diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 9b0cdb3c..70925af6 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -527,6 +527,7 @@ o:depends({dns_mode = "xray"}) o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy.")) o.default = "0" o:depends({dns_mode = "sing-box", dns_shunt = "dnsmasq"}) +o:depends({dns_mode = "sing-box", dns_shunt = "chinadns-ng"}) o.validate = function(self, value, t) if value and value == "1" then local _dns_mode = s.fields["dns_mode"]:formvalue(t) diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 75293083..64b063d8 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -562,7 +562,7 @@ run_dns2socks() { } run_chinadns_ng() { - local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag _no_logic_log _tcp_node + local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag _no_logic_log _tcp_node _remote_fakedns local _extra_param="" eval_set_val $@ @@ -573,7 +573,7 @@ run_chinadns_ng() { _extra_param="-FLAG ${_flag} -TCP_NODE ${_tcp_node} -LISTEN_PORT ${_listen_port} -DNS_LOCAL ${_dns_local} -DNS_TRUST ${_dns_trust}" _extra_param="${_extra_param} -USE_DIRECT_LIST ${_use_direct_list} -USE_PROXY_LIST ${_use_proxy_list} -USE_BLOCK_LIST ${_use_block_list}" _extra_param="${_extra_param} -GFWLIST ${_gfwlist} -CHNLIST ${_chnlist} -NO_IPV6_TRUST ${_no_ipv6_trust} -DEFAULT_MODE ${_default_mode}" - _extra_param="${_extra_param} -DEFAULT_TAG ${_default_tag} -NFTFLAG ${nftflag} -NO_LOGIC_LOG ${_no_logic_log}" + _extra_param="${_extra_param} -DEFAULT_TAG ${_default_tag} -NFTFLAG ${nftflag} -NO_LOGIC_LOG ${_no_logic_log} -REMOTE_FAKEDNS ${_remote_fakedns}" lua $APP_PATH/helper_chinadns_add.lua ${_extra_param} > ${_CONF_FILE} ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE} @@ -1579,7 +1579,8 @@ start_dns() { _default_mode=${TCP_PROXY_MODE} \ _default_tag=$(config_t_get global chinadns_ng_default_tag smart) \ _no_logic_log=0 \ - _tcp_node=${TCP_NODE} + _tcp_node=${TCP_NODE} \ + _remote_fakedns=${fakedns:-0} USE_DEFAULT_DNS="chinadns_ng" } @@ -1830,7 +1831,8 @@ acl_app() { _default_mode=${tcp_proxy_mode} \ _default_tag=${chinadns_ng_default_tag:-smart} \ _no_logic_log=1 \ - _tcp_node=${tcp_node} + _tcp_node=${tcp_node} \ + _remote_fakedns=0 use_default_dns="chinadns_ng" } diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index 704ffe83..f4089a52 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -18,6 +18,7 @@ local DEFAULT_TAG = var["-DEFAULT_TAG"] local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"] local TCP_NODE = var["-TCP_NODE"] local NFTFLAG = var["-NFTFLAG"] +local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"] local uci = api.uci local sys = api.sys @@ -100,6 +101,8 @@ end local setflag = (NFTFLAG == "1") and "inet@passwall@" or "" +local only_global = (DEFAULT_MODE == "proxy" and CHNLIST == "0" and GFWLIST == "0") and 1 + config_lines = { --"verbose", "bind-addr 127.0.0.1", @@ -249,7 +252,7 @@ if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then "group proxylist", "group-dnl " .. file_proxy_host, "group-upstream " .. DNS_TRUST, - "group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6" + REMOTE_FAKEDNS ~= "1" and "group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6" or nil } if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:proxylist") end insert_array_after(config_lines, tmp_lines, "#--3") @@ -261,7 +264,7 @@ end if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then tmp_lines = { "gfwlist-file " .. RULES_PATH .. "/gfwlist", - "add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6" + REMOTE_FAKEDNS ~= "1" and "add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6" or nil } if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:gfw") end merge_array(config_lines, tmp_lines) @@ -288,7 +291,7 @@ if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then "group chn_proxy", "group-dnl " .. RULES_PATH .. "/chnlist", "group-upstream " .. DNS_TRUST, - "group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6" + REMOTE_FAKEDNS ~= "1" and "group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6" or nil } if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:chn_proxy") end insert_array_after(config_lines, tmp_lines, "#--1") @@ -402,7 +405,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then "group shuntlist", "group-dnl " .. file_shunt_host, "group-upstream " .. DNS_TRUST, - "group-ipset " .. setflag .. "passwall_shuntlist," .. setflag .. "passwall_shuntlist6" + (not only_global and REMOTE_FAKEDNS == "1") and nil or ("group-ipset " .. setflag .. "passwall_shuntlist," .. setflag .. "passwall_shuntlist6") } if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:shuntlist") end insert_array_after(config_lines, tmp_lines, "#--2") @@ -417,7 +420,7 @@ if GFWLIST == "1" and CHNLIST == "0" then DEFAULT_TAG = "chn" end if CHNLIST == "proxy" then DEFAULT_TAG = "chn" end --全局模式,默认使用远程DNS -if DEFAULT_MODE == "proxy" and CHNLIST == "0" and GFWLIST == "0" then +if only_global then DEFAULT_TAG = "gfw" if NO_IPV6_TRUST == "1" and uci:get(appname, TCP_NODE, "protocol") ~= "_shunt" then table.insert(config_lines, "no-ipv6")