logo NodeSeekbeta
search for post search for people use google search

【分享】Surge 防止DNS泄露配置(MAC OS&IOS通用)5月30日更新优化版

123
  • Studytime
    Studytime
    #11
  • cute可爱
    cute可爱
    #12
  • DKer
    DKer
    edited 762days ago
    #13

    用于本地域名解析的 DNS 服务器,仅有 dns-server,没配 encrypted-dns-server。你这样会导致不在代理规则内,但却需要代理的域名走直连,并通过你设的 dns-server 去解析 IP,而这些非加密 DNS 服务器本质上就是在裸奔,跟你所谓的“防止 DNS 泄露”目的相违背。你还是认真研读完官方文档后再写配置吧:https://manual.nssurge.com/

    真正能防止 DNS 泄露的配置,是同时配置 dns-server 和 encrypted-dns-server:

    1. dns-server 配置纯 IP 地址 DNS 服务器。
    2. encrypted-dns-server 则配置国外的 DoH,如 https://cloudflare-dns.com/dns-query,并将 cloudflare-dns.com 这个域名添加到代理规则里,强制让该 DoH 的请求发往节点服务器。
    3. 添加足够丰富、完善的国内域名、国内 IP 规则,让这些域名和 IP 走直连。
    4. Final 内置规则设为走直连。
    5. 完成以上配置后,所有不在代理规则、直连规则里的域名会被 Final 规则命中并走直连,且 DNS 请求会交给 encrypted-dns-server,并发给节点服务器去处理。

    当然除了以上方式还有更简单的:

    1. 添加足够丰富、完善的国内域名、国内 IP 规则,让这些域名和 IP 走直连。
    2. Final 内置规则设为走代理。
    3. 完事。
  • funnymudgopeee
    funnymudgopeee楼主
    edited 762days ago
    #14

    @DKer #13感谢🙏🏻大神,受教了

  • JaneSmith
    JaneSmith
    #15

    哇哦,不错,感谢楼主分享

  • chentaiyang
    chentaiyang
    #16
  • funnymudgopeee
    funnymudgopeee楼主
    edited 733days ago
    #17

    6月14日更新 [精简规则,优化列表,优化设置] 最终版

    [General]
external-controller-access = @127.0.0.1:6170
exclude-simple-hostnames = true
show-error-page-for-reject = true
disable-geoip-db-auto-update = false
ipv6 = false
ipv6-vif = disabled
internet-test-url = http://www.baidu.com/generate_204
proxy-test-url = http://www.google.com/generate_204
test-timeout = 3
proxy-test-udp = [email protected]
http-api-tls = false
http-api-web-dashboard = false
udp-policy-not-supported-behaviour = REJECT
udp-priority = true
loglevel = notify
skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, localhost, *.local, captive.apple.com
always-real-ip = *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com*.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.battlenet.com.cn, *.battlenet.com, *.blzstatic.cn, *.battle.net
all-hybrid = false
allow-wifi-access = false
allow-hotspot-access = false
wifi-assist = false
wifi-access-http-port = 6152
wifi-access-socks5-port = 6153
include-local-networks = false
include-apns = false
use-default-policy-if-wifi-not-primary = true
read-etc-hosts = true
allow-dns-svcb = false
doh-skip-cert-verification = false
encrypted-dns-follow-outbound-mode = false
geoip-maxmind-url = https://ruleset.dev/dh.mmdb
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
dns-server =223.5.5.5,114.114.114.114,119.29.29.29
doh-follow-outbound-mode = false
include-all-networks = false
include-cellular-services = false
vif-mode = auto

[Proxy]

🇭🇰 香港 GCP = snell, XXXX.XXXX.XXX, 6009, psk=rTOoZ, version=4, reuse=true, no-error-alert=true
🇭🇰 香港 YxVM = trojan, xu.tsang.fun, 443, username=XXXX.XXXX.XXX, password=431839, sni=XXXX.XXXX.XXX, no-error-alert=true
🇨🇳 台湾 PQS = trojan, XXXX.XXXX.XXX, 443, username=XXXX.XXXX.XXX, password=LcX, sni=XXXX.XXXX.XXX, no-error-alert=true
🇯🇵 日本 V.PS = trojan,XXXX.XXXX.XXX, 443, username=XXXX.XXXX.XXX, password=L8cX, sni=XXXX.XXXX.XXX, no-error-alert=true
🇸🇬 新加坡 AWS = trojan, XXXX.XXXX.XXX, 52137, username=XXXX.XXXX.XXX, password=897f228f, sni=XXXX.XXXX.XXX, no-error-alert=true
🇺🇸 美国 ZGO = trojan, XXXX.XXXX.XXX, 443, username=XXXX.XXXX.XXX, password=Le-JiI, sni=XXXX.XXXX.XXX, no-error-alert=true
🇺🇸 美国 VMISS = trojan,XXXX.XXXX.XXX, 443, username=XXXX.XXXX.XXX, password=Le-JX, sni=XXXX.XXXX.XXX, no-error-alert=true
🇺🇸 美国 NAT = snell, XXXX.XXXX.XXX, 4878, psk=ZXXXXXXXXXXXX, version=4, reuse=true, no-error-alert=true

[Proxy Group]
节点选择 = select, 🇭🇰 香港 YxVM, 🇯🇵 日本 V.PS, 🇸🇬 新加坡 AWS, 🇭🇰 香港 GCP, 🇨🇳 台湾 PQS, 🇺🇸 美国 ZGO, 🇺🇸 美国 DMIT, 🇺🇸 美国 NAT
Telegram = select, 🇨🇳 台湾 PQS, 🇭🇰 香港 GCP, 🇭🇰 香港 YxVM, 🇯🇵 日本 V.PS, 🇸🇬 新加坡 AWS, 🇺🇸 美国 ZGO, 🇺🇸 美国 DMIT, 🇺🇸 美国 NAT
Netflix = select, 🇭🇰 香港 YxVM, 🇨🇳 台湾 PQS, 🇺🇸 美国 DMIT, 🇺🇸 美国 ZGO
Disney = select, 🇭🇰 香港 YxVM, 🇨🇳 台湾 PQS, 🇺🇸 美国 DMIT, 🇺🇸 美国 ZGO
YouTube = select, 🇭🇰 香港 YxVM, 🇸🇬 新加坡 AWS, 🇯🇵 日本 V.PS, 🇭🇰 香港 GCP, 🇨🇳 台湾 PQS, 🇺🇸 美国 ZGO, 🇺🇸 美国 DMIT
OpenAI = select, 🇨🇳 台湾 PQS, 🇺🇸 美国 DMIT, 🇺🇸 美国 ZGO
Paypal = select, DIRECT, 🇸🇬 新加坡 AWS

[Rule]
# Telegram
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Telegram/Telegram.list,Telegram
# Paypal
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/PayPal/PayPal.list,Paypal
# Youtube
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/YouTube/YouTube.list,YouTube
# Google
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Google/Google.list,节点选择
# OpenAI
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/OpenAI/OpenAI.list,OpenAI
# Netflix
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Netflix/Netflix.list,Netflix
# Disney
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Disney/Disney.list,Disney
# 腾讯视频
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/TencentVideo/TencentVideo.list,DIRECT
# 谷歌中国服务
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleCNProxyIP.list,节点选择
# 本地/局域网地址
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Lan/Lan.list,DIRECT
# Apple
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Apple/Apple.list,DIRECT
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Apple/Apple_Domain.list,DIRECT
# 中国列表
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/China/China.list,DIRECT
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/China/China_Domain.list,DIRECT
# 国内媒体列表
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/ChinaMedia/ChinaMedia.list,DIRECT
# 中国ASN
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/ChinaASN/ChinaASN.list,DIRECT
# 国外媒体列表
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GlobalMedia/GlobalMedia.list,节点选择
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GlobalMedia/GlobalMedia_Domain.list,节点选择
# Proxy
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Proxy/Proxy.list,节点选择
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Proxy/Proxy_Domain.list,节点选择
# 中国IP
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/ChinaIPs/ChinaIPs.list,DIRECT
# China
GEOIP,CN,DIRECT,no-resolve
# Final
FINAL,节点选择

[Host]
localhost = 127.0.0.1

[URL Rewrite]
^https?://(www.)?g.cn https://www.google.com 302
^https?://(www.)?google.cn https://www.google.com 302
  • kimily
    kimily
    #18

    更新了什么内容呢?

  • funnymudgopeee
    funnymudgopeee楼主
    #19

    @kimily #18 更新了规则,新增了ip库,优化了设置

  • funnymudgopeee
    funnymudgopeee楼主
    #20
123

你好啊,陌生人!

我的朋友,看起来你是新来的,如果想参与到讨论中,点击下面的按钮!
登录 注册

快捷功能区

所有版块

📈用户数目📈

目前论坛共有61480位seeker

🎉欢迎新用户🎉

win121338
win121338
Severus2314
Severus2314
尾巴摇摇
尾巴摇摇
MangoY
MangoY
moyup
moyup
petct
petct
RiverMao
RiverMao
yahoofunny
yahoofunny