在 tls://8.8.4.4 被封的情况,但采用以下配置:
-Nameserver Policy:geosite:!cn=tls://8.8.4.4
-Nameserver: 223.5.5.5
-Fallback:tls://8.8.4.4
请问 Nameserver Policy:geosite:!cn=tls://8.8.4.4 因为 tls://8.8.4.4 被封而解析失败后会将 geosite:!cn 送往何处解析?
 | 1 wangritian 3 天前 policy 未命中就先丢给 nameserver 可以试试 respect-rules=true ,然后连接改成( tls://8.8.4.4#代理组名称) 如果 nameserver-policy 不让用#指定代理组,就换个思路,policy 设置 geosite:cn 为 223.5.5.5 ,然后 nameserver 写 tls://8.8.4.4#代理组名称 |
 | 2 vx007 OP @wangritian policy 未命中时,好像并未丢给 Nameserver: 223.5.5.5,因为我用 dns 检测网站检测时未发现境内 dns |
 | 3 yyysuo 3 天前 难道 8.8.4.4 这种不应该走代理吗。 |
 | 4 noqwerty 3 天前 via iPhone 配置脱敏贴全,带上版本号 |
 | 5 mezi04 3 天前 会解析失败,但如果你有在规则里配置域名类的,也不影响分流,这一步解析只是为了拿到 ip ,匹配 ip 类的规则 |
 | 6 zhf883680 3 天前 建议看 mihomo 的 dns 解析流程说明 或者直接看我发的 clash 配置 都贴上了 dns 解析流程 |
 | 7 MCC12138 3 天前 nameserver 具有兜底作用,其余 DNS 配置组失败的情况下会走到 nameserver 。 |
 | 8 alenchen 3 天前 proxy-groups: - name: 节点选择 proxies: - openclash - 直连 - hysteria type: select - name: 国内流量 proxies: - 直连 - 节点选择 type: select - name: 国外流量 proxies: - 节点选择 - 直连 type: select - name: 广告拦截 proxies: - 阻断 - 直连 type: select - name: YouTube proxies: - 节点选择 - 直连 type: select - name: Netflix proxies: - 节点选择 - 直连 type: select - name: Microsoft proxies: - 直连 - 节点选择 type: select - name: AI 服务 proxies: - 节点选择 - 直连 - openclash type: select - name: LAN 设备 proxies: - 直连 - 节点选择 type: select dns: enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 listen: 0.0.0.0:7874 fake-ip-filter-mode: blacklist fake-ip-filter: - "*.lan" - "*.localdomain" - "*.example" - "*.invalid" - "*.localhost" - "*.test" - "*.local" - "*.home.arpa" - "*.direct" - cable.auth.com - network-test.debian.org - detectportal.firefox.com - resolver1.opendns.com - global.turn.twilio.com - global.stun.twilio.com - app.yinxiang.com - injections.adguard.org - "*.weixin.qq.com" - "*.blzstatic.cn" - "*.cmpassport.com" - id6.me - open.e.189.cn - opencloud.wostore.cn - id.mail.wo.cn - mdn.open.wo.cn - hmrz.wo.cn - nishub1.10010.com - enrichgw.10010.com - "*.wosms.cn" - "*.jegotrip.com.cn" - "*.icitymobile.mobi" - "*.pingan.com.cn" - "*.cmbchina.com" - "*.10099.com.cn" - "*.microdone.cn" - PDC._msDCS.*.* - DC._msDCS.*.* - GC._msDCS.*.* - time.*.com - time.*.gov - time.*.edu.cn - time.*.apple.com - time-ios.apple.com - time1.*.com - time2.*.com - time3.*.com - time4.*.com - time5.*.com - time6.*.com - time7.*.com - ntp.*.com - ntp1.*.com - ntp2.*.com - ntp3.*.com - ntp4.*.com - ntp5.*.com - ntp6.*.com - ntp7.*.com - "*.time.edu.cn" - "*.ntp.org.cn" - "+.pool.ntp.org" - time1.cloud.tencent.com - music.163.com - "*.music.163.com" - "*.126.net" - musicapi.taihe.com - music.taihe.com - songsearch.kugou.com - trackercdn.kugou.com - "*.kuwo.cn" - api-jooxtt.sanook.com - api.joox.com - joox.com - y.qq.com - "*.y.qq.com" - streamoc.music.tc.qq.com - mobileoc.music.tc.qq.com - isure.stream.qqmusic.qq.com - dl.stream.qqmusic.qq.com - aqqmusic.tc.qq.com - amobile.music.tc.qq.com - "*.xiami.com" - "*.music.migu.cn" - music.migu.cn - "+.msftconnecttest.com" - "+.msftncsi.com" - ptlogin2.qq.com - sec.qq.com - "+.qq.com" - "+.tencent.com" - "+.srv.nintendo.net" - "*.n.n.srv.nintendo.net" - "+.cdn.nintendo.net" - "+.stun.playstation.net" - xbox.*.*.microsoft.com - "*.*.xboxlive.com" - xbox.*.microsoft.com - xnotify.xboxlive.com - "+.battle.net" - "+.battlenet.com.cn" - "+.wotgame.cn" - "+.wggames.cn" - "+.wowsgame.cn" - "+.wargaming.net" - proxy.golang.org - stun.*.* - stun.*.*.* - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.stun.*.*.*.*.*" - heartbeat.belkin.com - "*.linksys.com" - "*.linksyssmartwifi.com" - "*.router.asus.com" - mesu.apple.com - swscan.apple.com - swquery.apple.com - swdownload.apple.com - swcdn.apple.com - swdist.apple.com - lens.l.google.com - stun.l.google.com - na.b.g-tun.com - "+.nflxvideo.net" - "*.square-enix.com" - "*.finalfantasyxiv.com" - "*.ffxiv.com" - "*.ff14.sdo.com" - ff.dorado.sdo.com - "*.mcdn.bilivideo.cn" - "+.media.dssott.com" - shark007.net - "+.cmbchina.com" - "+.cmbimg.com" - local.adguard.org - "+.sandai.net" - "+.n0808.com" - "+.uu.163.com" - ps.res.netease.com - "+.pub.3gppnetwork.org" - "*.jsdelivr.net" - testingcf.jsdelivr.net - vps.779886.xyz nameserver: - 114.114.114.114 default-nameserver: - 114.114.114.114 nameserver-policy: "+.cn": - 114.114.114.114 "geosite:cn": - 114.114.114.114 "geosite:private": - 114.114.114.114 "geosite:microsoft": - 114.114.114.114 proxy-server-nameserver: - https://1.1.1.1/dns-query - https://8.8.8.8/dns-query fallback: - https://1.1.1.1/dns-query - https://8.8.8.8/dns-query fallback-filter: geoip: true geoip-code: CN redir-port: 7892 tproxy-port: 7895 port: 7890 socks-port: 7891 mixed-port: 7893 mode: rule allow-lan: true external-controller: 0.0.0.0:9090 secret: 999999 bind-address: "*" external-ui: "/usr/share/openclash/ui" external-ui-name: metacubexd keep-alive-interval: 15 keep-alive-idle: 600 ipv6: false tcp-concurrent: true sniffer: enable: true override-destination: true parse-pure-ip: false sniff: QUIC: ports: - 443 TLS: ports: - 443 force-domain: - "+.netflix.com" - "+.nflxvideo.net" - "+.amazonaws.com" - "+.media.dssott.com" skip-domain: - "+.apple.com" - dlg.io.mi.com - "+.oray.com" - "+.sunlogin.net" - "+.push.apple.com" tun: enable: true stack: system device: utun dns-hijack: - 127.0.0.1:53 endpoint-independent-nat: true auto-route: true auto-detect-interface: true auto-redirect: true strict-route: false mtu: 1400 profile: store-selected: true store-fake-ip: true authentication: - Clash:999999999 rule-providers: LAN: type: http behavior: classical url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/LAN.yaml path: ./rule_provider/LAN interval: 86400 AI: behavior: classical interval: 86400 path: ./rule_provider/AI type: http url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/AI%20Suite.yaml Advertising: behavior: classical interval: 86400 path: ./rule_provider/Advertising type: http url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/AdBlock.yaml Domestic: behavior: classical interval: 86400 path: ./rule_provider/Domestic type: http url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic.yaml Microsoft: behavior: classical interval: 86400 path: ./rule_provider/Microsoft type: http url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Microsoft.yaml Netflix: behavior: classical interval: 86400 path: ./rule_provider/Netflix type: http url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netflix.yaml YouTube: behavior: classical interval: 86400 path: ./rule_provider/YouTube type: http url: https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/YouTube.yaml rules: - IP-CIDR,23.94.66.29/32, 国内流量 - IP-CIDR,8.133.125.0/24, 国内流量 - DOMAIN,vps.779886.xyz, 国内流量 - RULE-SET,LAN, LAN 设备 - RULE-SET,Advertising, 广告拦截 - RULE-SET,YouTube, YouTube - RULE-SET,Netflix, Netflix - RULE-SET,Microsoft, Microsoft - RULE-SET,AI, AI 服务 - RULE-SET,Domestic, 国内流量 - GEOIP,cn, 国内流量 - MATCH, 国外流量 请各位大佬指点,这个配置要怎么优化,线路不好是不是不要用 fakeip 模式会好点 |
Select Language