logo NodeSeekbeta
search for post search for people use google search

IOS端使用Surge进行国内外DNS分流,提高访问速度,防止DNS污染和泄露

ois
ois楼主
edited 904days ago in 技术
#0

前言:

  • 本教程参考了不良林大佬关于在Clash上防止DNS泄露的教程,感谢大佬。

  • 继上一篇软路由使用SmartDNS进行DNS分流,可能很多小伙伴还是使用手机端较多,所以贴上自己IOS端Surge的配置,Clash和Loon小火箭也可以使用,殊途同归,大家也可以去油管观看不良林大佬关于DNS泄露的教程。

  • 此配置可解决大部分手机端DNS泄露和污染的问题

  • 原理为通过Surge添加外部引用国内IP和域名的规则集,并给“GEOIP-CN”和规则集添加“no-resolve”,让国内访问通过规则集进行匹配,国外网站通过代理节点在VPS上进行远程解析,这样可以解决绝大部分的DNS泄露问题。

  • 此方案可能导致部分特别小众的网站走代理,需要手动给这部分网站添加规则集让其进行匹配。

  • 同样贴上手机端DNS泄露的测试
    DNS测试

[General]
# 日志级别
loglevel = notify
show-error-page-for-reject = true
# > All Hybrid 网络并发
all-hybrid = false
# ipv6开启
ipv6 = true
ipv6-vif = auto
allow-wifi-access = false
# 排除简单主机名
exclude-simple-hostnames = true
# 跳过代理
skip-proxy = 192.168.0.0/24, 10.0.0.0/8, 172.16.0.0/12, 127.0.0.1, localhost, *.local
# DNS 服务器(本地只添加国内的DNS)
dns-server = 119.6.6.6, 119.7.7.7, 223.5.5.5, 119.29.29.29, 114.114.114.114
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# 从/etc/hosts读取 DNS 记录
read-etc-hosts = true
# 代理测速URL
proxy-test-url = http://www.google.com/generate_204
# Internet 测试 URL
internet-test-url = http://www.baidu.com
# GeoIP数据库
geoip-maxmind-url = https://github.com/Hackl0us/GeoIP2-CN/raw/release/Country.mmdb
# 测试超时
test-timeout = 5
# 以下网址禁用FAKE-IP
always-real-ip = *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com*.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.battlenet.com.cn, *.battlenet.com, *.blzstatic.cn, *.battle.net
# > Surge VIF
# tun-excluded-routes = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
# tun-included-routes = 192.168.1.12/32
# > 禁用 GEOIP 自动更新
disable-geoip-db-auto-update = false
allow-hotspot-access = false

[Proxy Group]
👀 Wifi切换 = subnet, default = 🚀 节点选择, "TYPE:CELLULAR" = 🚀 节点选择, "此处为家里有软路由需要Surge切换为直连的WIFI名" = 🎯 全球直连, hidden = true
🚀 节点选择 = select, ♻️ 自动选择, 👋 手动切换, no-alert=0, hidden=0, include-all-proxies=0
♻️ 自动选择 = url-test, url=http://www.gstatic.com/generate_204, update-interval=43200, timeout=0, interval=300, tolerance=0, no-alert=0, hidden=0, include-all-proxies=0, policy-path=此处为Surege的节点订阅链接
👋 手动切换 = select, update-interval=0, no-alert=0, hidden=0, include-all-proxies=0, include-other-group=♻️ 自动选择
👋  OpenAI = select, update-interval=0, no-alert=0, hidden=0, include-all-proxies=0, include-other-group=♻️ 自动选择
🎯 全球直连 = select, DIRECT, 🚀 节点选择, no-alert=0, hidden=0, include-all-proxies=0
⛔️ 全球拦截 = select, REJECT, DIRECT, no-alert=0, hidden=0, include-all-proxies=0
🐟 漏网之鱼 = select, 🚀 节点选择, 🎯 全球直连, no-alert=0, hidden=0, include-all-proxies=0

[Rule]
# OpenAI
RULE-SET,https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Surge/OpenAI/OpenAI.list,👋  OpenAI,no-resolve,extended-matching
# 中国IPV4
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaIp.list,DIRECT,no-resolve,extended-matching
# 中国云服务商IP
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list,DIRECT,no-resolve,extended-matching
# 应用广告
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanProgramAD.list,REJECT,no-resolve,extended-matching
# 广告关键词
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanAD.list,REJECT,no-resolve,extended-matching
# 中国媒体列表
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaMedia.list,DIRECT,no-resolve,extended-matching
# 直连列表
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list,DIRECT,no-resolve,extended-matching
# 白名单
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list,DIRECT,no-resolve,extended-matching
# 本地/局域网地址
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list,DIRECT,no-resolve,extended-matching
# 谷歌中国服务
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleCNProxyIP.list,🚀 节点选择,no-resolve,extended-matching
# GEOIP数据库内国内IP-直连
GEOIP,CN,🎯 全球直连,no-resolve
# 以上规则未包含的其他访问
FINAL,🐟 漏网之鱼,dns-failed

[MITM]

此处附上几个好用的模块

  • 流媒体检测:https://whatshub.top/sgmodule/media.sgmodule
  • Sub Store:https://raw.githubusercontent.com/Peng-YM/Sub-Store/master/config/Surge.sgmodule
  • 节点信息:https://whatshub.top/sgmodule/ip-api.sgmodule
  • 京东比价:https://whatshub.top/module/HistoryPrice.sgmodule
 12
  • 太太你也不想你丈夫失去工作吧
    #1

    买了一个3用户的年付,完全不知怎么用,自建节点套网上的规则感觉不去xhj轻松 xhj017

  • Stark
    Stark
    #2

    @太太你也不想你丈夫失去工作吧 #1 150收了

  • lllmmm
    lllmmm
    #3

    回去试试

  • 想不出来了头疼
    #4

    真的牛逼!

  • 久伴Dylan
    久伴Dylan
    #5

    顶一下 xhj021

  • 防弹少年团
    防弹少年团
    #6

    弄个qx

  • xinbalaw
    xinbalaw
    #7

    感谢提供,正好需要这个

  • xinbalaw
    xinbalaw
    #8

    @ois #0
    我参考配置了,在规则模式下,手机访问browserleaks还是有国内dns。
    用全局模式没问题

  • 西瓜
    西瓜
    #9

    十分感谢,根据up主修改完就没有泄露了。感觉是两部分生效的。,no-resolve 和,dns-failed

  • funnymudgopeee
    funnymudgopeee
    #10

    在大佬基础上稍微修改了一下,MAC OS端和IOS端通用,适合自建服务器的用户,支持最新订阅升级的SMART策略组功能。

    [General]
# 日志级别
loglevel = notify
show-error-page-for-reject = true
# > All Hybrid 网络并发
all-hybrid = false
# ipv6开启
ipv6 = false
allow-wifi-access = false
# 排除简单主机名
exclude-simple-hostnames = true
# 跳过代理
skip-proxy = 192.168.0.0/24, 10.0.0.0/8, 172.16.0.0/12, 127.0.0.1, localhost, *.local
# DNS 服务器(本地只添加国内的DNS)
dns-server = 119.6.6.6, 119.7.7.7, 223.5.5.5, 119.29.29.29, 114.114.114.114
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# 从/etc/hosts读取 DNS 记录
read-etc-hosts = true
# 代理测速URL
proxy-test-url = http://www.google.com/generate_204
# Internet 测试 URL
internet-test-url = http://www.baidu.com
# GeoIP数据库
geoip-maxmind-url = https://github.com/Hackl0us/GeoIP2-CN/raw/release/Country.mmdb
# 测试超时
test-timeout = 5
# 以下网址禁用FAKE-IP
always-real-ip = *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com*.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.battlenet.com.cn, *.battlenet.com, *.blzstatic.cn, *.battle.net
# > Surge VIF
# tun-excluded-routes = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
# tun-included-routes = 192.168.1.12/32
# > 禁用 GEOIP 自动更新
disable-geoip-db-auto-update = false
allow-hotspot-access = false
ipv6-vif = disabled

[Proxy]
🌏 全球直连 = direct
🇭🇰 香港 = trojan, 填服务器域名, 填协议端口号, password=填密码, sni=填服务器域名, no-error-alert=true
🇯🇵 日本 = trojan, 填服务器域名, 填协议端口号, password=填密码, sni=填服务器域名, no-error-alert=true
🇯🇵 日本 = trojan, 填服务器域名, 填协议端口号, password=填密码, sni=填服务器域名, no-error-alert=true
🇺🇸 美国 = trojan, 填服务器域名, 填协议端口号, password=填密码, sni=填服务器域名, no-error-alert=true
🇺🇸 美国 = trojan, 填服务器域名, 填协议端口号, password=填密码, sni=填服务器域名, no-error-alert=true
🇸🇬 新加坡 = trojan, 填服务器域名, 填协议端口号, password=填密码, sni=填服务器域名, no-error-alert=true

[Proxy Group]
节点选择 = select, 🇭🇰 香港, 🇯🇵 日本, 🇯🇵 日本, 🇺🇸 美国, 🇺🇸 美国, 🇸🇬 新加坡, no-alert=0, hidden=0, include-all-proxies=0
# 策略组(下面的节点信息需与外部节点对应,若删除了外部节点里的节点,那么在策略组里也要删除。)
Tiktok = smart, include-other-group="美国, 日本"
Netflix = smart, include-other-group=美国
Disney = smart, include-other-group=美国
YouTube = smart, include-other-group=节点选择
OpenAI = smart, include-other-group="美国, 日本"
全球直连 = select, DIRECT, 节点选择, no-alert=0, hidden=0, include-all-proxies=0
全球拦截 = select, REJECT, DIRECT, no-alert=0, hidden=0, include-all-proxies=0
漏网之鱼 = select, 节点选择, 🌏 全球直连, no-alert=0, hidden=0, include-all-proxies=0
# 外部节点
香港 = smart, 🇭🇰 香港, include-other-group=节点选择, policy-regex-filter=(🇭🇰)|(港)|(Hong)|(HK), no-alert=0, hidden=0, include-all-proxies=0
美国 = smart, 🇺🇸 美国, 🇺🇸 美国, include-other-group=节点选择, policy-regex-filter=(🇺🇸)|(美)|(States)|(US), no-alert=0, hidden=0, include-all-proxies=0
日本 = smart, 🇯🇵 日本, 🇯🇵 日本,include-other-group=节点选择, policy-regex-filter=(🇯🇵)|(日)|(Japan)|(JP), no-alert=0, hidden=0, include-all-proxies=0
新加坡 = smart, 🇸🇬 新加坡, include-other-group=节点选择, policy-regex-filter=(🇸🇬)|(新)|(Singapore)|(SG), no-alert=0, hidden=0, include-all-proxies=0

[Rule]
# OpenAI
RULE-SET,https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Surge/OpenAI/OpenAI.list,OpenAI,no-resolve,extended-matching
# Netflix
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Netflix/Netflix.list,Netflix,no-resolve,extended-matching
# TikTok
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/TikTok/TikTok.list,Tiktok,no-resolve,extended-matching
# Disney
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Disney/Disney.list,Disney,no-resolve,extended-matching
# Youtube
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/YouTube/YouTube.list,YouTube,no-resolve,extended-matching
# 中国IPV4
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaIp.list,DIRECT,no-resolve,extended-matching
# 中国云服务商IP
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list,DIRECT,no-resolve,extended-matching
# 应用广告
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanProgramAD.list,REJECT,no-resolve,extended-matching
# 广告关键词
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanAD.list,REJECT,no-resolve,extended-matching
# 中国媒体列表
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaMedia.list,DIRECT,no-resolve,extended-matching
# 直连列表
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list,DIRECT,no-resolve,extended-matching
# 白名单
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list,DIRECT,no-resolve,extended-matching
# 本地/局域网地址
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list,DIRECT,no-resolve,extended-matching
# 谷歌中国服务
RULE-SET,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleCNProxyIP.list,节点选择,no-resolve,extended-matching
# GEOIP数据库内国内IP-直连
GEOIP,CN,🌏 全球直连,no-resolve
# 以上规则未包含的其他访问
FINAL,漏网之鱼,dns-failed

[MITM]
12

你好啊,陌生人!

我的朋友,看起来你是新来的,如果想参与到讨论中,点击下面的按钮!
登录 注册

快捷功能区

所有版块

📈用户数目📈

目前论坛共有62360位seeker

🎉欢迎新用户🎉

winking8683
winking8683
ChaoJi
ChaoJi
myNode99
myNode99
heosdee
heosdee
paradox
paradox
LeoHaveFun
LeoHaveFun
Ship
Ship
四轩茶屋
四轩茶屋