v0.40.15-beta，自定义规则设置不生效(域名匹配直连)

因为要做ddns域名解析，所以在openclash里设置查询外网ip的url请求进行直连
开启了订阅每天定时更新，这两天更新重启openclash后会出现域名解析不到外网地址的问题，日志里查到自定义设置的域名未生效。 redir-host 模式(开启绕过中国大陆ip，也是一样)、fake-ip模式均会出现这种问题
调试日志如下 OpenClash 调试日志
生成时间: 2020-11-14 09:29:01 插件版本: v0.40.15-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#
主机型号: Intel(R) Celeron(R) J4105 CPU @ 1.50GHz : 1 Core 2 Thread
固件版本: OpenWrt GDQ v11-1_[2020]
LuCI版本: git-20.256.12360-1a54222-1
内核版本: 4.19.138
处理器架构: x86_64

#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT

#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
iptables-mod-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 28136
运行权限: 28136: = cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource+eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: v0.17.0-219-g9ac38a4
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.2.0-14-g87e4d94
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/v2vn792.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发: 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 停用
仅代理命中规则流量: 启用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
保留配置: 启用
第三方规则: 停用

#===================== 自定义规则 一 =====================#
##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com

DOMAIN-SUFFIX,dyndns.com,DIRECT
DOMAIN-SUFFIX,koolcenter.com,DIRECT
#===================== 自定义规则 二 =====================#
##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)

DOMAIN-SUFFIX,dyndns.com,DIRECT
DOMAIN-SUFFIX,koolcenter.com,DIRECT

#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
bind-address: "*"
ipv6: false
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
redir-port: 7892
interface-name: br-lan
external-ui: "/usr/share/openclash/dashboard"
dns:
  listen: 127.0.0.1:7874
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
##Custom fake-ip-filter##
    - '*.lan'
    - 'time.windows.com'
    - 'time.nist.gov'
    - 'time.apple.com'
    - 'time.asia.apple.com'
    - '*.ntp.org.cn'
    - '*.openwrt.pool.ntp.org'
    - 'time1.cloud.tencent.com'
    - 'time.ustc.edu.cn'
    - 'pool.ntp.org'
    - 'ntp.ubuntu.com'
    - 'ntp.aliyun.com'
    - 'ntp1.aliyun.com'
    - 'ntp2.aliyun.com'
    - 'ntp3.aliyun.com'
    - 'ntp4.aliyun.com'
    - 'ntp5.aliyun.com'
    - 'ntp6.aliyun.com'
    - 'ntp7.aliyun.com'
    - 'time1.aliyun.com'
    - 'time2.aliyun.com'
    - 'time3.aliyun.com'
    - 'time4.aliyun.com'
    - 'time5.aliyun.com'
    - 'time6.aliyun.com'
    - 'time7.aliyun.com'
    - '*.time.edu.cn'
    - 'time1.apple.com'
    - 'time2.apple.com'
    - 'time3.apple.com'
    - 'time4.apple.com'
    - 'time5.apple.com'
    - 'time6.apple.com'
    - 'time7.apple.com'
    - 'time1.google.com'
    - 'time2.google.com'
    - 'time3.google.com'
    - 'time4.google.com'
    - 'music.163.com'
    - '*.music.163.com'
    - '*.126.net'
    - 'musicapi.taihe.com'
    - 'music.taihe.com'
    - 'songsearch.kugou.com'
    - 'trackercdn.kugou.com'
    - '*.kuwo.cn'
    - 'api-jooxtt.sanook.com'
    - 'api.joox.com'
    - 'joox.com'
    - 'y.qq.com'
    - '*.y.qq.com'
    - 'streamoc.music.tc.qq.com'
    - 'mobileoc.music.tc.qq.com'
    - 'isure.stream.qqmusic.qq.com'
    - 'dl.stream.qqmusic.qq.com'
    - 'aqqmusic.tc.qq.com'
    - 'amobile.music.tc.qq.com'
    - '*.xiami.com'
    - '*.music.migu.cn'
    - 'music.migu.cn'
    - '*.msftconnecttest.com'
    - '*.msftncsi.com'
    - 'localhost.ptlogin2.qq.com'
    - '*.*.*.srv.nintendo.net'
    - '*.*.stun.playstation.net'
    - 'xbox.*.*.microsoft.com'
    - '*.*.xboxlive.com'
    - 'proxy.golang.org'
    - '*.bind.com'
##Custom fake-ip-filter END##
  nameserver:
##Custom DNS##
    - 114.114.114.114
    - 119.29.29.29
    - 119.28.28.28
    - 223.5.5.5
    - https://doh.rixcloud.dev/dns-query
  fallback:
    - https://cloudflare-dns.com/dns-query
    - https://dns.google/dns-query
    - tls://dns.google:853
    - https://1.1.1.1/dns-query
    - tls://1.1.1.1:853
    - tls://8.8.8.8:853
  fallback-filter:
    geoip: true
    ipcidr:
      - 0.0.0.0/8
      - 10.0.0.0/8
      - 100.64.0.0/10
      - 127.0.0.0/8
      - 169.254.0.0/16
      - 172.16.0.0/12
      - 192.0.0.0/24
      - 192.0.2.0/24
      - 192.88.99.0/24
      - 192.168.0.0/16
      - 198.18.0.0/15
      - 198.51.100.0/24
      - 203.0.113.0/24
      - 224.0.0.0/4
      - 240.0.0.0/4
      - 255.255.255.255/32

#===================== 防火墙设置 =====================#

#NAT chain

# Generated by iptables-save v1.8.4 on Sat Nov 14 09:29:02 2020
*nat
:PREROUTING ACCEPT [122:29796]
:INPUT ACCEPT [49:13856]
:OUTPUT ACCEPT [113:7171]
:POSTROUTING ACCEPT [139:8635]
:CLOUD_MUSIC - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m set --match-set music dst -j CLOUD_MUSIC
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE
-A POSTROUTING -o ztukuuwzhu -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A CLOUD_MUSIC -d 0.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 10.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 127.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 169.254.0.0/16 -j RETURN
-A CLOUD_MUSIC -d 172.16.0.0/12 -j RETURN
-A CLOUD_MUSIC -d 192.168.0.0/16 -j RETURN
-A CLOUD_MUSIC -d 224.0.0.0/4 -j RETURN
-A CLOUD_MUSIC -d 240.0.0.0/4 -j RETURN
-A CLOUD_MUSIC -p tcp -m set ! --match-set music_http src -m tcp --dport 80 -j REDIRECT --to-ports 5200
-A CLOUD_MUSIC -p tcp -m set ! --match-set music_https src -m tcp --dport 443 -j REDIRECT --to-ports 5201
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 5900 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -m multiport --dports 80,443 -j REDIRECT --to-ports 7892
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -p tcp -m tcp --dport 5900 -m comment --comment "!fw3: 5900" -j DNAT --to-destination 10.10.10.172:5900
-A zone_lan_prerouting -p udp -m udp --dport 5900 -m comment --comment "!fw3: 5900" -j DNAT --to-destination 10.10.10.172:5900
COMMIT
# Completed on Sat Nov 14 09:29:02 2020

#Mangle chain

# Generated by iptables-save v1.8.4 on Sat Nov 14 09:29:02 2020
*mangle
:PREROUTING ACCEPT [3842:4871735]
:INPUT ACCEPT [3531:4811729]
:FORWARD ACCEPT [82:5468]
:OUTPUT ACCEPT [2913:4796198]
:POSTROUTING ACCEPT [2998:4801762]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.10.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.3/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.3/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.4/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.4/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.20/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.20/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.21/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.21/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.22/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.22/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.25/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.25/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.27/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.27/32 -j RETURN
-A RRDIPT_FORWARD -s 10.10.10.100/32 -j RETURN
-A RRDIPT_FORWARD -d 10.10.10.100/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.33/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.33/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.23/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.23/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.32/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.32/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.28/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.28/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.10.35/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.35/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A openclash -p udp -m udp --dport 5900 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Sat Nov 14 09:29:02 2020

#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.1    0.0.0.0         UG    0      0        0 br-lan
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 ztukuuwzhu
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 192.168.10.1 dev br-lan proto static 
10.10.10.0/24 dev ztukuuwzhu proto kernel scope link src 10.10.10.254 
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.254 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#
tcp        0      0 :::7890                 :::*                    LISTEN      28136/clash
tcp        0      0 :::7891                 :::*                    LISTEN      28136/clash
tcp        0      0 :::7892                 :::*                    LISTEN      28136/clash
tcp        0      0 :::9090                 :::*                    LISTEN      28136/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           28136/clash
udp        0      0 :::7891                 :::*                                28136/clash
udp        0      0 :::7892                 :::*                                28136/clash

#===================== 测试本机DNS查询 =====================#
Server:     127.0.0.1
Address:    127.0.0.1#53

Name:   www.baidu.com
Address: 198.18.0.180

#===================== resolv.conf.d =====================#
# Interface lan
nameserver 114.114.114.114

#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 14 Nov 2020 01:29:02 GMT
Etag: "575e1f71-115"
Last-Modified: Mon, 13 Jun 2016 02:50:25 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
ETag: "d30e627954475a5bfdb3d5cddabaf42949acf0969d5da3dbdcd657eda7822520"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-GitHub-Request-Id: D878:2316:2747D2:2A0F2A:5FAEEFA7
Accept-Ranges: bytes
Date: Sat, 14 Nov 2020 01:29:02 GMT
X-Served-By: cache-tyo19927-TYO
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1605317343.593571,VS0,VE254
Vary: Authorization,Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: f7a42beb75a34c49eece771719250be7cdb339c3
Expires: Sat, 14 Nov 2020 01:34:02 GMT
Source-Age: 0

#===================== 最近运行日志 =====================#

time="2020-11-14T09:28:51+08:00" level=info msg="[TCP] 192.168.10.254:33826 --> ip.koolcenter.com match Match() using 🐟 漏网之鱼[中转 | 香港⑦]"
time="2020-11-14T09:28:53+08:00" level=info msg="[TCP] 192.168.10.254:54112 --> checkip.dyndns.com match Match() using 🐟 漏网之鱼[中转 | 香港⑦]"
time="2020-11-14T09:28:54+08:00" level=info msg="[TCP] 192.168.10.27:51616 --> 59.36.230.69 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2020-11-14T09:28:54+08:00" level=info msg="[TCP] 192.168.10.22:55514 --> pan.baidu.com match DomainSuffix(baidu.com) using 🎯 全球直连[DIRECT]"
time="2020-11-14T09:28:54+08:00" level=info msg="[TCP] 192.168.10.27:51617 --> v5-dy-i.ixigua.com match DomainSuffix(ixigua.com) using 🎯 全球直连[DIRECT]"
time="2020-11-14T09:28:55+08:00" level=info msg="[TCP] 192.168.10.27:51618 --> v95-dy.ixigua.com match DomainSuffix(ixigua.com) using 🎯 全球直连[DIRECT]"
time="2020-11-14T09:28:55+08:00" level=info msg="[TCP] 192.168.10.27:64455 --> tte689903479b31f77.developer.toutiao.com match DomainSuffix(toutiao.com) using 🎯 全球直连[DIRECT]"
time="2020-11-14T09:29:00+08:00" level=info msg="[TCP] 192.168.10.33:50483 --> 48-courier.push.apple.com match DomainSuffix(apple.com) using 🍎 苹果服务[中转 | 香港⑦]"
time="2020-11-14T09:29:01+08:00" level=info msg="[TCP] 192.168.10.33:50484 --> 17.252.157.19 match IPCIDR(17.0.0.0/8) using 🍎 苹果服务[中转 | 香港⑦]"
time="2020-11-14T09:29:02+08:00" level=info msg="[TCP] 192.168.10.254:51730 --> www.baidu.com match DomainSuffix(baidu.com) using 🎯 全球直连[DIRECT]"
time="2020-11-14T09:29:02+08:00" level=info msg="[TCP] 192.168.10.254:59402 --> raw.githubusercontent.com match DomainKeyword(github) using 🚀 节点选择[中转 | 香港⑦]"
vernesong / OpenClash

v0.40.15-beta，自定义规则设置不生效(域名匹配直连) #977
