sing-box/docs/configuration/dns/rule.md

429 lines
8 KiB
Markdown
Raw Normal View History

2023-12-01 05:24:18 +00:00
---
icon: material/new-box
2023-12-01 05:24:18 +00:00
---
2024-06-24 01:41:00 +00:00
!!! quote "Changes in sing-box 1.10.0"
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source)
2024-09-15 03:42:57 +00:00
:material-plus: [rule_set_ip_cidr_accept_empty](#rule_set_ip_cidr_accept_empty)
:material-plus: [process_path_regex](#process_path_regex)
2024-06-24 01:41:00 +00:00
!!! quote "Changes in sing-box 1.9.0"
:material-plus: [geoip](#geoip)
:material-plus: [ip_cidr](#ip_cidr)
:material-plus: [ip_is_private](#ip_is_private)
:material-plus: [client_subnet](#client_subnet)
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
2023-12-01 05:24:18 +00:00
!!! quote "Changes in sing-box 1.8.0"
:material-plus: [rule_set](#rule_set)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite)
2022-07-08 09:01:38 +00:00
### Structure
```json
{
"dns": {
"rules": [
{
"inbound": [
"mixed-in"
],
2022-08-16 15:46:05 +00:00
"ip_version": 6,
2023-02-08 08:18:40 +00:00
"query_type": [
"A",
"HTTPS",
32768
],
2022-07-08 09:01:38 +00:00
"network": "tcp",
2022-07-27 04:03:07 +00:00
"auth_user": [
2022-07-17 07:11:26 +00:00
"usera",
"userb"
],
2022-07-08 09:01:38 +00:00
"protocol": [
"tls",
"http",
"quic"
],
"domain": [
"test.com"
],
"domain_suffix": [
".cn"
],
"domain_keyword": [
"test"
],
"domain_regex": [
"^stun\\..+"
],
"geosite": [
"cn"
],
"source_geoip": [
"private"
],
"geoip": [
"cn"
],
2022-07-08 09:01:38 +00:00
"source_ip_cidr": [
2022-08-25 14:22:20 +00:00
"10.0.0.0/24",
"192.168.0.1"
2022-07-08 09:01:38 +00:00
],
2023-12-01 05:24:18 +00:00
"source_ip_is_private": false,
"ip_cidr": [
"10.0.0.0/24",
"192.168.0.1"
],
"ip_is_private": false,
2022-07-08 09:01:38 +00:00
"source_port": [
12345
],
2022-07-27 04:03:07 +00:00
"source_port_range": [
"1000:2000",
":3000",
"4000:"
],
2022-07-08 09:01:38 +00:00
"port": [
80,
443
],
2022-07-27 04:03:07 +00:00
"port_range": [
"1000:2000",
":3000",
"4000:"
],
"process_name": [
"curl"
],
2022-08-31 06:33:52 +00:00
"process_path": [
"/usr/bin/curl"
],
2024-09-15 03:42:57 +00:00
"process_path_regex": [
"^/usr/bin/.+"
],
2022-07-27 04:03:07 +00:00
"package_name": [
"com.termux"
],
"user": [
"sekai"
],
"user_id": [
1000
],
2022-09-10 14:42:20 +00:00
"clash_mode": "direct",
"wifi_ssid": [
"My WIFI"
],
"wifi_bssid": [
"00:00:00:00:00:00"
],
2023-12-01 05:24:18 +00:00
"rule_set": [
"geoip-cn",
"geosite-cn"
],
2024-06-24 01:41:00 +00:00
// deprecated
"rule_set_ipcidr_match_source": false,
2024-06-24 01:41:00 +00:00
"rule_set_ip_cidr_match_source": false,
"rule_set_ip_cidr_accept_empty": false,
2022-07-27 04:03:07 +00:00
"invert": false,
2022-07-08 09:01:38 +00:00
"outbound": [
"direct"
],
2022-07-27 04:03:07 +00:00
"server": "local",
2023-03-25 04:03:23 +00:00
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1/24"
2022-07-08 09:01:38 +00:00
},
{
"type": "logical",
"mode": "and",
"rules": [],
2022-07-27 04:03:07 +00:00
"server": "local",
2023-03-25 04:03:23 +00:00
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1/24"
2022-07-08 09:01:38 +00:00
}
]
}
}
```
!!! note ""
You can ignore the JSON Array [] tag when the content is only one item
### Default Fields
!!! note ""
The default rule uses the following matching logic:
(`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite`) &&
2022-09-14 14:03:26 +00:00
(`port` || `port_range`) &&
2023-12-01 05:24:18 +00:00
(`source_geoip` || `source_ip_cidr` `source_ip_is_private`) &&
2022-09-14 14:03:26 +00:00
(`source_port` || `source_port_range`) &&
`other fields`
2022-07-08 09:01:38 +00:00
2024-06-25 16:45:10 +00:00
Additionally, included rule-sets can be considered merged rather than as a single rule sub-item.
2023-12-01 05:24:18 +00:00
2022-07-08 09:01:38 +00:00
#### inbound
2023-12-14 14:23:52 +00:00
Tags of [Inbound](/configuration/inbound/).
2022-07-08 09:01:38 +00:00
2022-08-16 15:46:05 +00:00
#### ip_version
4 (A DNS query) or 6 (AAAA DNS query).
2022-08-16 15:46:05 +00:00
Not limited if empty.
2023-02-08 08:18:40 +00:00
#### query_type
DNS query type. Values can be integers or type name strings.
2022-07-08 09:01:38 +00:00
#### network
`tcp` or `udp`.
#### auth_user
2022-07-17 07:11:26 +00:00
Username, see each inbound for details.
#### protocol
Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details.
2022-07-08 09:01:38 +00:00
#### domain
Match full domain.
#### domain_suffix
Match domain suffix.
#### domain_keyword
Match domain using keyword.
#### domain_regex
Match domain using regular expression.
#### geosite
2023-12-01 05:24:18 +00:00
!!! failure "Deprecated in sing-box 1.8.0"
Geosite is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-geosite-to-rule-sets).
2023-12-01 05:24:18 +00:00
2022-07-08 09:01:38 +00:00
Match geosite.
#### source_geoip
2023-12-01 05:24:18 +00:00
!!! failure "Deprecated in sing-box 1.8.0"
GeoIP is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-geoip-to-rule-sets).
2023-12-01 05:24:18 +00:00
2022-07-08 09:01:38 +00:00
Match source geoip.
#### source_ip_cidr
2023-12-01 05:24:18 +00:00
Match source IP CIDR.
#### source_ip_is_private
!!! question "Since sing-box 1.8.0"
Match non-public source IP.
2022-07-08 09:01:38 +00:00
#### source_port
Match source port.
2022-07-27 04:03:07 +00:00
#### source_port_range
Match source port range.
2022-07-08 09:01:38 +00:00
#### port
Match port.
2022-07-27 04:03:07 +00:00
#### port_range
Match port range.
#### process_name
!!! quote ""
2022-07-27 04:03:07 +00:00
Only supported on Linux, Windows, and macOS.
Match process name.
2022-08-31 06:33:52 +00:00
#### process_path
!!! quote ""
2022-08-31 06:33:52 +00:00
Only supported on Linux, Windows, and macOS.
Match process path.
2024-09-15 03:42:57 +00:00
#### process_path_regex
!!! question "Since sing-box 1.10.0"
!!! quote ""
Only supported on Linux, Windows, and macOS.
Match process path using regular expression.
2022-07-27 04:03:07 +00:00
#### package_name
Match android package name.
#### user
!!! quote ""
2022-07-27 04:03:07 +00:00
2022-08-09 08:36:17 +00:00
Only supported on Linux.
2022-07-27 04:03:07 +00:00
Match user name.
#### user_id
!!! quote ""
2022-07-27 04:03:07 +00:00
Only supported on Linux.
Match user id.
2022-09-10 14:42:20 +00:00
#### clash_mode
Match Clash mode.
#### wifi_ssid
!!! quote ""
Only supported in graphical clients on Android and Apple platforms.
Match WiFi SSID.
#### wifi_bssid
!!! quote ""
Only supported in graphical clients on Android and Apple platforms.
Match WiFi BSSID.
2023-12-01 05:24:18 +00:00
#### rule_set
!!! question "Since sing-box 1.8.0"
2024-06-25 16:45:10 +00:00
Match [rule-set](/configuration/route/#rule_set).
2023-12-01 05:24:18 +00:00
#### rule_set_ipcidr_match_source
!!! question "Since sing-box 1.9.0"
2024-06-24 01:41:00 +00:00
!!! failure "Deprecated in sing-box 1.10.0"
`rule_set_ipcidr_match_source` is renamed to `rule_set_ip_cidr_match_source` and will be remove in sing-box 1.11.0.
2024-06-25 16:45:10 +00:00
Make `ip_cidr` rule items in rule-sets match the source IP.
2024-06-24 01:41:00 +00:00
#### rule_set_ip_cidr_match_source
!!! question "Since sing-box 1.10.0"
2024-06-25 16:45:10 +00:00
Make `ip_cidr` rule items in rule-sets match the source IP.
2022-07-27 04:03:07 +00:00
#### invert
Invert match result.
2022-07-08 09:01:38 +00:00
#### outbound
Match outbound.
2023-03-29 02:30:31 +00:00
`any` can be used as a value to match any outbound.
2022-07-08 09:01:38 +00:00
#### server
2022-07-27 04:03:07 +00:00
==Required==
2022-07-08 09:01:38 +00:00
Tag of the target dns server.
2022-07-27 04:03:07 +00:00
#### disable_cache
Disable cache and save cache in this query.
2023-03-25 04:03:23 +00:00
#### rewrite_ttl
Rewrite TTL in DNS responses.
#### client_subnet
!!! question "Since sing-box 1.9.0"
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
### Address Filter Fields
2024-06-24 01:41:00 +00:00
Only takes effect for address requests (A/AAAA/HTTPS). When the query results do not match the address filtering rule items, the current rule will be skipped.
!!! info ""
2024-06-25 16:45:10 +00:00
`ip_cidr` items in included rule-sets also takes effect as an address filtering field.
!!! note ""
Enable `experimental.cache_file.store_rdrc` to cache results.
#### geoip
!!! question "Since sing-box 1.9.0"
Match GeoIP with query response.
#### ip_cidr
!!! question "Since sing-box 1.9.0"
Match IP CIDR with query response.
#### ip_is_private
!!! question "Since sing-box 1.9.0"
Match private IP with query response.
2024-06-24 01:41:00 +00:00
#### rule_set_ip_cidr_accept_empty
!!! question "Since sing-box 1.10.0"
2024-06-25 16:45:10 +00:00
Make `ip_cidr` rules in rule-sets accept empty query response.
2024-06-24 01:41:00 +00:00
2022-07-08 09:01:38 +00:00
### Logical Fields
#### type
`logical`
#### mode
`and` or `or`
#### rules
2023-12-01 05:24:18 +00:00
Included rules.