[ xray ] 优化clash节点的dns配置

2024-04-17 10:46:26 +08:00
parent 907474ebf3
commit 4c0c54eacc
4 changed files with 34 additions and 22 deletions
--- a/Untitled-1.sh
+++ b/Untitled-1.sh
@@ -49,3 +49,5 @@ tailscale up --login-server=http://tailscale.107421.xyz --accept-routes=false --
 headscale -n wdd-net nodes register --key 

 systemctl status tailscaled
+
+
--- a/temp.sh
+++ b/temp.sh
@@ -170,3 +170,5 @@ sed -i "s/\/var/\/var\/lib\/docker/g" /etc/fstab
 mount -a

 sed -i "s/\/data/\/var\/lib\/docker/g" /etc/fstab
+
+
--- a/v2ray示例/98-subscribe-clash.yaml
+++ b/v2ray示例/98-subscribe-clash.yaml
@@ -16,33 +16,41 @@ dns:
  enable: true
  listen: 0.0.0.0:53
  ipv6: true
-  default-nameserver:
-    - 1.1.1.1
+  # 如果用“nameservers”中的服务器解析的IP地址在下面指定的子网中，则这些地址被视为无效，而使用“回退”服务器的结果。
+  # 当“fallback-filter.geoip”为true并且IP地址的geoip为“CN”时，使用“nameserver”中服务器解析的IP地址。
+  # 如果“fallback-filter.geoip”为false，则如果与“fallbback-filter.ipcidr”不匹配，则始终使用“nameserver”名称服务器的结果。
+  #这是针对DNS污染攻击的对策。
+  nameserver: # 解析国内的网址
    - 223.5.5.5
-    - 192.168.78.39
-  nameserver:
-    - https://1.1.1.1/dns-query
-    - https://1.0.0.2/dns-query
-    - https://9.9.9.9/dns-query
-  fallback:
+    - 114.114.114.114
+    - 1.1.1.1
+    - 8.8.8.8
    - 192.168.78.39
    - 192.168.34.40
-    - https://dns.alidns.com/dns-query
+  fallback: # 解析国外的网址
+    - 1.1.1.1
+    - 8.8.8.8
+    - 223.5.5.5
+    - https://1.1.1.1/dns-query
    - https://doh.pub/dns-query
  fallback-filter:
    geoip: true
-    geoip-code: CN
+    geoip-code: CN  # 如果是国内的网址，使用nameserver解析到的地址
    domain:
-      - oa.cdcyy.cn
-      - ir.hq.cmcc
-      - ywzc.cdcyy.cn
-      - "*.hq.cmcc"
-      - cps.hq.cmcc
+      - '+.google.com'
+      - '+.facebook.com'
+      - '+.youtube.com'
    ipcidr:
-      - 240.0.0.0/4
-      - 192.168.78.0/24
-      - 192.168.34.0/24
-      - 192.168.35.0/24
+      - 240.0.0.0/8
+  # Lookup domains via specific nameservers
+  nameserver-policy:
+    'oa.cdcyy.cn': '192.168.78.39'
+    '+.hq.cmcc': '192.168.78.39'
+    'ir.hq.cmcc': '192.168.78.39'
+    '+.cdcyy.cn': '192.168.78.39'
+    '+.uavcmlc.com': '192.168.34.40'
+    '+.ops.uavcmlc.com': '192.168.34.40'
+
 proxies:
  - {"type":"vmess","name":"us-central-free","ws-opts":{"path":"/vmess"},"server":"northflank.107421.xyz","port":443,"uuid":"de04add9-5c68-8bab-950c-08cd5320df18","alterId":0,"cipher":"auto","network":"ws","tls":true}
  - {"type":"trojan","name":"LosAngels-BanH-Trojan","server":"89.208.251.209","port":443,"password":"V2ryStr0ngP0ss","udp":true,"skip-cert-verify":false,"sni":"xx.l4.cc.nn.107421.xyz","network":"tcp","ws-opts":{"headers":{"host":"xx.l4.cc.nn.107421.xyzh2,http/1.1"}}}