mail@pastecode.io avatar
a month ago
3.4 kB
dns {
    # For example, if ipversion_prefer is 4 and the domain name has both type A and type AAAA records, the dae will only
    # respond to type A queries and response empty answer to type AAAA queries.
    #ipversion_prefer: 4

    # Give a fixed ttl for domains. Zero means that dae will request to upstream every time and not cache DNS results
    # for these domains.
    #fixed_domain_ttl {
    #    ddns.example.org: 10
    #    test.example.org: 3600

    upstream {
        # Value can be scheme://host:port, where the scheme can be tcp/udp/tcp+udp.
        # If host is a domain and has both IPv4 and IPv6 record, dae will automatically choose
        # IPv4 or IPv6 to use according to group policy (such as min latency policy).
        # Please make sure DNS traffic will go through and be forwarded by dae, which is REQUIRED for domain routing.
        # If dial_mode is "ip", the upstream DNS answer SHOULD NOT be polluted, so domestic public DNS is not recommended.

        alidns: 'udp://dns.alidns.com:53'
        googledns: 'tcp+udp://dns.google.com:53'
    routing {
        # According to the request of dns query, decide to use which DNS upstream.
        # Match rules from top to bottom.
        request {
            # fallback is also called default.
            qname(geosite:category-ads-all) -> reject
            qname(geosite:geolocation-!cn) -> googledns
            qname(geosite:apple-cn, geosite:cn) -> alidns
            fallback: asis
        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
        # Match rules from top to bottom.
        response {
            # Trusted upstream. Always accept its result.
            upstream(googledns) -> accept
            # Possibly polluted, re-lookup using googledns.
            ip(geoip:private) && !qname(geosite:cn) -> googledns
            # fallback is also called default.
            fallback: accept

# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
routing {
    ### Preset rules.

    # Network managers in localhost should be direct to avoid false negative network connectivity check when binding to
    # WAN.
    pname(NetworkManager) -> direct

    # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'.
    pname(systemd-resolved, dnsmasq) -> must_direct

    # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
    # forwarded by the proxy.
    # "dip" means destination IP.
    dip(, 'ff00::/8') -> direct

    # This line allows you to access private addresses directly instead of via your proxy. If you really want to access
    # private addresses in your proxy host network, modify the below line.
    dip(geoip:private) -> direct
        geosite:category-scholar-!cn) -> direct

    ### Write your rules below.

    domain(suffix: microsoft.com,
        suffix: liveatc.net,
        suffix: ls.apple.com,
        suffix: akadns.net,
        suffix: akamaiedge.net,
        suffix: api.v1.mk) -> direct

    fallback: proxy
Leave a Comment