修改 DNS 策略

Author: DustinWin

_posts/2024-08-21-dnsbypass-mihomo-geodata.md

@@ -11,7 +11,7 @@ tags: [Clash, mihomo, 进阶, DNS, DNS 分流]
 1. 使用 [ShellCrash](https://github.com/juewuy/ShellCrash) 搭配 [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome) 并将 AdGuard Home 作为上游时不要使用该方法
 2. 本教程以 ShellCrash 为例，其它客户端亦可参考
 3. 本教程搭载 [mihomo 内核 Meta 版](https://github.com/MetaCubeX/mihomo/tree/Meta)（导入内核方法可参考《[ShellCrash 和 AdGuard Home 快速安装教程/导入 mihomo 内核 或 sing-box 内核](https://proxy-tutorials.dustinwin.us.kg/posts/pin-toolsinstall/#%E4%BA%8C-%E5%AF%BC%E5%85%A5-mihomo-%E5%86%85%E6%A0%B8-%E6%88%96-sing-box-%E5%86%85%E6%A0%B8)》）
-4. DNS 分流简单来说就是**指定国内域名走国内 DNS 解析，国外域名走 `fake-ip`**。未知域名走 `real-ip`（在匹配 `rules.GEOIP:cn` 规则时会由国内 DNS 解析，解析出 IP 在国内则走 `🀄️ 国内 IP` 规则，否则走 `🐟 漏网之鱼` 规则）
+4. DNS 分流简单来说就是**指定国内域名走国内 DNS 解析，国外域名走 `fake-ip`**。未知域名走 `fake-ip`（在匹配 `rules.GEOIP:cn` 规则时会由国内 DNS 解析，解析出 IP 在国内则走 `🀄️ 国内 IP` 规则，否则走 `🐟 漏网之鱼` 规则）
 5. 部分用户觉得未知域名处理方式会导致 DNS 泄露，可参考《[搭载 mihomo 内核配置 DNS 不泄露教程-geodata 方案](https://proxy-tutorials.dustinwin.us.kg/posts/dnsnoleaks-mihomo-geodata)》
 
 ## 一、 导入路由规则文件
@@ -25,8 +25,29 @@ geosite.dat 文件须包含 `fakeip-filter`、`cn` 和 `proxy`，推荐导入我
 
 ```yaml
 hosts:
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
   doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
+
+dns:
+  enable: true
+  prefer-h3: true
+  ipv6: true
+  listen: 0.0.0.0:1053
+  enhanced-mode: fake-ip
+  fake-ip-range: 28.0.0.0/8
+  fake-ip-range6: fc00::/16
+  fake-ip-filter: [geosite:fakeip-filter,cn]
+  nameserver:
+    - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
+```
+
+或者
+
+```yaml
+hosts:
   dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
 
 dns:
   enable: true
@@ -40,11 +61,11 @@ dns:
   fake-ip-filter:
     - GEOSITE,fakeip-filter,real-ip
     - GEOSITE,proxy,fake-ip
-    - GEOSITE,cn,real-ip  # 此条仅演示，可删除
-    - MATCH,real-ip
+    - GEOSITE,cn,real-ip
+    - MATCH,fake-ip
   nameserver:
-    - https://dns.pub/dns-query
     - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-dnsbypass-mihomo-ruleset.md

@@ -11,7 +11,7 @@ tags: [Clash, mihomo, 进阶, DNS, DNS 分流]
 1. 使用 [ShellCrash](https://github.com/juewuy/ShellCrash) 搭配 [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome) 并将 AdGuard Home 作为上游时不要使用该方法
 2. 本教程以 ShellCrash 为例，其它客户端亦可参考
 3. 本教程搭载 [mihomo 内核 Meta 版](https://github.com/MetaCubeX/mihomo/tree/Meta)（导入内核方法可参考《[ShellCrash 和 AdGuard Home 快速安装教程/导入 mihomo 内核 或 sing-box 内核](https://proxy-tutorials.dustinwin.us.kg/posts/pin-toolsinstall/#%E4%BA%8C-%E5%AF%BC%E5%85%A5-mihomo-%E5%86%85%E6%A0%B8-%E6%88%96-sing-box-%E5%86%85%E6%A0%B8)》）
-4. DNS 分流简单来说就是**指定国内域名走国内 DNS 解析，国外域名走 `fake-ip`**。未知域名走 `real-ip`（在匹配 `rules.RULE-SET:cnip` 规则时会由国内 DNS 解析，解析出 IP 在国内则走 `🀄️ 国内 IP` 规则，否则走 `🐟 漏网之鱼` 规则）
+4. DNS 分流简单来说就是**指定国内域名走国内 DNS 解析，国外域名走 `fake-ip`**。未知域名走 `fake-ip`（在匹配 `rules.RULE-SET:cnip` 规则时会由国内 DNS 解析，解析出 IP 在国内则走 `🀄️ 国内 IP` 规则，否则走 `🐟 漏网之鱼` 规则）
 5. 部分用户觉得未知域名处理方式会导致 DNS 泄露，可参考《[搭载 mihomo 内核配置 DNS 不泄露教程-ruleset 方案](https://proxy-tutorials.dustinwin.us.kg/posts/dnsnoleaks-mihomo-ruleset)》
 
 ## 一、 导入规则集合文件
@@ -52,8 +52,29 @@ rule-providers:
 
 ```yaml
 hosts:
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
   doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
+
+dns:
+  enable: true
+  prefer-h3: true
+  ipv6: true
+  listen: 0.0.0.0:1053
+  enhanced-mode: fake-ip
+  fake-ip-range: 28.0.0.0/8
+  fake-ip-range6: fc00::/16
+  fake-ip-filter: [rule-set:fakeip-filter,cn]
+  nameserver:
+    - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
+```
+
+或者
+
+```yaml
+hosts:
   dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
 
 dns:
   enable: true
@@ -67,11 +88,11 @@ dns:
   fake-ip-filter:
     - RULE-SET,fakeip-filter,real-ip
     - RULE-SET,proxy,fake-ip
-    - RULE-SET,cn,real-ip  # 此条仅演示，可删除
-    - MATCH,real-ip
+    - RULE-SET,cn,real-ip
+    - MATCH,fake-ip
   nameserver:
-    - https://dns.pub/dns-query
     - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-dnsnoleaks-mihomo-geodata.md

@@ -28,8 +28,8 @@ geosite.dat 文件须包含 `fakeip-filter`、`cn` 和 `proxy`，推荐导入我
 
 ```yaml
 hosts:
-  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
   dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
 
@@ -44,23 +44,23 @@ dns:
   fake-ip-filter:
     - GEOSITE,fakeip-filter,real-ip
     - GEOSITE,proxy,fake-ip
-    - GEOSITE,cn,real-ip  # 此条仅演示，可删除
-    - MATCH,real-ip
+    - GEOSITE,cn,real-ip
+    - MATCH,fake-ip
   respect-rules: true
   nameserver:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
   proxy-server-nameserver:
-    - https://dns.pub/dns-query
     - quic://dns.alidns.com:853
-  direct-nameserver:
     - https://dns.pub/dns-query
+  direct-nameserver:
     - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
   nameserver-policy:
     'geosite:fakeip-filter,cn':
-      - https://dns.pub/dns-query
       - quic://dns.alidns.com:853
+      - https://dns.pub/dns-query
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -77,8 +77,8 @@ dns:
 
   ```yaml
   hosts:
-    doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
     dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+    doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
 
   dns:
     enable: true
@@ -88,13 +88,10 @@ dns:
     enhanced-mode: fake-ip
     fake-ip-range: 28.0.0.0/8
     fake-ip-range6: fc00::/16
-    fake-ip-filter-mode: rule
-    fake-ip-filter:
-    - GEOSITE,fakeip-filter,real-ip
-    - MATCH,fake-ip
+    fake-ip-filter: [geosite:fakeip-filter]
     nameserver:
-      - https://dns.pub/dns-query
       - quic://dns.alidns.com:853
+      - https://dns.pub/dns-query
   ```
 
   按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -106,8 +103,8 @@ dns:
 
 ```yaml
 hosts:
-  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
   dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
 
@@ -125,15 +122,15 @@ dns:
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
   proxy-server-nameserver:
-    - https://dns.pub/dns-query
     - quic://dns.alidns.com:853
-  direct-nameserver:
     - https://dns.pub/dns-query
+  direct-nameserver:
     - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
   nameserver-policy:
-    'geosite:fakeip-filter,cn':
-      - https://dns.pub/dns-query
+    'geosite:cn':
       - quic://dns.alidns.com:853
+      - https://dns.pub/dns-query
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-dnsnoleaks-mihomo-ruleset.md

@@ -55,8 +55,8 @@ rule-providers:
 
 ```yaml
 hosts:
-  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
   dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
 
@@ -71,23 +71,23 @@ dns:
   fake-ip-filter:
     - RULE-SET,fakeip-filter,real-ip
     - RULE-SET,proxy,fake-ip
-    - RULE-SET,cn,real-ip  # 此条仅演示，可删除
-    - MATCH,real-ip
+    - RULE-SET,cn,real-ip
+    - MATCH,fake-ip
   respect-rules: true
   nameserver:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
   proxy-server-nameserver:
-    - https://dns.pub/dns-query
     - quic://dns.alidns.com:853
-  direct-nameserver:
     - https://dns.pub/dns-query
+  direct-nameserver:
     - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
   nameserver-policy:
     'rule-set:fakeip-filter,cn':
-      - https://dns.pub/dns-query
       - quic://dns.alidns.com:853
+      - https://dns.pub/dns-query
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -106,8 +106,8 @@ dns:
 
   ```yaml
   hosts:
-    doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
     dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+    doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
 
   dns:
     enable: true
@@ -117,13 +117,10 @@ dns:
     enhanced-mode: fake-ip
     fake-ip-range: 28.0.0.0/8
     fake-ip-range6: fc00::/16
-    fake-ip-filter-mode: rule
-    fake-ip-filter:
-    - RULE-SET,fakeip-filter,real-ip
-    - MATCH,fake-ip
+    fake-ip-filter: [rule-set:fakeip-filter]
     nameserver:
-      - https://dns.pub/dns-query
       - quic://dns.alidns.com:853
+      - https://dns.pub/dns-query
   ```
 
   按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -135,8 +132,8 @@ dns:
 
 ```yaml
 hosts:
-  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  doh.pub: [1.12.12.12, 120.53.53.53, 2402:4e00::]
   dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
   dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
 
@@ -154,15 +151,15 @@ dns:
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
   proxy-server-nameserver:
-    - https://dns.pub/dns-query
     - quic://dns.alidns.com:853
-  direct-nameserver:
     - https://dns.pub/dns-query
+  direct-nameserver:
     - quic://dns.alidns.com:853
+    - https://dns.pub/dns-query
   nameserver-policy:
-    'rule-set:fakeip-filter,cn':
-      - https://dns.pub/dns-query
+    'rule-set:cn':
       - quic://dns.alidns.com:853
+      - https://dns.pub/dns-query
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车