优化 DNS 配置

Author: DustinWin

_posts/2024-08-21-dnsbypass-mihomo-geodata.md

@@ -24,6 +24,10 @@ geosite.dat 文件须包含 `fakeip-filter`、`cn` 和 `proxy`，推荐导入我
 2. 连接 SSH 后执行命令 `vi $CRASHDIR/yamls/user.yaml`，按一下 Ins 键（Insert 键），粘贴如下内容：
 
 ```yaml
+hosts:
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+
 dns:
   enable: true
   prefer-h3: true
@@ -38,7 +42,9 @@ dns:
     - GEOSITE,proxy,fake-ip
     - GEOSITE,cn,real-ip  # 此条仅演示，可删除
     - MATCH,real-ip
-  nameserver: [system]
+  nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-dnsbypass-mihomo-ruleset.md

@@ -51,6 +51,10 @@ rule-providers:
 2. 连接 SSH 后执行命令 `vi $CRASHDIR/yamls/user.yaml`，按一下 Ins 键（Insert 键），粘贴如下内容：
 
 ```yaml
+hosts:
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+
 dns:
   enable: true
   prefer-h3: true
@@ -65,7 +69,9 @@ dns:
     - RULE-SET,proxy,fake-ip
     - RULE-SET,cn,real-ip  # 此条仅演示，可删除
     - MATCH,real-ip
-  nameserver: [system]
+  nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-dnsnoleaks-mihomo-geodata.md

@@ -27,6 +27,12 @@ geosite.dat 文件须包含 `fakeip-filter`、`cn` 和 `proxy`，推荐导入我
 {: .prompt-info }
 
 ```yaml
+hosts:
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
+  dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
+
 dns:
   enable: true
   ipv6: true
@@ -45,8 +51,12 @@ dns:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
-  proxy-server-nameserver: [system]
-  direct-nameserver: [system]
+  proxy-server-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
+  direct-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -62,6 +72,10 @@ dns:
 - ② 连接 SSH 后执行 `vi $CRASHDIR/yamls/user.yaml`，按一下 Ins 键（Insert 键），粘贴如下内容：
 
   ```yaml
+  hosts:
+    doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+    dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+
   dns:
     enable: true
     prefer-h3: true
@@ -74,7 +88,9 @@ dns:
     fake-ip-filter:
     - GEOSITE,fakeip-filter,real-ip
     - MATCH,fake-ip
-    nameserver: [system]
+    nameserver:
+      - https://dns.pub/dns-query
+      - quic://dns.alidns.com:853
   ```
 
   按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -85,6 +101,12 @@ dns:
 {: .prompt-info }
 
 ```yaml
+hosts:
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
+  dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
+
 dns:
   enable: true
   ipv6: true
@@ -98,8 +120,12 @@ dns:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
-  proxy-server-nameserver: [system]
-  direct-nameserver: [system]
+  proxy-server-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
+  direct-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-dnsnoleaks-mihomo-ruleset.md

@@ -54,6 +54,12 @@ rule-providers:
 {: .prompt-info }
 
 ```yaml
+hosts:
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
+  dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
+
 dns:
   enable: true
   ipv6: true
@@ -72,8 +78,12 @@ dns:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
-  proxy-server-nameserver: [system]
-  direct-nameserver: [system]
+  proxy-server-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
+  direct-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -91,6 +101,10 @@ dns:
 - ② 连接 SSH 后执行 `vi $CRASHDIR/yamls/user.yaml`，按一下 Ins 键（Insert 键），粘贴如下内容：
 
   ```yaml
+  hosts:
+    doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+    dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+
   dns:
     enable: true
     prefer-h3: true
@@ -103,7 +117,9 @@ dns:
     fake-ip-filter:
     - RULE-SET,fakeip-filter,real-ip
     - MATCH,fake-ip
-    nameserver: [system]
+    nameserver:
+      - https://dns.pub/dns-query
+      - quic://dns.alidns.com:853
   ```
 
   按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车
@@ -114,6 +130,12 @@ dns:
 {: .prompt-info }
 
 ```yaml
+hosts:
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
+  dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
+
 dns:
   enable: true
   ipv6: true
@@ -127,8 +149,12 @@ dns:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
-  proxy-server-nameserver: [system]
-  direct-nameserver: [system]
+  proxy-server-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
+  direct-nameserver:
+    - https://dns.pub/dns-query
+    - quic://dns.alidns.com:853
 ```
 
 按一下 Esc 键（退出键），输入英文冒号 `:`，继续输入 `wq` 并回车

_posts/2024-08-21-share-android-mihomo-ruleset.md

@@ -8,7 +8,8 @@ tags: [Clash, Clash Mi, mihomo, Android, ruleset, rule-set, 分享]
 
 > 声明
 {: .prompt-warning }
-请根据自身情况进行修改，**适合自己的方案才是最好的方案**，如无特殊需求，可以照搬
+1. 请根据自身情况进行修改，**适合自己的方案才是最好的方案**，如无特殊需求，可以照搬
+2. 若 `谷歌服务` 出现错误，请删除 `nameserver` 相关配置项里的所有[阿里云公共 DNS](https://help.aliyun.com/zh/dns/what-is-alibaba-cloud-public-dns)
 
 ## 一、 生成配置文件 .yaml 文件直链
 具体方法请参考《[生成带有自定义策略组和规则的 mihomo 配置文件直链-ruleset 方案](https://proxy-tutorials.dustinwin.us.kg/posts/link-mihomo-ruleset)》，贴一下我使用的配置：
@@ -62,9 +63,9 @@ tun:
   strict-route: true
 
 hosts:
-  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
-  doh.pub: [1.12.12.12, 1.12.12.21, 120.53.53.53]
   miwifi.com: [192.168.31.1, 127.0.0.1]
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
   services.googleapis.cn: [services.googleapis.com]
 
 dns:
@@ -76,8 +77,8 @@ dns:
   fake-ip-range6: fc00::/16
   fake-ip-filter: ['rule-set:trackerslist,private,cn']
   nameserver:
-    - https://dns.alidns.com/dns-query
     - https://doh.pub/dns-query
+    - quic://dns.alidns.com:853
   nameserver-policy: {'rule-set:ads': [rcode://success]}
 
 # 若没有单个出站代理节点，须删除所有 `🆚 vless 节点` 相关内容
@@ -305,7 +306,12 @@ proxy-groups:
 - 2. 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS（可进入光猫或路由器拨号页面查看，或者前往[公共 DNS 大全](https://toolb.cn/publicdns)查询）的 IP 段，如默认 DNS 为 `211.137.58.20`，可设置为 `211.137.58.0/24`
 
 ```yaml
-hosts: {miwifi.com: [192.168.31.1, 127.0.0.1]}
+hosts:
+  miwifi.com: [192.168.31.1, 127.0.0.1]
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
+  dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
 
 dns:
   enable: true
@@ -320,8 +326,12 @@ dns:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
-  proxy-server-nameserver: [system]
-  direct-nameserver: [system]
+  proxy-server-nameserver:
+    - https://doh.pub/dns-query
+    - quic://dns.alidns.com:853
+  direct-nameserver:
+    - https://doh.pub/dns-query
+    - quic://dns.alidns.com:853
   nameserver-policy: {'rule-set:ads': [rcode://success]}
 ```
 

_posts/2024-08-21-share-android-singboxr-ruleset.md

@@ -50,14 +50,13 @@ tags: [sing-box, sing-boxr, Android, ruleset, rule_set, 分享]
         "tag": "dns_hosts",
         "type": "hosts",
         "predefined": {
-          "dns.alidns.com": [ "223.5.5.5", "223.6.6.6", "2400:3200::1", "2400:3200:baba::1" ],
-          "dns.google": [ "8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844" ],
-          "miwifi.com": [ "192.168.31.1", "127.0.0.1" ]
+          "miwifi.com": [ "192.168.31.1", "127.0.0.1" ],
+          "doh.pub": [ "1.12.12.21", "120.53.53.53", "2402:4e00::" ],
+          "dns.google": [ "8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844" ]
         }
       },
-      { "tag": "dns_resolver", "type": "https", "server": "223.5.5.5" },
-      { "tag": "dns_direct", "type": "quic", "server": "dns.alidns.com", "domain_resolver": "dns_resolver" },
-      { "tag": "dns_proxy", "type": "https", "server": "dns.google", "detour": "GLOBAL" },
+      { "tag": "dns_direct", "type": "https", "server": "doh.pub", "domain_resolver": "dns_hosts" },
+      { "tag": "dns_proxy", "type": "https", "server": "dns.google", "domain_resolver": "dns_hosts", "detour": "GLOBAL" },
       { "tag": "dns_fakeip", "type": "fakeip", "inet4_range": "28.0.0.0/8", "inet6_range": "fc00::/16" }
     ],
     "rules": [
@@ -119,7 +118,7 @@ tags: [sing-box, sing-boxr, Android, ruleset, rule_set, 分享]
     { "tag": "免费节点", "type": "urltest", "tolerance": 100, "providers": [ "🆓 免费订阅" ] }
   ],
   "route": {
-    "default_domain_resolver": { "server": "dns_resolver" },
+    "default_domain_resolver": { "server": "dns_direct" },
     "rules": [
       { "action": "sniff" },
       { "protocol": [ "dns" ], "action": "hijack-dns" },
@@ -313,10 +312,17 @@ tags: [sing-box, sing-boxr, Android, ruleset, rule_set, 分享]
 {
   "dns": {
     "servers": [
-      { "tag": "dns_hosts", "type": "hosts", "predefined": { "miwifi.com": [ "192.168.31.1", "127.0.0.1" ] } },
-      { "tag": "dns_resolver", "type": "local" },
-      { "tag": "dns_direct", "type": "https", "server": "doh.pub", "domain_resolver": "dns_resolver" },
-      { "tag": "dns_proxy", "type": "https", "server": "dns.google", "detour": "GLOBAL" },
+      {
+        "tag": "dns_hosts",
+        "type": "hosts",
+        "predefined": {
+          "miwifi.com": [ "192.168.31.1", "127.0.0.1" ],
+          "doh.pub": [ "1.12.12.21", "120.53.53.53", "2402:4e00::" ],
+          "dns.google": [ "8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844" ]
+        }
+      },
+      { "tag": "dns_direct", "type": "https", "server": "doh.pub", "domain_resolver": "dns_hosts" },
+      { "tag": "dns_proxy", "type": "https", "server": "dns.google", "domain_resolver": "dns_hosts", "detour": "GLOBAL" },
       { "tag": "dns_fakeip", "type": "fakeip", "inet4_range": "28.0.0.0/8", "inet6_range": "fc00::/16" }
     ],
     "rules": [

_posts/2024-08-21-share-shellcrash-mihomo-geodata.md

@@ -12,6 +12,7 @@ tags: [Clash, mihomo, ShellCrash, geodata, geosite, 分享, Router]
 2. 此方案适用于 [ShellCrash](https://github.com/juewuy/ShellCrash)（以 arm64 架构为例，且安装路径为 `/data/ShellCrash`{: .filepath}）
 3. 本方案绕过了 CNIP 且不搭配 [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome)，在 DNS 层拦截广告
 4. 本人将路由器设置了每天早上 6 点重启，使得《[五](https://proxy-tutorials.dustinwin.us.kg/posts/share-shellcrash-mihomo-geodata/#%E4%BA%94-%E6%B7%BB%E5%8A%A0%E5%AE%9A%E6%97%B6%E4%BB%BB%E5%8A%A1)》中设置的定时任务生效
+5. 若 `谷歌服务` 出现错误如 [Google Chrome](https://www.google.com/chrome/) 检查更新失败，请删除 `nameserver` 相关配置项里的所有[阿里云公共 DNS](https://help.aliyun.com/zh/dns/what-is-alibaba-cloud-public-dns)
 
 ## 一、 生成配置文件 .yaml 文件直链
 具体方法此处不再赘述，请看《[生成带有自定义策略组和规则的 mihomo 配置文件直链-geodata 方案](https://proxy-tutorials.dustinwin.us.kg/posts/link-mihomo-geodata)》，贴一下我使用的配置：
@@ -170,9 +171,9 @@ profile: {store-selected: true, store-fake-ip: true}
 geodata-mode: true
 
 hosts:
-  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
-  doh.pub: [1.12.12.12, 1.12.12.21, 120.53.53.53]
   miwifi.com: [192.168.31.1, 127.0.0.1]
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
   services.googleapis.cn: [services.googleapis.com]
 
 dns:
@@ -185,8 +186,8 @@ dns:
   fake-ip-range6: fc00::/16
   fake-ip-filter: ['geosite:trackerslist,private,cn']
   nameserver:
-    - https://dns.alidns.com/dns-query
     - https://doh.pub/dns-query
+    - quic://dns.alidns.com:853
   nameserver-policy: {'geosite:ads': [rcode://success]}
 ```
 
@@ -200,7 +201,12 @@ dns:
 - 2. 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS（可进入光猫或路由器拨号页面查看，或者前往[公共 DNS 大全](https://toolb.cn/publicdns)查询）的 IP 段，如默认 DNS 为 `211.137.58.20`，可设置为 `211.137.58.0/24`
 
 ```yaml
-hosts: {miwifi.com: [192.168.31.1, 127.0.0.1]}
+hosts:
+  miwifi.com: [192.168.31.1, 127.0.0.1]
+  doh.pub: [1.12.12.21, 120.53.53.53, 2402:4e00::]
+  dns.alidns.com: [223.5.5.5, 223.6.6.6, 2400:3200::1, 2400:3200:baba::1]
+  dns.google: [8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844]
+  dns11.quad9.net: [9.9.9.11, 149.112.112.11, 2620:fe::11, 2620:fe::fe:11]
 
 dns:
   enable: true
@@ -216,8 +222,12 @@ dns:
     # 推荐将 `ecs` 设置为当前宽带运营商分配的默认 DNS 的 IP 段
     - 'https://dns.google/dns-query#ecs=211.137.58.0/24'
     - 'https://dns11.quad9.net/dns-query#ecs=211.137.58.0/24'
-  proxy-server-nameserver: [system]
-  direct-nameserver: [system]
+  proxy-server-nameserver:
+    - https://doh.pub/dns-query
+    - quic://dns.alidns.com:853
+  direct-nameserver:
+    - https://doh.pub/dns-query
+    - quic://dns.alidns.com:853
   nameserver-policy: {'geosite:ads': [rcode://success]}
 ```