sing-box/docs/configuration/dns/rule.md

390 lines
6.8 KiB
Markdown
Raw Normal View History

2023-12-01 05:24:18 +00:00
---
icon: material/new-box
2023-12-01 05:24:18 +00:00
---
!!! quote "Changes in sing-box 1.9.0"
:material-plus: [geoip](#geoip)
:material-plus: [ip_cidr](#ip_cidr)
:material-plus: [ip_is_private](#ip_is_private)
:material-plus: [client_subnet](#client_subnet)
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
2023-12-01 05:24:18 +00:00
!!! quote "Changes in sing-box 1.8.0"
:material-plus: [rule_set](#rule_set)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite)
2022-07-08 09:01:38 +00:00
### Structure
```json
{
"dns": {
"rules": [
{
"inbound": [
"mixed-in"
],
2022-08-16 15:46:05 +00:00
"ip_version": 6,
2023-02-08 08:18:40 +00:00
"query_type": [
"A",
"HTTPS",
32768
],
2022-07-08 09:01:38 +00:00
"network": "tcp",
2022-07-27 04:03:07 +00:00
"auth_user": [
2022-07-17 07:11:26 +00:00
"usera",
"userb"
],
2022-07-08 09:01:38 +00:00
"protocol": [
"tls",
"http",
"quic"
],
"domain": [
"test.com"
],
"domain_suffix": [
".cn"
],
"domain_keyword": [
"test"
],
"domain_regex": [
"^stun\\..+"
],
"geosite": [
"cn"
],
"source_geoip": [
"private"
],
"geoip": [
"cn"
],
2022-07-08 09:01:38 +00:00
"source_ip_cidr": [
2022-08-25 14:22:20 +00:00
"10.0.0.0/24",
"192.168.0.1"
2022-07-08 09:01:38 +00:00
],
2023-12-01 05:24:18 +00:00
"source_ip_is_private": false,
"ip_cidr": [
"10.0.0.0/24",
"192.168.0.1"
],
"ip_is_private": false,
2022-07-08 09:01:38 +00:00
"source_port": [
12345
],
2022-07-27 04:03:07 +00:00
"source_port_range": [
"1000:2000",
":3000",
"4000:"
],
2022-07-08 09:01:38 +00:00
"port": [
80,
443
],
2022-07-27 04:03:07 +00:00
"port_range": [
"1000:2000",
":3000",
"4000:"
],
"process_name": [
"curl"
],
2022-08-31 06:33:52 +00:00
"process_path": [
"/usr/bin/curl"
],
2022-07-27 04:03:07 +00:00
"package_name": [
"com.termux"
],
"user": [
"sekai"
],
"user_id": [
1000
],
2022-09-10 14:42:20 +00:00
"clash_mode": "direct",
"wifi_ssid": [
"My WIFI"
],
"wifi_bssid": [
"00:00:00:00:00:00"
],
2023-12-01 05:24:18 +00:00
"rule_set": [
"geoip-cn",
"geosite-cn"
],
"rule_set_ipcidr_match_source": false,
2022-07-27 04:03:07 +00:00
"invert": false,
2022-07-08 09:01:38 +00:00
"outbound": [
"direct"
],
2022-07-27 04:03:07 +00:00
"server": "local",
2023-03-25 04:03:23 +00:00
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1/24"
2022-07-08 09:01:38 +00:00
},
{
"type": "logical",
"mode": "and",
"rules": [],
2022-07-27 04:03:07 +00:00
"server": "local",
2023-03-25 04:03:23 +00:00
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1/24"
2022-07-08 09:01:38 +00:00
}
]
}
}
```
!!! note ""
You can ignore the JSON Array [] tag when the content is only one item
### Default Fields
!!! note ""
The default rule uses the following matching logic:
(`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite`) &&
2022-09-14 14:03:26 +00:00
(`port` || `port_range`) &&
2023-12-01 05:24:18 +00:00
(`source_geoip` || `source_ip_cidr` `source_ip_is_private`) &&
2022-09-14 14:03:26 +00:00
(`source_port` || `source_port_range`) &&
`other fields`
2022-07-08 09:01:38 +00:00
2023-12-01 05:24:18 +00:00
Additionally, included rule sets can be considered merged rather than as a single rule sub-item.
2022-07-08 09:01:38 +00:00
#### inbound
2023-12-14 14:23:52 +00:00
Tags of [Inbound](/configuration/inbound/).
2022-07-08 09:01:38 +00:00
2022-08-16 15:46:05 +00:00
#### ip_version
4 (A DNS query) or 6 (AAAA DNS query).
2022-08-16 15:46:05 +00:00
Not limited if empty.
2023-02-08 08:18:40 +00:00
#### query_type
DNS query type. Values can be integers or type name strings.
2022-07-08 09:01:38 +00:00
#### network
`tcp` or `udp`.
#### auth_user
2022-07-17 07:11:26 +00:00
Username, see each inbound for details.
#### protocol
Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details.
2022-07-08 09:01:38 +00:00
#### domain
Match full domain.
#### domain_suffix
Match domain suffix.
#### domain_keyword
Match domain using keyword.
#### domain_regex
Match domain using regular expression.
#### geosite
2023-12-01 05:24:18 +00:00
!!! failure "Deprecated in sing-box 1.8.0"
Geosite is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geosite-to-rule-sets).
2022-07-08 09:01:38 +00:00
Match geosite.
#### source_geoip
2023-12-01 05:24:18 +00:00
!!! failure "Deprecated in sing-box 1.8.0"
GeoIP is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geoip-to-rule-sets).
2022-07-08 09:01:38 +00:00
Match source geoip.
#### source_ip_cidr
2023-12-01 05:24:18 +00:00
Match source IP CIDR.
#### source_ip_is_private
!!! question "Since sing-box 1.8.0"
Match non-public source IP.
2022-07-08 09:01:38 +00:00
#### source_port
Match source port.
2022-07-27 04:03:07 +00:00
#### source_port_range
Match source port range.
2022-07-08 09:01:38 +00:00
#### port
Match port.
2022-07-27 04:03:07 +00:00
#### port_range
Match port range.
#### process_name
!!! quote ""
2022-07-27 04:03:07 +00:00
Only supported on Linux, Windows, and macOS.
Match process name.
2022-08-31 06:33:52 +00:00
#### process_path
!!! quote ""
2022-08-31 06:33:52 +00:00
Only supported on Linux, Windows, and macOS.
Match process path.
2022-07-27 04:03:07 +00:00
#### package_name
Match android package name.
#### user
!!! quote ""
2022-07-27 04:03:07 +00:00
2022-08-09 08:36:17 +00:00
Only supported on Linux.
2022-07-27 04:03:07 +00:00
Match user name.
#### user_id
!!! quote ""
2022-07-27 04:03:07 +00:00
Only supported on Linux.
Match user id.
2022-09-10 14:42:20 +00:00
#### clash_mode
Match Clash mode.
#### wifi_ssid
!!! quote ""
Only supported in graphical clients on Android and Apple platforms.
Match WiFi SSID.
#### wifi_bssid
!!! quote ""
Only supported in graphical clients on Android and Apple platforms.
Match WiFi BSSID.
2023-12-01 05:24:18 +00:00
#### rule_set
!!! question "Since sing-box 1.8.0"
Match [Rule Set](/configuration/route/#rule_set).
#### rule_set_ipcidr_match_source
!!! question "Since sing-box 1.9.0"
Make `ipcidr` in rule sets match the source IP.
2022-07-27 04:03:07 +00:00
#### invert
Invert match result.
2022-07-08 09:01:38 +00:00
#### outbound
Match outbound.
2023-03-29 02:30:31 +00:00
`any` can be used as a value to match any outbound.
2022-07-08 09:01:38 +00:00
#### server
2022-07-27 04:03:07 +00:00
==Required==
2022-07-08 09:01:38 +00:00
Tag of the target dns server.
2022-07-27 04:03:07 +00:00
#### disable_cache
Disable cache and save cache in this query.
2023-03-25 04:03:23 +00:00
#### rewrite_ttl
Rewrite TTL in DNS responses.
#### client_subnet
!!! question "Since sing-box 1.9.0"
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
### Address Filter Fields
Only takes effect for IP address requests. When the query results do not match the address filtering rule items, the current rule will be skipped.
!!! info ""
`ip_cidr` items in included rule sets also takes effect as an address filtering field.
!!! note ""
Enable `experimental.cache_file.store_rdrc` to cache results.
#### geoip
!!! question "Since sing-box 1.9.0"
Match GeoIP with query response.
#### ip_cidr
!!! question "Since sing-box 1.9.0"
Match IP CIDR with query response.
#### ip_is_private
!!! question "Since sing-box 1.9.0"
Match private IP with query response.
2022-07-08 09:01:38 +00:00
### Logical Fields
#### type
`logical`
#### mode
`and` or `or`
#### rules
2023-12-01 05:24:18 +00:00
Included rules.