update 2025-04-18 14:17:11

2025-04-18 14:17:11 +08:00 · 2025-04-18 14:17:11 +08:00 · 62bf555f5e
parent 89a39381e4
commit 62bf555f5e
4 changed files with 20 additions and 4 deletions
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@ -515,9 +515,9 @@ o:depends({singbox_dns_mode = "tcp"})

 ---- DoT
 o = s:taboption("DNS", Value, "remote_dns_dot", translate("Remote DNS DoT"))
-o.default = "tls://dns.google@8.8.4.4"
-o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.0.0.1", "1.0.0.1 (CloudFlare)")
-o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.1.1.1", "1.1.1.1 (CloudFlare)")
+o.default = "tls://one.one.one.one@1.1.1.1"
+o:value("tls://one.one.one.one@1.0.0.1", "1.0.0.1 (CloudFlare)")
+o:value("tls://one.one.one.one@1.1.1.1", "1.1.1.1 (CloudFlare)")
 o:value("tls://dns.google@8.8.4.4", "8.8.4.4 (Google)")
 o:value("tls://dns.google@8.8.8.8", "8.8.8.8 (Google)")
 o:value("tls://dns.quad9.net@9.9.9.9", "9.9.9.9 (Quad9)")
@ -604,6 +604,11 @@ if api.is_finded("smartdns") then
 	o:depends({dns_shunt = "smartdns", tcp_proxy_mode = "proxy", chn_list = "direct"})
 end

+o = s:taboption("DNS", Flag, "chinadns_ng_cert_verify", translate("DoT Cert verify"), translate("Verify DoT SSL cert. (May fail on some platforms!)"))
+o.default = "0"
+o:depends({dns_shunt = "chinadns-ng", direct_dns_mode = "dot"})
+o:depends({dns_shunt = "chinadns-ng", dns_mode = "dot"})
+
 o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices."))
 o.default = "1"
 o.rmempty = false
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@ -232,6 +232,12 @@ msgstr "清空 IPSET"
 msgid "Clear NFTSET"
 msgstr "清空 NFTSET"

+msgid "DoT Cert verify"
+msgstr "DoT 证书验证"
+
+msgid "Verify DoT SSL cert. (May fail on some platforms!)"
+msgstr "验证 DoT SSL 证书。（在某些平台可能无法验证，谨慎开启！）"
+
 msgid "Try this feature if the rule modification does not take effect."
 msgstr "如果修改规则后没有生效，请尝试此功能。"

--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -1542,7 +1542,7 @@ start_dns() {
 		TCP_PROXY_DNS=1
 		if [ "$chinadns_tls" != "nil" ]; then
 			local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT}
-			local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4")
+			local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://one.one.one.one@1.1.1.1")
 			local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
 			local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
 			REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}"
--- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
@ -502,6 +502,11 @@ end

 table.insert(config_lines, "hosts")

+local cert_verify = uci:get(appname, "@global[0]", "chinadns_ng_cert_verify") or 0
+if tonumber(cert_verify) == 1 then
+	table.insert(config_lines, "cert-verify")
+end
+
 if DEFAULT_TAG == "chn" then
 	log(string.format("  - 默认 DNS ：%s", DNS_LOCAL))
 elseif  DEFAULT_TAG == "gfw" then