mirror of
https://github.com/itdoginfo/podkop.git
synced 2025-12-06 11:36:50 +03:00
fix: replace non-working split DNS with bootstrap DNS for upstream DNS resolution
This commit is contained in:
Andrey Petelin
@@ -60,38 +60,27 @@ function createAdditionalSection(mainSection, network) {
|
||||
return true;
|
||||
};
|
||||
|
||||
o = mainSection.taboption('additional', form.Flag, 'split_dns_enabled', _('Split DNS'), _('DNS for the list via proxy'));
|
||||
o.default = '1';
|
||||
o = mainSection.taboption('additional', form.Value, 'bootstrap_dns_server', _('Bootstrap DNS server'), _('The DNS server used to look up the IP address of an upstream DNS server'));
|
||||
o.value('77.88.8.8', '77.88.8.8 (Yandex DNS)');
|
||||
o.value('77.88.8.1', '77.88.8.1 (Yandex DNS)');
|
||||
o.value('1.1.1.1', '1.1.1.1 (Cloudflare DNS)');
|
||||
o.value('1.0.0.1', '1.0.0.1 (Cloudflare DNS)');
|
||||
o.value('8.8.8.8', '8.8.8.8 (Google DNS)');
|
||||
o.value('8.8.4.4', '8.8.4.4 (Google DNS)');
|
||||
o.value('9.9.9.9', '9.9.9.9 (Quad9 DNS)');
|
||||
o.value('9.9.9.11', '9.9.9.11 (Quad9 DNS)');
|
||||
o.default = '77.88.8.8';
|
||||
o.rmempty = false;
|
||||
o.ucisection = 'main';
|
||||
|
||||
o = mainSection.taboption('additional', form.ListValue, 'split_dns_type', _('Split DNS Protocol Type'), _('Select DNS protocol for split'));
|
||||
o.value('doh', _('DNS over HTTPS (DoH)'));
|
||||
o.value('dot', _('DNS over TLS (DoT)'));
|
||||
o.value('udp', _('UDP (Unprotected DNS)'));
|
||||
o.default = 'udp';
|
||||
o.rmempty = false;
|
||||
o.depends('split_dns_enabled', '1');
|
||||
o.ucisection = 'main';
|
||||
|
||||
o = mainSection.taboption('additional', form.Value, 'split_dns_server', _('Split DNS Server'), _('Select or enter DNS server address'));
|
||||
Object.entries(constants.DNS_SERVER_OPTIONS).forEach(([key, label]) => {
|
||||
o.value(key, _(label));
|
||||
});
|
||||
o.default = '1.1.1.1';
|
||||
o.rmempty = false;
|
||||
o.depends('split_dns_enabled', '1');
|
||||
o.ucisection = 'main';
|
||||
o.validate = function (section_id, value) {
|
||||
if (!value) {
|
||||
return _('DNS server address cannot be empty');
|
||||
}
|
||||
|
||||
const ipRegex = /^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}(:[0-9]{1,5})?$/;
|
||||
const domainRegex = /^(?:https:\/\/)?([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-zA-Z]{2,63}(:[0-9]{1,5})?(\/[^?#\s]*)?$/;
|
||||
|
||||
if (!ipRegex.test(value) && !domainRegex.test(value)) {
|
||||
return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
|
||||
if (!ipRegex.test(value)) {
|
||||
return _('Invalid DNS server format. Example: 8.8.8.8');
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
@@ -62,12 +62,12 @@ const UPDATE_INTERVAL_OPTIONS = {
|
||||
};
|
||||
|
||||
const DNS_SERVER_OPTIONS = {
|
||||
'1.1.1.1': 'Cloudflare (1.1.1.1)',
|
||||
'8.8.8.8': 'Google (8.8.8.8)',
|
||||
'9.9.9.9': 'Quad9 (9.9.9.9)',
|
||||
'dns.adguard-dns.com': 'AdGuard Default (dns.adguard-dns.com)',
|
||||
'unfiltered.adguard-dns.com': 'AdGuard Unfiltered (unfiltered.adguard-dns.com)',
|
||||
'family.adguard-dns.com': 'AdGuard Family (family.adguard-dns.com)'
|
||||
'1.1.1.1': '1.1.1.1 (Cloudflare)',
|
||||
'8.8.8.8': '8.8.8.8 (Google)',
|
||||
'9.9.9.9': '9.9.9.9 (Quad9)',
|
||||
'dns.adguard-dns.com': 'dns.adguard-dns.com (AdGuard Default)',
|
||||
'unfiltered.adguard-dns.com': 'unfiltered.adguard-dns.com (AdGuard Unfiltered)',
|
||||
'family.adguard-dns.com': 'family.adguard-dns.com (AdGuard Family)'
|
||||
};
|
||||
|
||||
const DIAGNOSTICS_UPDATE_INTERVAL = 10000; // 10 seconds
|
||||
|
||||
@@ -576,16 +576,6 @@ list_update() {
|
||||
fi
|
||||
}
|
||||
|
||||
find_working_resolver() {
|
||||
for resolver in $DNS_RESOLVERS; do
|
||||
if nslookup -timeout=2 $FAKEIP_TEST_DOMAIN $resolver > /dev/null 2>&1; then
|
||||
echo "$resolver"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# sing-box funcs
|
||||
|
||||
sing_box_uci() {
|
||||
@@ -709,7 +699,7 @@ configure_outbound_handler() {
|
||||
else
|
||||
outbound_tags="$outbound_tags,$outbound_tag"
|
||||
fi
|
||||
i=$((i+1))
|
||||
i=$((i + 1))
|
||||
done
|
||||
|
||||
urltest_tag="$(get_outbound_tag_by_section "$section-urltest")"
|
||||
@@ -749,53 +739,22 @@ configure_outbound_handler() {
|
||||
|
||||
sing_box_configure_dns() {
|
||||
log "Configure the DNS section of a sing-box JSON configuration"
|
||||
local split_dns_enabled final_dns_server
|
||||
config_get_bool split_dns_enabled "main" "split_dns_enabled" 0
|
||||
if [ "$split_dns_enabled" -eq 1 ]; then
|
||||
final_dns_server="$SB_SPLIT_DNS_SERVER_TAG"
|
||||
else
|
||||
final_dns_server="$SB_DNS_SERVER_TAG"
|
||||
fi
|
||||
config=$(sing_box_cm_configure_dns "$config" "$final_dns_server" "ipv4_only" true)
|
||||
config=$(sing_box_cm_configure_dns "$config" "$SB_DNS_SERVER_TAG" "ipv4_only" true)
|
||||
|
||||
local dns_type dns_server split_dns_type split_dns_server dns_server_address split_dns_server_address
|
||||
log "Adding DNS Servers" "debug"
|
||||
local dns_type dns_server bootstrap_dns_server dns_server_address dns_domain_resolver
|
||||
config_get dns_type "main" "dns_type" "doh"
|
||||
config_get dns_server "main" "dns_server" "1.1.1.1"
|
||||
config_get split_dns_type "main" "split_dns_type" "udp"
|
||||
config_get split_dns_server "main" "split_dns_server" "1.1.1.1"
|
||||
config_get bootstrap_dns_server "main" "bootstrap_dns_server" "77.88.8.8"
|
||||
|
||||
dns_server_address=$(url_get_host "$dns_server")
|
||||
split_dns_server_address=$(url_get_host "$split_dns_server")
|
||||
|
||||
local need_dns_domain_resolver=0
|
||||
if ! is_ipv4 "$dns_server_address" || ! is_ipv4 "$split_dns_server_address"; then
|
||||
need_dns_domain_resolver=1
|
||||
fi
|
||||
|
||||
log "Adding DNS Servers"
|
||||
config=$(sing_box_cm_add_fakeip_dns_server "$config" "$SB_FAKEIP_DNS_SERVER_TAG" "$SB_FAKEIP_INET4_RANGE")
|
||||
|
||||
local dns_domain_resolver
|
||||
if [ "$need_dns_domain_resolver" -eq 1 ]; then
|
||||
log "One of the DNS server addresses is a domain. Searching for a working DNS server..."
|
||||
dns_domain_resolver=$(find_working_resolver)
|
||||
if [ -z "$dns_domain_resolver" ]; then
|
||||
log "Working DNS server not found, using default DNS server"
|
||||
dns_domain_resolver="1.1.1.1"
|
||||
else
|
||||
log "Working DNS server has been found: $dns_domain_resolver"
|
||||
fi
|
||||
config=$(sing_box_cm_add_udp_dns_server "$config" "$SB_DNS_DOMAIN_RESOLVER_TAG" "$dns_domain_resolver" 53)
|
||||
dns_domain_resolver="$SB_DNS_DOMAIN_RESOLVER_TAG"
|
||||
if ! is_ipv4 "$dns_server_address"; then
|
||||
dns_domain_resolver=$SB_BOOTSTRAP_SERVER_TAG
|
||||
fi
|
||||
|
||||
config=$(sing_box_cm_add_udp_dns_server "$config" "$SB_BOOTSTRAP_SERVER_TAG" "$bootstrap_dns_server" 53)
|
||||
config=$(sing_box_cf_add_dns_server "$config" "$dns_type" "$SB_DNS_SERVER_TAG" "$dns_server" "$dns_domain_resolver")
|
||||
|
||||
if [ "$split_dns_enabled" -eq 1 ]; then
|
||||
config=$(
|
||||
sing_box_cf_add_dns_server "$config" "$split_dns_type" "$SB_SPLIT_DNS_SERVER_TAG" "$split_dns_server" \
|
||||
"$dns_domain_resolver" "$SB_MAIN_OUTBOUND_TAG"
|
||||
)
|
||||
fi
|
||||
config=$(sing_box_cm_add_fakeip_dns_server "$config" "$SB_FAKEIP_DNS_SERVER_TAG" "$SB_FAKEIP_INET4_RANGE")
|
||||
|
||||
log "Adding DNS Rules"
|
||||
local rewrite_ttl service_domains
|
||||
@@ -807,11 +766,6 @@ sing_box_configure_dns() {
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "rewrite_ttl" "$rewrite_ttl")
|
||||
service_domains=$(comma_string_to_json_array "$FAKEIP_TEST_DOMAIN,$CHECK_PROXY_IP_DOMAIN")
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "domain" "$service_domains")
|
||||
if [ "$split_dns_enabled" -eq 1 ]; then
|
||||
config=$(sing_box_cm_add_dns_route_rule "$config" "$SB_DNS_SERVER_TAG" "$SB_INVERT_FAKEIP_DNS_RULE_TAG")
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_INVERT_FAKEIP_DNS_RULE_TAG" "invert" true)
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_INVERT_FAKEIP_DNS_RULE_TAG" "domain" "$service_domains")
|
||||
fi
|
||||
}
|
||||
|
||||
sing_box_configure_route() {
|
||||
@@ -990,7 +944,9 @@ prepare_common_ruleset() {
|
||||
config=$(sing_box_cm_add_local_ruleset "$config" "$ruleset_tag" "source" "$ruleset_filepath")
|
||||
config=$(sing_box_cm_patch_route_rule "$config" "$route_rule_tag" "rule_set" "$ruleset_tag")
|
||||
case "$type" in
|
||||
domains) _add_ruleset_to_dns_rules "$ruleset_tag" "$route_rule_tag" ;;
|
||||
domains)
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "rule_set" "$ruleset_tag")
|
||||
;;
|
||||
subnets) ;;
|
||||
*) log "Unsupported remote rule set type: $type" "warn" ;;
|
||||
esac
|
||||
@@ -1011,7 +967,7 @@ configure_community_list_handler() {
|
||||
|
||||
config=$(sing_box_cm_add_remote_ruleset "$config" "$ruleset_tag" "$format" "$url" "$detour" "$update_interval")
|
||||
config=$(sing_box_cm_patch_route_rule "$config" "$route_rule_tag" "rule_set" "$ruleset_tag")
|
||||
_add_ruleset_to_dns_rules "$ruleset_tag"
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "rule_set" "$ruleset_tag")
|
||||
}
|
||||
|
||||
configure_user_domain_or_subnets_list() {
|
||||
@@ -1070,7 +1026,7 @@ configure_local_domain_or_subnet_lists() {
|
||||
domains)
|
||||
config_list_foreach "$section" "local_domain_lists" import_local_domain_or_subnet_list "$type" \
|
||||
"$section" "$ruleset_filepath"
|
||||
_add_ruleset_to_dns_rules "$ruleset_tag" "$route_rule_tag"
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "rule_set" "$ruleset_tag")
|
||||
;;
|
||||
subnets)
|
||||
config_list_foreach "$section" "local_subnet_lists" import_local_domain_or_subnet_list "$type" \
|
||||
@@ -1130,7 +1086,9 @@ configure_remote_domain_or_subnet_list_handler() {
|
||||
config=$(sing_box_cm_add_remote_ruleset "$config" "$ruleset_tag" "$format" "$url" "$detour" "$update_interval")
|
||||
config=$(sing_box_cm_patch_route_rule "$config" "$route_rule_tag" "rule_set" "$ruleset_tag")
|
||||
case "$type" in
|
||||
domains) _add_ruleset_to_dns_rules "$ruleset_tag" "$route_rule_tag" ;;
|
||||
domains)
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "rule_set" "$ruleset_tag")
|
||||
;;
|
||||
subnets) ;;
|
||||
*) log "Unsupported remote rule set type: $type" "warn" ;;
|
||||
esac
|
||||
@@ -1141,17 +1099,6 @@ configure_remote_domain_or_subnet_list_handler() {
|
||||
esac
|
||||
}
|
||||
|
||||
_add_ruleset_to_dns_rules() {
|
||||
local ruleset_tag="$1"
|
||||
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_FAKEIP_DNS_RULE_TAG" "rule_set" "$ruleset_tag")
|
||||
local split_dns_enabled final_dns_server
|
||||
config_get_bool split_dns_enabled "main" "split_dns_enabled" 0
|
||||
if [ "$split_dns_enabled" -eq 1 ]; then
|
||||
config=$(sing_box_cm_patch_dns_route_rule "$config" "$SB_INVERT_FAKEIP_DNS_RULE_TAG" "rule_set" "$ruleset_tag")
|
||||
fi
|
||||
}
|
||||
|
||||
sing_box_configure_experimental() {
|
||||
log "Configure the experimental section of a sing-box JSON configuration"
|
||||
|
||||
@@ -1990,6 +1937,16 @@ print_global() {
|
||||
echo "$message"
|
||||
}
|
||||
|
||||
find_working_resolver() {
|
||||
for resolver in $DNS_RESOLVERS; do
|
||||
if nslookup -timeout=2 "$FAKEIP_TEST_DOMAIN" "$resolver" > /dev/null 2>&1; then
|
||||
echo "$resolver"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
global_check() {
|
||||
print_global "📡 Global check run!"
|
||||
print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
|
||||
@@ -25,10 +25,9 @@ SB_REQUIRED_VERSION="1.12.0"
|
||||
SB_DEFAULT_LOG_LEVEL="warn"
|
||||
# DNS
|
||||
SB_DNS_SERVER_TAG="dns-server"
|
||||
SB_SPLIT_DNS_SERVER_TAG="split-dns-server"
|
||||
SB_FAKEIP_DNS_SERVER_TAG="fakeip-server"
|
||||
SB_FAKEIP_INET4_RANGE="198.18.0.0/15"
|
||||
SB_DNS_DOMAIN_RESOLVER_TAG="dns-domain-resolver"
|
||||
SB_BOOTSTRAP_SERVER_TAG="bootstrap-dns-server"
|
||||
SB_FAKEIP_DNS_RULE_TAG="fakeip-dns-rule-tag"
|
||||
SB_INVERT_FAKEIP_DNS_RULE_TAG="invert-fakeip-dns-rule-tag"
|
||||
# Inbounds
|
||||
|
||||
Reference in New Issue
Block a user