Add dns outbound and fakeip ttl #275
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request enhances the sing-box DNS and routing configuration by adding TTL control for FakeIP DNS, switching the fallback DNS server, and introducing DNS-specific outbound routing with clash mode exclusion rules.
- Added
rewrite_ttl: 1to the FakeIP DNS rule to control DNS cache duration - Switched the final DNS server from
dns_remotetodns_localfor more predictable local resolution - Added a new DNS outbound (
dns-out) and a routing exclusion rule to prevent sing-box components from being hijacked when in Direct clash mode
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, | ||
| // 2. EXCLUSION: Prevent sing-box components from being hijacked again | ||
| { | ||
| "clash_mode": "Direct", |
There was a problem hiding this comment.
The clash_mode value "Direct" uses a capital 'D', but other examples in the codebase (such as vpn/testdata/boxopts.json) use lowercase values like "direct". Verify that clash_mode values are case-sensitive and ensure consistency with the actual clash mode names used in the configuration. According to sing-box conventions, clash modes are typically lowercase.
| "clash_mode": "Direct", | |
| "clash_mode": "direct", |
| "port": 53, | ||
| "action": "hijack-dns" | ||
| }, | ||
| // 2. EXCLUSION: Prevent sing-box components from being hijacked again |
There was a problem hiding this comment.
The comment numbering "2. EXCLUSION" suggests there should be a "1." comment somewhere for the first rule. However, the first rule group (sniff and hijack-dns actions) is not labeled as "1." which creates an inconsistency in the documentation. Consider either removing the "2." prefix or adding a "1." comment before the first rule group to maintain consistent numbering.
| // 2. EXCLUSION: Prevent sing-box components from being hijacked again | |
| // EXCLUSION: Prevent sing-box components from being hijacked again |
This pull request updates the
singbox.jsonconfiguration to improve DNS handling and routing logic. The main changes focus on refining DNS behavior, adding new outbound options, and enhancing routing rules to prevent conflicts and ensure correct traffic flow.DNS configuration improvements:
"rewrite_ttl": 1for the DNS server entry to control DNS cache duration and switched the"final"DNS policy fromdns_remotetodns_localfor more predictable local DNS resolution.Outbound and routing enhancements:
"dns"with tag"dns-out"to support DNS-specific outbound routing."Direct"clash mode is always sent via the"direct"outbound, preventing sing-box components from being hijacked again.