-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
关于Tun配置文件的DNS配置区域的一些疑问 #48
Comments
https://github.com/chika0801/sing-box-examples/tree/main/Tun#%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A1%B9 它只对
就是出站中 tag proxy 你在地址server填域名才会命中它(反正我是习惯一直填vps的ip) tun收到的域名请求是命中不了这规则的,代码原理我不懂,当时sb才加这参数我也不懂什么场景会用到,后来哪时看它群里有人在问,自己试了下后,写了上面一段话解释。这是我的理解。 |
所以 域名进dns规则部分从上到下,最后没命中,默认用第1个dns服务器即 https://github.com/chika0801/sing-box-examples/blob/main/Tun/config_client_windows_fakeip.json#L9 类似这些小地方我觉得懂的都懂我也不想写复杂的说明,(反正按我喜欢的逻辑,我倒是考量过的) |
啊啊,是我不知道只有在outbound是直连时才会命中 |
没事呀,类似打比方在tun环境下,你代理节点的地址一栏填的是域名,问题来了你在tun模式下这域名要解析成ip,域名就进到dns里,这参数就在这时用。 |
sing-box-examples/Tun/config_client_windows.json
Lines 34 to 52 in a1bc778
这部分最后兜底的是
dns_direct
假设没有命中geosite:geolocation-!cn
的话会不会造成DNS泄露?使用
dns_direct
兜底应该是为了避免在outbound.server
为域名时造成的DNS回环吧?如果是的话我个人认为将
dns_direct
兜底换为:服务器域名单独加入DNS规则的dns_direct
,使用dns_proxy
兜底会更好点,防止DNS泄露的问题。1* The default rule uses the following matching logic
The text was updated successfully, but these errors were encountered: