive.com）不会有这个问题，所以确定和绕过大陆功能有关。 不是所有的国内域名都会被重定向，可能和网站本身的配置有关。

OpenClash Log

OpenClash 调试日志

生成时间: 2023-07-19 00:36:16 插件版本: v0.45.129-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Ubiquiti EdgeRouter X
固件版本: OpenWrt 22.03.5 r20134-5f15225c1e
LuCI版本: 
内核版本: 5.10.176
处理器架构: mipsel_24kc

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：TUN
进程pid: 7385
运行权限: 7385: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-mipsle-softfloat

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.06.30
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: 
Dev内核文件: 不存在
Dev内核运行权限: 否

Meta内核版本: 
Meta内核文件: 不存在
Meta内核运行权限: 否

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/custom_config.yaml
启动配置文件: /etc/openclash/custom_config.yaml
运行模式: fake-ip-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

mixed-port: 7890
allow-lan: true
bind-address: "*"
mode: rule
log-level: warning
ipv6: true
external-controller: 0.0.0.0:9090
dns:
  enable: true
  ipv6: true
  default-nameserver:
  - 223.5.5.5
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "+.router.asus.com"
  - WORKGROUP
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - time.*.*
  - time.*.*.*
  - ntp.*.*
  - ntp.*.*.*
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - ntp1.*.*
  - ntp2.*.*
  - ntp3.*.*
  - ntp4.*.*
  - ntp5.*.*
  - ntp6.*.*
  - ntp7.*.*
  - time1.*.*
  - time2.*.*
  - time3.*.*
  - time4.*.*
  - time5.*.*
  - time6.*.*
  - time7.*.*
  - "+.kaiheila.cn"
  - "+.vivox.com"
  - "+.music.163.com"
  - "+.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "+.kuwo.cn"
  - api-jooxtt.sanook.com
  - "+.joox.com"
  - "+.y.qq.com"
  - "+.tc.qq.com"
  - "+.qqmusic.qq.com"
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.xiami.com"
  - "+.music.migu.cn"
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - mesu.apple.com
  - "*.msftconnecttest.com"
  - "*.msftncsi.com"
  - lens.l.google.com
  - "+.nflxvideo.net"
  - "+.media.dssott.com"
  - "+.srv.nintendo.net"
  - xbox.*.microsoft.com
  - xbox.*.*.microsoft.com
  - "*.ipv6.microsoft.com"
  - "+.wns.windows.com"
  - "+.xboxlive.com"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - shark007.net
  - Mijia Cloud
  - "+.cmbchina.com"
  - "+.cmbimg.com"
  - proxy.golang.org
  - "+.ys7.com"
  - doh.apad.pro
  nameserver:
  - 127.0.0.1:5335
  listen: 0.0.0.0:7874

proxy-groups:
- name: "PROXY"
  type: select
  proxies:
  - DIRECT
- name: "漏网之鱼"
  type: select
  proxies:
  - DIRECT
  - "PROXY"

rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- SRC-IP-CIDR,192.168.1.1/32,DIRECT
- SRC-IP-CIDR,198.18.0.1/16,DIRECT
- GEOIP,CN,DIRECT,no-resolve
- "MATCH,漏网之鱼"
redir-port: 7892
tproxy-port: 7895
port: 7893
socks-port: 7891
external-ui: "/usr/share/openclash/ui"
experimental:
  sniff-tls-sni: true
tun:
  enable: true
  stack: system
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: true

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

#IPv4 Mangle chain

#IPv4 Filter chain

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy drop;
        meta l4proto { tcp, udp } oifname "utun" counter packets 28209 bytes 2774882 accept comment "OpenClash TUN Forward"
        meta l4proto { tcp, udp } flow add @ft
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        jump upnp_forward comment "Hook into miniupnpd forwarding chain"
        jump handle_reject
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
        meta nfproto ipv6 udp dport 53 counter packets 10869 bytes 956757 redirect to :53 comment "OpenClash DNS Hijack"
        meta nfproto ipv6 tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        udp dport 53 redirect to :53 comment "OpenClash DNS Hijack"
        tcp dport 53 redirect to :53 comment "OpenClash DNS Hijack"
        meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash TCP DNS Hijack"
        jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
        jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        meta l4proto { tcp, udp } counter packets 466394 bytes 180199808 jump openclash_mangle
        meta nfproto ipv6 counter packets 34842 bytes 7507296 jump openclash_mangle_v6
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
        meta l4proto { tcp, udp } counter packets 282574 bytes 128635115 jump openclash_mangle_output
    }
}
table inet fw4 {
    chain openclash_mangle {
        meta nfproto ipv4 udp sport 35553 counter packets 0 bytes 0 return
        meta nfproto ipv4 tcp sport 8443 counter packets 0 bytes 0 return
        meta nfproto ipv4 tcp sport 22022 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 500 counter packets 16 bytes 5092 return
        meta nfproto ipv4 udp sport 68 counter packets 2 bytes 664 return
        meta l4proto { tcp, udp } iifname "utun" counter packets 171157 bytes 70950947 return
        ip daddr @localnetwork counter packets 210508 bytes 97731129 return
        ip saddr @lan_ac_black_ips counter packets 0 bytes 0 return
        ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 22377 bytes 1283932 return
        ip protocol udp counter packets 348 bytes 392143 jump openclash_upnp
        meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162 counter packets 62475 bytes 10249891
    }
}
table inet fw4 {
    chain openclash_mangle_output {
        meta nfproto ipv4 udp sport 35553 counter packets 0 bytes 0 return
        meta nfproto ipv4 tcp sport 8443 counter packets 1514 bytes 518117 return
        meta nfproto ipv4 tcp sport 22022 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
        ip daddr @localnetwork counter packets 68224 bytes 35797671 return
        meta l4proto { tcp, udp } th dport 0-65535 ip daddr 198.18.0.0/16 meta mark set 0x00000162 counter packets 69885 bytes 57198804
    }
}
table inet fw4 {
    chain openclash_dns_hijack {
    }
}
table inet fw4 {
    chain openclash_mangle_v6 {
        meta nfproto ipv6 udp sport 35553 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 48010 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 48010 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 47989 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 47984 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 8443 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 22022 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 21 bytes 2098 return
        ip6 daddr @localnetwork6 counter packets 32478 bytes 7015796 return
        meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
        ip6 saddr @lan_ac_black_ipv6s counter packets 0 bytes 0 return
        ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 2089 bytes 465111 return
        meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 249 bytes 24184 accept comment "OpenClash TCP Tproxy"
        meta nfproto ipv6 udp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 12 bytes 720 accept comment "OpenClash UDP Tproxy"
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         *WAN IP*.1    0.0.0.0         UG    0      0        0 pppoe-wan
*WAN IP*.1    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun

#ip route list
default via *WAN IP*.1 dev pppoe-wan proto static 
*WAN IP*.1 dev pppoe-wan proto kernel scope link src *WAN IP*.165 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   5        0 lo      
::/0                                        fe80::e672:e2ff:febe:b70b               UG    512    5        0 pppoe-wan
::/0                                        fe80::e672:e2ff:febe:b70b               UG    512    6        0 pppoe-wan
HIDE/64                     ::                                      !n    2147483647 2        0 lo      
HIDE/64                     ::                                      U     1024   5        0 br-lan  
HIDE/60                     ::                                      !n    2147483647 1        0 lo      
fd67:b5b0:5964::/64                         ::                                      U     1024   5        0 br-lan  
fd67:b5b0:5964::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::4c24:3cf0:b480:8bec/128               ::                                      U     256    1        0 pppoe-wan
fe80::e672:e2ff:febe:b70b/128               ::                                      U     256    1        0 pppoe-wan
fe80::/64                                   ::                                      U     256    1        0 dsa     
fe80::/64                                   ::                                      U     256    5        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 eth0    
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      7        0 lo      
HIDE/128                    ::                                      Un    0      3        0 pppoe-wan
*WAN IP*:8bec/128  ::                                      Un    0      8        0 pppoe-wan
HIDE/128                    ::                                      Un    0      3        0 br-lan  
HIDE/128                   ::                                      Un    0      7        0 br-lan  
fd67:b5b0:5964::/128                        ::                                      Un    0      3        0 br-lan  
fd67:b5b0:5964::1/128                       ::                                      Un    0      7        0 br-lan  
fe80::/128                                  ::                                      Un    0      6        0 dsa     
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::1e95:80ee:313:668f/128                ::                                      Un    0      2        0 utun    
fe80::4c24:3cf0:b480:8bec/128               ::                                      Un    0      4        0 pppoe-wan
fe80::7683:c2ff:fe4b:d3ea/128               ::                                      Un    0      3        0 dsa     
fe80::7683:c2ff:fe4b:d3ea/128               ::                                      Un    0      2        0 eth0    
fe80::7683:c2ff:fe4b:d3eb/128               ::                                      Un    0      6        0 br-lan  
ff00::/8                                    ::                                      U     256    6        0 dsa     
ff00::/8                                    ::                                      U     256    5        0 br-lan  
ff00::/8                                    ::                                      U     256    2        0 eth0    
ff00::/8                                    ::                                      U     256    4        0 pppoe-wan
ff00::/8                                    ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from HIDE/64 via fe80::e672:e2ff:febe:b70b dev pppoe-wan proto static metric 512 pref medium
default from HIDE/60 via fe80::e672:e2ff:febe:b70b dev pppoe-wan proto static metric 512 pref medium
unreachable HIDE/64 dev lo proto static metric 2147483647 pref medium
HIDE/64 dev br-lan proto static metric 1024 pref medium
unreachable HIDE/60 dev lo proto static metric 2147483647 pref medium
fd67:b5b0:5964::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd67:b5b0:5964::/48 dev lo proto static metric 2147483647 pref medium
fe80::4c24:3cf0:b480:8bec dev pppoe-wan proto kernel metric 256 pref medium
fe80::e672:e2ff:febe:b70b dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev dsa proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
4200000000: from HIDE/60 iif br-lan unreachable

#===================== Tun设备状态 =====================#

utun: tun pi multi_queue filter

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      7385/clash
tcp        0      0 :::9090                 :::*                    LISTEN      7385/clash
tcp        0      0 :::7890                 :::*                    LISTEN      7385/clash
tcp        0      0 :::7891                 :::*                    LISTEN      7385/clash
tcp        0      0 :::7892                 :::*                    LISTEN      7385/clash
tcp        0      0 :::7893                 :::*                    LISTEN      7385/clash
tcp        0      0 :::7895                 :::*                    LISTEN      7385/clash
udp        0      0 :::33409                :::*                                7385/clash
udp        0      0 :::7874                 :::*                                7385/clash
udp        0      0 :::7890                 :::*                                7385/clash
udp        0      0 :::7891                 :::*                                7385/clash
udp        0      0 :::7892                 :::*                                7385/clash
udp        0      0 :::7895                 :::*                                7385/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 198.18.0.245

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 1
  data: geo-p42.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 1
  data: z-p42-instagram.c10r.instagram.com.
  name: geo-p42.instagram.com.
  type: 5

  TTL: 1
  data: 157.240.22.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Additional: 
  TTL: 1
  data: ON:; EDNS: version 0; flags:; MBZ: 0x0001, udp: 1232
  name: .
  type: 41

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface wan
nameserver 218.2.2.2
nameserver 218.4.4.4
# Interface wan6
nameserver 240e:5a::6666
nameserver 240e:5b::6666

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 18 Jul 2023 16:36:34 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

#===================== 最近运行日志(自动切换为Debug模式) =====================#

2023-07-19 00:51:50 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=music.163.com. answer=["240e:f7:4019:3::4","240e:f7:4019:53::4"]
2023-07-19 00:51:50 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=music.163.com. answer=["115.236.118.34","115.236.121.4"]
2023-07-19 00:51:50 DBG [DNS] response empty request={"Id":30329,"Response":true,"Opcode":0,"Authoritative":false,"Truncated":false,"RecursionDesired":true,"RecursionAvailable":true,"Zero":false,"AuthenticatedData":false,"CheckingDisabled":false,"Rcode":3,"Question":[{"Name":"music.163.com.","Qtype":65,"Qclass":1}],"Answer":null,"Ns":null,"Extra":null,"Source":"127.0.0.1:5335"}

# service nginx stop 即可正常访问
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=music.163.com. answer=["240e:f7:4019:3::4","240e:f7:4019:53::4"]
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=s6.music.126.net. answer=["58.215.47.194","58.215.47.196","58.215.47.195","58.215.47.197","58.216.32.244","58.215.47.190","58.216.32.248","58.216.32.249"]
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=s6.music.126.net. answer=["240e:978:306:1:3::3fd","240e:978:306:1:3::3fe"]
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=acstatic-dun.126.net. answer=[]
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=acstatic-dun.126.net. answer=["58.215.47.194","58.215.47.195","58.215.47.191","58.216.32.240","58.215.47.192","58.216.32.241","58.215.47.193","58.216.32.242"]
17:17:23 DBG [TCP] accept connection lAddr=192.168.1.140:14195 rAddr=ac.dun.163.com:443 inbound=TUN
17:17:23 DBG [TCP] accept connection lAddr=192.168.1.140:14194 rAddr=ac.dun.163.com:443 inbound=TUN
17:17:23 DBG [Matcher] find process failed error=process not found addr=ac.dun.163.com
17:17:23 DBG [Matcher] find process failed error=process not found addr=ac.dun.163.com
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=ac.dun.163.com. answer=[]
17:17:23 INF [TCP] connected lAddr=192.168.1.140:14194 rAddr=ac.dun.163.com:443 mode=rule rule=Match() proxy=🐟 漏网之鱼[DIRECT]
17:17:23 INF [TCP] connected lAddr=192.168.1.140:14195 rAddr=ac.dun.163.com:443 mode=rule rule=Match() proxy=🐟 漏网之鱼[DIRECT]
17:17:23 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=ac.dun.163.com. answer=["60.191.81.66"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=st.music.163.com. answer=["240e:978:306:1:3::3fe","240e:978:306:1:3::3fd"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=st.music.163.com. answer=["58.215.47.191","58.215.47.192","58.215.47.197","58.216.32.243","58.215.47.190","58.215.47.193","58.216.32.241","58.216.32.242"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=p2.music.126.net. answer=["240e:978:101::f08","240e:978:101::f0c","240e:e9:b00c:8::5d","240e:e9:b00c:8::5c","240e:e9:b00c:8::5f","240e:e9:b00c:8::59"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=p2.music.126.net. answer=["114.230.213.89","114.230.213.87","114.230.213.86","114.230.213.88","58.215.92.84","58.215.92.85"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=p1.music.126.net. answer=["58.215.92.81","114.230.213.89","114.230.213.87","58.215.92.82","114.230.213.88","114.230.213.86"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=p1.music.126.net. answer=["240e:979:9509:80::b00:100","240e:979:9509:80::b00:214"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=sentry.music.163.com. answer=[]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=sentry.music.163.com. answer=["59.111.181.35"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=p4.music.126.net. answer=["114.230.213.88","58.215.92.80","114.230.213.89","114.230.213.87","114.230.213.86","58.215.92.82"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=p4.music.126.net. answer=["240e:978:306:1:3::3fd","240e:978:306:1:3::3fe"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=AAAA name=p3.music.126.net. answer=["240e:978:101::f0f","240e:978:101::f0b","240e:e9:b00c:8::5b","240e:e9:b00c:8::5c","240e:e9:b00c:8::5d","240e:e9:b00c:8::5a"]
17:17:24 DBG [DNS] dns response source=127.0.0.1:5335 qType=A name=p3.music.126.net. answer=["114.230.213.89","114.230.213.87","114.230.213.86","114.230.213.88","58.215.92.82","58.215.92.85"]

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

OpenClash Config

config openclash 'config'
    option update '0'
    option auto_update '0'
    option cn_port '9090'
    option rule_source '0'
    option enable_custom_clash_rules '0'
    option dns_advanced_setting '0'
    option servers_if_update '0'
    option servers_update '0'
    option proxy_mode 'rule'
    option filter_aaaa_dns '0'
    option small_flash_memory '0'
    option interface_name '0'
    option log_size '1024'
    option tolerance '0'
    option store_fakeip '1'
    option custom_fallback_filter '0'
    option dns_remote '1'
    option bypass_gateway_compatible '0'
    option urltest_address_mod '0'
    option release_branch 'master'
    option enable_meta_core '0'
    option geo_custom_url 'https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/lite/Country.mmdb'
    option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
    option chnr6_custom_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
    option cndomain_custom_url 'https://testingcf.jsdelivr.net/gh/felixonmars/dnsmasq-china-list@master/accelerated-domains.china.conf'
    option core_version 'linux-mipsle-softfloat'
    option append_default_dns '0'
    option ipv6_dns '1'
    option geo_update_week_time '1'
    option chnr_update_week_time '1'
    option auto_restart '0'
    option auto_restart_week_time '1'
    option auto_restart_day_time '0'
    option dashboard_type 'Official'
    option yacd_type 'Official'
    option restricted_mode '0'
    option core_type 'TUN'
    option ipv6_enable '1'
    option append_wan_dns '0'
    option dashboard_password 'clash'
    option create_config '0'
    option chnr_auto_update '1'
    option chnr_update_day_time '1'
    option geo_auto_update '1'
    option geo_update_day_time '2'
    option intranet_allowed '0'
    option dns_port '7874'
    option proxy_port '7892'
    option tproxy_port '7895'
    option socks_port '7891'
    option urltest_interval_mod '0'
    option github_address_mod '0'
    option custom_name_policy '0'
    option custom_host '0'
    option find_process_mode '0'
    option global_client_fingerprint '0'
    option geodata_loader '0'
    option enable_geoip_dat '0'
    option enable_meta_sniffer '1'
    option enable_meta_sniffer_pure_ip '1'
    option enable_meta_sniffer_custom '0'
    option enable_custom_domain_dns_server '0'
    option ipv6_mode '0'
    option enable_v6_udp_proxy '1'
    option http_port '7893'
    option mixed_port '7890'
    option disable_udp_quic '0'
    option enable_rule_proxy '0'
    option dashboard_forward_ssl '0'
    option geoip_auto_update '1'
    option geoip_update_week_time '1'
    option geoip_update_day_time '3'
    option geoip_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
    option geosite_auto_update '1'
    option geosite_update_week_time '1'
    option geosite_update_day_time '4'
    option geosite_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat'
    option fakeip_range '0'
    option custom_fakeip_filter '0'
    option enable_custom_dns '1'
    option config_path '/etc/openclash/config/custom_config.yaml'
    option enable_redirect_dns '1'
    option disable_masq_cache '1'
    option other_rule_auto_update '1'
    option other_rule_update_week_time '4'
    option other_rule_update_day_time '7'
    option log_level 'warning'
    option operation_mode 'fake-ip'
    option en_mode 'fake-ip-tun'
    option stack_type 'system'
    option delay_start '20'
    option dnsmasq_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
    option default_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
    option dnsmasq_noresolv '0'
    option router_self_proxy '0'
    option enable '1'
    option config_reload '1'
    option redirect_dns '1'
    option cachesize_dns '1'
    option china_ip_route '1'
    option custom_china_domain_dns_server '223.5.5.5'
    option china_ip6_route '1'

### Expected Behavior

能够正常访问。

### Screenshots

![image](https://github.com/vernesong/OpenClash/assets/50702502/e9acdb7e-1bc7-4721-987a-7e2542891087)

将域名移出 fake-ip-filter 后可正常访问。

[vernesong]

你出问题的域名查询DNS的结果是什么，这个问题之前有人提过，但我没使用Nginx

[Journalist-HK]

你出问题的域名查询DNS的结果是什么，这个问题之前有人提过，但我没使用Nginx

就是在namesever中设置的dns返回的结果，我测试了223.5.5.5，返回的是正确的域名，不是fake ip。

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days