new: add default dns with fragment in doh

config/config.go

@@ -80,7 +80,13 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 				Address:         configOpt.RemoteDnsAddress,
 				AddressResolver: "dns-direct",
 				Strategy:        configOpt.RemoteDnsDomainStrategy,
-				Detour:          "select",
+			},
+			{
+				Tag:     "dns-trick-direct",
+				Address: "https://sky.rethinkdns.com/",
+				// AddressResolver: "dns-local",
+				Strategy: configOpt.DirectDnsDomainStrategy,
+				Detour:   "direct-fragment",
 			},
 			{
 				Tag:             "dns-direct",
@@ -188,6 +194,7 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 	parsedUrl, err := url.Parse(fmt.Sprintf("https://%s", remoteDNSAddress))
 	if err == nil && net.ParseIP(parsedUrl.Host) == nil {
 		directDNSDomains = append(directDNSDomains, fmt.Sprintf("full:%s", parsedUrl.Host))
+		//TODO: IS it really needed
 	}
 
 	routeRules := []option.Rule{
@@ -333,6 +340,7 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 			},
 		},
 	)
+
 	options.Route = &option.RouteOptions{
 		Rules:               routeRules,
 		AutoDetectInterface: true,
@@ -352,12 +360,11 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 		if err != nil {
 			return nil, err
 		}
-		if err == nil {
+
-			if serverDomain != "" {
+		if serverDomain != "" {
-				directDNSDomains = append(directDNSDomains, serverDomain)
+			directDNSDomains = append(directDNSDomains, serverDomain)
-			}
-			out = *outbound
 		}
+		out = *outbound
 
 		switch out.Type {
 		case C.TypeDirect, C.TypeBlock, C.TypeDNS:
@@ -405,6 +412,19 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 				Tag:  "direct",
 				Type: C.TypeDirect,
 			},
+			{
+				Tag:  "direct-fragment",
+				Type: C.TypeDirect,
+				DirectOptions: option.DirectOutboundOptions{
+					DialerOptions: option.DialerOptions{
+						TLSFragment: &option.TLSFragmentOptions{
+							Enabled: true,
+							Size:    configOpt.TLSTricks.FragmentSize,
+							Sleep:   configOpt.TLSTricks.FragmentSleep,
+						},
+					},
+				},
+			},
 			{
 				Tag:  "bypass",
 				Type: C.TypeDirect,
@@ -415,9 +435,21 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 			},
 		}...,
 	)
-
 	if len(directDNSDomains) > 0 {
-		domains := strings.Join(removeDuplicateStr(directDNSDomains), ",")
+		trickDnsDomains := []string{}
+		directDNSDomains = removeDuplicateStr(directDNSDomains)
+		for i, d := range directDNSDomains {
+			if isBlockedDomain(d) {
+				trickDnsDomains = append(trickDnsDomains, d)
+			}
+		}
+		trickDomains := strings.Join(trickDnsDomains, ",")
+		trickRule := Rule{Domains: trickDomains, Outbound: "bypass"}
+		trickdnsRule := trickRule.MakeDNSRule()
+		trickdnsRule.Server = "dns-trick-direct"
+		options.DNS.Rules = append([]option.DNSRule{{Type: C.RuleTypeDefault, DefaultOptions: trickdnsRule}}, options.DNS.Rules...)
+
+		domains := strings.Join(directDNSDomains, ",")
 		directRule := Rule{Domains: domains, Outbound: "bypass"}
 		dnsRule := directRule.MakeDNSRule()
 		dnsRule.Server = "dns-direct"
@@ -426,6 +458,25 @@ func BuildConfig(configOpt ConfigOptions, input option.Options) (*option.Options
 
 	return &options, nil
 }
+func isBlockedDomain(domain string) bool {
+	if strings.HasPrefix("full:", domain) {
+		return false
+	}
+	ips, err := net.LookupHost(domain)
+	if err != nil {
+		// fmt.Println(err)
+		return true
+	}
+
+	// Print the IP addresses associated with the domain
+	fmt.Printf("IP addresses for %s:\n", domain)
+	for _, ip := range ips {
+		if strings.HasPrefix(ip, "10.") {
+			return true
+		}
+	}
+	return false
+}
 
 func applyOverrides(overrides ConfigOptions, options option.Options) *option.Options {
 	if overrides.EnableClashApi {

go.mod

@@ -103,6 +103,6 @@ require (
 	lukechampine.com/blake3 v1.2.1 // indirect
 )
 
-replace github.com/sagernet/sing-box => github.com/hiddify/hiddify-sing-box v1.7.9-0.20240129222136-bef8c180eaef
+replace github.com/sagernet/sing-box => github.com/hiddify/hiddify-sing-box v1.7.9-0.20240130115748-5838de40349e
 
 replace github.com/sagernet/wireguard-go => github.com/hiddify/wireguard-go v0.0.0-20240125143346-481d18d77fe1

go.sum

@@ -49,8 +49,8 @@ github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a h1:fEBsGL/sjAuJrgah5X
 github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
-github.com/hiddify/hiddify-sing-box v1.7.9-0.20240129222136-bef8c180eaef h1:ligclNc3H9xwgaSwnIhxp63nEAvYJ8fNKi7+UTER31E=
+github.com/hiddify/hiddify-sing-box v1.7.9-0.20240130115748-5838de40349e h1:FhrU990kkhxRoFAMvEZwUyM05s1AWBn7lzwijl9ucq0=
-github.com/hiddify/hiddify-sing-box v1.7.9-0.20240129222136-bef8c180eaef/go.mod h1:B74zKdMcH3ZEmCi2OUqJTvEXCNtNQjivUEQ20y/5XQM=
+github.com/hiddify/hiddify-sing-box v1.7.9-0.20240130115748-5838de40349e/go.mod h1:B74zKdMcH3ZEmCi2OUqJTvEXCNtNQjivUEQ20y/5XQM=
 github.com/hiddify/ray2sing v0.0.0-20240127015415-b0b85dcbf102 h1:4vKmPE8AyvsBYuZmjGkPnsju8ZzVxEjC9I96uqxX5+o=
 github.com/hiddify/ray2sing v0.0.0-20240127015415-b0b85dcbf102/go.mod h1:zYKnf7EoPqrk7JOMO9BApTXxfH0sva8AKfoFywN7uuA=
 github.com/hiddify/wireguard-go v0.0.0-20240125143346-481d18d77fe1 h1:neOb+wzHbWLNZ2sHFEV4+GTuqORO7/MndQLFW8FjUY8=