claude-skills
/
singboxer
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
singboxer/references/ref-dns.md

364 lines
5.9 KiB
Markdown
Raw Permalink Blame History

# sing-box DNS Reference
## DNS Configuration Structure
```json
{
"dns": {
"servers": [],
"rules": [],
"final": "dns-default",
"strategy": "",
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"cache_capacity": 0,
"reverse_mapping": false,
"client_subnet": ""
}
}
```
## DNS Server Types (13)
### `local` — System DNS resolver
```json
{
"type": "local",
"tag": "dns-local"
}
```
### `udp` — Plain UDP DNS
```json
{
"type": "udp",
"tag": "dns-udp",
"server": "8.8.8.8",
"server_port": 53
}
```
### `tcp` — Plain TCP DNS
```json
{
"type": "tcp",
"tag": "dns-tcp",
"server": "8.8.8.8",
"server_port": 53
}
```
### `tls` — DNS over TLS (DoT)
```json
{
"type": "tls",
"tag": "dns-dot",
"server": "dns.google",
"server_port": 853
}
```
### `quic` — DNS over QUIC (DoQ)
```json
{
"type": "quic",
"tag": "dns-doq",
"server": "dns.adguard-dns.com",
"server_port": 853
}
```
### `https` — DNS over HTTPS (DoH)
```json
{
"type": "https",
"tag": "dns-doh",
"server": "dns.google",
"server_port": 443,
"path": "/dns-query"
}
```
### `h3` — DNS over HTTP/3
```json
{
"type": "h3",
"tag": "dns-h3",
"server": "dns.google",
"server_port": 443,
"path": "/dns-query"
}
```
### `dhcp` — DHCP-provided DNS
```json
{
"type": "dhcp",
"tag": "dns-dhcp",
"interface": "eth0"
}
```
### `fakeip` — Fake IP DNS
```json
{
"type": "fakeip",
"tag": "dns-fakeip",
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
}
```
### `hosts` — Static hosts file
```json
{
"type": "hosts",
"tag": "dns-hosts",
"path": "/etc/hosts"
}
```
### `rcode` — Return specific response code
```json
{
"type": "rcode",
"tag": "dns-block",
"rcode": "success"
}
```
Rcodes: `success`, `format_error`, `server_failure`, `name_error` (NXDOMAIN), `not_implemented`, `refused`
### `tailscale` — Tailscale MagicDNS
```json
{
"type": "tailscale",
"tag": "dns-tailscale"
}
```
### `resolved` — Reference to resolved service
```json
{
"type": "resolved",
"tag": "dns-resolved",
"service_tag": "resolved-service"
}
```
## DNS Server Common Fields
All DNS server types support:
```json
{
"type": "...",
"tag": "unique-tag",
"detour": "outbound-tag",
"domain_resolver": {
"server": "bootstrap-dns-tag",
"strategy": "prefer_ipv4"
},
"strategy": "prefer_ipv4",
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"cache_capacity": 0,
"rewrite_ttl": 0,
"client_subnet": ""
}
```
- **`detour`**: Outbound used for DNS transport connection (e.g., send DoH queries through proxy)
- **`domain_resolver`**: Bootstrap DNS for resolving the DNS server's own domain name
- **`strategy`**: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`
- **`client_subnet`**: EDNS Client Subnet for geo-aware responses
## DNS Rules
DNS rules route queries to specific DNS servers. Same match criteria as route rules plus:
```json
{
"dns": {
"rules": [
{
"query_type": ["A", "AAAA"],
"domain_suffix": [".cn"],
"action": "route",
"server": "dns-cn"
}
]
}
}
```
### DNS Rule Actions
#### `route` — Route to DNS server
```json
{
"action": "route",
"server": "dns-server-tag",
"strategy": "prefer_ipv4",
"disable_cache": false,
"rewrite_ttl": 0,
"client_subnet": ""
}
```
#### `route-options` — Modify DNS options
```json
{
"action": "route-options",
"disable_cache": true
}
```
#### `reject` — Reject DNS query
```json
{
"action": "reject"
}
```
#### `predefined` — Return predefined response
```json
{
"action": "predefined",
"rcode": "success",
"answer": [],
"ns": [],
"extra": []
}
```
## Common DNS Patterns
### Pattern: Split DNS (domestic + foreign)
```json
{
"dns": {
"servers": [
{
"type": "https",
"tag": "dns-google",
"server": "dns.google",
"server_port": 443,
"path": "/dns-query",
"detour": "proxy"
},
{
"type": "https",
"tag": "dns-alidns",
"server": "dns.alidns.com",
"server_port": 443,
"path": "/dns-query",
"detour": "direct"
},
{
"type": "udp",
"tag": "dns-bootstrap",
"server": "223.5.5.5"
}
],
"rules": [
{
"rule_set": ["geosite-cn"],
"action": "route",
"server": "dns-alidns"
}
],
"final": "dns-google"
}
}
```
### Pattern: FakeIP for TUN
```json
{
"dns": {
"servers": [
{
"type": "https",
"tag": "dns-remote",
"server": "dns.google",
"path": "/dns-query",
"detour": "proxy"
},
{
"type": "fakeip",
"tag": "dns-fakeip",
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
{
"type": "udp",
"tag": "dns-local",
"server": "223.5.5.5"
}
],
"rules": [
{
"rule_set": ["geosite-cn"],
"action": "route",
"server": "dns-local"
},
{
"query_type": ["A", "AAAA"],
"action": "route",
"server": "dns-fakeip"
}
],
"final": "dns-remote"
}
}
```
### Pattern: Ad-blocking DNS
```json
{
"dns": {
"rules": [
{
"rule_set": ["adblock-domains"],
"action": "predefined",
"rcode": "name_error"
}
]
}
}
```
### Pattern: DNS Bootstrap Chain
When a DoH server needs DNS to resolve its own hostname:
```json
{
"servers": [
{
"type": "https",
"tag": "dns-secure",
"server": "dns.google",
"domain_resolver": {
"server": "dns-bootstrap",
"strategy": "ipv4_only"
}
},
{
"type": "udp",
"tag": "dns-bootstrap",
"server": "8.8.8.8"
}
]
}
```
### Pattern: EDNS Client Subnet
```json
{
"type": "https",
"tag": "dns-with-subnet",
"server": "dns.google",
"client_subnet": "1.2.3.0/24"
}
```
Reference in New Issue View Git Blame Copy Permalink