fix/docs: fix the first check failure and possible dns leaking (#418)

Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com>
2025-07-18 11:49:47 +07:00 · 2024-01-11 21:47:05 +08:00
parent 0f8277b5a4
commit 18931ac477
8 changed files with 41 additions and 28 deletions
--- a/example.dae
+++ b/example.dae
@ -147,20 +147,30 @@ dns {
        # According to the request of dns query, decide to use which DNS upstream.
        # Match rules from top to bottom.
        request {
+            # Lookup China mainland domains using alidns, otherwise googledns.
+            qname(geosite:cn) -> alidns
            # fallback is also called default.
-            fallback: alidns
-        }
-        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
-        # Match rules from top to bottom.
-        response {
-            # Trusted upstream. Always accept its result.
-            upstream(googledns) -> accept
-            # Possibly polluted, re-lookup using googledns.
-            ip(geoip:private) && !qname(geosite:cn) -> googledns
-            # fallback is also called default.
-            fallback: accept
+            fallback: googledns
        }
    }
+#    routing {
+#        # According to the request of dns query, decide to use which DNS upstream.
+#        # Match rules from top to bottom.
+#        request {
+#            # fallback is also called default.
+#            fallback: alidns
+#        }
+#        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
+#        # Match rules from top to bottom.
+#        response {
+#            # Trusted upstream. Always accept its result.
+#            upstream(googledns) -> accept
+#            # Possibly polluted, re-lookup using googledns.
+#            ip(geoip:private) && !qname(geosite:cn) -> googledns
+#            # fallback is also called default.
+#            fallback: accept
+#        }
+#    }
 }

 # Node group (outbound).
@ -206,9 +216,6 @@ routing {
    # WAN.
    pname(NetworkManager) -> direct

-    # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'.
-    pname(systemd-resolved, dnsmasq) -> must_direct
-
    # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
    # forwarded by the proxy.
    # "dip" means destination IP.