Untitled
unknown
plain_text
a year ago
3.4 kB
12
Indexable
dns { # For example, if ipversion_prefer is 4 and the domain name has both type A and type AAAA records, the dae will only # respond to type A queries and response empty answer to type AAAA queries. #ipversion_prefer: 4 # Give a fixed ttl for domains. Zero means that dae will request to upstream every time and not cache DNS results # for these domains. #fixed_domain_ttl { # ddns.example.org: 10 # test.example.org: 3600 #} upstream { # Value can be scheme://host:port, where the scheme can be tcp/udp/tcp+udp. # If host is a domain and has both IPv4 and IPv6 record, dae will automatically choose # IPv4 or IPv6 to use according to group policy (such as min latency policy). # Please make sure DNS traffic will go through and be forwarded by dae, which is REQUIRED for domain routing. # If dial_mode is "ip", the upstream DNS answer SHOULD NOT be polluted, so domestic public DNS is not recommended. alidns: 'udp://dns.alidns.com:53' googledns: 'tcp+udp://dns.google.com:53' } routing { # According to the request of dns query, decide to use which DNS upstream. # Match rules from top to bottom. request { # fallback is also called default. qname(geosite:category-ads-all) -> reject qname(geosite:geolocation-!cn) -> googledns qname(geosite:apple-cn, geosite:cn) -> alidns fallback: asis } # According to the response of dns query, decide to accept or re-lookup using another DNS upstream. # Match rules from top to bottom. response { # Trusted upstream. Always accept its result. upstream(googledns) -> accept # Possibly polluted, re-lookup using googledns. ip(geoip:private) && !qname(geosite:cn) -> googledns # fallback is also called default. fallback: accept } } } # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples. routing { ### Preset rules. # Network managers in localhost should be direct to avoid false negative network connectivity check when binding to # WAN. pname(NetworkManager) -> direct # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'. pname(systemd-resolved, dnsmasq) -> must_direct # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being # forwarded by the proxy. # "dip" means destination IP. dip(224.0.0.0/3, 'ff00::/8') -> direct # This line allows you to access private addresses directly instead of via your proxy. If you really want to access # private addresses in your proxy host network, modify the below line. dip(geoip:private) -> direct domain(geosite:cn, geosite:apple-cn, geosite:spotify, geosite:zoom, geosite:win-update, geosite:category-scholar-cn, geosite:category-scholar-!cn) -> direct ### Write your rules below. domain(suffix: microsoft.com, suffix: liveatc.net, suffix: ls.apple.com, suffix: akadns.net, suffix: akamaiedge.net, suffix: api.v1.mk) -> direct fallback: proxy }
Editor is loading...
Leave a Comment