标签 DNS配置 下的文章

感觉 surge 还是好用呀。

[General]
loglevel = notify
# 从 Surge iOS 4 / Surge Mac 3.3.0 起,工具开始支持 DoH
dns-server = 223.5.5.5, 119.29.29.29, 223.6.6.6, 180.76.76.76, 114.114.115.115, 114.114.114.114, 8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1, 208.67.222.222, 208.67.220.220, system
# https://dns.alidns.com/dns-query, https://13800000000.rubyfish.cn/, https://doh.360.cn/dns-query, https://dns.google/dns-query
skip-proxy = 192.178.0.0/16,127.0.0.1, 192.168.0.0/16,192.18.0.0/16, 198.18.0.1,198.18.0.0/16,10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10,192.168.65.0/24, localhost, *.local,passenger.t3go.cn, sequoia.apple.com, seed-sequoia.siri.apple.com
wifi-assist = false
wifi-access-http-port = 6152
wifi-access-socks5-port = 6153
http-api-web-dashboard = true
replica = 0
tls-provider = default
network-framework = false
exclude-simple-hostnames = true
ipv6 = true
test-timeout = 2
proxy-test-url = http://cp.cloudflare.com/generate_204
geoip-maxmind-url = https://cdn.jsdelivr.net/gh/Hackl0us/GeoIP2-CN@release/Country.mmdb
use-local-host-item-for-proxy = true
show-error-page-for-reject = true
# 高级设置
# > 日志级别
# > 当遇到 REJECT 策略时返回错误页
always-real-ip = msftconnecttest.com, msftncsi.com, *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.battlenet.com.cn, *.battlenet.com, *.blzstatic.cn, *.battle.net
# > Always Real IP Hosts
force-http-engine-hosts = *.ott.cibntv.net, 123.59.31.1,119.18.193.135, 122.14.246.33, 175.102.178.52, 116.253.24.*, 175.6.26.*, 220.169.153.*
# > TCP Force HTTP Hosts
# KOOWO - 123.59.31.1,119.18.193.135, 122.14.246.33, 175.102.178.52
# TencentVideo - 116.253.24.*, 175.6.26.*, 220.169.153.*
tun-excluded-routes = 239.255.255.250/32
# > VIF Excluded Routes
allow-wifi-access = false
http-api-tls = false
encrypted-dns-server = https://doh.pub/dns-query, https://dns.alidns.com/dns-query
http-listen = 0.0.0.0
socks5-listen = 0.0.0.0

[Proxy]
Direct = direct, allow-other-interface=true
Reject = reject
WARP = wireguard, section-name=Cloudflare, test-url=http://cp.cloudflare.com/generate_204
#这个场景是在公司办公的时候: 1、公司网络有两种,WiFi只有外网,外网网速快,网线有外网和公网。配置了这个策略,内网走网线,外网走WiFi,具体的接口自己找一下即可。
公司网络 = direct, interface=en7, allow-other-interface=true
VMess_WS = 
trojan_tcp_Trojan = 
dmit-torjan = 
公司vpn = direct, interface=ppp0, allow-other-interface=true, dns-follow-interface=true  #有远程办公的需求,mac我们公司vpn 比较老,必须要加路由才行,配置了这个就不用加路由了。连接即用 surge 下面进行分流
家宽 = 家宽的信息, underlying-proxy=机场 #(配置机场做了链式代理) 

[Proxy Group]
#节点信息我做了删除,补充自己的进来。注意,名称如果错误记得调整下。
Proxy = select, 机场, VMess_WS, trojan_tcp_Trojan, dmit-torjan, 家宽, include-all-proxies=0
🛡Guard = select, Reject, Direct
机场 = select, 

[Rule]
DOMAIN-SUFFIX,linux.do,trojan_tcp_Trojan,extended-matching
IP-CIDR,69.63.208.186,DIRECT,no-resolve
IP-CIDR,148.135.32.199,DIRECT,no-resolve
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/ChinaMedia/ChinaMedia.list,DIRECT,"update-interval=7200"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GlobalMedia/GlobalMedia_All_No_Resolve.list,Proxy,"update-interval=7200"
# RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/ChinaMax/ChinaMax_All.list,DIRECT,"update-interval=7200"
RULE-SET,https://github.com/blackmatrix7/ios_rule_script/tree/master/rule/Surge/Gemini,家宽,"update-interval=7200"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/115/115.list,DIRECT,"update-interval=7200"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/OpenAI/OpenAI.list,家宽,extended-matching,"update-interval=7200"
DOMAIN-SUFFIX,navicat.com.cn,Reject
DOMAIN-SUFFIX,navicat.com,Reject
RULE-SET,https://raw.githubusercontent.com/limbopro/Adblock4limbo/main/Adblock4limbo_surge.list,Reject,"update-interval=3600"

#谷歌的走家宽,家宽用机场链式代理。
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Google/Google.list,家宽,extended-matching,"update-interval=3600"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleDrive/GoogleDrive.list,家宽,extended-matching,"update-interval=3600"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleEarth/GoogleEarth.list,家宽,extended-matching,"update-interval=3600"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleFCM/GoogleFCM.list,家宽,extended-matching,"update-interval=3600"
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleSearch/GoogleSearch.list,家宽,extended-matching,"update-interval=3600"
DOMAIN,juejin.cn,DIRECT
DOMAIN,copilot-telemetry-service.copilot.supercopilot.top,DIRECT,extended-matching
DOMAIN,copilot-proxy.copilot.supercopilot.top,DIRECT,extended-matching
DOMAIN,api.copilot.supercopilot.top,DIRECT,extended-matching
DOMAIN,copilot.supercopilot.top,DIRECT,extended-matching
# Non IP
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-no-drop.conf,REJECT
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject.conf,REJECT,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-drop.conf,REJECT
RULE-SET,https://ruleset.skk.moe/List/ip/reject.conf,REJECT
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-url-regex.conf,REJECT
RULE-SET,https://ruleset.skk.moe/List/non_ip/sogouinput.conf,REJECT
GEOIP,CN,DIRECT
RULE-SET,https://ruleset.skk.moe/List/non_ip/lan.conf,DIRECT
# IP
RULE-SET,https://ruleset.skk.moe/List/ip/lan.conf,DIRECT
RULE-SET,https://ruleset.skk.moe/List/non_ip/apple_cn.conf,DIRECT
# Non IP
# 基础的 12 万拦截域名
# URL-REGEX
# 额外 20 万拦截域名,作为基础的补充,启用时需要搭配基础一起使用
# 在 Surge 5 for Mac(或更新版本),即使同时启用基础和额外的拦截域名也不会导致匹配性能下降或内存占用过高
# 需搭配 Surge 模块 https://ruleset.skk.moe/Modules/sukka_mitm_hostnames.sgmodule 使用
# MITM 和 URL-REGEX 性能开销极大,不推荐使用

# IP
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/speedtest.conf,Proxy,extended-matching
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/cdn.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/non_ip/cdn.conf,Proxy
# 北美相关流媒体
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream_us.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream_us.conf,Proxy
# 欧洲相关流媒体
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream_eu.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream_eu.conf,Proxy
# 日本相关流媒体
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream_jp.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream_jp.conf,Proxy
# 韩国相关流媒体
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream_kr.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream_kr.conf,Proxy
# 香港相关流媒体
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream_hk.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream_hk.conf,Proxy
# 台湾相关流媒体
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream_tw.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream_tw.conf,Proxy
# 所有流媒体(包括上述所有流媒体)
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/stream.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/non_ip/ai.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/non_ip/telegram.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/telegram.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/telegram_asn.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/non_ip/microsoft_cdn.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/non_ip/microsoft.conf,Proxy
RULE-SET,https://ruleset.skk.moe/List/ip/china_ip.conf,DIRECT
# Only use it if you are using IPv6
RULE-SET,https://ruleset.skk.moe/List/ip/china_ip_ipv6.conf,DIRECT



RULE-SET,https://raw.githubusercontent.com/limbopro/Adblock4limbo/main/Adblock4limbo_surge.list,REJECT,"update-interval=3600"
# MacWk.com Start
# DaisyDisk
DOMAIN,daisydiskapp.com,REJECT
# Viscosity
DOMAIN,sparklabs.com,REJECT
DOMAIN,swupdate.sparklabs.com,REJECT
DOMAIN,www.sparklabs.com,REJECT
# Sidify Music Converter
DOMAIN,www.sidify.com,REJECT
DOMAIN,sidify.com,REJECT
# Sublime Text
DOMAIN,www.sublimetext.com,REJECT
DOMAIN,sublimetext.com,REJECT
DOMAIN,license.sublimehq.com,REJECT
# MacWk.com End
AND,((PROTOCOL,UDP), (DEST-PORT,443)),REJECT-NO-DROP
PROCESS-NAME,v2ray,DIRECT
PROCESS-NAME,clash,DIRECT
PROCESS-NAME,ss-local,DIRECT
PROCESS-NAME,privoxy,DIRECT
PROCESS-NAME,trojan,DIRECT
PROCESS-NAME,trojan-go,DIRECT
PROCESS-NAME,naive,DIRECT
PROCESS-NAME,fdm,DIRECT
PROCESS-NAME,Thunder,DIRECT
PROCESS-NAME,Folx,DIRECT
PROCESS-NAME,DownloadService,DIRECT
PROCESS-NAME,qBittorrent,DIRECT
PROCESS-NAME,Transmission,DIRECT
PROCESS-NAME,fdm,DIRECT
PROCESS-NAME,aria2c,DIRECT
PROCESS-NAME,Folx,DIRECT
PROCESS-NAME,NetTransport,DIRECT
PROCESS-NAME,uTorrent,DIRECT
PROCESS-NAME,WebTorrent,DIRECT
PROCESS-NAME,"WebTorrent Helper",DIRECT
# Local Area Network 局域网
RULE-SET,LAN,DIRECT
DOMAIN-SET,https://cdn.jsdelivr.net/gh/Loyalsoldier/surge-rules@release/private.txt,DIRECT
DOMAIN-SET,https://cdn.jsdelivr.net/gh/Loyalsoldier/surge-rules@release/reject.txt,REJECT
RULE-SET,SYSTEM,DIRECT
DOMAIN-SET,https://cdn.jsdelivr.net/gh/Loyalsoldier/surge-rules@release/tld-not-cn.txt,Proxy
DOMAIN-SET,https://cdn.jsdelivr.net/gh/Loyalsoldier/surge-rules@release/gfw.txt,Proxy
DOMAIN-SET,https://cdn.jsdelivr.net/gh/Loyalsoldier/surge-rules@release/greatfire.txt,Proxy
RULE-SET,https://cdn.jsdelivr.net/gh/Loyalsoldier/surge-rules@release/telegramcidr.txt,Proxy
# 实用规则片段集
# RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-News.list,Proxy
RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-proxy.list,Proxy
RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-direct.list,DIRECT
RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/CN.list,DIRECT
RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/common-ad-keyword.list,REJECT
RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/foreign.list,Proxy
RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/App/social/Telegram.list,Proxy
RULE-SET,LAN,DIRECT
# 最终规则
FINAL,Proxy,dns-failed

[Host]


[URL Rewrite]
^https?://(www.)?(g|google).cn https://www.google.com 302

[MITM]
skip-server-cert-verify = true
tcp-connection = true

其中节点自己换一换就可以用了。不行找 ai 跑一下自己的节点信息替换进去。
欢迎大家指正补充分流策略。

链式代理配置,其他如果自建的节点也可以按此方式配置:

分享下自用 surge 规则配置。1

📌 转载信息
原作者:
3zs
转载时间:
2026/1/20 10:05:25

Sub-Converter 的模板,主要是对 dns 的部分做了一些适配,放置在 subconverter/base/clash.tpl,佬友们可以直接抄,或者觉得有不合理需要调整的地方也可以指正。

mixed-port: 7890 allow-lan: false mode: rule log-level: info tcp-concurrent: true global-client-fingerprint: chrome ipv6: false external-controller: '127.0.0.1:9090' hosts: dns.google: - 8.8.8.8 - 8.8.4.4 - '2001:4860:4860::8888' - '2001:4860:4860::8844' doh.pub: - 1.12.12.12 - 1.12.12.21 - 120.53.53.53 dns.alidns.com: - 223.5.5.5 - 223.6.6.6 - '2400:3200::1' - '2400:3200:baba::1' tun: enable: true stack: mixed dns-hijack: - 'any:53' - 'tcp://any:53' auto-route: true auto-detect-interface: true strict-route: true route-exclude-address: - 192.168.0.0/16 - 'fc00::/7' clash-for-android: append-system-dns: false profile: tracing: true store-selected: true store-fake-ip: true sniffer: enable: true override-destination: false force-dns-mapping: true parse-pure-ip: true sniff: TLS: ports: - 443 - 8443 HTTP: ports: - 80 - 8080-8880 QUIC: ports: - 443 - 8443 skip-domain: - Mijia Cloud - +.push.apple.com experimental: sniff-tls-sni: true dns: enable: true prefer-h3: false listen: '127.0.0.1:8853' respect-rules: true ipv6: false cache-algorithm: arc enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-range6: 'fc00::/18' fake-ip-filter: - '*.lan' - '*.local' - '*.localhost' - '*.home.arpa' - time.*.com - time.*.gov - time.*.apple.com - ntp.*.com - +.pool.ntp.org - +.msftconnecttest.com - +.msftncsi.com - +.srv.nintendo.net - +.stun.playstation.net - xbox.*.microsoft.com - +.battlenet.com.cn - +.music.163.com - +.y.qq.com - +.bilivideo.cn - localhost.ptlogin2.qq.com - lens.l.google.com default-nameserver: - 223.5.5.5 - 119.29.29.29 nameserver: - 'https://dns.alidns.com/dns-query' - 'https://doh.pub/dns-query' fallback: - 'https://dns.google/dns-query' - 'https://1.1.1.1/dns-query' proxy-server-nameserver: - 'https://dns.alidns.com/dns-query' - 'https://doh.pub/dns-query' direct-nameserver: - 'https://dns.alidns.com/dns-query' - 'https://doh.pub/dns-query' nameserver-policy: 'geosite:cn': - 'https://dns.alidns.com/dns-query' - 'https://doh.pub/dns-query' dl.google.com: - 223.5.5.5 - 119.29.29.29 dl.l.google.com: - 223.5.5.5 - 119.29.29.29 +.in-addr.arpa: 10.0.0.1 +.ip6.arpa: 10.0.0.1 fallback-filter: geoip: true geoip-code: CN geosite: - gfw ipcidr: - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.168.0.0/16 - 240.0.0.0/4

{% if local.clash.new_field_name == "true" %}
proxies: - name: dns-拦截 type: dns proxy-groups: ~ rules: ~
{% else %}
Proxy: ~ Proxy Group: ~ Rule: - 'DST-PORT,53,dns-拦截'
{% endif %}

📌 转载信息
原作者:
b1ghawk119
转载时间:
2026/1/15 18:34:57

最初用 Adguard Home 部署,近期又接触了 Mosdns-x,又是一番折腾
完整的 mosdns-x 配置在最底下,有配套的数据看板
(需要 Mihomo 完整配置文件,其实写的一坨,想 “欣赏” 的可以留言 )

Adguard Home DoH 服务与 mihomo 配置

客户端说明:
ns:默认使用 NextDNS 与谷歌 dns 作为上游
m-cn:主要用于解析国内域名
m-psn:国内外上游,主要用于 proxy-server-nameserver

(m-psn,是因为之前用宝可梦,他家机场部分域名用国外 dns 获取不到结果,所以单独整了个 adgh 客户端用于 proxy-server-nameserver)

pure:纯净 dns,未开启广告拦截,使用 NextDNS 与谷歌 dns 作为上游
m-ad:为了方便看 adgh 的拦截日志,搞的客户端,上游同 ns(配置时使用 ns 就行)

DoH 地址:

两台 US 服务器部署:US2、US3

  - https://us2.tls.vlo.cc/alicia/m-ad
  - https://us2.tls.vlo.cc/alicia/ns
  - https://us2.tls.vlo.cc/alicia/m-cn
  - https://us2.tls.vlo.cc/alicia/m-psn

  - https://us3.tls.vlo.cc/alicia/m-ad
  - https://us3.tls.vlo.cc/alicia/m-psn
  - https://us3.tls.vlo.cc/alicia/m-cn
  - https://us3.tls.vlo.cc/alicia/ns

mihomo 配套的配置模板,使用 redir-host 模式
并不是最优配置,且这两个模块都引用了规则集:rule-set:,请替换为自己配置文件的规则集或者删除。

嗅探模块 
# 流量嗅探 sniffer: enable: true force-dns-mapping: true parse-pure-ip: true override-destination: false sniff: HTTP: ports: [80, 8080-8880, 2052, 2082, 2086, 2095]
      override-destination: true TLS: ports: [443, 8443, 2053, 2083, 2087, 2096]
    QUIC: ports: [443, 8443, 2053, 2083, 2087, 2096]
  skip-domain: - "rule-set:DW_Private,qiufeng_domain,Advertising,Tracking,MX_FCM" skip-src-address: - "rule-set:DW_PrivateIP,Advertising_IP" - 169.254.10.100/32 - febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 skip-dst-address: - "rule-set:DW_PrivateIP,Advertising_IP" - 169.254.10.100/32 - febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 - "rule-set:LL_TgIP,Skk_TgIP"
hosts 与 dns 模块 
# hosts模块
hosts:
  '*.alicia.moe': 127.0.0.1
  'alicia.moe': 127.0.0.1
  'us3.tls.vlo.cc': 38.246.246.231
  'us2.tls.vlo.cc': 154.37.208.14
  'tls-us-2.vlo.cc': 38.244.62.224
  'tls-us-1.vlo.cc': 154.37.208.14
  'cn-09.api.vlo.cc': 38.244.62.224
  'cn-05.api.vlo.cc': 154.37.208.14
# dns模块
dns:
  enable: true
  cache-algorithm: arc
  prefer-h3: false
  use-hosts: true
  use-system-hosts: false
  listen: 0.0.0.0:1053
  ipv6: false
  respect-rules: false
  enhanced-mode: redir-host
  fake-ip-range: 10.20.0.1/16
  default-nameserver:
    - quic://223.5.5.5
    - tls://1.12.12.12
  nameserver:
    - https://us3.tls.vlo.cc/alicia/ns
    - https://us2.tls.vlo.cc/alicia/ns
  nameserver-policy:
    "rule-set:mydns_domain,myblack_domain,qiufeng_domain,Advertising,Tracking":
      - https://us2.tls.vlo.cc/alicia/m-ad
      - https://us3.tls.vlo.cc/alicia/m-ad
    "rule-set:MX_SteamCN,DW_GamesCN,Skk_Direct,Skk_Domestic,DW_CN,LL_China":
      - https://us2.tls.vlo.cc/alicia/m-cn
      - https://us3.tls.vlo.cc/alicia/m-cn
  proxy-server-nameserver:
      - https://us2.tls.vlo.cc/alicia/m-psn
      - https://us3.tls.vlo.cc/alicia/m-psn

mosdns-x DoH 服务以及 mihomo 配置

直接在 mosdns-x 进行分流的。
AI 搓出来的数据面板:https://api.520924.xyz

DoH 地址:

同样在两台 US 服务器部署

- https://cn-05.api.vlo.cc/tls-cx
- https://cn-09.api.vlo.cc/tls-cx

mihomo 配置:同样使用 redir-hosts 模式

嗅探模块 
# 流量嗅探 sniffer: enable: true force-dns-mapping: true parse-pure-ip: true override-destination: false sniff: HTTP: ports: [80, 8080-8880, 2052, 2082, 2086, 2095]
      override-destination: true TLS: ports: [443, 8443, 2053, 2083, 2087, 2096]
    QUIC: ports: [443, 8443, 2053, 2083, 2087, 2096]
  skip-domain: - "rule-set:DW_Private,qiufeng_domain,Advertising,Tracking,MX_FCM" skip-src-address: - "rule-set:DW_PrivateIP,Advertising_IP" - 169.254.10.100/32 - febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 skip-dst-address: - "rule-set:DW_PrivateIP,Advertising_IP" - 169.254.10.100/32 - febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 - "rule-set:LL_TgIP,Skk_TgIP"
hosts 与 dns 模块 
# hosts模块 hosts: '*.alicia.moe': 127.0.0.1 'alicia.moe': 127.0.0.1 'us3.tls.vlo.cc': 38.246.246.231 'us2.tls.vlo.cc': 154.37.208.14 'tls-us-2.vlo.cc': 38.244.62.224 'tls-us-1.vlo.cc': 154.37.208.14 'cn-09.api.vlo.cc': 38.244.62.224 'cn-05.api.vlo.cc': 154.37.208.14 # dns模块 dns: enable: true cache-algorithm: arc prefer-h3: false use-hosts: true use-system-hosts: false listen: 0.0.0.0:1053 ipv6: false respect-rules: false enhanced-mode: redir-host fake-ip-range: 10.20.0.1/16 default-nameserver: - quic://223.5.5.5 - tls://1.12.12.12 nameserver: - https://cn-05.api.vlo.cc/tls-cx - https://cn-09.api.vlo.cc/tls-cx proxy-server-nameserver: - https://us2.tls.vlo.cc/alicia/m-psn - https://us3.tls.vlo.cc/alicia/m-psn

折腾后记

自我感觉,自建 Adguard Home DoH 如果是搭配代理软件使用,可以在代理软件分流。

Adguard Home 可以配置不同客户端的上游,这让其在 mihomo 搭配使用时方便很多,毕竟直接在 Adguard Home 分流会很复杂且不易维护

自建 DoH 分享与 Mihomo 配套配置1


如果你也在使用 Adguard Home + Mihomo,也可以尝试这样操作

MosDNS-X:

配置很复杂… 搞这个纯属折腾(确实是很折腾),配置文件抄的 easymosdns 的,然后用 Gemini Pro 网页版又搓了好久的数据面板:https://api.520924.xyz/

我的 mosdns-X 配置 
# EasyMosdns v3.5(Final Release)
# https://apad.pro/easymosdns
log:
    file: "./mosdns.log"
    level: error

data_providers:
  - tag: miaoerwlist
    file: ./rules/miaoerwlist.txt
    auto_reload: true
  - tag: chinalist
    file: ./rules/china_domain_list.txt
    auto_reload: true
  - tag: cnlistA
    file: ./rules/cnlistA.txt
    auto_reload: true


  - tag: cdncn
    file: ./rules/cdn_domain_list.txt
    auto_reload: true
  - tag: cdnnocn
    file: ./rules/cdn_no_cn.txt
    auto_reload: true

  - tag: gfwlist
    file: ./rules/gfw_domain_list.txt
    auto_reload: true
  - tag: gfwlistA
    file: ./rules/gfwlistA.txt
    auto_reload: true


  - tag: chinaip
    file: ./rules/china_ip_list.txt
    auto_reload: true
  - tag: cniplistA
    file: ./rules/cniplistA.txt
    auto_reload: true
     
  - tag: gfwip
    file: ./rules/gfw_ip_list.txt
    auto_reload: true

  - tag: adlist
    file: ./rules/ad_domain_list.txt
    auto_reload: true
  - tag: miaoerblock
    file: ./rules/miaoerblock.txt
    auto_reload: true
  - tag: ads
    file: ./rules/ads.txt
    auto_reload: true

  - tag: ecscn
    file: ./ecs_cn_domain.txt
    auto_reload: true
  - tag: ecsnoncn
    file: ./ecs_noncn_domain.txt
    auto_reload: true
  - tag: hosts
    file: ./hosts.txt
    auto_reload: true

plugins:
    # 数据统计插件
  - tag: "metrics_data"
    type: "metrics_collector"

    # 广告拦截统计
  - tag: "metrics_ad_blocked"   
    type: "metrics_collector"

    # 本地上游统计
  - tag: "metrics_local_up"     
    type: "metrics_collector"

    # 本地备用上游统计
  - tag: "metrics_localB_up"     
    type: "metrics_collector"

    # 远程上游统计
  - tag: "metrics_remote_up"    
    type: "metrics_collector"

    # 远程备用上游统计
  - tag: "metrics_remoteB_up"    
    type: "metrics_collector"
    # 限制 EDNS0 UDP 缓冲大小的插件
  - tag: udp_bufsize_limit
    type: bufsize
    args:
      size: 1232 # 限制为 512 字节,强制大包回落到 TCP
  # 缓存的插件
  # [lan|wan]
  - tag: cache_lan
    type: cache
    args:
      size: 65536
      compress_resp: true
      #redis: "redis://127.0.0.1:6379/0"
      lazy_cache_ttl: 86400
      cache_everything: true
      lazy_cache_reply_ttl: 1
  - tag: cache_wan
    type: cache
    args:
      size: 131072
      compress_resp: true
      #redis: "redis://127.0.0.1:6379/0"
      lazy_cache_ttl: 86400
      cache_everything: true
      lazy_cache_reply_ttl: 5

  # Hosts的插件
  - tag: hosts
    type: hosts
    args:
      hosts:
        - "provider:hosts"

  # 获取ECS的插件
  - tag: ecs_auto
    type: ecs
    args:
      auto: true
      force_overwrite: false
      
  # 指定ECS的插件
  # [local|global]
  - tag: ecs_local
    type: ecs
    args:
      auto: false
      ipv4: "101.6.6.0"
      ipv6: "2001:da8::"
      force_overwrite: false
  - tag: ecs_global
    type: ecs
    args:
      auto: false
      ipv4: "168.95.1.0"
      ipv6: "2001:b000:168::"
      force_overwrite: false

  # 匹配ECS的插件
  - tag: ecs_is_local
    type: query_matcher
    args:
      ecs: 
        - "101.6.6.0/24"
        - "2001:da8::/48"
  - tag: ecs_is_lan
    type: query_matcher
    args:
      ecs: 
        - "0.0.0.0/8"
        - "10.0.0.0/8"
        - "100.64.0.0/10"
        - "127.0.0.0/8"
        - "169.254.0.0/16"
        - "172.16.0.0/12"
        - "192.0.0.0/24"
        - "192.0.2.0/24"
        - "198.18.0.0/15"
        - "192.88.99.0/24"
        - "192.168.0.0/16"
        - "198.51.100.0/24"
        - "203.0.113.0/24"
        - "224.0.0.0/3"
        - "::1/128"
        - "fc00::/7"
        - "fe80::/10"
  - tag: ecs_is_cn
    type: query_matcher
    args:
      ecs: 
        - "provider:chinaip"
        - "provider:cniplistA"


  # 调整TTL的插件
  # [1m|5m|1h]
  - tag: ttl_1m
    type: ttl
    args:
      minimal_ttl: 60
      maximum_ttl: 3600
  - tag: ttl_5m
    type: ttl
    args:
      minimal_ttl: 300
      maximum_ttl: 86400
  - tag: ttl_1h
    type: ttl
    args:
      minimal_ttl: 3600
      maximum_ttl: 86400

  # 匹配TYPE12类型请求的插件
  - tag: qtype12
    type: query_matcher
    args:
      qtype: [12]

  # 匹配TYPE65类型请求的插件
  - tag: qtype65
    type: query_matcher
    args:
      qtype: [65]

  # 匹配TYPE255类型请求的插件
  - tag: qtype255
    type: query_matcher
    args:
      qtype: [255]

  # 匹配RCODE2的插件
  - tag: response_server_failed
    type: response_matcher
    args:
      rcode: [2]

  # 屏蔽请求的插件
  - tag: black_hole
    type: blackhole
    args:
      rcode: 0
      ipv4: "169.254.10.100"
      ipv6: "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff"

  # 匹配无效域名的插件
  - tag: query_is_non_domain
    type: query_matcher
    args:
      domain:
        - "keyword::"

  # 匹配本地域名的插件
  - tag: query_is_local_domain
    type: query_matcher
    args:
      domain:
        - "provider:chinalist"
        - "provider:cnlistA"

  # 匹配污染域名的插件
  - tag: query_is_non_local_domain
    type: query_matcher
    args:
      domain:
        - "provider:gfwlist"
        - "provider:gfwlistA"

  # 匹配CDN域名的插件
  - tag: query_is_cdn_cn_domain
    type: query_matcher
    args:
      domain:
        - "provider:cdncn"
  - tag: query_is_cdn_no_cn_domain
    type: query_matcher
    args:
      domain:
        - "provider:cdnnocn"

  # 匹配白名单域名的插件
  - tag: query_is_whitelist_domain
    type: query_matcher
    args:
      domain:
        - "provider:miaoerwlist"

  # 匹配广告域名的插件
  - tag: query_is_ad_domain
    type: query_matcher
    args:
      domain:
        - "provider:adlist"
        - "provider:miaoerblock"
        - "provider:ads"

  # 匹配强制本地解析域名的插件
  - tag: query_is_cn_domain
    type: query_matcher
    args:
      domain:
        - "provider:ecscn"

  # 匹配强制非本地解析域名的插件
  - tag: query_is_noncn_domain
    type: query_matcher
    args:
      domain:
        - "provider:ecsnoncn"

  # 匹配本地IP的插件
  - tag: response_has_local_ip
    type: response_matcher
    args:
      ip:
        - "provider:chinaip"
        - "provider:cniplistA"

  # 匹配污染IP的插件
  - tag: response_has_gfw_ip
    type: response_matcher
    args:
      ip:
        - "provider:gfwip"

  # 转发至本地服务器的插件
  - tag: forward_local
    type: fast_forward
    args:
      upstream:
        - addr: "h3://dns.alidns.com"
          dial_addr: "223.5.5.5"
        - addr: "tls://dot.pub"
          dial_addr: "1.12.12.21"
          bootstrap: "121.4.4.95"
          enable_pipeline: true
          max_conns: 3

  # 转发至远程服务器的插件
  - tag: forward_remote
    type: fast_forward
    args:
      upstream:
        - addr: "tls://8.8.8.8"
          enable_pipeline: true
          max_conns: 4
        - addr: "tls://dns.nextdns.io"
          bootstrap: "8.8.8.8"
          enable_pipeline: true
          max_conns: 4

  # 转发至分流服务器的插件
  - tag: forward_localReserve
    type: fast_forward
    args:
      upstream:
        - addr: "quic://dns.alidns.com"
          dial_addr: "223.6.6.6"
        - addr: "tls://dot.pub"
          dial_addr: "1.12.34.56"
          bootstrap: "121.4.4.95"
          enable_pipeline: true
          max_conns: 3

  - tag: forward_remoteReserve
    type: fast_forward
    args:
      upstream:
        - addr: "tls://8.8.4.4"
          enable_pipeline: true
          max_conns: 4
        - addr: "tls://dns.nextdns.io"
          bootstrap: "8.8.8.8"
          enable_pipeline: true
          max_conns: 4

  # 主要的运行逻辑插件
  # sequence 插件中调用的插件 tag 必须在 sequence 前定义
  # 否则 sequence 找不到对应插件
  - tag: main_sequence
    type: sequence
    args:
      exec:
        - metrics_data
        # 域名映射IP
        - hosts

        # 屏蔽TYPE65与无效类型请求
        - if: "[qtype65] || (query_is_non_domain)"
          exec:
            - _new_nxdomain_response
            - _return

        # 优化PRT与ANY类型请求
        - if: "[qtype12] || [qtype255]"
          exec:
            - _no_ecs
            - forward_local
            - ttl_1h
            - _return

        # 缓存ECS
        - ecs_auto
        - _edns0_filter_ecs_only
        - udp_bufsize_limit
        - if: ecs_is_lan
          exec:
            - cache_lan
            - _no_ecs
          else_exec:
            - cache_wan

        # 强制用本地服务器解析
        - if: query_is_cn_domain
          exec:
            - forward_local
            - ttl_5m
            - _return

        # 强制用非本地服务器解析
        - if: query_is_noncn_domain
          exec:
            # 优先返回ipv4结果
            - _prefer_ipv4
            - ecs_global
            - primary:
                # 默认用分流服务器
                - forward_remote
              secondary:
                # 超时用远程服务器
                - forward_remoteReserve
              fast_fallback: 2500
              always_standby: false
            - ttl_5m
            - _return

        # 已知的白名单域名用本地服务器解析
        - if: query_is_whitelist_domain
          exec:
            # 默认用本地服务器
            - metrics_local_up
            - forward_local
            - ttl_1m
            # 预防已知的本地域名临时污染
            - if: response_has_gfw_ip
              exec:
                - metrics_remote_up
                - ecs_local
                - forward_remote
            - _return


        # 屏蔽广告域名
        - if: query_is_ad_domain
          exec:
            - metrics_ad_blocked
            - black_hole
            - ttl_1h
            - _return

        # 已知的本地域名或CDN域名用本地服务器解析
        - if: "(query_is_local_domain) || (query_is_cdn_cn_domain)"
          exec:
            # 默认用本地服务器
            - metrics_local_up
            - forward_local
            - ttl_1m
            # 预防已知的本地域名临时污染
            - if: response_has_gfw_ip
              exec:
                - metrics_remote_up
                - ecs_local
                - forward_remote
            - _return
        # 已知的非大陆CDN域名
        - if: query_is_cdn_no_cn_domain
          exec:
            # 优先返回ipv4结果
            - _prefer_ipv4
            - primary:
                # 默认用分流服务器
                - metrics_remote_up
                - forward_remote
              secondary:
                # 超时用远程服务器
                - metrics_remoteB_up
                - forward_remoteReserve
              fast_fallback: 2500
              always_standby: false
            - ttl_5m
            - _return
        # 已知的污染域名用分流服务器或远程服务器解析
        - if: query_is_non_local_domain
          exec:
            # 优先返回ipv4结果
            - _prefer_ipv4
            - ecs_global
            - primary:
                # 默认用分流服务器
                - metrics_remote_up
                - forward_remote
              secondary:
                # 超时用远程服务器
                - metrics_remoteB_up
                - forward_remoteReserve
              fast_fallback: 2500
              always_standby: false
            - ttl_5m
            - _return

        # 剩下的未知域名用IP分流
        # 优先返回ipv4结果
        - _prefer_ipv4
        - primary:
            # 默认用分流服务器
            - metrics_remote_up
            - ecs_local
            - forward_remote
            - if: "(ecs_is_cn) && (response_has_local_ip) || [response_server_failed]"
              exec:
                - metrics_localB_up
                - forward_localReserve
                - _return
          secondary:
            # 超时用本地分流器
            - metrics_remote_up
            - forward_remote
            - if: response_has_local_ip
              exec:
                - metrics_localB_up
                - forward_localReserve
                - _return
          fast_fallback: 2500
          always_standby: false
        - ttl_5m

servers:
  - exec: main_sequence
    timeout: 10
    listeners:
      - protocol: http
        addr: "0.0.0.0:9053"
        url_path: "/tls-cx"
        get_user_ip_from_header: "X-Forwarded-For"
        kernel_tx: true
        kernel_rx: true

api:
    http: "127.0.0.1:9080"

如果需要 mosdns-x 面板文件的,https://api.520924.xyz/mosdns-x-webui.zip 可以下载,根据自己配置文件修改,或者扔给 Gemini 修改

搭建的都是 US 服务器,应该都有 9929 线路,可以直连(域名不要搞得像机场域名那种二级域名格式,带 tls、us 这些,可能会被阻断域名)

欢迎留言使用体验 我自己是用不出来 Adguard Home 与 Mosdns-x 搭建的在使用上的性能区别,总体还是 Adguard Home 方便

📌 转载信息
原作者:
jiuyue
转载时间:
2026/1/7 19:27:00

DNSHE 为全球开发者、学生和开源爱好者提供免费域名服务
✓ 无需信用卡绑定
✓ 无隐藏费用
✓ 支持全类型 DNS 记录解析
✓ 即时上线各类数字项目
https://my.dnshe.com

・初始额度:可注册 3 个域名

DNSHE 免费域名申请和 CF 接入教程1


选择后缀,开始注册

DNSHE 免费域名申请和 CF 接入教程3


注册后登录 CloudFlare
https://dash.cloudflare.com/login
加入域,输入域名 → 选择 Free 套餐 → 继续前往激活

DNSHE 免费域名申请和 CF 接入教程2


选择免费计划

DNSHE 免费域名申请和 CF 接入教程4


回到 DNSHE 配置

DNSHE 免费域名申请和 CF 接入教程5


配置 DNS 将下列的内容复制进去
margaret.ns.cloudflare.com
nikon.ns.cloudflare.com

DNSHE 免费域名申请和 CF 接入教程7


继续前往激活

DNSHE 免费域名申请和 CF 接入教程8


任务完成

DNSHE 免费域名申请和 CF 接入教程6

📌 转载信息
原作者:
user554
转载时间:
2026/1/4 12:26:43