以下为 sing-box 文档给出的配置:
{
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://8.8.8.8"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false
}
],
"outbounds": [
// ...
{
"type": "direct",
"tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geoip": [
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
}
}
根据 rule 规则,所有的 dns 似乎都指向 local ,那 dns 请求是如何经过代理的?这个配置是否存在 dns 泄露?
{
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://8.8.8.8"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false
}
],
"outbounds": [
// ...
{
"type": "direct",
"tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geoip": [
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
}
}
根据 rule 规则,所有的 dns 似乎都指向 local ,那 dns 请求是如何经过代理的?这个配置是否存在 dns 泄露?
6 条回复 • 2024-06-17 00:20:03 +08:00
 |
1
c0okies 11 天前
这个好像所有 dns 查询都优先通过 google ,除了出口服务器的域名
|
 |
2
xyseer2 11 天前
#1 说的没错,这样写所有流量默认过 google-dns ,这样的问题是墙内的直连流量不一定能搜到(部分地区 google-dns 直接 ban )所以官方那个配置下面加了几个 cn 规则去避免这个问题。
至于漏不漏呢,除了节点域名都是用 google-dns 查的,理应不漏,但考虑到墙内对 google-dns 的应对方式不同,我不好说完全不漏 lol |
 |
3
isAK47 10 天前
tun 配置还有一个问题,就是有些域名即使配置了代理也无效,只有终端里面是正常的,浏览器不行,一直找不到解决办法
|
 |
4
vfx666 OP @xyseer2 如果是所有流量都过 Google dns ,为啥 dns 规则的写法是 any local 呢,不应该是 any proxy ?
|
|
5
vfx666 OP |
 |
6
aflow 9 天前
dns 里也可以配置规则,设置非国内域名走代理解析,这是我抄的规则
```json "dns": { "servers": [ { "tag": "dns_proxy", "address": "tls://1.1.1.1", "address_resolver": "dns_resolver" }, { "tag": "dns_direct", "address": "h3://dns.alidns.com/dns-query", "address_resolver": "dns_resolver", "detour": "direct" }, { "tag": "dns_fakeip", "address": "fakeip" }, { "tag": "dns_resolver", "address": "223.5.5.5", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "outbound": [ "any" ], "server": "dns_resolver" }, { "geosite": [ "category-ads-all" ], "server": "dns_block", "disable_cache": true }, { "geosite": [ "geolocation-!cn" ], "query_type": [ "A" ], "server": "dns_fakeip" }, { "geosite": [ "geolocation-!cn" ], "server": "dns_proxy" } ], "final": "dns_direct", "independent_cache": true, "fakeip": { "enabled": true, "inet6_range": "fc00::/18", "inet4_range": "198.18.0.0/15" } } ``` |
Select Language