# ipv6: false # When set to false, resolver won't translate hostnames to IPv6 addresses
# tcp-concurrent: true # default false
# geodata-mode: true
# external-controller: 127.0.0.1:9090
# external-ui: dashboard
# secret: ''
log-level: info


dns:
  enable: true
  # listen: 0.0.0.0:53
  # ipv6: false # when the false, response to AAAA questions will be empty

  # These nameservers are used to resolve the DNS nameserver hostnames below.
  # Specify IP addresses only
  enhanced-mode: fake-ip # redir-host # (not recommended)
  # fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
  # use-hosts: true # lookup hosts and return IP record
  
  # Hostnames in this list will not be resolved with fake IPs
  # i.e. questions to these domain names will always be answered with their
  # real IP addresses
  # fake-ip-filter:
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com
  
  # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
  # All DNS questions are sent directly to the nameserver, without proxies
  # involved. Clash answers the DNS question with the first result gathered. 
  nameserver:
    - tls://1dot1dot1dot1.cloudflare-dns.com # DNS over TLS
    - https://1.1.1.1/dns-query # DNS over HTTPS
    - 1.1.1.1 # Cloudflare
    - 1.0.0.1 # Cloudflare

  # When `fallback` is present, the DNS server will send concurrent requests
  # to the servers in this section along with servers in `nameservers`.
  # The answers from fallback servers are used when the GEOIP country
  # is not `CN`.
  # fallback:
  #   - tcp://1.1.1.1

  # If IP addresses resolved with servers in `nameservers` are in the specified
  # subnets below, they are considered invalid and results from `fallback`
  # servers are used instead.
  #
  # IP address resolved with servers in `nameserver` is used when
  # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
  #
  # If `fallback-filter.geoip` is false, results from `nameserver` nameservers
  # are always used if not match `fallback-filter.ipcidr`.
  #
  # This is a countermeasure against DNS pollution attacks.
  # fallback-filter:
    # geoip: true
    # ipcidr:
      # - 240.0.0.0/4
    # domain:
    #   - '+.google.com'
    #   - '+.facebook.com'
    #   - '+.youtube.com'

# Enable the TUN listener
tun:
  enable: true
  stack: system # or gvisor
  device: Meta
  dns-hijack:
    - any:53
  auto-route: true # auto set global route
  auto-detect-interface: true # conflict with interface-name