Initial commit

1 files changed, 73 insertions, 0 deletions

diff --git a/config.yaml b/config.yaml
new file mode 100644
index 000000000000..4b69b9b7d5cb
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,73 @@
+# ipv6: false # When set to false, resolver won't translate hostnames to IPv6 addresses
+# tcp-concurrent: true # default false
+# geodata-mode: true
+# external-controller: 127.0.0.1:9090
+# external-ui: dashboard
+# secret: ''
+log-level: info
+
+
+dns:
+  enable: true
+  # listen: 0.0.0.0:53
+  # ipv6: false # when the false, response to AAAA questions will be empty
+
+  # These nameservers are used to resolve the DNS nameserver hostnames below.
+  # Specify IP addresses only
+  enhanced-mode: fake-ip # redir-host # (not recommended)
+  # fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
+  # use-hosts: true # lookup hosts and return IP record
+  
+  # Hostnames in this list will not be resolved with fake IPs
+  # i.e. questions to these domain names will always be answered with their
+  # real IP addresses
+  # fake-ip-filter:
+  #   - '*.lan'
+  #   - localhost.ptlogin2.qq.com
+  
+  # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
+  # All DNS questions are sent directly to the nameserver, without proxies
+  # involved. Clash answers the DNS question with the first result gathered. 
+  nameserver:
+    - tls://1dot1dot1dot1.cloudflare-dns.com # DNS over TLS
+    - https://1.1.1.1/dns-query # DNS over HTTPS
+    - 1.1.1.1 # Cloudflare
+    - 1.0.0.1 # Cloudflare
+
+  # When `fallback` is present, the DNS server will send concurrent requests
+  # to the servers in this section along with servers in `nameservers`.
+  # The answers from fallback servers are used when the GEOIP country
+  # is not `CN`.
+  # fallback:
+  #   - tcp://1.1.1.1
+
+  # If IP addresses resolved with servers in `nameservers` are in the specified
+  # subnets below, they are considered invalid and results from `fallback`
+  # servers are used instead.
+  #
+  # IP address resolved with servers in `nameserver` is used when
+  # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
+  #
+  # If `fallback-filter.geoip` is false, results from `nameserver` nameservers
+  # are always used if not match `fallback-filter.ipcidr`.
+  #
+  # This is a countermeasure against DNS pollution attacks.
+  # fallback-filter:
+    # geoip: true
+    # ipcidr:
+      # - 240.0.0.0/4
+    # domain:
+    #   - '+.google.com'
+    #   - '+.facebook.com'
+    #   - '+.youtube.com'
+
+# Enable the TUN listener
+tun:
+  enable: true
+  stack: system # or gvisor
+  device: Meta
+  dns-hijack:
+    - any:53
+  auto-route: true # auto set global route
+  auto-detect-interface: true # conflict with interface-name
+