-
Notifications
You must be signed in to change notification settings - Fork 30
/
ts-dns-full.toml
61 lines (48 loc) · 3.1 KB
/
ts-dns-full.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Telescope DNS Configure File
# https://github.com/wolf-joe/ts-dns
listen = ":53/udp" # 监听地址,支持tcp/udp后缀,无后缀则同时监听tcp&udp。推荐使用命令行参数代替
disable_qtypes = ["AAAA", "HTTPS"] # 屏蔽IPv6/HTTPS查询
hosts_files = ["/etc/hosts"] # hosts文件路径,支持多hosts
[hosts] # 自定义域名映射
"example.com" = "8.8.8.8"
"*.example.com" = "8.8.8.8" # 通配符Hosts
"cloudflare-dns.com" = "1.0.0.1" # 防止下文提到的DoH回环解析
[cache] # dns缓存配置
size = 4096 # 缓存大小,为非正数时禁用缓存
min_ttl = 60 # 最小ttl,单位为秒
max_ttl = 86400 # 最大ttl,单位为秒
[groups] # 对域名进行分组
[groups.clean]
rules = ["qq.com", ".baidu.com", "*.taobao.com"] # "qq.com"规则可匹配"test.qq.com"、"qq.com"两种域名,".qq.com"和"*.qq.com"规则无法匹配"qq.com"
rules_file = "rules.txt" # 规则文件,每行一个规则
fallback = true # 设置为兜底域名组
ecs = "1.2.4.0/24" # edns-client-subnet信息,配置后转发DNS请求时默认附带(已有ecs时不覆盖),暂不支持doh
no_cookie = false # 禁用edns cookie,默认false,dnspod(119.29.29.29)等特殊服务器需要设置为true
dns = ["223.5.5.5:53", "114.114.114.114/tcp"] # DNS服务器列表,默认使用53端口
concurrent = true # 并发请求dns服务器列表
fastest_v4 = true # 选择ping值最低的ipv4地址作为响应,启用且使用icmp ping时建议以root权限允许本程序
tcp_ping_port = 80 # 当启用fastest_v4时,如该值大于0则使用tcp ping,小于等于0则使用icmp ping
redirector = "oversea_ip2dirty" # 解析后判断是否需要重定向
[groups.dirty]
disable_qtypes = ["AAAA", "HTTPS"] # 对指定组单独屏蔽IPv6/HTTPS查询
gfwlist_file = "gfwlist.txt" # 匹配到gfwlist规则时使用该组
socks5 = "127.0.0.1:1080" # 当使用国外53端口dns解析时推荐用socks5代理解析
dns = ["8.8.8.8", "1.1.1.1"] # 如不想用socks5代理解析时推荐使用国外非53端口dns
dot = ["1.0.0.1:[email protected]"] # dns over tls服务器
# 警告:如果本机的dns指向ts-dns自身,且DoH地址中的域名被归类到该组,则会出现回环解析的情况,此时需要在上面的hosts中指定对应IP
doh = ["https://cloudflare-dns.com/dns-query"] # dns over https服务器
# 警告:进程启动时会覆盖已有同名IPSet
ipset = "blocked" # 目标IPSet名称,该组所有域名的ipv4解析结果将加入到该IPSet中
ipset6 = "blocked6" # 目标IPSet名称,该组所有域名的ipv6解析结果将加入到该IPSet中
ipset_ttl = 86400 # ipset记录超时时间,单位为秒,推荐设置以避免ipset记录过多
# 可选自定义分组,用于其它情况
# 比如办公网内,内外域名(company.com)用内网dns(10.1.1.1)解析
[groups.work]
dns = ["10.1.1.1"]
rules = ["company.com"]
[redirectors]
[redirectors.oversea_ip2dirty]
# 解析后如发现ip地址不匹配cnip,则重定向到dirty组解析
type = "mismatch_cidr"
rules_file = "cnip.txt"
dst_group = "dirty"