From 34f1424184b22cb7209a71e0dd69f68fe53ffaa3 Mon Sep 17 00:00:00 2001 From: kenzok8 Date: Sun, 4 May 2025 04:22:45 +0800 Subject: [PATCH] update 2025-05-04 04:22:45 --- .../luasrc/model/cbi/passwall/client/global.lua | 8 ++++++++ luci-app-passwall/po/zh-cn/passwall.po | 6 ++++++ .../root/usr/share/passwall/helper_chinadns_add.lua | 4 +++- .../root/usr/share/passwall/helper_smartdns_add.lua | 3 ++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 9672c449e..175a7e609 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -604,6 +604,14 @@ if api.is_finded("smartdns") then o:depends({dns_shunt = "smartdns", tcp_proxy_mode = "proxy", chn_list = "direct"}) end +o = s:taboption("DNS", Flag, "force_https_soa", translate("Force HTTPS SOA"), translate("Force queries with qtype 65 to respond with an SOA record.")) +o.default = "1" +o.rmempty = false +o:depends({dns_shunt = "chinadns-ng"}) +if api.is_finded("smartdns") then + o:depends({dns_shunt = "smartdns"}) +end + o = s:taboption("DNS", Flag, "chinadns_ng_cert_verify", translate("DoT Cert verify"), translate("Verify DoT SSL cert. (May fail on some platforms!)")) o.default = "0" o:depends({direct_dns_mode = "dot"}) diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index aaeca1528..77679a1c8 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -241,6 +241,12 @@ msgstr "验证 DoT SSL 证书。(在某些平台可能无法验证,谨慎开 msgid "Try this feature if the rule modification does not take effect." msgstr "如果修改规则后没有生效,请尝试此功能。" +msgid "Force HTTPS SOA" +msgstr "停用 HTTPS 记录解析" + +msgid "Force queries with qtype 65 to respond with an SOA record." +msgstr "强制使 qtype 65 查询返回 SOA。" + msgid "Are you sure to hide?" msgstr "你确定要隐藏吗?" diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index ce687a4f9..2ea4164e7 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -106,13 +106,15 @@ local setflag = (NFTFLAG == "1") and "inet@passwall@" or "" local only_global = (DEFAULT_MODE == "proxy" and CHNLIST == "0" and GFWLIST == "0") and 1 +local force_https_soa = uci:get(appname, "@global[0]", "force_https_soa") or 1 + config_lines = { LOG_FILE ~= "/dev/null" and "verbose" or "", "bind-addr ::", "bind-port " .. LISTEN_PORT, "china-dns " .. DNS_LOCAL, "trust-dns " .. DNS_TRUST, - "filter-qtype 65" + tonumber(force_https_soa) == 1 and "filter-qtype 65" or "" } for i = 1, 6 do diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua index 97591ea8f..c07a185fd 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua @@ -160,9 +160,10 @@ if not REMOTE_GROUP or REMOTE_GROUP == "nil" then sys.call('sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1') end +local force_https_soa = uci:get(appname, "@global[0]", "force_https_soa") or 1 local proxy_server_name = "passwall-proxy-server" config_lines = { - "force-qtype-SOA 65", + tonumber(force_https_soa) == 1 and "force-qtype-SOA 65" or "force-qtype-SOA -65", "server 114.114.114.114 -bootstrap-dns", DNS_MODE == "socks" and string.format("proxy-server socks5://%s -name %s", REMOTE_PROXY_SERVER, proxy_server_name) or nil }