From 39b33092120760b3e7de24abf3a14426c2a1afd0 Mon Sep 17 00:00:00 2001 From: Hiddify Date: Tue, 30 Jan 2024 13:09:23 +0100 Subject: [PATCH] new: add default dns with fragment in doh --- config/config.go | 67 ++++++++++++++++++++++++++++++++++++++++++------ go.mod | 2 +- go.sum | 4 +-- 3 files changed, 62 insertions(+), 11 deletions(-) diff --git a/config/config.go b/config/config.go index 3d9b7e4..64c9c6d 100644 --- a/config/config.go +++ b/config/config.go @@ -80,7 +80,13 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options Address: configOpt.RemoteDnsAddress, AddressResolver: "dns-direct", Strategy: configOpt.RemoteDnsDomainStrategy, - Detour: "select", + }, + { + Tag: "dns-trick-direct", + Address: "https://sky.rethinkdns.com/", + // AddressResolver: "dns-local", + Strategy: configOpt.DirectDnsDomainStrategy, + Detour: "direct-fragment", }, { Tag: "dns-direct", @@ -188,6 +194,7 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options parsedUrl, err := url.Parse(fmt.Sprintf("https://%s", remoteDNSAddress)) if err == nil && net.ParseIP(parsedUrl.Host) == nil { directDNSDomains = append(directDNSDomains, fmt.Sprintf("full:%s", parsedUrl.Host)) + //TODO: IS it really needed } routeRules := []option.Rule{ @@ -333,6 +340,7 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options }, }, ) + options.Route = &option.RouteOptions{ Rules: routeRules, AutoDetectInterface: true, @@ -352,12 +360,11 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options if err != nil { return nil, err } - if err == nil { - if serverDomain != "" { - directDNSDomains = append(directDNSDomains, serverDomain) - } - out = *outbound + + if serverDomain != "" { + directDNSDomains = append(directDNSDomains, serverDomain) } + out = *outbound switch out.Type { case C.TypeDirect, C.TypeBlock, C.TypeDNS: @@ -405,6 +412,19 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options Tag: "direct", Type: C.TypeDirect, }, + { + Tag: "direct-fragment", + Type: C.TypeDirect, + DirectOptions: option.DirectOutboundOptions{ + DialerOptions: option.DialerOptions{ + TLSFragment: &option.TLSFragmentOptions{ + Enabled: true, + Size: configOpt.TLSTricks.FragmentSize, + Sleep: configOpt.TLSTricks.FragmentSleep, + }, + }, + }, + }, { Tag: "bypass", Type: C.TypeDirect, @@ -415,9 +435,21 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options }, }..., ) - if len(directDNSDomains) > 0 { - domains := strings.Join(removeDuplicateStr(directDNSDomains), ",") + trickDnsDomains := []string{} + directDNSDomains = removeDuplicateStr(directDNSDomains) + for i, d := range directDNSDomains { + if isBlockedDomain(d) { + trickDnsDomains = append(trickDnsDomains, d) + } + } + trickDomains := strings.Join(trickDnsDomains, ",") + trickRule := Rule{Domains: trickDomains, Outbound: "bypass"} + trickdnsRule := trickRule.MakeDNSRule() + trickdnsRule.Server = "dns-trick-direct" + options.DNS.Rules = append([]option.DNSRule{{Type: C.RuleTypeDefault, DefaultOptions: trickdnsRule}}, options.DNS.Rules...) + + domains := strings.Join(directDNSDomains, ",") directRule := Rule{Domains: domains, Outbound: "bypass"} dnsRule := directRule.MakeDNSRule() dnsRule.Server = "dns-direct" @@ -426,6 +458,25 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options return &options, nil } +func isBlockedDomain(domain string) bool { + if strings.HasPrefix("full:", domain) { + return false + } + ips, err := net.LookupHost(domain) + if err != nil { + // fmt.Println(err) + return true + } + + // Print the IP addresses associated with the domain + fmt.Printf("IP addresses for %s:\n", domain) + for _, ip := range ips { + if strings.HasPrefix(ip, "10.") { + return true + } + } + return false +} func applyOverrides(overrides ConfigOptions, options option.Options) *option.Options { if overrides.EnableClashApi { diff --git a/go.mod b/go.mod index edbbbed..f5301ff 100644 --- a/go.mod +++ b/go.mod @@ -103,6 +103,6 @@ require ( lukechampine.com/blake3 v1.2.1 // indirect ) -replace github.com/sagernet/sing-box => github.com/hiddify/hiddify-sing-box v1.7.9-0.20240129222136-bef8c180eaef +replace github.com/sagernet/sing-box => github.com/hiddify/hiddify-sing-box v1.7.9-0.20240130115748-5838de40349e replace github.com/sagernet/wireguard-go => github.com/hiddify/wireguard-go v0.0.0-20240125143346-481d18d77fe1 diff --git a/go.sum b/go.sum index 0e652aa..44d3f62 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,8 @@ github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a h1:fEBsGL/sjAuJrgah5X github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= -github.com/hiddify/hiddify-sing-box v1.7.9-0.20240129222136-bef8c180eaef h1:ligclNc3H9xwgaSwnIhxp63nEAvYJ8fNKi7+UTER31E= -github.com/hiddify/hiddify-sing-box v1.7.9-0.20240129222136-bef8c180eaef/go.mod h1:B74zKdMcH3ZEmCi2OUqJTvEXCNtNQjivUEQ20y/5XQM= +github.com/hiddify/hiddify-sing-box v1.7.9-0.20240130115748-5838de40349e h1:FhrU990kkhxRoFAMvEZwUyM05s1AWBn7lzwijl9ucq0= +github.com/hiddify/hiddify-sing-box v1.7.9-0.20240130115748-5838de40349e/go.mod h1:B74zKdMcH3ZEmCi2OUqJTvEXCNtNQjivUEQ20y/5XQM= github.com/hiddify/ray2sing v0.0.0-20240127015415-b0b85dcbf102 h1:4vKmPE8AyvsBYuZmjGkPnsju8ZzVxEjC9I96uqxX5+o= github.com/hiddify/ray2sing v0.0.0-20240127015415-b0b85dcbf102/go.mod h1:zYKnf7EoPqrk7JOMO9BApTXxfH0sva8AKfoFywN7uuA= github.com/hiddify/wireguard-go v0.0.0-20240125143346-481d18d77fe1 h1:neOb+wzHbWLNZ2sHFEV4+GTuqORO7/MndQLFW8FjUY8=