summarylogtreecommitdiffstats
path: root/config.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'config.yaml')
-rw-r--r--config.yaml61
1 files changed, 61 insertions, 0 deletions
diff --git a/config.yaml b/config.yaml
new file mode 100644
index 000000000000..ff049be01a16
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,61 @@
+dns:
+ enable: true
+ # listen: 0.0.0.0:53
+ # ipv6: false # when the false, response to AAAA questions will be empty
+
+ # These nameservers are used to resolve the DNS nameserver hostnames below.
+ # Specify IP addresses only
+ default-nameserver:
+ - 114.114.114.114
+ - 8.8.8.8
+ enhanced-mode: redir-host # or fake-ip
+ # fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
+ # use-hosts: true # lookup hosts and return IP record
+
+ # Hostnames in this list will not be resolved with fake IPs
+ # i.e. questions to these domain names will always be answered with their
+ # real IP addresses
+ # fake-ip-filter:
+ # - '*.lan'
+ # - localhost.ptlogin2.qq.com
+
+ # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
+ # All DNS questions are sent directly to the nameserver, without proxies
+ # involved. Clash answers the DNS question with the first result gathered.
+ nameserver:
+ - 114.114.114.114 # default value
+ - 8.8.8.8 # default value
+ - tls://dns.rubyfish.cn:853 # DNS over TLS
+ - https://1.1.1.1/dns-query # DNS over HTTPS
+
+ # When `fallback` is present, the DNS server will send concurrent requests
+ # to the servers in this section along with servers in `nameservers`.
+ # The answers from fallback servers are used when the GEOIP country
+ # is not `CN`.
+ # fallback:
+ # - tcp://1.1.1.1
+
+ # If IP addresses resolved with servers in `nameservers` are in the specified
+ # subnets below, they are considered invalid and results from `fallback`
+ # servers are used instead.
+ #
+ # IP address resolved with servers in `nameserver` is used when
+ # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
+ #
+ # If `fallback-filter.geoip` is false, results from `nameserver` nameservers
+ # are always used if not match `fallback-filter.ipcidr`.
+ #
+ # This is a countermeasure against DNS pollution attacks.
+ fallback-filter:
+ geoip: true
+ ipcidr:
+ # - 240.0.0.0/4
+ # domain:
+ # - '+.google.com'
+ # - '+.facebook.com'
+ # - '+.youtube.com'
+tun:
+ enable: true
+ stack: system # or gvisor
+ dns-hijack:
+ - 198.18.0.2:53 # when `fake-ip-range` is 198.18.0.1/16, should hijack 198.18.0.2:53