diff --git a/luci-app-mosdns/root/etc/mosdns/serverlist.txt b/luci-app-mosdns/root/etc/mosdns/serverlist.txt
index ede1e01d8..e7b449b3e 100644
--- a/luci-app-mosdns/root/etc/mosdns/serverlist.txt
+++ b/luci-app-mosdns/root/etc/mosdns/serverlist.txt
@@ -367,6 +367,7 @@
 14a3d6c4df.com
 14nuzznszbdp.com
 15.taboola.com
+150075.com
 1503.net
 151c1501b0fa.com
 152media.com
@@ -1023,6 +1024,7 @@
 42fd278b95.com
 42r.cn
 42ye.com
+42yenxh.cn
 431.red
 43137c93a82b0e81da.com
 43242.zh1144.com
@@ -1302,6 +1304,7 @@
 5dm6ghn.cn
 5dydk.com
 5e01f27136.com
+5ef80ae889.com
 5egk.com
 5etv.com
 5eyz.flzee.com
@@ -1829,7 +1832,6 @@
 91ad.bestvogue.com
 91adv.com
 91adv.com.cn
-91cy.top
 91effa509f8f15a.com
 91eto.xyz
 91feiyong.com
@@ -2147,7 +2149,6 @@ a.qchannel03.cn
 a.qiao024.com
 a.qinghua5.com
 a.qncye.net
-a.qsjiajiao.com
 a.quangushi.com
 a.qunzou.com
 a.raasnet.com
@@ -2966,7 +2967,7 @@ aagon.actonservice.com
 aahqiyum.com
 aaid.umeng.com
 aaktao.entel.cl
-aakxxebotrofi.top
+aalbbh84.info
 aaliyaheartha.com
 aamapi.com
 aamcompany.actonservice.com
@@ -3291,6 +3292,7 @@ ac.mmstat.com
 ac.rnm.ca
 ac0c95f18a59.com
 ac1.786ip.com
+ac1.pingpingw.com
 ac3.msn.com
 ac56.xyz
 ac7d539d732.com
@@ -4629,6 +4631,7 @@ adplexmedia.adk2x.com
 adplexo.com
 adplugg.com
 adplus.co.id
+adplusplus.fr
 adplxmd.com
 adpm.app.qq.com
 adpmbglobal.com
@@ -4663,6 +4666,7 @@ adqic.com
 adquality.ch
 adquan.com
 adquantix.com
+adquery.io
 adquest3d.com
 adqy6rzwcs.com
 adrank24.de
@@ -5966,6 +5970,7 @@ afd.baidu.cn
 afd.baidu.com
 afd.l.google.com
 afdads.com
+afdjljiyagf.ru
 aff-handler.com
 aff-jp.dxlive.com
 aff-online.com
@@ -6393,6 +6398,7 @@ aj1716.online
 aj1907.online
 aj1913.online
 aj2208.online
+aj2373.online
 ajapk.com
 ajaralarm.com
 ajarsubscriber.com
@@ -6747,7 +6753,6 @@ amethyst.zappos.com
 amexcadrillon.com
 amfi.gou.sogou.com
 amgdgt.com
-amghais.cn
 amghvzn.cn
 amhpbhyxfgvd.com
 amiablebackscertified.com
@@ -7417,6 +7422,7 @@ api.24kidea.com
 api.51sxzz.com
 api.557400.com
 api.5eln.cn
+api.aalbbh84.info
 api.abcxs.org
 api.ad-locus.com
 api.ad-stir.com
@@ -7936,6 +7942,7 @@ armedgroin.com
 armiesgaspclue.com
 armlyemoan.com
 armpitarticle.com
+armpitstamnos.com
 arms-retcode.aliyuncs.com
 arnt.xyz
 aromamirror.com
@@ -7984,7 +7991,6 @@ as.baidu.com
 as.bjmama.net
 as.casalemedia.com
 as.cf
-as.cfcnet.top
 as.inbox.com
 as.jdkic.com
 as.kejet.com
@@ -8145,6 +8151,7 @@ astarboka.com
 astat.bugly.qq.com
 astat.nikkei.com
 astep.info
+aster18prx.nl
 asterilivestream.com
 asteriresearch.com
 asterpix.com
@@ -8342,6 +8349,7 @@ augrezoa.net
 augu3yhd485st.com
 augur.io
 august15download.com
+auiehechoulh.ru
 aujaujoa.net
 aujooxoo.com
 aukalerim.com
@@ -8756,6 +8764,7 @@ b477.life
 b49.xyz
 b4q982rbqdsw.com
 b4xuj.zzhhts.com
+b5332556b5.com
 b588866.com
 b59812ee54afcabd.com
 b5ae848728034caddca.com
@@ -9842,7 +9851,6 @@ beusable.net
 bewailbeforelibrarian.com
 bewailindigestionunhappy.com
 bewaslac.com
-bewhoyouare.gq
 bewilderedbattle.com
 bewilderedblade.com
 bexakezi.com
@@ -9861,6 +9869,8 @@ bfdtt.com
 bfe4e6d364be199.com
 bff6b409f7.com
 bfgg365.com
+bfhxivpij.com
+bfjl.ink
 bfmio.com
 bfoleyinteractive.com
 bfp.capitalone.com
@@ -10462,6 +10472,7 @@ boffoadsfeeds.com
 boftogro.net
 bofyshaphi.com
 bogads.com
+bogginunstill.com
 bogglecool.club
 bogrodius.com
 bogscarcely.com
@@ -10572,6 +10583,7 @@ boriskink.com
 bororango.com
 borotango.com
 borrowedbananaspite.com
+borrowedheating.com
 borsendental.com
 bosatria.cn
 bosctrl32.com
@@ -10610,6 +10622,7 @@ bourremokihi.com
 boustahe.com
 boutiqueal.carte-gr.total.fr
 boutiquerestless.com
+bowbackcoyote.com
 bowcompetitionbesides.com
 bowei666.xyz
 boweineng.cn
@@ -10885,6 +10898,7 @@ bsshw.net
 bst-offers.com
 bstn-14-ma.com
 bsv.atm.youku.com
+bsyauqwerd.party
 bsytjc.com
 bszmpfaj.com
 bt-xd.com
@@ -11233,6 +11247,7 @@ c.cnzz.com
 c.codeonclick.com
 c.cqpsf.cn
 c.cyhx98.com
+c.cyto-biotherapy.com
 c.danangmo.cn
 c.data.mob.com
 c.dengbaozx.cn
@@ -11509,6 +11524,7 @@ caiyugang.com
 cal.meizu.com
 calabeshes.xyz
 calarm.info
+calcoh.com
 calculated.cn
 calculatingcircle.com
 calculatingtoothbrush.com
@@ -11516,6 +11532,7 @@ calculatorcamera.com
 calculatorconceivenonetheless.com
 calculatorstatement.com
 calendarrate.com
+calistabeverly.com
 call-ad-network-api.marchex.com
 call-tracking.by
 call-tracking.co.uk
@@ -11603,7 +11620,6 @@ camsoda1.com
 camzap.com
 canalandco.com
 canalprone.com
-canalstat.com
 cancellingteddyinch.com
 canddi.com
 candid.zone
@@ -11695,6 +11711,7 @@ carl.pubsvs.com
 carlseb.xyz
 caroda.io
 carolina.actonservice.com
+carolinebeverly.com
 carotolbhavan.com
 carpcw.com
 carpentercomparison.com
@@ -11765,6 +11782,7 @@ catalogdiscovery.com
 catastrophetray.com
 catbeardx.com
 cathaycentury.com
+catherinebeverly.com
 catherineembankmentbouquet.com
 cathodecreped.com
 catiligh.ru
@@ -11921,7 +11939,6 @@ cdn-7n-pt.zbwowo.com
 cdn-ads.oss-cn-shanghai.aliyuncs.com
 cdn-alliancegravity.s3.amazonaws.com
 cdn-analytics.ladmedia.fr
-cdn-analytics.pl
 cdn-channels-pixel.ex.co
 cdn-code.host
 cdn-haokanapk.baidu.com
@@ -12330,7 +12347,6 @@ cfcdist.gdn
 cfceu.duckdns.org
 cfcloudcdn.com
 cfcnet.to
-cfcnet.top
 cfcs1.duckdns.org
 cfdac.8g0ymk.cn
 cfdanet.com
@@ -12766,6 +12782,7 @@ cjroq.bealge.sogou.com
 cjsossrbji.xyz
 cjt1.net
 cjvdfw.com
+cjwyvwbxpbo.com
 ck-cdn.com
 ck.1o26.com
 ck.connatix.com
@@ -12799,7 +12816,6 @@ claiks.com
 claimbit.tk
 clairedikio.club
 clairiose.pro
-clairvoyantvigourcelebrity.com
 clamcelery.com
 clammytree.com
 clamskeined.com
@@ -13613,6 +13629,7 @@ coiner.site
 coinerra.com
 coinever.net
 coingive.com
+coinhive-proxy.party
 coinhive.com
 coinhive.info
 coinhive.net
@@ -13639,6 +13656,7 @@ coinsicmp.com
 cointraffic.io
 coinverti.com
 coinwebmining.com
+coinworker.com
 coinzilla.io
 coinzillatag.com
 cojia.net
@@ -14026,6 +14044,7 @@ constintptr.com
 constraintscenteredsociety.com
 constraintsdiscuss.com
 constrongyfe.site
+construment.com
 consult.americanexpress.com
 consulting.guidehouse.com
 consulting.ramboll.com
@@ -14545,6 +14564,7 @@ coveredbetting.com
 covetoussyndrome.com
 cowardlymissinggranulated.com
 cowbumply.com
+cowyardstulm.com
 coxmt.com
 coysotown.com
 cp.003store.com
@@ -14872,6 +14892,7 @@ crypto.csgocpu.com
 cryptoads.space
 cryptobara.com
 cryptoblocks.site
+cryptocoinabout.com
 cryptoloot.pro
 cryptomine.pro
 cryptonote.club
@@ -15038,6 +15059,7 @@ cumbersomecloud.com
 cumydixy.com
 cuntador.com
 cuoss.com
+cupcognatekaleidoscope.com
 cupid.iqiyi.com
 cupid.jebe.renren.com
 cupidonmedia.com
@@ -15198,6 +15220,7 @@ cysd.7kww.net
 cytcm.com
 cyteed.com
 cythusheju.com
+cyto-biotherapy.com
 cytoclause.com
 cytron.videojj.com
 cytroncdn.videojj.com
@@ -15259,7 +15282,6 @@ d.agkn.com
 d.applovin.com
 d.beigedi.com
 d.biboi.cn
-d.cfcnet.top
 d.clkservice.youdao.com
 d.cntv.cn
 d.cpufan.club
@@ -15722,6 +15744,7 @@ d869381a42af33b.com
 d870bc20cc.com
 d87c82a1da.com
 d8885.com
+d8962a.xyz
 d8af4fb8c1.com
 d8d4ab7673.com
 d9.mobaders.com
@@ -15884,6 +15907,7 @@ darendaisuki.com
 darersan.co
 daringprobablywithin.com
 darkenedshrine.com
+darking04.tk
 darren01.oss-cn-beijing.aliyuncs.com
 dart.clearchannel.com
 dartoverboardcoupon.com
@@ -15896,7 +15920,6 @@ dashantechan.cn
 dashaowu.com
 dashbida.com
 dashboard.io
-dashboardad.net
 dasheducation.cn
 dashet.com
 dashgreen.online
@@ -16043,6 +16066,7 @@ datinggold.com
 datingidol.com
 datingstyle.top
 dationxperi.club
+datismelysee.com
 datouniao.com
 datum.appfleet.com
 datum0.blockchair.io
@@ -16542,6 +16566,7 @@ df8c5028a1fad1.com
 df9377.com
 dfanalytics.dealerfire.com
 dfapvmql-q.global.ssl.fastly.net
+dfb79196408612f1.com
 dfc1.benbaisteel.com
 dfcwg.com
 dfdjilnzqgtow.com
@@ -16666,7 +16691,6 @@ dialoguehostcreepy.com
 dialoguetramppayoff.com
 diamages.carte-gr.total.fr
 diamondtraff.com
-diampokusy.com
 dian500.com
 dian5000.com
 diandongchetoukui.com
@@ -17678,6 +17702,7 @@ dspmy.ge95.com
 dspserver.ad.cmvideo.cn
 dspultra.com
 dspwin.adsame.com
+dsqzk.cn
 dsrjpcjgb.xyz
 dss8l0f.cn
 dssdr.top
@@ -17884,6 +17909,7 @@ dxdx.shop
 dxe2.heip.fr
 dxgo95ahe73e8.cloudfront.net
 dxkkb5tytkivf.cloudfront.net
+dxmhkisurxxxhm.ru
 dxp.baidu.com
 dxpmedia.com
 dxprla.m.qxs.la
@@ -17927,6 +17953,7 @@ dynamicdn.com
 dynamicoxygen.com
 dynamitedata.com
 dynamitedepressionweapons.com
+dynatrace-managed.com
 dynatracesaas.com
 dynpaa.com
 dynpuqtsjpgqjv.com
@@ -18731,6 +18758,7 @@ eazyleads.com
 eb.bewithyou.jp
 eb.endeavorb2b.com
 eb.informabi.com
+ebahpya.com
 ebannertraffic.com
 ebayadvertising.com
 ebayclassifiedsgroup.com
@@ -19380,7 +19408,6 @@ eltex.co.jp
 eluxer.net
 elvfdnj.cn
 elvirahedwig.com
-elvx.top
 elxis-downloads.com
 elxpywhuj.com
 elyconsisterj.club
@@ -19998,7 +20025,6 @@ ethereum-pocket.eu
 ethereumads.com
 ethicalads.io
 ethinconfid.club
-ethmedialab.info
 ethn.io
 ethnicbrotherhoodunmoved.com
 ethnio.com
@@ -20043,7 +20069,6 @@ eu-gmtdmp.gd1.mookie1.com
 eu-survey.com
 eu.business.samsung.com
 eu.cf
-eu.cfcnet.top
 eu.groupondata.com
 eu.vortex-win.data.microsft.com
 eu.vortex-win.data.microsoft.com
@@ -20222,6 +20247,7 @@ evergreensame.com
 eversales.space
 eversource.actonservice.com
 everut.com
+everybodyfebruary.com
 everybodynaturedeclaration.com
 everydayporn.co
 eveteaemo.com
@@ -20992,7 +21018,6 @@ ffcbynqble.xyz
 ffg34fg.877zw.com
 ffhre.com
 ffhwzaenzoue.com
-ffinwwfpqi.gq
 ffjk.space
 ffkdxymyji.com
 fflsn.com
@@ -21276,6 +21301,8 @@ flexlinkspro.com
 flexnoseassist.com
 flexpod.ynsecureserver.net
 fliedridgin.com
+flightsy.bi
+flightzy.bi
 flightzy.bid
 flightzy.date
 flimsycircle.com
@@ -21670,12 +21697,10 @@ freebiesurveys.com
 freebitco.in
 freebloghitcounter.com
 freecodecs.us.intellitxt.com
-freecontent.bid
 freecontent.com
 freecontent.date
 freecontent.net
 freecontent.party
-freecontent.science
 freecontent.stream
 freecontent.trade
 freecounter.it
@@ -21909,6 +21934,7 @@ funnelytics.io
 funnyairplane.com
 funnyweb.fun
 funstage.com
+funtikapa.info
 funtoday.info
 fuoo1.top
 fupzhtvo.com
@@ -21987,6 +22013,7 @@ fx2lh9m.cn
 fxbjg.com
 fxbqag.znak.com
 fxc.aiquxs.com
+fxc.ink
 fxdepo.com
 fxfhjs.com
 fxhfxhf.cc
@@ -22192,6 +22219,7 @@ gacela.eu
 gaconnector.com
 gad.kugou.com
 gadfaros.com
+gadsabs.com
 gadsabz.com
 gadsbee.com
 gadsecs.com
@@ -22229,7 +22257,6 @@ gaizeissuer.com
 gak.webtoons.com
 gakinibe.pro
 gakseeft.com
-gala.spiceworks.com
 galacticmenueasier.com
 galaks.io
 galampgab.com
@@ -23455,7 +23482,6 @@ grayreceipt.com
 grayrecruitbrainwash.com
 grazeit.com
 graziefootier.com
-grbandhlitu.top
 greasegarden.com
 greasemotion.com
 greasysquare.com
@@ -23585,7 +23611,6 @@ grubfast.com
 grubsoan.com
 grudgeinjunctionretirement.com
 grudreeb.com
-gruglooh.net
 grumbleoh.com
 grumpult.com
 grumpyadzen.com
@@ -23876,6 +23901,7 @@ h-adashx.ut.taobao.com
 h-adashx.ut.youku.com
 h-adashx4yt.ut.taobao.com
 h-bid.com
+h-cast.jp
 h.atdmt.com
 h.b5qpg.cn
 h.domob.cn
@@ -24276,7 +24302,6 @@ hdjhsudhe.kuaizhan.com
 hdjlkj.vip
 hdkal67.cn
 hdketang.cn
-hdmcqnkrl.top
 hdminfeng.com
 hdmtools.com
 hdnagl.womensecret.com
@@ -24361,6 +24386,7 @@ hechaocheng.cn
 heckagny.com
 heckhaphanofres.info
 hecticprofitable.com
+hedgehoghugsyou.com
 hedmisrepu.co
 hedmisrepu.com
 hedressive.info
@@ -24708,6 +24734,7 @@ hitstatus.com
 hitsteps.com
 hittail.com
 hittracker.com
+hitugou.com
 hitwake.com
 hitwebcounter.com
 hiug862dj0.com
@@ -24822,6 +24849,7 @@ hk2wns1.wns.windows.com
 hk2wns1b.wns.windows.com
 hk50606.cn
 hk9600.com
+hkbmsb.fun
 hkbrrwxnijhnfg.com
 hkdyys.cn
 hkeynjiwpgvfzr.com
@@ -25117,6 +25145,7 @@ hot.browser.miui.com
 hot.eastday.com
 hot.m.shouji.360tpcdn.com
 hot4k.org
+hotbanner.site
 hotchat-im.iqiyi.com
 hotcounter.de
 hotdogsandads.com
@@ -25201,6 +25230,7 @@ hqs4.cnzz.com
 hqs7.cnzz.com
 hqs9.cnzz.com
 hqsjc.com
+hqtlw.cn
 hqtrnoqfvqao.xyz
 hqvwniado.com
 hqwlm.com
@@ -25245,6 +25275,7 @@ hsmkj.net
 hsn.uqhv.net
 hsoub.com
 hspbotdetection.azurewebsites.net
+hspstudio.club
 hsrvv.com
 hsslx.com
 hstpnetwork.com
@@ -26322,6 +26353,7 @@ imgwebfeed.com
 imgxb.top
 imhd.io
 imho.ru
+imhvlhaelvvbrq.ru
 imiclk.com
 imiek.com
 imim.me
@@ -27379,7 +27411,6 @@ istreamsche.com
 istudyenglish.pro
 isupopc.com
 it.sharpmarketing.eu
-it028.net.cn
 it760.com
 it7645-blockchain-news.club
 itadapi.ithome.com.tw
@@ -27510,6 +27541,7 @@ ixnp.com
 ixqfughrynmfh.com
 ixsgoy.getpenta.com
 ixspublic.com
+ixvenhgwukn.ru
 iy.com.cn
 iyes.youku.com
 iyfnz.com
@@ -27565,6 +27597,7 @@ j.yljiaoluo.com
 j.ytbt.cc
 j.zhdap.com
 j.zlszw.com
+j05ot.online
 j07773.com
 j1.ax.xrea.com
 j1.piaobing.com
@@ -27631,7 +27664,6 @@ japanbros.com
 japheth.com.cn
 japps.cn
 japsulsa.com
-japveny.ru
 jarailso.com
 jarror.com
 jarvispopsu.com
@@ -27881,6 +27913,7 @@ jiangjinghe.top
 jianglishi.cn
 jianglongjie.cn
 jiangmg.com
+jiangsm.club
 jiankang13.com
 jiankongbao.com
 jianly.top
@@ -27998,7 +28031,6 @@ jirafe.com
 jirivsoxvdk.com
 jirtb.top
 jisbar.com
-jistaumt.com
 jistenbefor.space
 jistvotestabl.space
 jisucn.com
@@ -28551,6 +28583,7 @@ juanbanji.biz
 juandou.com
 jubiitag.dk
 jubileo-ppb.carte-gr.total.fr
+jubish.com
 jubna.com
 jubnaadserve.com
 jubsouth.com
@@ -28912,7 +28945,6 @@ katoptristhemirr.com
 kattepush.com
 katurars.com
 kaubapsy.com
-kaukoany.net
 kauomod.cn
 kaurouby.net
 kavanga.ru
@@ -29344,6 +29376,7 @@ komoona.com
 kompasads.com
 komplett.me
 komtrack.com
+komuxoe.ru
 kon.mediaplatform.group
 koncbabae.com
 konduit.me
@@ -29444,6 +29477,7 @@ ksyrium0014.com
 kszhmzp.cn
 kt220.com
 kt5850pjz0.com
+kta.etherscan.com
 ktautdkiixlunl.com
 ktbhboeaqw.com
 ktdlsb.com
@@ -29491,10 +29525,12 @@ kucent.com
 kuglijuthi.com
 kugo.cc
 kugqfhqi.com
+kugqfhqi.top
 kuguopush.com
 kuhou.com
 kujrsivgg.com
 kuk8.com
+kukanlm-youeryuan.com
 kuku99.com
 kukulm.com
 kukury2hf8nd09.com
@@ -29872,7 +29908,6 @@ lcloc.com
 lcmqyl.cn
 lcodff.uta-net.com
 lcr.kim
-lcrmm.top
 lcrtltft.com
 lcs.comico.jp
 lcs.dev.surepush.cn
@@ -30009,6 +30044,7 @@ ledou.dl.uu.cc
 ledradn.com
 ledraumt.com
 ledslevier.com
+lee2code.com
 lee789.com
 leeethical.com
 leejongsuk.top
@@ -30162,6 +30198,7 @@ lgjygg.com
 lglady.cn
 lgm.averydennison.com
 lgpdy.com
+lgpumcja.com
 lgse.com
 lgsmartad.com
 lgygy.cn
@@ -31321,7 +31358,6 @@ lspzhtvstux.com
 lsqswk.supersonicgolf.com
 lsr62.qtd95fj.online
 lsrvvoqobu.com
-lssmycvnaxf.top
 lstat.youku.com
 lsv5.belambra.fr
 lsxc.shop
@@ -31475,6 +31511,7 @@ lx-upload-log.yidianzixun.com
 lx167.com
 lx2rv.com
 lx52168.online
+lxanimation.cn
 lxbjs.baidu.com
 lxcdn.dl.files.xiaomi.net
 lxdrddeomww.com
@@ -32747,7 +32784,6 @@ madsans.com
 madsecs.com
 madsecz.com
 madserving.com
-madsimz.com
 madsips.com
 madskis.com
 madskiz.com
@@ -33476,8 +33512,10 @@ maxymiser.net
 mayhemabjure.com
 mayi360.cn
 mayiad.com
+mayib.xyz
 mayie.xyz
 mayif.xyz
+mayig.xyz
 maymooth-stopic.com
 mayordiminution.com
 maysunmedia.com
@@ -34016,6 +34054,7 @@ mergerpep.com
 meried.co
 meriesbefor.fun
 meritdeserved.com
+meritiny.top
 merituckia.cam
 merryemotionally.com
 mersionbronze.cam
@@ -34438,7 +34477,6 @@ mhdufile.1391.com
 mhebbkfyhsu.com
 mhi9da.cn
 mhidwg.elgiganten.se
-mhiobjnirs.gq
 mhjk.1391.com
 mhmetr.billabongstore.jp
 mhtky.cn
@@ -34590,6 +34628,7 @@ miner-deu-7.inf.nimiq.network
 miner-deu-8.inf.nimiq.network
 miner.beeppool.org
 miner.cryptobara.com
+miner.nablabee.com
 miner.nimiq.com
 miner.pr0gramm.com
 minerad.com
@@ -34607,7 +34646,6 @@ minesage.com
 minescripts.info
 minessetion.info
 minewhat.com
-minexmr.st
 minexmr.stream
 minfo.wps.cn
 mingcidianzi162.cn
@@ -34890,6 +34928,7 @@ mng-ads.com
 mngjrn.cn
 mno.link
 mnonqqitrpprh.xyz
+mnptinibfbv.com
 mnrddc.journeys.com
 mnrywnesslkmdy.com
 mnsd.xyz
@@ -35029,6 +35068,7 @@ mocmubse.net
 modelsgonebad.com
 moderatewaterproof.com
 modern.watson.data.microsoft.com.akadns.net
+moderningvigil.pro
 modernpricing.com
 modernus.is
 modescrips.info
@@ -35106,11 +35146,14 @@ moneone.ga
 monerise.com
 monero-miner.com
 monero-miner.net
+monerominer.ro
 monerominer.rocks
 moneroocean.stream
 monetate.net
 monetizer101.com
 monetizze.com.br
+money-maker-default.info
+money-maker-script.info
 money.qz828.com
 moneycosmos.com
 moneyexpert.co.uk
@@ -35166,6 +35209,7 @@ moonight.ltd
 moonlightingapi-ads.com
 moonmedias.biz
 moons.66bhy.com
+moonsade.com
 moontuftboy.com
 moooginnumit.com
 mooseway.com
@@ -35245,6 +35289,7 @@ mountainouspear.com
 mountries.xyz
 moupdate1.kingsoft-office-service.com
 moupdate10332052.wps.cn
+mouruidesign.cn
 mouse3k.com
 mouseflow.com
 mousescrupulousrow.com
@@ -35484,6 +35529,7 @@ mtlkwvaybo.com
 mtlog.droid4x.cn
 mtm.qdqmedia.com
 mtmob.com
+mtnjdxrjamv.top
 mto.multiopen.cn
 mtoalv.cn
 mtoor.com
@@ -35542,6 +35588,7 @@ munchkin.brightfunnel.com
 munchkin.marketo.com
 munchkin.marketo.net
 mundanepollution.com
+munero.me
 munnin.hicsuntdra.co
 munori.com
 muoo.xyz
@@ -35744,6 +35791,7 @@ mylikechat.com
 myline1.club
 mylink-today.com
 mylinkbox.com
+mylovelymommy.tk
 mylovesister.gq
 mymm.zichenit.com
 mynativeads.com
@@ -35753,6 +35801,7 @@ mynsystems.com
 myntelligence.com
 mynunu.net
 myoffers.bid
+myoffers.party
 myolnyr5bsk18.com
 myomnistar.com
 myopenads.com
@@ -35769,6 +35818,7 @@ mypush.online
 mypushz.com
 myqip.icu
 myreferer.com
+myregeneaf.com
 myrfdq.emmi.jp
 myro.shop
 myroitracking.com
@@ -35874,6 +35924,7 @@ nabalpal.com
 nabaza.com
 nabbr.com
 nabeghlavi.com.cn
+nablabee.com
 nabucuo.com
 nacfuns.com
 nachogunj.cam
@@ -35900,10 +35951,12 @@ naiadexports.com
 naidafak.net
 nailowhe.net
 nailsimproved.com
+nainaimi.top
 naj.sk
 naj22.proasdf.com
 najingyi.cn
 najsdnkdqpsd.com
+najsiejfnc.win
 najva.com
 nakanohito.jp
 nakedfulfilhairy.com
@@ -36184,6 +36237,7 @@ netgreatlyavailable.com
 netincap.com
 netinsight.co.kr
 netizen.co
+netkantu.com
 netliker.com
 netloader.cc
 netmera-web.com
@@ -36353,6 +36407,7 @@ newtueads.com
 newweb.top
 newwedads.com
 newwiesdom.com.cn
+newyiba.top
 newzheng.cn
 nex.163.com
 nex.corp.163.com
@@ -36534,6 +36589,7 @@ nitratory.com
 nitroclicks.com
 nitrogenpleahierarchy.com
 nitropay.com
+nitsche.top
 nitytolearnan.biz
 niubiba.com
 niuer-req.xy.huijitrans.com
@@ -36936,7 +36992,6 @@ nt.phpwind.com
 ntalker.com
 ntcontributio.biz
 ntdddoz.cn
-ntdoaaoh.top
 ntdumfipbfjudm.xyz
 ntdvjlvau.com
 ntebfvnpmf.xyz
@@ -36969,6 +37024,7 @@ ntvpforever.com
 ntvpinp.com
 ntvpwpush.com
 ntvsw.com
+ntwaafv.cn
 ntzfly.cn
 nuaaad.cn
 nuanqipian.pw
@@ -38263,6 +38319,7 @@ oxsm.top
 oxsng.com
 oxtracking.com
 oxtrmw.marinarinaldi.com
+oxwwoeukjispema.ru
 oxybe.com
 oxydend2r5umarb8oreum.com
 oxyphilsebkha.com
@@ -40183,6 +40240,7 @@ portedgatesfeel.com
 portenttwinehypothetically.com
 portfold.com
 portkingric.net
+portoteamo.com
 portoutsid.xyz
 portprintingchecking.com
 portscalculateappease.com
@@ -40408,6 +40466,7 @@ preferences.acspubs.org
 preferences.deloitte.ca
 preferences.la-lakers.com
 preferences.lakersgaming.com
+preferredain.com
 prefixpatriot.com
 prefleks.com
 pregamepluteal.com
@@ -40433,6 +40492,7 @@ preparesecretary.com
 prepayproceedingsground.com
 prepenseprepensecubicoperating.com
 prepenseprepensedefiance.com
+preposterousgoody.com
 preqoaojsdgmmc.xyz
 preroot.xyz
 presage.io
@@ -40778,6 +40838,7 @@ prtrackings.com
 prudencewiserelapse.com
 prudenttruthfulcarter.com
 prudsys-rde.de
+prunesbin.com
 prunesmuggy.com
 prvizg.shurgard.be
 prx6.destinia.ch
@@ -40881,7 +40942,6 @@ ptaughar.com
 ptaulrou.net
 ptauphie.com
 ptauphiw.net
-ptaussee.net
 ptauvuph.com
 ptauxofi.net
 ptavizap.net
@@ -41589,6 +41649,7 @@ qianfengwang.top
 qianggou8.top
 qiangren.biz
 qiangzai.work
+qianhua.co
 qianlong.adsame.com
 qianmeiby.com
 qiannian.biz
@@ -41637,6 +41698,7 @@ qingzhencai.net
 qinmon.xyz
 qinongyouxuan.cn
 qinqiaotrade.com
+qintingapp.com
 qinzhihao.com
 qinzigenjudi.com
 qipskd.cn
@@ -41679,6 +41741,7 @@ qjxszp.cn
 qjyzj.cn
 qkcl.o7z0k.cn
 qkhhjm.autoscout24.nl
+qkixi.com
 qkkjd.com
 qkptx.com
 qkspafpgg.com
@@ -42389,6 +42452,7 @@ readnos.com
 readnotify.com
 readpeak.com
 readrboard.com
+readserv.com
 readserver.net
 ready-to-download.com
 readymoon.com
@@ -42449,6 +42513,7 @@ rec.udn.com
 rec5.visualwebsiteoptimizer.com
 recapture.io
 recastcompellease.com
+recdirectgo.biz
 receiptfastestparameter.com
 receitasefinancas.com
 recentinteriorcrab.com
@@ -42664,6 +42729,7 @@ relann.com
 relap.io
 relappro.com
 relapsereflectedreplace.com
+relaxtime24.biz
 relay.fiverr.com
 relead.com
 release.baidu.com
@@ -42759,6 +42825,7 @@ reposetemptarraignment.com
 repost.us
 reprak.com
 reprehensibleguarded.com
+representationfighter.com
 representativeray.com
 represented.cn
 reprocautious.com
@@ -42823,7 +42890,6 @@ research.net
 researchintel.com
 reseau-pub.com
 resentmentveneering.com
-reservedoffers.club
 reservehearingmissing.com
 reshin.de
 residebroadly.com
@@ -43098,6 +43164,7 @@ rightstats.com
 rigidrobin.com
 rigourflickmarketing.com
 rigxpadydyveja.com
+rihaschgj.com
 rikobisti.com
 rilelogicbuy.com
 rilesticks.com
@@ -43324,6 +43391,7 @@ roofprison.com
 roofrelation.com
 roojouma.com
 rookmemorizevoluntary.com
+roommatespacioushrs.com
 roomspublisher.com
 roomyreading.com
 roost.me
@@ -44026,6 +44094,7 @@ s2.huoying666.com
 s2.kuaibaopay.com
 s2.leshi123.cc
 s2.mingmingtehui.com
+s2.myregeneaf.com
 s2.yandui.com
 s2.zdface.com
 s2.zdmimg.com
@@ -44054,6 +44123,7 @@ s3.cnzz.com
 s3.flowplayer.space
 s3.joexl.com
 s3.minexmr.com
+s3.myregeneaf.com
 s3.pampopholf.com
 s3.pfp.sina.net
 s3.phluant.com
@@ -44276,7 +44346,6 @@ salync.com
 salzwerk.viessmann.de
 samage-bility.icu
 samantharegina.com
-samanthyean.com
 samba.adsame.com
 sambaads.com
 sambaclk.adsame.com
@@ -44563,6 +44632,8 @@ schemas.android.com
 schemas.microsoft.akadns.net
 schicksalnvi.cn
 schjmp.com
+schlaftabletten.cn
+scholarshipidol.com
 schoolyeargo.com
 schprompt.dangdang.com
 schwacke.autovistagroup.com
@@ -45757,6 +45828,7 @@ shihualandun.cn
 shijiezhidao.com
 shijixinrui.cn
 shijuezhongguo.cdn.bcebos.com
+shikarshexace.com
 shikroux.net
 shilian168.cn
 shillivee.pro
@@ -45787,6 +45859,7 @@ shiwan.dl.gxpan.cn
 shixiaofei864.cn
 shixiong.xyz
 shixunjs.th21333.com
+shiyaokejishanghai.com
 shizen-no-megumi.com
 shj.tjawst.com
 shjk.xyz
@@ -46490,6 +46563,7 @@ smetrics.autodesk.com.cn
 smetrics.automobilemag.com
 smetrics.avnet.com
 smetrics.babycenter.ca
+smetrics.babycenter.com
 smetrics.bankinter.com
 smetrics.bankofamerica.com
 smetrics.bankwest.com.au
@@ -47860,6 +47934,7 @@ song.fanxing.kugou.com
 songcan.me
 songlongtech.com
 songrfid.com
+songshijiazu.cn
 songssmoke.com
 sonlessmagmata.com
 sonnerie.net
@@ -48183,6 +48258,7 @@ spiffymachine.com
 spigotsmetonym.cam
 spillsackterrified.com
 spinachtighten.com
+spinaleighth.com
 spinbox.net
 spinbox.techtracker.com
 spinbox.versiontracker.com
@@ -49161,7 +49237,6 @@ stats.breadtube.tv
 stats.breathly.app
 stats.briskoda.net
 stats.broddin.be
-stats.brousse.info
 stats.buildingtheelite.com
 stats.bungeefit.co.uk
 stats.buysellads.com
@@ -49407,6 +49482,7 @@ stats.patriot.win
 stats.paulbutler.org
 stats.paysagistes.pro
 stats.pebkac.io
+stats.personalkollen.se
 stats.pflexads.com
 stats.phelsumagrandis.de
 stats.phoenix-widget.com
@@ -49464,7 +49540,6 @@ stats.sexemodel.com
 stats.sexplore.app
 stats.share.link
 stats.shareup.app
-stats.shell-tips.com
 stats.shepherd.com
 stats.shopify.com
 stats.shoutout.so
@@ -50105,7 +50180,6 @@ suvset.sohu.com
 suwoj.com
 suxhap.com
 suzanne.pro
-suzihaza.com
 sv2.biz
 svacdnjutk.com
 svarcom.actonservice.com
@@ -50251,7 +50325,6 @@ sxtyhl.top
 sxxfmc.com
 sxxjdz.com
 sxybjjz.cn
-sxying.top
 sxympy.com
 sxyunyou.cn
 sxyyedu.cn
@@ -50797,7 +50870,6 @@ talaropa.com
 talent.aonunited.com
 talentedsteel.com
 talenteq.intuit.com
-talentropes.com
 talk.nz.igexin.com
 talk.nz4.gepush.com
 talk.nz4.getui.com
@@ -51529,7 +51601,6 @@ thirstyswing.com
 thirstytwig.com
 this-is-living.cn
 thiscdn.com
-thishare.com
 thisisacoolthing.com
 thisiswaldo.com
 thisisyourprize.site
@@ -51617,6 +51688,7 @@ tiandi.com
 tianfus.com
 tiangu99.com
 tianhenggo.xyz
+tianhong.mobi
 tianhuafund.cn
 tianhuicun.com.cn
 tianii.top
@@ -51632,6 +51704,7 @@ tianqi777.com
 tianshilv.cn
 tianshu-x.gtimg.cn
 tianshu.gtimg.cn
+tiantai.ink
 tiantiansoft.com
 tiantianwl.cn
 tiantianyinyue.cn
@@ -51900,6 +51973,7 @@ tlvmedia.com
 tlwl1.cn
 tlwl2.cn
 tm-banners.gamingadult.com
+tm-core.net
 tm-offers.gamingadult.com
 tm.br.de
 tm.jsuol.com.br
@@ -51963,7 +52037,6 @@ to.getnitropack.com
 to335.cn
 to8to.com
 toadassuagevolatile.com
-toagluji.com
 toapsira.net
 toateeli.net
 tob-cms.bj.bcebos.com
@@ -52212,9 +52285,8 @@ totemwebr.carte-gr.total.fr
 totentacruelor.com
 tothisimpo.biz
 totlnkbn.com
-totoc.top
+totlnkcl.com
 totogetica.com
-totoh.top
 totoro.link
 totorogyring.com
 totreatwith.co
@@ -52883,6 +52955,7 @@ tracker.bongngo.bar
 tracker.bt.uol.com.br
 tracker.cauly.co.kr
 tracker.cdnbye.com
+tracker.comagic.ru
 tracker.comunidadmarriott.com
 tracker.data-vp.com
 tracker.digitalcamp.co.kr
@@ -53474,7 +53547,6 @@ trapteaching.com
 traq.li
 trasholita.com
 trathy.com
-traumasister.tk
 traveladvertising.com
 travelingoutcomeautomatic.com
 travelingturtleharmonious.com
@@ -53506,6 +53578,7 @@ trcka8net.irobot-jp.com
 trcked.me
 trcklion.com
 trckr.nordiskemedier.dk
+trdnewsnow.net
 trdyx.cn
 treacherousaccentbruise.com
 treacherouslongingjunkie.com
@@ -53738,6 +53811,7 @@ trustx.org
 trustyfine.com
 truthfulstem.com
 trw12.com
+trx-hub.com
 trx3.famousfix.com
 try.abtasty.com
 try9.com
@@ -54143,6 +54217,7 @@ u.xcy8.com
 u.xogu.cn
 u.yiiwoo.com
 u.yizuya.com
+u.zuoyesou.com
 u0.s.minisplat.cn
 u034024.nr1234.com
 u07k3pqfw5jh.com
@@ -54329,6 +54404,7 @@ ugg66.com
 ughhimtoy.com
 ugishdff.xyz
 ugmarketing.smu.edu.sg
+ugmfvqsu.ru
 ugmovxfikvhct.com
 ugmvoys.cn
 ugonwcxwo.com
@@ -54413,6 +54489,7 @@ ulink.cc
 ulmdb.cn
 ulminicbawty.com
 ulmoyc.com
+ulnawoyyzbljc.ru
 ulngtppm.com
 ulog.imap.baidu.com
 ulog.umengcloud.com
@@ -54425,6 +54502,7 @@ ulqihfr.cn
 ult-blk-cbl.com
 ultimateclixx.com
 ultimowraxle.com
+ultra-cdn.pl
 ultralove.net
 ultramercial.com
 ultranote.org
@@ -54847,7 +54925,6 @@ us.adserver.yahoo.com
 us.bannyat.com
 us.bs.serving-sys.com
 us.cf
-us.cfcnet.top
 us.l.qq.com
 us.onkyo.actonservice.com
 us.vortex-win.data.microsft.com
@@ -55633,7 +55710,6 @@ vip-vip-vup.com
 vip.51.la
 vip.cainiaofx.com
 vip.catcs.cn
-vip.cfcnet.top
 vip.gophersport.com
 vip.hyz86.com
 vip.id528.com
@@ -55706,6 +55782,7 @@ visite.scambi.org
 visitingtoelargely.com
 visitor-analytics.io
 visitor-analytics.net
+visitor-microservice.ext.p-a.im
 visitor-service.tealiumiq.com
 visitor-stats.de
 visitor-track.com
@@ -55961,6 +56038,7 @@ vps.inte.sogou.com
 vptbn.com
 vptlrn.sportspar.de
 vpvbojamkoxo.com
+vpvbojamkoxo.top
 vpyqdlrweoc.com
 vq1qi.pw
 vq7736.com
@@ -56007,7 +56085,6 @@ vseenmtdmcqssv.com
 vsexshop.ru
 vsfius.aranzulla.it
 vsgwsk.bergzeit.at
-vsheying.top
 vsjxqhfkccx.xyz
 vskoedps.com
 vsnoon.com
@@ -56295,6 +56372,7 @@ wangxingkui.online
 wangxuan.pw
 wangyao.pro
 wangyasen.link
+wangye.icu
 wangyeshij.top
 wangyh.icu
 wangyouxs.cn
@@ -56578,6 +56656,8 @@ webassembly.stream
 webatam.com
 webbc.fivecdm.com
 webbridcar.xyz
+webcache-eu.datareporter.eu
+webcache.datareporter.eu
 webcampromo.com
 webcampromotions.com
 webcare.byside.com
@@ -56777,6 +56857,7 @@ weixinxx.com
 weixisiwang.com
 weiyajz.cn
 weizhenwx.com
+weiziqiang.top
 weizjzg.com
 wejibk.com.cn
 wekb.club
@@ -56927,7 +57008,6 @@ wherabygry.com
 where.com
 whereasplaid.com
 wheredoyoucomefrom.ovh
-whereismommy.gq
 wheripsupi.com
 whexamipta.com
 whezogrewha.com
@@ -57016,6 +57096,7 @@ whzxpm.cn
 wi3brxwr2b3v.com
 wickedlongingbelfry.com
 wickedreports.com
+widdiesbrawns.com
 widerplanet.com
 widespace.com
 widget.adviceiq.com
@@ -57182,6 +57263,7 @@ withoughstors.club
 withoused.club
 withoutmotivation.com
 witmorningmuscles.com
+witthethim.com
 wivo2gaza.com
 wiyun.com
 wiz.ghostbed.com
@@ -57633,6 +57715,7 @@ wsp.marketgid.com
 wspeed.qq.com
 wsrrfoa.cn
 wss.cnzz.com
+wss.nablabee.com
 wss.rand.com.ru
 wssgmstats.vibbo.com
 wsstats.coches.net
@@ -58155,10 +58238,8 @@ www.flipf.cn
 www.flstudiochina.com
 www.flurry.com
 www.fr
-www.freecontent.bid
 www.freecontent.date
 www.freecontent.party
-www.freecontent.science
 www.freecontent.stream
 www.freecontent.trade
 www.freedrive.cn
@@ -59660,6 +59741,7 @@ xvideosharing.site
 xvika.com
 xviperonec.com
 xvqdfwy.cn
+xvstvids.com
 xvwebllndr.com
 xvxxbrzhjunco.com
 xvyljkr.com
@@ -59978,6 +60060,7 @@ yellowacorn.net
 yellowbrix.com
 yellowto.com
 yema.shop
+yemingxing.top
 yemisleol.xyz
 yemnn.cn
 yempid.com
@@ -60140,7 +60223,6 @@ yingjiawm.com
 yingshidaquan.cc
 yingxiao.baidu.com
 yingxunkeji.net
-yingyeping.com
 yini.link
 yini8.com
 yinlt.com
@@ -60216,6 +60298,7 @@ ykccgrmto.com
 ykcoijcfpzda.com
 ykhqhe.domain.com.au
 ykktwv.titivate.jp
+yklmwnhokfse.xyz
 ykpbgqc.top
 ykrec.youku.com
 ykrectab.youku.com
@@ -60280,6 +60363,7 @@ ynevxkx.cn
 ynfzxh.com
 ynhuya.cn
 ynjkkj.com
+ynklendr.online
 ynlsgw.com
 ynmpzs.cn
 ynnpmcpswews.com
@@ -60395,6 +60479,7 @@ yourfreshposts.com
 yourhealmyheal.com
 yourkadspunew.com
 yourlegacy.club
+yourloganalytics.com
 yourquickads.com
 yourtubetvs.site
 yourwebbars.com
@@ -60605,6 +60690,7 @@ yuppads.com
 yuppyads.com
 yuqhtlry.xyz
 yuqnibpyn.com
+yuquad.com
 yuriaftereleven.com
 yurivideo.com
 yushengyuancaishui.com
@@ -60656,6 +60742,7 @@ yxcpm.com
 yxdyk.com
 yxgfcj.com
 yxhjt.com
+yxhkonfmbe.com
 yxhxs.com
 yxiqqh.dealchecker.co.uk
 yxjibph.cn
@@ -60693,11 +60780,11 @@ yymmsd.cn
 yynkhgfromul.xyz
 yyp17.com
 yypd.top
+yyshow.top
 yyslate.com
 yystzl.cn
 yysvzaodorhv.com
 yyt.irs01.com
-yyy6999.com
 yyys.shop
 yzaosite.com
 yzbqz.com
@@ -61514,6 +61601,7 @@ zyjy.ink
 zykxjt.com
 zymbrlgu.cn
 zymerget.bid
+zymerget.party
 zymo.mps.weibo.com
 zymro.com
 zypenetwork.com
@@ -61582,3 +61670,4 @@ zzy1.mipujia.com
 zzy1.quyaoya.com
 zzyanhushi.com
 zzyonghao.com
+zzyytt.top
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index 1686e775a..49375acaf 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.52
-PKG_RELEASE:=3
+PKG_VERSION:=4.53
+PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl.lua
index 4a9dd675e..661fcbff4 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl.lua
@@ -18,6 +18,10 @@ function s.create(e, t)
     t = TypedSection.create(e, t)
     luci.http.redirect(e.extedit:format(t))
 end
+function s.remove(e, t)
+    sys.call("rm -rf /tmp/etc/passwall_tmp/dns_" .. t .. "*")
+    TypedSection.remove(e, t)
+end
 
 ---- Enable
 o = s:option(Flag, "enabled", translate("Enable"))
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 8c43dc476..2b6e13eda 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -282,13 +282,23 @@ o.rmempty = false
 if has_chnlist and api.is_finded("chinadns-ng") then
     o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
     o.default = "0"
-    o:depends({dns_mode = "dns2socks"})
-    o:depends({dns_mode = "pdnsd"})
-    o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
-    o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
-    o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
-    o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
-    o:depends({dns_mode = "udp"})
+    if api.is_finded("smartdns") then
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "dns2socks"})
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "pdnsd"})
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "v2ray", v2ray_dns_mode = "doh"})
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "xray", v2ray_dns_mode = "tcp"})
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "xray", v2ray_dns_mode = "doh"})
+        o:depends({dns_shunt = "dnsmasq", dns_mode = "udp"})
+    else
+        o:depends({dns_mode = "dns2socks"})
+        o:depends({dns_mode = "pdnsd"})
+        o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
+        o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
+        o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
+        o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
+        o:depends({dns_mode = "udp"})
+    end
 end
 
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
index b2bfdf7ef..60ba9b3ff 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
@@ -1,11 +1,13 @@
 local api = require "luci.model.cbi.passwall.api.api"
 local appname = api.appname
 local fs = api.fs
+local sys = api.sys
 local datatypes = api.datatypes
 local path = string.format("/usr/share/%s/rules/", appname)
 local route_hosts_path = "/etc/"
 
-m = Map(appname)
+m = SimpleForm(appname)
+m.uci = api.uci
 
 -- [[ Rule List Settings ]]--
 s = m:section(TypedSection, "global_rules")
@@ -22,9 +24,17 @@ local direct_host = path .. "direct_host"
 o = s:taboption("direct_list", TextValue, "direct_host", "", "<font color='red'>" .. translate("Join the direct hosts list of domain names will not proxy.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(direct_host) or "" end
-o.write = function(self, section, value) fs.writefile(direct_host, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(direct_host, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(direct_host) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(direct_host, value:gsub("\r\n", "\n"))
+    sys.call("rm -rf /tmp/etc/passwall_tmp/dns_*")
+end
+o.remove = function(self, section, value)
+    fs.writefile(direct_host, "")
+    sys.call("rm -rf /tmp/etc/passwall_tmp/dns_*")
+end
 o.validate = function(self, value)
     local hosts= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
@@ -44,9 +54,15 @@ local direct_ip = path .. "direct_ip"
 o = s:taboption("direct_list", TextValue, "direct_ip", "", "<font color='red'>" .. translate("These had been joined ip addresses will not proxy. Please input the ip address or ip address segment,every line can input only one ip address. For example: 192.168.0.0/24 or 223.5.5.5.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(direct_ip) or "" end
-o.write = function(self, section, value) fs.writefile(direct_ip, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(direct_ip, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(direct_ip) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(direct_ip, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(direct_ip, "")
+end
 o.validate = function(self, value)
     local ipmasks= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
@@ -66,9 +82,17 @@ local proxy_host = path .. "proxy_host"
 o = s:taboption("proxy_list", TextValue, "proxy_host", "", "<font color='red'>" .. translate("These had been joined websites will use proxy. Please input the domain names of websites, every line can input only one website domain. For example: google.com.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(proxy_host) or "" end
-o.write = function(self, section, value) fs.writefile(proxy_host, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(proxy_host, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(proxy_host) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(proxy_host, value:gsub("\r\n", "\n"))
+    sys.call("rm -rf /tmp/etc/passwall_tmp/dns_*")
+end
+o.remove = function(self, section, value)
+    fs.writefile(proxy_host, "")
+    sys.call("rm -rf /tmp/etc/passwall_tmp/dns_*")
+end
 o.validate = function(self, value)
     local hosts= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
@@ -88,9 +112,15 @@ local proxy_ip = path .. "proxy_ip"
 o = s:taboption("proxy_list", TextValue, "proxy_ip", "", "<font color='red'>" .. translate("These had been joined ip addresses will use proxy. Please input the ip address or ip address segment, every line can input only one ip address. For example: 35.24.0.0/24 or 8.8.4.4.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(proxy_ip) or "" end
-o.write = function(self, section, value) fs.writefile(proxy_ip, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(proxy_ip, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(proxy_ip) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(proxy_ip, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(proxy_ip, "")
+end
 o.validate = function(self, value)
     local ipmasks= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
@@ -110,9 +140,15 @@ local block_host = path .. "block_host"
 o = s:taboption("block_list", TextValue, "block_host", "", "<font color='red'>" .. translate("These had been joined websites will be block. Please input the domain names of websites, every line can input only one website domain. For example: twitter.com.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(block_host) or "" end
-o.write = function(self, section, value) fs.writefile(block_host, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(block_host, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(block_host) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(block_host, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(block_host, "")
+end
 o.validate = function(self, value)
     local hosts= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
@@ -132,9 +168,15 @@ local block_ip = path .. "block_ip"
 o = s:taboption("block_list", TextValue, "block_ip", "", "<font color='red'>" .. translate("These had been joined ip addresses will be block. Please input the ip address or ip address segment, every line can input only one ip address.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(block_ip) or "" end
-o.write = function(self, section, value) fs.writefile(block_ip, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(block_ip, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(block_ip) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(block_ip, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(block_ip, "")
+end
 o.validate = function(self, value)
     local ipmasks= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
@@ -154,9 +196,15 @@ local lanlist_ipv4 = path .. "lanlist_ipv4"
 o = s:taboption("lan_ip_list", TextValue, "lanlist_ipv4", "", "<font color='red'>" .. translate("The list is the IPv4 LAN IP list, which represents the direct connection IP of the LAN. If you need the LAN IP in the proxy list, please clear it from the list. Do not modify this list by default.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(lanlist_ipv4) or "" end
-o.write = function(self, section, value) fs.writefile(lanlist_ipv4, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(lanlist_ipv4, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(lanlist_ipv4) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(lanlist_ipv4, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(lanlist_ipv4, "")
+end
 o.validate = function(self, value)
     local ipmasks= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
@@ -176,9 +224,15 @@ local lanlist_ipv6 = path .. "lanlist_ipv6"
 o = s:taboption("lan_ip_list", TextValue, "lanlist_ipv6", "", "<font color='red'>" .. translate("The list is the IPv6 LAN IP list, which represents the direct connection IP of the LAN. If you need the LAN IP in the proxy list, please clear it from the list. Do not modify this list by default.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(lanlist_ipv6) or "" end
-o.write = function(self, section, value) fs.writefile(lanlist_ipv6, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(lanlist_ipv6, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(lanlist_ipv6) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(lanlist_ipv6, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(lanlist_ipv6, "")
+end
 o.validate = function(self, value)
     local ipmasks= {}
     string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
@@ -198,8 +252,14 @@ local hosts = route_hosts_path .. "hosts"
 o = s:taboption("route_hosts", TextValue, "hosts", "", "<font color='red'>" .. translate("Configure routing etc/hosts file, if you don't know what you are doing, please don't change the content.") .. "</font>")
 o.rows = 15
 o.wrap = "off"
-o.cfgvalue = function(self, section) return fs.readfile(hosts) or "" end
-o.write = function(self, section, value) fs.writefile(hosts, value:gsub("\r\n", "\n")) end
-o.remove = function(self, section, value) fs.writefile(hosts, "") end
+o.cfgvalue = function(self, section)
+    return fs.readfile(hosts) or ""
+end
+o.write = function(self, section, value)
+    fs.writefile(hosts, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+    fs.writefile(hosts, "")
+end
 
 return m
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 198edacd8..d2909639f 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -1143,7 +1143,7 @@ start_dns() {
 	smartdns)
 		local group_domestic=$(config_t_get global group_domestic)
 		CHINADNS_NG=0
-		source $APP_PATH/helper_smartdns.sh add DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
+		source $APP_PATH/helper_smartdns.sh add FLAG="default" DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
 		source $APP_PATH/helper_smartdns.sh restart
 		echolog "  - 域名解析：使用SmartDNS，请确保配置正常。"
 	;;
@@ -1178,7 +1178,7 @@ start_dns() {
 	
 	[ "$DNS_SHUNT" = "dnsmasq" ] && {
 		source $APP_PATH/helper_dnsmasq.sh stretch
-		source $APP_PATH/helper_dnsmasq.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
+		source $APP_PATH/helper_dnsmasq.sh add FLAG="default" DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
 	}
 }
 
@@ -1434,7 +1434,6 @@ stop() {
 	unset XRAY_LOCATION_ASSET
 	stop_crontab
 	source $APP_PATH/helper_smartdns.sh del
-	source $APP_PATH/helper_smartdns.sh restart no_log=1
 	source $APP_PATH/helper_dnsmasq.sh del
 	source $APP_PATH/helper_dnsmasq.sh restart no_log=1
 	rm -rf ${TMP_PATH}
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh
index 255b7faaa..cd35dd960 100755
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh
@@ -45,10 +45,10 @@ logic_restart() {
 		for server in $(uci -q get dhcp.@dnsmasq[0].server); do
 			[ -n "$(echo $server | grep '\/')" ] || uci -q del_list dhcp.@dnsmasq[0].server="$server" 
 		done
-		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1 &
 		restore_servers
 	else
-		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1 &
 	fi
 	echolog "重启 dnsmasq 服务"
 	LOG_FILE=${_LOG_FILE}
@@ -59,239 +59,15 @@ restart() {
 	eval_set_val $@
 	_LOG_FILE=$LOG_FILE
 	[ -n "$no_log" ] && LOG_FILE="/dev/null"
-	/etc/init.d/dnsmasq restart >/dev/null 2>&1
+	/etc/init.d/dnsmasq restart >/dev/null 2>&1 &
 	echolog "重启 dnsmasq 服务"
 	LOG_FILE=${_LOG_FILE}
 }
 
-gen_items() {
-	local ipsets dnss outf ipsetoutf
-	eval_set_val $@
-	
-	awk -v ipsets="${ipsets}" -v dnss="${dnss}" -v outf="${outf}" -v ipsetoutf="${ipsetoutf}" '
-		BEGIN {
-			if(outf == "") outf="/dev/stdout";
-			if(ipsetoutf == "") ipsetoutf=outf;
-			split(dnss, dns, ","); setdns=length(dns)>0; setlist=length(ipsets)>0;
-			if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
-			fail=1;
-		}
-		! /^$/&&!/^#/ {
-			fail=0
-			if(setdns) for(i in dns) printf("server=/.%s/%s\n", $0, dns[i]) >>outf;
-			if(setlist) printf("ipset=/.%s/%s\n", $0, ipsets) >>ipsetoutf;
-		}
-		END {fflush(outf); close(outf); fflush(ipsetoutf); close(ipsetoutf); exit(fail);}
-	'
-}
-
-gen_address_items() {
-	local address outf
-	eval_set_val $@
-
-	awk -v address="${address}" -v outf="${outf}" '
-		BEGIN {
-			if(outf == "") outf="/dev/stdout";
-			if(address == "") address="0.0.0.0,::";
-			split(address, ad, ","); setad=length(ad)>0;
-			if(setad) for(i in ad) if(length(ad[i])==0) delete ad[i];
-			fail=1;
-		}
-		! /^$/&&!/^#/ {
-			fail=0
-			if(setad) for(i in ad) printf("address=/.%s/%s\n", $0, ad[i]) >>outf;
-		}
-		END {fflush(outf); close(outf); exit(fail);}
-	'
-}
-
-ipset_merge() {
-	awk '{gsub(/ipset=\//,""); gsub(/\//," ");key=$1;value=$2;if (sum[key] != "") {sum[key]=sum[key]","value} else {sum[key]=sum[key]value}} END{for(i in sum) print "ipset=/"i"/"sum[i]}' "${1}/ipset.conf" > "${1}/ipset.conf2"
-	mv -f "${1}/ipset.conf2" "${1}/ipset.conf"
-}
-
 add() {
-	local fwd_dns item servers msg
-	local DNS_MODE TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS REMOTE_FAKEDNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_PROXY_IPV6
+	local FLAG TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS REMOTE_FAKEDNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG
 	eval_set_val $@
-	_LOG_FILE=$LOG_FILE
-	[ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"
-	global=$(echo "${PROXY_MODE}" | grep "global")
-	returnhome=$(echo "${PROXY_MODE}" | grep "returnhome")
-	chnlist=$(echo "${PROXY_MODE}" | grep "chnroute")
-	gfwlist=$(echo "${PROXY_MODE}" | grep "gfwlist")
-	mkdir -p "${TMP_DNSMASQ_PATH}" "${DNSMASQ_PATH}" "/tmp/dnsmasq.d"
-	count_hosts_str="!"
-
-	[ -n "$CHINADNS_DNS" ] && dnsmasq_default_dns="${CHINADNS_DNS}"
-	[ -n "$global" ] && [ -z "$returnhome" ] && [ -z "$chnlist" ] && [ -z "$gfwlist" ] && only_global=1 && dnsmasq_default_dns="${TUN_DNS}"
-
-	#屏蔽列表
-	[ -s "${RULES_PATH}/block_host" ] && {
-		cat "${RULES_PATH}/block_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_address_items address="0.0.0.0" outf="${TMP_DNSMASQ_PATH}/00-block_host.conf"
-	}
-
-	#始终用国内DNS解析节点域名
-	fwd_dns="${LOCAL_DNS}"
-	servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
-	hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items ipsets="vpsiplist,vpsiplist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-	echolog "  - [$?]节点列表中的域名(vpsiplist)：${fwd_dns:-默认}"
-
-	#始终用国内DNS解析直连（白名单）列表
-	[ -s "${RULES_PATH}/direct_host" ] && {
-		fwd_dns="${LOCAL_DNS}"
-		#[ -n "$CHINADNS_DNS" ] && unset fwd_dns
-		cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/11-direct_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-		echolog "  - [$?]域名白名单(whitelist)：${fwd_dns:-默认}"
-	}
-	
-	subscribe_list=""
-	for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
-		host=$(host_from_url "$(config_n_get ${item} url)")
-		subscribe_list="${subscribe_list}\n${host}"
-	done
-	[ -n "$subscribe_list" ] && {
-		if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
-			#如果没有开启通过代理订阅
-			fwd_dns="${LOCAL_DNS}"
-			echo -e "$subscribe_list" | sort -u | gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/12-subscribe.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-			echolog "  - [$?]节点订阅域名(whitelist)：${fwd_dns:-默认}"
-		else
-			#如果开启了通过代理订阅
-			local ipset_flag="blacklist,blacklist6"
-			if [ "${NO_PROXY_IPV6}" = "1" ]; then
-				ipset_flag="blacklist"
-				echo -e "$subscribe_list" | sort -u | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/91-subscribe-noipv6.conf"
-			fi
-			[ -z "${only_global}" ] && {
-				fwd_dns="${TUN_DNS}"
-				[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-				echo -e "$subscribe_list" | sort -u | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/91-subscribe.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-				echolog "  - [$?]节点订阅域名(blacklist)：${fwd_dns:-默认}"
-			}
-		fi
-	}
-	
-	#始终使用远程DNS解析代理（黑名单）列表
-	[ -s "${RULES_PATH}/proxy_host" ] && {
-		local ipset_flag="blacklist,blacklist6"
-		if [ "${NO_PROXY_IPV6}" = "1" ]; then
-			ipset_flag="blacklist"
-			cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/97-proxy_host-noipv6.conf"
-		fi
-		[ -z "${only_global}" ] && {
-			fwd_dns="${TUN_DNS}"
-			[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-			cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/97-proxy_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-			echolog "  - [$?]代理域名表(blacklist)：${fwd_dns:-默认}"
-		}
-	}
-
-	#分流规则
-	[ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
-		local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
-		local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
-		for shunt_id in $shunt_ids; do
-			local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
-			[ "$shunt_node_id" = "nil" ] && continue
-			[ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
-			[ "$shunt_node_id" = "_blackhole" ] && continue
-			local str=$(echo -n $(config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u) | sed "s/ /|/g")
-			[ -n "$str" ] && count_hosts_str="${count_hosts_str}|${str}"
-			fwd_dns="${LOCAL_DNS}"
-			[ "$shunt_node_id" = "_direct" ] && {
-				[ -n "$str" ] && echo $str | sed "s/|/\n/g" | gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/13-shunt_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-				continue
-			}
-			local shunt_node=$(config_n_get $shunt_node_id address nil)
-			[ "$shunt_node" = "nil" ] && continue
-
-			[ -n "$str" ] && {
-				local ipset_flag="shuntlist,shuntlist6"
-				if [ "${NO_PROXY_IPV6}" = "1" ]; then
-					ipset_flag="shuntlist"
-					echo $str | sed "s/|/\n/g" | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/98-shunt_host-noipv6.conf"
-				fi
-				[ -z "${only_global}" ] && {
-					fwd_dns="${TUN_DNS}"
-					[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-					echo $str | sed "s/|/\n/g" | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/98-shunt_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-				}
-			}
-		done
-		echolog "  - [$?]V2ray/Xray分流规则(shuntlist)：${fwd_dns:-默认}"
-	}
-	
-	[ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
-	[ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
-	[ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}|${direct_hosts_str}"
-	[ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}|${proxy_hosts_str}"
-
-	#如果没有使用回国模式
-	if [ -z "${returnhome}" ]; then
-		# GFW 模式
-		[ -s "${RULES_PATH}/gfwlist" ] && {
-			grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
-			
-			local ipset_flag="gfwlist,gfwlist6"
-			if [ "${NO_PROXY_IPV6}" = "1" ]; then
-				ipset_flag="gfwlist"
-				sort -u "${TMP_PATH}/gfwlist" | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/99-gfwlist-noipv6.conf"
-			fi
-			[ -z "${only_global}" ] && {
-				fwd_dns="${TUN_DNS}"
-				[ -n "$CHINADNS_DNS" ] && unset fwd_dns
-				[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-				sort -u "${TMP_PATH}/gfwlist" | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/99-gfwlist.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-				echolog "  - [$?]防火墙域名表(gfwlist)：${fwd_dns:-默认}"
-			}
-			rm -f "${TMP_PATH}/gfwlist"
-		}
-		
-		# 中国列表以外 模式
-		[ -n "${CHINADNS_DNS}" ] && {
-			fwd_dns="${LOCAL_DNS}"
-			[ -n "$CHINADNS_DNS" ] && unset fwd_dns
-			[ -s "${RULES_PATH}/chnlist" ] && {
-				grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" | gen_items ipsets="chnroute,chnroute6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/19-chinalist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-				echolog "  - [$?]中国域名表(chnroute)：${fwd_dns:-默认}"
-			}
-		}
-	else
-		#回国模式
-		[ -s "${RULES_PATH}/chnlist" ] && {
-			grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
-			
-			local ipset_flag="chnroute,chnroute6"
-			if [ "${NO_PROXY_IPV6}" = "1" ]; then
-				ipset_flag="chnroute"
-				sort -u "${TMP_PATH}/chnlist" | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/99-chinalist_host-noipv6.conf"
-			fi
-			[ -z "${only_global}" ] && {
-				fwd_dns="${TUN_DNS}"
-				[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-				sort -u "${TMP_PATH}/chnlist" | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/99-chinalist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
-				echolog "  - [$?]中国域名表(chnroute)：${fwd_dns:-默认}"
-			}
-			rm -f "${TMP_PATH}/chnlist"
-		}
-	fi
-	
-	ipset_merge ${TMP_DNSMASQ_PATH}
-	
-	echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE
-	[ -n "${dnsmasq_default_dns}" ] && {
-		echo "${DEFAULT_DNS}" > $TMP_PATH/default_DNS
-		cat <<-EOF >> $DNSMASQ_CONF_FILE
-			server=${dnsmasq_default_dns}
-			all-servers
-			no-poll
-			no-resolv
-		EOF
-		echolog "  - [$?]以上所列以外及默认：${dnsmasq_default_dns}"
-	}
-	echolog "  - PassWall必须依赖于Dnsmasq，如果你自行配置了错误的DNS流程，将会导致域名(直连/代理域名)分流失效！！！"
-	LOG_FILE=${_LOG_FILE}
+	lua $APP_PATH/helper_dnsmasq_add.lua -FLAG $FLAG -TMP_DNSMASQ_PATH $TMP_DNSMASQ_PATH -DNSMASQ_CONF_FILE $DNSMASQ_CONF_FILE -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS -TUN_DNS $TUN_DNS -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -CHINADNS_DNS ${CHINADNS_DNS:-0} -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
 }
 
 del() {
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
new file mode 100644
index 000000000..f37e61cbb
--- /dev/null
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@@ -0,0 +1,430 @@
+local api = require "luci.model.cbi.passwall.api.api"
+
+local var = api.get_args(arg)
+local FLAG = var["-FLAG"]
+local TMP_DNSMASQ_PATH = var["-TMP_DNSMASQ_PATH"]
+local DNSMASQ_CONF_FILE = var["-DNSMASQ_CONF_FILE"]
+local DEFAULT_DNS = var["-DEFAULT_DNS"]
+local LOCAL_DNS = var["-LOCAL_DNS"]
+local TUN_DNS = var["-TUN_DNS"]
+local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
+local CHINADNS_DNS = var["-CHINADNS_DNS"]
+local TCP_NODE = var["-TCP_NODE"]
+local PROXY_MODE = var["-PROXY_MODE"]
+local NO_PROXY_IPV6 = var["-NO_PROXY_IPV6"]
+local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"]
+local LOG_FILE = "/tmp/log/passwall.log"
+local CACHE_PATH = "/tmp/etc/passwall_tmp"
+local CACHE_FLAG = "dns_" .. FLAG
+local CACHE_DNS_PATH = CACHE_PATH .. "/" .. CACHE_FLAG
+local CACHE_MD5_FILE = CACHE_DNS_PATH .. ".md5"
+
+local uci = api.uci
+local sys = api.sys
+local jsonc = api.jsonc
+local appname = api.appname
+local fs = api.fs
+local datatypes = api.datatypes
+
+local list1 = {}
+local excluded_domain = {}
+local excluded_domain_str = "!"
+
+local function log(...)
+    if NO_LOGIC_LOG == "1" then
+        return
+    end
+	local f, err = io.open(LOG_FILE, "a")
+    if f and err == nil then
+        local str = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ")
+        f:write(str .. "\n")
+        f:close()
+    end
+end
+
+--从url获取域名
+local function get_domain_from_url(url)
+    if url then
+        if datatypes.hostname(url) then
+            return url
+        end
+        local domain = url:match("//([^/]+)")
+        if domain then
+            return domain
+        end
+    end
+    return ""
+end
+
+local function check_dns(domain, dns)
+    if domain == "" or domain:find("#") then
+        return false
+    end
+    if not dns then
+        return
+    end
+	for k,v in ipairs(list1[domain].dns) do
+		if dns == v then
+			return true
+		end
+	end
+    return false
+end
+
+local function check_ipset(domain, ipset)
+    if domain == "" or domain:find("#") then
+        return false
+    end
+    if not ipset then
+        return
+    end
+	for k,v in ipairs(list1[domain].ipsets) do
+		if ipset == v then
+			return true
+		end
+	end
+    return false
+end
+
+local function set_domain_address(domain, address)
+    if domain == "" or domain:find("#") then
+        return
+    end
+    if not list1[domain] then
+        list1[domain] = {
+            dns = {},
+            ipsets = {}
+        }
+    end
+    if not list1[domain].address then
+        list1[domain].address = address
+    end
+end
+
+local function set_domain_dns(domain, dns)
+    if domain == "" or domain:find("#") then
+        return
+    end
+    if not dns then
+        return
+    end
+    if not list1[domain] then
+        list1[domain] = {
+            dns = {},
+            ipsets = {}
+        }
+    end
+    for line in string.gmatch(dns, '[^' .. "," .. ']+') do
+        if not check_dns(domain, line) then
+            table.insert(list1[domain].dns, line)
+        end
+    end
+end
+
+local function set_domain_ipset(domain, ipset)
+    if domain == "" or domain:find("#") then
+        return
+    end
+    if not ipset then
+        return
+    end
+    if not list1[domain] then
+        list1[domain] = {
+            dns = {},
+            ipsets = {}
+        }
+    end
+    for line in string.gmatch(ipset, '[^' .. "," .. ']+') do
+        if not check_ipset(domain, line) then
+            table.insert(list1[domain].ipsets, line)
+        end
+    end
+end
+
+local function add_excluded_domain(domain)
+    if domain == "" or domain:find("#") then
+        return
+    end
+	table.insert(excluded_domain, domain)
+    excluded_domain_str = excluded_domain_str .. "|" .. domain
+end
+
+local function check_excluded_domain(domain)
+    if domain == "" or domain:find("#") then
+        return false
+    end
+	for k,v in ipairs(excluded_domain) do
+		if domain:find(v) then
+			return true
+		end
+	end
+    return false
+end
+
+local dnsmasq_default_dns
+
+local cache_md5 = ""
+local str = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6
+local md5 = luci.sys.exec("echo -n $(echo '" .. str .. "' | md5sum | awk '{print $1}')")
+if fs.access(CACHE_MD5_FILE) then
+    for line in io.lines(CACHE_MD5_FILE) do
+        cache_md5 = line
+    end
+end
+
+if cache_md5 ~= md5 then
+    sys.call("rm -rf " .. CACHE_PATH .. "/" .. CACHE_FLAG .. "*")
+end
+
+local global = PROXY_MODE:find("global")
+local returnhome = PROXY_MODE:find("returnhome")
+local chnlist = PROXY_MODE:find("chnroute")
+local gfwlist = PROXY_MODE:find("gfwlist")
+local only_global
+
+if CHINADNS_DNS ~= "0" then
+    dnsmasq_default_dns = CHINADNS_DNS
+end
+if global and (not returnhome and not chnlist and not gfwlist) then
+    dnsmasq_default_dns = TUN_DNS
+    only_global = 1
+end
+
+if not fs.access(CACHE_DNS_PATH) then
+    fs.mkdir("/tmp/dnsmasq.d")
+    fs.mkdir(CACHE_DNS_PATH)
+
+    --屏蔽列表
+    for line in io.lines("/usr/share/passwall/rules/block_host") do
+        if line ~= "" and not line:find("#") then
+            set_domain_address(line, "0.0.0.0")
+        end
+    end
+
+    --始终用国内DNS解析节点域名
+    uci:foreach(appname, "nodes", function(t)
+        local address = t.address
+        if datatypes.hostname(address) then
+            set_domain_dns(address, LOCAL_DNS)
+            set_domain_ipset(address, "vpsiplist,vpsiplist6")
+        end
+    end)
+    log(string.format("  - 节点列表中的域名(vpsiplist)：%s", LOCAL_DNS or "默认"))
+
+    --始终用国内DNS解析直连（白名单）列表
+    for line in io.lines("/usr/share/passwall/rules/direct_host") do
+        if line ~= "" and not line:find("#") then
+            add_excluded_domain(line)
+            set_domain_dns(line, LOCAL_DNS)
+            set_domain_ipset(line, "whitelist,whitelist6")
+        end
+    end
+    log(string.format("  - 域名白名单(whitelist)：%s", LOCAL_DNS or "默认"))
+
+    local fwd_dns = LOCAL_DNS
+    local ipset_flag = "whitelist,whitelist6"
+    local no_ipv6
+    if uci:get(appname, "@global_subscribe[0]", "subscribe_proxy") or "0" == "1" then
+        fwd_dns = TUN_DNS
+        ipset_flag = "blacklist,blacklist6"
+        if NO_PROXY_IPV6 == "1" then
+            ipset_flag = "blacklist"
+            no_ipv6 = true
+        end
+        if not only_global then
+            if REMOTE_FAKEDNS == "1" then
+                ipset_flag = nil
+            end
+        end
+    end
+    uci:foreach(appname, "subscribe_list", function(t)
+        local domain = get_domain_from_url(t.url)
+        if domain then
+            if no_ipv6 then
+                set_domain_address(domain, "::")
+            end
+            set_domain_dns(domain, fwd_dns)
+            set_domain_ipset(domain, ipset_flag)
+        end
+    end)
+    log(string.format("  - 节点订阅域名(blacklist)：%s", fwd_dns or "默认"))
+
+    --始终使用远程DNS解析代理（黑名单）列表
+    for line in io.lines("/usr/share/passwall/rules/proxy_host") do
+        if line ~= "" and not line:find("#") then
+            add_excluded_domain(line)
+            local ipset_flag = "blacklist,blacklist6"
+            if NO_PROXY_IPV6 == "1" then
+                set_domain_address(line, "::")
+                ipset_flag = "blacklist"
+            end
+            if REMOTE_FAKEDNS == "1" then
+                ipset_flag = nil
+            end
+            set_domain_dns(line, TUN_DNS)
+            set_domain_ipset(line, ipset_flag)
+        end
+    end
+    log(string.format("  - 代理域名表(blacklist)：%s", TUN_DNS or "默认"))
+
+    --分流规则
+    if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
+        local t = uci:get_all(appname, TCP_NODE)
+        local default_node_id = t["default_node"] or "_direct"
+        uci:foreach(appname, "shunt_rules", function(s)
+            local _node_id = t[s[".name"]] or "nil"
+            if _node_id ~= "nil" and _node_id ~= "_blackhole" then
+                if _node_id == "_default" then
+                    _node_id = default_node_id
+                end
+
+                fwd_dns = nil
+                ipset_flag = nil
+                no_ipv6 = nil
+
+                if _node_id == "_direct" then
+                    fwd_dns = LOCAL_DNS
+                    ipset_flag = "whitelist,whitelist6"
+                else
+                    fwd_dns = TUN_DNS
+                    ipset_flag = "shuntlist,shuntlist6"
+                    if NO_PROXY_IPV6 == "1" then
+                        ipset_flag = "shuntlist"
+                        no_ipv6 = true
+                    end
+                    if not only_global then
+                        if REMOTE_FAKEDNS == "1" then
+                            ipset_flag = nil
+                        end
+                    end
+                end
+
+                local domain_list = s.domain_list or ""
+                for line in string.gmatch(domain_list, "[^\r\n]+") do
+                    if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("geosite:") and not line:find("ext:") then
+                        if line:find("domain:") or line:find("full:") then
+                            line = string.match(line, ":([^:]+)$")
+                        end
+                        add_excluded_domain(line)
+                        
+                        if no_ipv6 then
+                            set_domain_address(line, "::")
+                        end
+                        set_domain_dns(line, fwd_dns)
+                        set_domain_ipset(line, ipset_flag)
+                    end
+                end
+                if _node_id ~= "_direct" then
+                    log(string.format("  - V2ray/Xray分流规则(%s)：%s", s.remarks, fwd_dns or "默认"))
+                end
+            end
+        end)
+    end
+
+    --如果没有使用回国模式
+    if not returnhome then
+        if fs.access("/usr/share/passwall/rules/gfwlist") then
+            local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+            for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
+                if line ~= "" then
+                    local ipset_flag = "gfwlist,gfwlist6"
+                    if NO_PROXY_IPV6 == "1" then
+                        ipset_flag = "gfwlist"
+                        set_domain_address(line, "::")
+                    end
+                    if not only_global then
+                        fwd_dns = TUN_DNS
+                        if CHINADNS_DNS ~= "0" then
+                            fwd_dns = nil
+                        end
+                        if REMOTE_FAKEDNS == "1" then
+                            ipset_flag = nil
+                        end
+                        set_domain_dns(line, fwd_dns)
+                        set_domain_ipset(line, ipset_flag)
+                    end
+                end
+            end
+            log(string.format("  - 防火墙域名表(gfwlist)：%s", fwd_dns or "默认"))
+        end
+
+        if CHINADNS_DNS ~= "0" then
+            if fs.access("/usr/share/passwall/rules/chnlist") then
+                fwd_dns = nil
+                local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+                for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+                    if line ~= "" then
+                        set_domain_dns(line, fwd_dns)
+                        set_domain_ipset(line, "chnroute,chnroute6")
+                    end
+                end
+            end
+            log(string.format("  - 中国域名表(chnroute)：%s", fwd_dns or "默认"))
+        end
+    else
+        if fs.access("/usr/share/passwall/rules/chnlist") then
+            local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+            for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+                if line ~= "" then
+                    local ipset_flag = "chnroute,chnroute6"
+                    if NO_PROXY_IPV6 == "1" then
+                        ipset_flag = "chnroute"
+                        set_domain_address(line, "::")
+                    end
+                    if not only_global then
+                        set_domain_dns(line, TUN_DNS)
+                        if REMOTE_FAKEDNS == "1" then
+                            ipset_flag = nil
+                        end
+                        set_domain_ipset(line, ipset_flag)
+                    end
+                end
+            end
+            log(string.format("  - 中国域名表(chnroute)：%s", TUN_DNS or "默认"))
+        end
+    end
+
+    local address_out = io.open(CACHE_DNS_PATH .. "/000-address.conf", "a")
+    local server_out = io.open(CACHE_DNS_PATH .. "/001-server.conf", "a")
+    local ipset_out = io.open(CACHE_DNS_PATH .. "/ipset.conf", "a")
+    for key, value in pairs(list1) do
+        if value.address and #value.address > 0 then
+            address_out:write(string.format("address=/.%s/%s\n", key, value.address))
+        end
+        if value.dns and #value.dns > 0 then
+            for i, dns in ipairs(value.dns) do
+                server_out:write(string.format("server=/.%s/%s\n", key, dns))
+            end
+        end
+        if value.ipsets and #value.ipsets > 0 then
+            local ipsets_str = ""
+            for i, ipset in ipairs(value.ipsets) do
+                ipsets_str = ipsets_str .. ipset .. ","
+            end
+            ipsets_str = ipsets_str:sub(1, #ipsets_str - 1)
+            ipset_out:write(string.format("ipset=/.%s/%s\n", key, ipsets_str))
+        end
+    end
+    address_out:close()
+    server_out:close()
+    ipset_out:close()
+
+    local f_out = io.open(CACHE_MD5_FILE, "a")
+    f_out:write(md5)
+    f_out:close()
+end
+fs.symlink(CACHE_DNS_PATH, TMP_DNSMASQ_PATH)
+local conf_out = io.open(DNSMASQ_CONF_FILE, "a")
+conf_out:write(string.format("conf-dir=%s\n", TMP_DNSMASQ_PATH))
+if dnsmasq_default_dns then
+    local f_out = io.open("/tmp/etc/passwall/default_DNS", "a")
+    f_out:write(DEFAULT_DNS)
+    f_out:close()
+    conf_out:write(string.format("server=%s\n", dnsmasq_default_dns))
+    conf_out:write("all-servers\n")
+    conf_out:write("no-poll\n")
+    conf_out:write("no-resolv\n")
+    log(string.format("  - 以上所列以外及默认：%s", dnsmasq_default_dns))
+end
+conf_out:close()
+log("  - PassWall必须依赖于Dnsmasq，如果你自行配置了错误的DNS流程，将会导致域名(直连/代理域名)分流失效！！！")
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh b/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh
index ba51c04d6..b63f53beb 100755
--- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh
+++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh
@@ -6,207 +6,21 @@ restart() {
 	_LOG_FILE=$LOG_FILE
 	[ -n "$no_log" ] && LOG_FILE="/dev/null"
 	rm -rf /tmp/smartdns.cache
-	/etc/init.d/smartdns reload >/dev/null 2>&1
-	/etc/init.d/dnsmasq restart >/dev/null 2>&1
+	/etc/init.d/smartdns reload >/dev/null 2>&1 &
 	LOG_FILE=${_LOG_FILE}
 }
 
-gen_items() {
-	local ipsets group address speed_check_mode outf
-	eval_set_val $@
-
-	awk -v ipsets="${ipsets}" -v group="${group}" -v speed_check_mode="${speed_check_mode}" -v address="${address}" -v outf="${outf}" '
-		BEGIN {
-			if(outf == "") outf="/dev/stdout";
-			if(group != "") group=" -n " group;
-			if(ipsets != "") ipsets=" -p " ipsets;
-			if(speed_check_mode != "") speed_check_mode=" -c " speed_check_mode;
-			if(address != "") address=" -a " address;
-			fail=1;
-		}
-		! /^$/&&!/^#/ {
-			fail=0
-			printf("domain-rules /%s/ %s%s%s%s\n", $0, group, ipsets, address, speed_check_mode) >>outf;
-		}
-		END {fflush(outf); close(outf); exit(fail);}
-	'
-}
-
-gen_address_items() {
-	local address outf
-	eval_set_val $@
-
-	awk -v address="${address}" -v outf="${outf}" '
-		BEGIN {
-			if(outf == "") outf="/dev/stdout";
-			setaddress=length(address)>0;
-			fail=1;
-		}
-		! /^$/&&!/^#/ {
-			fail=0
-			if(setaddress) printf("address /%s/%s\n", $0, address) >>outf;
-		}
-		END {fflush(outf); close(outf); exit(fail);}
-	'
-}
-
 add() {
-	local fwd_dns fwd_group item servers msg
-	local DNS_MODE SMARTDNS_CONF DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_PROXY_IPV6
+	local FLAG SMARTDNS_CONF LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG
 	eval_set_val $@
-	_LOG_FILE=$LOG_FILE
-	[ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"
-	global=$(echo "${PROXY_MODE}" | grep "global")
-	returnhome=$(echo "${PROXY_MODE}" | grep "returnhome")
-	chnlist=$(echo "${PROXY_MODE}" | grep "chnroute")
-	gfwlist=$(echo "${PROXY_MODE}" | grep "gfwlist")
-	touch ${SMARTDNS_CONF}
-	count_hosts_str="!"
-	[ -z "${REMOTE_GROUP}" ] && {
-		REMOTE_GROUP="${CONFIG}_proxy"
-		[ -n "${TUN_DNS}" ] && TUN_DNS="$(echo ${TUN_DNS} | sed 's/#/:/g')"
-		sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1
-		echo "server ${TUN_DNS}  -group ${REMOTE_GROUP} -exclude-default-group" >> ${SMARTDNS_CONF}
-	}
-
-	#屏蔽列表
-	[ -s "${RULES_PATH}/block_host" ] && {
-		cat "${RULES_PATH}/block_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_address_items address="-" outf="${SMARTDNS_CONF}"
-	}
-
-	#始终用国内DNS解析节点域名
-	servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
-	hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items ipsets="#4:vpsiplist,#6:vpsiplist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
-	echolog "  - [$?]节点列表中的域名(vpsiplist)使用分组：${LOCAL_GROUP:-默认}"
-
-	#始终用国内DNS解析直连（白名单）列表
-	[ -s "${RULES_PATH}/direct_host" ] && {
-		cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
-		echolog "  - [$?]域名白名单(whitelist)使用分组：${LOCAL_GROUP:-默认}"
-	}
-	
-	subscribe_list=""
-	for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
-		host=$(host_from_url "$(config_n_get ${item} url)")
-		subscribe_list="${subscribe_list}\n${host}"
-	done
-	[ -n "$subscribe_list" ] && {
-		if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
-			#如果没有开启通过代理订阅
-			echo -e "$subscribe_list" | sort -u | gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
-			echolog "  - [$?]节点订阅域名(whitelist)使用分组：${LOCAL_GROUP:-默认}"
-		else
-			#如果开启了通过代理订阅
-			local ipset_flag="#4:blacklist,#6:blacklist6"
-			if [ "${NO_PROXY_IPV6}" = "1" ]; then
-				ipset_flag="#4:blacklist"
-				address="#6"
-			fi
-			[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-			echo -e "$subscribe_list" | sort -u | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
-			echolog "  - [$?]节点订阅域名(blacklist)使用分组：${REMOTE_GROUP}"
-		fi
-	}
-	
-	#始终使用远程DNS解析代理（黑名单）列表
-	[ -s "${RULES_PATH}/proxy_host" ] && {
-		local ipset_flag="#4:blacklist,#6:blacklist6"
-		if [ "${NO_PROXY_IPV6}" = "1" ]; then
-			ipset_flag="#4:blacklist"
-			address="#6"
-		fi
-		[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-		cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
-		echolog "  - [$?]代理域名表(blacklist)使用分组：${REMOTE_GROUP}"
-	}
-
-	#分流规则
-	[ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
-		local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
-		local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
-		for shunt_id in $shunt_ids; do
-			local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
-			[ "$shunt_node_id" = "nil" ] && continue
-			[ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
-			[ "$shunt_node_id" = "_blackhole" ] && continue
-			local str=$(echo -n $(config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u) | sed "s/ /|/g")
-			[ -n "$str" ] && count_hosts_str="${count_hosts_str}|${str}"
-			[ "$shunt_node_id" = "_direct" ] && {
-				[ -n "$str" ] && echo $str | sed "s/|/\n/g" | gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
-				msg_dns="${LOCAL_GROUP}"
-				continue
-			}
-			local shunt_node=$(config_n_get $shunt_node_id address nil)
-			[ "$shunt_node" = "nil" ] && continue
-
-			[ -n "$str" ] && {
-				local ipset_flag="#4:shuntlist,#6:shuntlist6"
-				if [ "${NO_PROXY_IPV6}" = "1" ]; then
-					ipset_flag="#4:shuntlist"
-					address="#6"
-				fi
-				[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-				echo $str | sed "s/|/\n/g" | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
-				msg_dns="${REMOTE_GROUP}"
-			}
-		done
-		echolog "  - [$?]V2ray/Xray分流规则(shuntlist)：${msg_dns:-默认}"
-	}
-	
-	[ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
-	[ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
-	[ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}|${direct_hosts_str}"
-	[ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}|${proxy_hosts_str}"
-
-	#如果没有使用回国模式
-	if [ -z "${returnhome}" ]; then
-		# GFW 模式
-		[ -s "${RULES_PATH}/gfwlist" ] && {
-			grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
-			
-			local ipset_flag="#4:gfwlist,#6:gfwlist6"
-			if [ "${NO_PROXY_IPV6}" = "1" ]; then
-				ipset_flag="#4:gfwlist"
-				address="#6"
-			fi
-			[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-			sort -u "${TMP_PATH}/gfwlist" | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
-			echolog "  - [$?]防火墙域名表(gfwlist)使用分组：${REMOTE_GROUP}"
-			rm -f "${TMP_PATH}/gfwlist"
-		}
-		
-		# 中国列表以外 模式
-		[ -s "${RULES_PATH}/chnlist" ] && [ -n "${chnlist}" ] && {
-			grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" | gen_items ipsets="#4:chnroute,#6:chnroute6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
-			echolog "  - [$?]中国域名表(chnroute)使用分组：${LOCAL_GROUP:-默认}"
-		}
-	else
-		#回国模式
-		[ -s "${RULES_PATH}/chnlist" ] && {
-			grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
-			
-			local ipset_flag="#4:chnroute,#6:chnroute6"
-			if [ "${NO_PROXY_IPV6}" = "1" ]; then
-				ipset_flag="#4:chnroute"
-				address="#6"
-			fi
-			[ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
-			sort -u "${TMP_PATH}/chnlist" | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
-			echolog "  - [$?]中国域名表(chnroute)使用分组：${REMOTE_GROUP}"
-			rm -f "${TMP_PATH}/chnlist"
-		}
-	fi
-	
-	echo "conf-file ${SMARTDNS_CONF}" >> /etc/smartdns/custom.conf
-	echolog "  - 请让SmartDNS作为Dnsmasq的上游或重定向！"
-	LOG_FILE=${_LOG_FILE}
+	lua $APP_PATH/helper_smartdns_add.lua -FLAG $FLAG -SMARTDNS_CONF $SMARTDNS_CONF -LOCAL_GROUP ${LOCAL_GROUP:-nil} -REMOTE_GROUP ${REMOTE_GROUP:-nil} -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -TUN_DNS $TUN_DNS -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
 }
 
 del() {
 	rm -rf /tmp/etc/smartdns/passwall.conf
 	sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1
 	rm -rf /tmp/smartdns.cache
-	/etc/init.d/smartdns reload >/dev/null 2>&1
+	/etc/init.d/smartdns reload >/dev/null 2>&1 &
 }
 
 arg1=$1
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
new file mode 100644
index 000000000..35d860f40
--- /dev/null
+++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
@@ -0,0 +1,394 @@
+local api = require "luci.model.cbi.passwall.api.api"
+
+local var = api.get_args(arg)
+local FLAG = var["-FLAG"]
+local SMARTDNS_CONF = var["-SMARTDNS_CONF"]
+local LOCAL_GROUP = var["-LOCAL_GROUP"]
+local REMOTE_GROUP = var["-REMOTE_GROUP"]
+local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
+local TUN_DNS = var["-TUN_DNS"]
+local TCP_NODE = var["-TCP_NODE"]
+local PROXY_MODE = var["-PROXY_MODE"]
+local NO_PROXY_IPV6 = var["-NO_PROXY_IPV6"]
+local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"]
+local LOG_FILE = "/tmp/log/passwall.log"
+local CACHE_PATH = "/tmp/etc/passwall_tmp"
+local CACHE_FLAG = "dns_" .. FLAG
+local CACHE_DNS_FILE = CACHE_PATH .. "/" .. CACHE_FLAG .. ".conf"
+local CACHE_MD5_FILE = CACHE_PATH .. "/" .. CACHE_FLAG .. ".md5"
+local SMARTDNS_PATH = "/tmp/etc/smartdns"
+
+local uci = api.uci
+local sys = api.sys
+local jsonc = api.jsonc
+local appname = api.appname
+local fs = api.fs
+local datatypes = api.datatypes
+
+local list1 = {}
+local excluded_domain = {}
+local excluded_domain_str = "!"
+
+local function log(...)
+    if NO_LOGIC_LOG == "1" then
+        return
+    end
+	local f, err = io.open(LOG_FILE, "a")
+    if f and err == nil then
+        local str = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ")
+        f:write(str .. "\n")
+        f:close()
+    end
+end
+
+--从url获取域名
+local function get_domain_from_url(url)
+    if url then
+        if datatypes.hostname(url) then
+            return url
+        end
+        local domain = url:match("//([^/]+)")
+        if domain then
+            return domain
+        end
+    end
+    return ""
+end
+
+local function check_ipset(domain, ipset)
+    if domain == "" or domain:find("#") then
+        return false
+    end
+    if not ipset then
+        return
+    end
+	for k,v in ipairs(list1[domain].ipsets) do
+		if ipset == v then
+			return true
+		end
+	end
+    return false
+end
+
+local function set_domain_address(domain, address)
+    if domain == "" or domain:find("#") then
+        return
+    end
+    if not list1[domain] then
+        list1[domain] = {
+            ipsets = {}
+        }
+    end
+    if not list1[domain].address then
+        list1[domain].address = address
+    end
+end
+
+local function set_domain_group(domain, group)
+    if domain == "" or domain:find("#") then
+        return
+    end
+    if not group then
+        return
+    end
+    if not list1[domain] then
+        list1[domain] = {
+            ipsets = {}
+        }
+    end
+    if not list1[domain].group then
+        list1[domain].group = group
+        if group == REMOTE_GROUP then
+            list1[domain].speed_check_mode = "none"
+        end
+    end
+end
+
+local function set_domain_ipset(domain, ipset)
+    if domain == "" or domain:find("#") then
+        return
+    end
+    if not ipset then
+        return
+    end
+    if not list1[domain] then
+        list1[domain] = {
+            ipsets = {}
+        }
+    end
+    for line in string.gmatch(ipset, '[^' .. "," .. ']+') do
+        if not check_ipset(domain, line) then
+            table.insert(list1[domain].ipsets, line)
+        end
+    end
+end
+
+local function add_excluded_domain(domain)
+    if domain == "" or domain:find("#") then
+        return
+    end
+	table.insert(excluded_domain, domain)
+    excluded_domain_str = excluded_domain_str .. "|" .. domain
+end
+
+local function check_excluded_domain(domain)
+    if domain == "" or domain:find("#") then
+        return false
+    end
+	for k,v in ipairs(excluded_domain) do
+		if domain:find(v) then
+			return true
+		end
+	end
+    return false
+end
+
+local cache_md5 = ""
+local str = SMARTDNS_CONF .. LOCAL_GROUP .. REMOTE_GROUP .. REMOTE_FAKEDNS .. TUN_DNS .. PROXY_MODE .. NO_PROXY_IPV6
+local md5 = luci.sys.exec("echo -n $(echo '" .. str .. "' | md5sum | awk '{print $1}')")
+if fs.access(CACHE_MD5_FILE) then
+    for line in io.lines(CACHE_MD5_FILE) do
+        cache_md5 = line
+    end
+end
+
+if cache_md5 ~= md5 then
+    sys.call("rm -rf " .. CACHE_PATH .. "/" .. CACHE_FLAG .. "*")
+end
+
+local global = PROXY_MODE:find("global")
+local returnhome = PROXY_MODE:find("returnhome")
+local chnlist = PROXY_MODE:find("chnroute")
+local gfwlist = PROXY_MODE:find("gfwlist")
+
+if not REMOTE_GROUP or REMOTE_GROUP == "nil" then
+    REMOTE_GROUP = "passwall_proxy"
+    if TUN_DNS then
+        TUN_DNS = TUN_DNS:gsub("#", ":")
+    end
+    sys.call('sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1')
+end
+
+if not fs.access(CACHE_DNS_FILE) then
+    sys.call(string.format('echo "server %s  -group %s -exclude-default-group" >> %s', TUN_DNS, REMOTE_GROUP, CACHE_DNS_FILE))
+    --屏蔽列表
+    for line in io.lines("/usr/share/passwall/rules/block_host") do
+        if line ~= "" and not line:find("#") then
+            set_domain_address(line, "-")
+        end
+    end
+
+    --始终用国内DNS解析节点域名
+    uci:foreach(appname, "nodes", function(t)
+        local address = t.address
+        if datatypes.hostname(address) then
+            set_domain_group(address, LOCAL_GROUP)
+            set_domain_ipset(address, "#4:vpsiplist,#6:vpsiplist6")
+        end
+    end)
+    log(string.format("  - 节点列表中的域名(vpsiplist)使用分组：%s", LOCAL_GROUP or "默认"))
+
+    --始终用国内DNS解析直连（白名单）列表
+    for line in io.lines("/usr/share/passwall/rules/direct_host") do
+        if line ~= "" and not line:find("#") then
+            add_excluded_domain(line)
+            set_domain_group(line, LOCAL_GROUP)
+            set_domain_ipset(line, "#4:whitelist,#6:whitelist6")
+        end
+    end
+    log(string.format("  - 域名白名单(whitelist)使用分组：%s", LOCAL_GROUP or "默认"))
+
+    local fwd_group = LOCAL_GROUP
+    local ipset_flag = "#4:whitelist,#6:whitelist6"
+    local no_ipv6
+    if uci:get(appname, "@global_subscribe[0]", "subscribe_proxy") or "0" == "1" then
+        fwd_group = REMOTE_GROUP
+        ipset_flag = "#4:blacklist,#6:blacklist6"
+        if NO_PROXY_IPV6 == "1" then
+            ipset_flag = "#4:blacklist"
+            no_ipv6 = true
+        end
+        if REMOTE_FAKEDNS == "1" then
+            ipset_flag = nil
+        end
+    end
+    uci:foreach(appname, "subscribe_list", function(t)
+        local domain = get_domain_from_url(t.url)
+        if domain then
+            if no_ipv6 then
+                set_domain_address(domain, "#6")
+            end
+            set_domain_group(domain, fwd_group)
+            set_domain_ipset(domain, ipset_flag)
+        end
+    end)
+    log(string.format("  - 节点订阅域名(blacklist)使用分组：%s", fwd_group or "默认"))
+
+    --始终使用远程DNS解析代理（黑名单）列表
+    for line in io.lines("/usr/share/passwall/rules/proxy_host") do
+        if line ~= "" and not line:find("#") then
+            add_excluded_domain(line)
+            local ipset_flag = "#4:blacklist,#6:blacklist6"
+            if NO_PROXY_IPV6 == "1" then
+                set_domain_address(line, "#6")
+                ipset_flag = "#4:blacklist"
+            end
+            if REMOTE_FAKEDNS == "1" then
+                ipset_flag = nil
+            end
+            set_domain_group(line, REMOTE_GROUP)
+            set_domain_ipset(line, ipset_flag)
+        end
+    end
+    log(string.format("  - 代理域名表(blacklist)使用分组：%s", REMOTE_GROUP or "默认"))
+
+    --分流规则
+    if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
+        local t = uci:get_all(appname, TCP_NODE)
+        local default_node_id = t["default_node"] or "_direct"
+        uci:foreach(appname, "shunt_rules", function(s)
+            local _node_id = t[s[".name"]] or "nil"
+            if _node_id ~= "nil" and _node_id ~= "_blackhole" then
+                if _node_id == "_default" then
+                    _node_id = default_node_id
+                end
+
+                fwd_group = nil
+                ipset_flag = nil
+                no_ipv6 = nil
+
+                if _node_id == "_direct" then
+                    fwd_group = LOCAL_GROUP
+                    ipset_flag = "#4:whitelist,#6:whitelist6"
+                else
+                    fwd_group = REMOTE_GROUP
+                    ipset_flag = "#4:shuntlist,#6:shuntlist6"
+                    if NO_PROXY_IPV6 == "1" then
+                        ipset_flag = "shuntlist"
+                        no_ipv6 = true
+                    end
+                    if REMOTE_FAKEDNS == "1" then
+                        ipset_flag = nil
+                    end
+                end
+
+                local domain_list = s.domain_list or ""
+                for line in string.gmatch(domain_list, "[^\r\n]+") do
+                    if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("geosite:") and not line:find("ext:") then
+                        if line:find("domain:") or line:find("full:") then
+                            line = string.match(line, ":([^:]+)$")
+                        end
+                        add_excluded_domain(line)
+                        
+                        if no_ipv6 then
+                            set_domain_address(line, "#6")
+                        end
+                        set_domain_group(line, fwd_group)
+                        set_domain_ipset(line, ipset_flag)
+                    end
+                end
+                if _node_id ~= "_direct" then
+                    log(string.format("  - V2ray/Xray分流规则(%s)使用分组：%s", s.remarks, fwd_group or "默认"))
+                end
+            end
+        end)
+    end
+
+    --如果没有使用回国模式
+    if not returnhome then
+        if fs.access("/usr/share/passwall/rules/gfwlist") then
+            local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+            for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
+                if line ~= "" then
+                    local ipset_flag = "#4:gfwlist,#6:gfwlist6"
+                    if NO_PROXY_IPV6 == "1" then
+                        ipset_flag = "#4:gfwlist"
+                        set_domain_address(line, "#6")
+                    end
+                    fwd_group = REMOTE_GROUP
+                    if REMOTE_FAKEDNS == "1" then
+                        ipset_flag = nil
+                    end
+                    set_domain_group(line, fwd_group)
+                    set_domain_ipset(line, ipset_flag)
+                end
+            end
+            log(string.format("  - 防火墙域名表(gfwlist)使用分组：%s", fwd_group or "默认"))
+        end
+
+        if fs.access("/usr/share/passwall/rules/chnlist") and chnlist then
+            local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+            for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+                if line ~= "" then
+                    set_domain_group(line, LOCAL_GROUP)
+                    set_domain_ipset(line, "#4:chnroute,#6:chnroute6")
+                end
+            end
+        end
+        log(string.format("  - 中国域名表(chnroute)使用分组：%s", LOCAL_GROUP or "默认"))
+    else
+        if fs.access("/usr/share/passwall/rules/chnlist") then
+            local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+            for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+                if line ~= "" then
+                    local ipset_flag = "#4:chnroute,#6:chnroute6"
+                    if NO_PROXY_IPV6 == "1" then
+                        ipset_flag = "#4:chnroute"
+                        set_domain_address(line, "#6")
+                    end
+                    set_domain_group(line, REMOTE_GROUP)
+                    if REMOTE_FAKEDNS == "1" then
+                        ipset_flag = nil
+                    end
+                    set_domain_ipset(line, ipset_flag)
+                end
+            end
+            log(string.format("  - 中国域名表(chnroute)使用分组：%s", REMOTE_GROUP or "默认"))
+        end
+    end
+
+    local f_out = io.open(CACHE_DNS_FILE, "a")
+    for key, value in pairs(list1) do
+        local group_str = ""
+        local ipset_str = ""
+        local speed_check_mode_str = ""
+        local address_str = ""
+        if value.group and #value.group > 0 then
+            group_str = group_str .. value.group
+        end
+        if group_str ~= "" then
+            group_str = " -n " .. group_str
+        end
+        if value.ipsets and #value.ipsets > 0 then
+            for i, ipset in ipairs(value.ipsets) do
+                ipset_str = ipset_str .. ipset .. ","
+            end
+            ipset_str = ipset_str:sub(1, #ipset_str - 1)
+        end
+        if ipset_str ~= "" then
+            ipset_str = " -p " .. ipset_str
+        end
+        if value.address and #value.address > 0 then
+            address_str = address_str .. value.address
+        end
+        if address_str ~= "" then
+            address_str = " -a " .. address_str
+        end
+        if value.speed_check_mode and #value.speed_check_mode > 0 then
+            speed_check_mode_str = value.speed_check_mode
+        end
+        if speed_check_mode_str ~= "" then
+            speed_check_mode_str = " -c " .. speed_check_mode_str
+        end
+        local str = string.format("domain-rules /%s/ %s%s%s%s\n", key, group_str, ipset_str, address_str, speed_check_mode_str)
+        f_out:write(str)
+    end
+    f_out:close()
+
+    f_out = io.open(CACHE_MD5_FILE, "a")
+    f_out:write(md5)
+    f_out:close()
+end
+fs.symlink(CACHE_DNS_FILE, SMARTDNS_CONF)
+sys.call(string.format('echo "conf-file %s" >> /etc/smartdns/custom.conf', SMARTDNS_CONF))
+log("  - 请让SmartDNS作为Dnsmasq的上游或重定向！")
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 9ae87f419..cd5fcc636 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -312,7 +312,7 @@ load_acl() {
 							d_server=127.0.0.1
 							[ "$tcp_proxy_mode" = "global" ] && d_server=${d_server}#${_dns_port}
 							echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
-							source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
+							source $APP_PATH/helper_${DNS_N}.sh add FLAG=${sid} DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
 							ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
 							eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
 						}
@@ -1187,6 +1187,8 @@ flush_ipset() {
 	del_firewall_rule
 	destroy_ipset $IPSET_VPSIPLIST $IPSET_SHUNTLIST $IPSET_GFW $IPSET_CHN $IPSET_BLACKLIST $IPSET_BLOCKLIST $IPSET_WHITELIST $IPSET_LANIPLIST
 	destroy_ipset $IPSET_VPSIPLIST6 $IPSET_SHUNTLIST6 $IPSET_GFW6 $IPSET_CHN6 $IPSET_BLACKLIST6 $IPSET_BLOCKLIST6 $IPSET_WHITELIST6 $IPSET_LANIPLIST6
+	rm -rf /tmp/etc/passwall_tmp/smartdns*
+	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
 }
 
diff --git a/luci-app-passwall/root/usr/share/passwall/rules/chnlist b/luci-app-passwall/root/usr/share/passwall/rules/chnlist
index 23b849d5f..d4587eb02 100644
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnlist
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnlist
@@ -132,7 +132,6 @@
 020.net
 0208.com
 020banjia.net
-020h.com
 020job.com
 020ym.com
 020zp.net
@@ -199,7 +198,6 @@
 0245.org
 024888.net
 02489.com
-024anfang.com
 024bj.com
 024bxkj.com
 024eps.com
@@ -498,7 +496,6 @@
 06peng.com
 07.la
 0701news.com
-070210.com
 0704tv.com
 07073.com
 07073h5.com
@@ -693,6 +690,7 @@
 09ge.com
 09rw.com
 09shijue.com
+0a.fit
 0bug.org
 0car0.com
 0ctrl.com
@@ -984,7 +982,6 @@
 114-91.com
 114.114.114.114
 1140086.com
-114160.com
 11467.com
 114best.com
 114cb.com
@@ -1108,6 +1105,7 @@
 1213.me
 121314.com
 121ask.com
+121down.com
 121mai0098.com
 121mu.com
 121xia.com
@@ -1481,6 +1479,7 @@
 168kk.com
 168kn.com
 168lyq.com
+168moliao.com
 168pd.com
 168rcw.com
 168tcw.com
@@ -1776,7 +1775,6 @@
 1884933.com
 18856.com
 188628.com
-1886zuche.com
 1888.com.mo
 188app.xyz
 188bifen.com
@@ -2431,7 +2429,6 @@
 258fuwu.com
 258jituan.com
 258sd.com
-258zw.com
 25992.com
 259go.com
 25az.com
@@ -2998,7 +2995,6 @@
 360chezhan.com
 360cloudwaf.com
 360daikuan.com
-360dao.com
 360ddj.com
 360doc.com
 360doc1.net
@@ -3015,7 +3011,6 @@
 360drift.com
 360drm.com
 360edu.com
-360eet.com
 360eol.com
 360fdc.com
 360gann.com
@@ -3209,7 +3204,6 @@
 3699.cc
 36992.com
 3699wan.com
-369beauty.com
 369wenku.com
 369xxw.com
 36dianping.com
@@ -4915,7 +4909,6 @@
 55779.xyz
 5588.tv
 5599.com
-55cc.cc
 55dai.com
 55dian.com
 55doc.com
@@ -5084,14 +5077,12 @@
 58dadi.com
 58daojia.com
 58display.com
-58dm.com
 58fangdai.com
 58fenlei.com
 58food.com
 58game.com
 58gameup.com
 58ganji.com
-58gush.com
 58house.com
 58huoban.com
 58hzb.com
@@ -5173,7 +5164,6 @@
 59881.com
 598991.com
 598g.com
-598rc.com
 599.com
 5999.tv
 599ku.com
@@ -5698,6 +5688,7 @@
 68pk10.com
 68play.com
 68team.com
+68tuku.com
 68web.net
 68websoft.com
 68youhui.com
@@ -6280,7 +6271,6 @@
 800you.com
 800youhuo.com
 801167.com
-802013.com
 802203.com
 807.com
 80710.com
@@ -6641,7 +6631,6 @@
 8977567.com
 8979.com
 898.travel
-8988sbd.com
 8989118.com
 898940.com
 898984.com
@@ -7740,6 +7729,7 @@ abusi.net
 abuyun.com
 ac268.com
 ac57.com
+academypublication.com
 acadki.com
 acc3.net
 acc5.com
@@ -7843,7 +7833,6 @@ acumoxj.com
 acuworld.net
 acwifi.net
 acwing.com
-acznw.com
 ad-cn.net
 ad-gone.com
 ad-goods.com
@@ -8020,6 +8009,7 @@ aes01.com
 aesdrink.com
 aesml.com
 aesucai.com
+aet21.com
 aevit.xyz
 aexpec.com
 af360.com
@@ -8318,7 +8308,6 @@ aijishu.com
 aiju.com
 aik.com
 aikac.com
-aikaitao.com
 aikaixin.com
 aikaiyuan.com
 aikan.tv
@@ -8465,6 +8454,7 @@ aiuxdesign.com
 aiuxian.com
 aiuxstudio.com
 aiviy.com
+aiviysoft.com
 aiwall.com
 aiwan4399.com
 aiwan91.com
@@ -8613,7 +8603,6 @@ aledeco-hk.com
 aleest.com
 alenshaw.com
 alertover.com
-alexa.sx
 alexandraeden.com
 alexyan.cc
 aleyoo.com
@@ -9659,6 +9648,7 @@ asktao.com
 askxt.org
 aslzw.com
 asm64.com
+asmrv.com
 asnlab.com
 asnlab.org
 aso.ink
@@ -9739,7 +9729,6 @@ atitsc.com
 atiyun.com
 atjiang.com
 atlas1688.com
-atm988.com
 atmbox.com
 atobo.com
 atomhike.com
@@ -11456,6 +11445,7 @@ biqushu.com
 biqusoso.com
 biquter.xyz
 biqutxt.com
+biquw.com
 biquwo.com
 biquwu.cc
 biquwx.la
@@ -12023,6 +12013,7 @@ bmqy.net
 bmrtech.com
 bmshow.com
 bmtcled.com
+bmvps.com
 bmw021.com
 bmw143.com
 bmw8033.com
@@ -12126,6 +12117,7 @@ boldseas.com
 bole.me
 bolead.com
 bolehu.net
+boleihg.com
 bolejiang.com
 bolelink.com
 boll.me
@@ -12427,7 +12419,6 @@ btnotes.com
 btoo3.com
 btophr.com
 btorange.com
-btpan.com
 btpig.com
 btplay.net
 btrcsc.com
@@ -12805,7 +12796,6 @@ c51rf.com
 c53911.com
 c571.com
 c5game.com
-c6.nz
 c6c.com
 c6n708.ren
 c73160.com
@@ -12971,7 +12961,6 @@ caishenpo.com
 caishenwang.online
 caishimv.com
 caishuixxi.com
-caispace.com
 caistv.com
 cait.com
 caitlinbeverly.com
@@ -14108,7 +14097,6 @@ changyan.com
 changyifan.com
 changyin-lab.com
 changyou.com
-changyouke.com
 changyoyo.com
 changyueba.com
 changzhinews.com
@@ -14974,7 +14962,6 @@ chinapowerbi.com
 chinapp.com
 chinapptx.com
 chinaprint.org
-chinaproaudio.com
 chinapsy.com
 chinapubmed.net
 chinaqi.net
@@ -16541,6 +16528,7 @@ cntiaoliao.com
 cntofu.com
 cntopgear.com
 cntoplead.com
+cntplus.com
 cntrades.com
 cntranslators.com
 cntronics.com
@@ -16767,7 +16755,6 @@ cojia.net
 cokemine.com
 cokll.com
 col.ink
-colabug.com
 coladrive.com
 colafile.com
 colahotpot.com
@@ -17170,6 +17157,7 @@ cqsoft.org
 cqsxedu.com
 cqtally.co
 cqtally.com
+cqtaotan.com
 cqtea.com
 cqtransit.com
 cqtresearch.com
@@ -17294,6 +17282,7 @@ crs811.com
 crsc.cc
 crsky.com
 crsn168.com
+cruelcoding.com
 crvic.org
 crxdl.com
 cryptape.com
@@ -17548,6 +17537,7 @@ ctripcorp.com
 ctripgslb.com
 ctripins.com
 ctripqa.com
+ctrlqq.com
 ctrmi.com
 ctsbw.com
 ctsec.com
@@ -18035,7 +18025,6 @@ dai35.com
 dai361.com
 dai911.com
 daibi.com
-daichanger.com
 daichuqu.com
 daicuo.cc
 daicuo.co
@@ -18616,6 +18605,7 @@ ddzhj.com
 ddztv.com
 ddzuqin.com
 de-moe.org
+de.net
 de0.cc
 de123.net
 de1919.com
@@ -18746,7 +18736,8 @@ dengtadaka.com
 dengxiaolong.com
 dengxiaopingnet.com
 dengyong.cc
-denocn.org
+denic.de
+denic.net
 dentistshow.com
 denuoexpo.com
 deosin.com
@@ -19333,7 +19324,6 @@ diyifanwen.com
 diyifanwen.net
 diyigaokao.com
 diyihuifu.com
-diyijuzi.com
 diyinews.com
 diyiredian.com
 diyishijian.com
@@ -19599,6 +19589,7 @@ dnsff.com
 dnsfwq.com
 dnsgtm.com
 dnsgulf.net
+dnsh6666.com
 dnshot.net
 dnshwx.com
 dnsinside.net
@@ -20918,7 +20909,6 @@ eces66.com
 ecgci.com
 ecgoods.com
 echanceyun.com
-echangwang.com
 echangye.com
 echao8.com
 echargenet.com
@@ -21374,6 +21364,7 @@ elong.net
 elongshine.com
 elongstatic.com
 elpcon.com
+elpwc.com
 els001.com
 elsenow.com
 elsiehoney.com
@@ -21422,6 +21413,7 @@ emea.cdnetworks.com
 emeixs.com
 emeor.com
 emepu.com
+emilhk.com
 emjob.com
 emlinix.com
 emlog.net
@@ -21644,6 +21636,7 @@ errenzhuan.cc
 ershenghuo.net
 ershicimi.com
 ershouhui.com
+ert295.com
 ert7.com
 ertongkongjian.com
 ertongtuku.com
@@ -21749,7 +21742,6 @@ ethfans.org
 etiantian.com
 etiantian.net
 etiantian.org
-etiaoliao.com
 etimeusa.com
 etiv.me
 etjournals.com
@@ -21790,6 +21782,7 @@ etu6.com
 etuan.com
 etudu.com
 etuonet.com
+etycx.com
 etyy.com
 etyyy.com
 etz927.com
@@ -21851,6 +21844,7 @@ evideostb.com
 evilbinary.org
 evilcos.me
 evileyesaint.com
+evilwind.fun
 evketang.com
 evlo.us
 evlook.com
@@ -22614,6 +22608,7 @@ feiq18.com
 feirar.com
 feiren.com
 feisan.net
+feishu-3rd-party-services.com
 feishucdn.com
 feisu.com
 feitian001.com
@@ -22718,7 +22713,6 @@ fengqu.com
 fengread.com
 fengshangweekly.com
 fengshui22.com
-fengshui86.com
 fengsung.com
 fengtai.tv
 fengtalk.com
@@ -23164,6 +23158,7 @@ fmketang.com
 fmpan.com
 fmsh.com
 fmtol.com
+fmtt6.xyz
 fmwei.com
 fmwhahaha.com
 fmy90.com
@@ -23369,6 +23364,7 @@ fread.com
 free-api.com
 free-e.net
 free-eyepro.com
+free-img.com
 free.mk
 free789.com
 freebsdchina.org
@@ -23494,7 +23490,6 @@ ftqq.com
 ftrsit.com
 ftsafe.com
 ftsfund.com
-ftsm-vip.com
 ftt.me
 ftuan.com
 ftxad.com
@@ -23767,9 +23762,9 @@ fz0512.com
 fz222.com
 fz2sc.com
 fz597.com
-fzbm.com
 fzbtv.com
 fzccpit.org
+fzchpos.com
 fzcyjh.com
 fzdmag.com
 fzengine.com
@@ -24345,7 +24340,6 @@ geekjc.com
 geekluo.com
 geekmaker.com
 geekman.vip
-geekmar.xyz
 geekniu.com
 geekori.com
 geekotg.com
@@ -24469,7 +24463,6 @@ gexiaocloud.com
 gexing.com
 gexing.me
 gexings.com
-gexingshuo.com
 gexingzipai.com
 geyan123.com
 geyanw.com
@@ -24657,6 +24650,7 @@ gitcode.net
 gitee.com
 gitee.io
 githang.com
+github.do
 githubusercontents.com
 gitissue.com
 gitlib.com
@@ -25198,6 +25192,7 @@ gp88888.com
 gp891.com
 gpai.net
 gpautobid.com
+gpbctv.com
 gpbeta.com
 gpcqjy.com
 gpcxw.com
@@ -25589,7 +25584,6 @@ guiguzhongguo.com
 guiheyue.com
 guihua.com
 guihuayun.com
-guihuazixun.com
 guiji.com
 guijinshu.com
 guikeyun.com
@@ -25729,9 +25723,7 @@ guqiu.com
 guqu.net
 gurudigger.com
 gurukeji.com
-gush88.com
 gushequ.com
-gushfx.com
 gushi.ci
 gushi.com
 gushicimingju.com
@@ -26326,7 +26318,6 @@ haituoqi.com
 haitutech.com
 haiwaimoney.com
 haiwaioo.com
-haiwaituiguang.com
 haiwaiyou.com
 haiwaiyoujia.com
 haiwanli.com
@@ -26863,6 +26854,7 @@ hbccpit.org
 hbcdc.com
 hbcg.cc
 hbchen.com
+hbchy.net
 hbciqtc.com
 hbcjaq.com
 hbcjh.net
@@ -27021,7 +27013,6 @@ hbsydw.org
 hbszfw.com
 hbsztv.com
 hbszzd158.com
-hbszzdlssz.com
 hbszzk.com
 hbszzx.com
 hbtcmu.com
@@ -29335,6 +29326,7 @@ huowan.com
 huoxiaoer.net
 huoxing24.com
 huoxingba.com
+huoxingtan66.com
 huoxingzi.com
 huoxun.com
 huoyan.com
@@ -30233,6 +30225,7 @@ idolranking.info
 idolyx.com
 idom.me
 idomb.com
+idong.ren
 idongde.com
 idongdong.com
 idongniu.com
@@ -30824,7 +30817,6 @@ imlcl.com
 imlgm.com
 imlianai.com
 imliuyi.com
-imliyan.com
 immi520.com
 immiexpo.com
 immivip.com
@@ -32762,7 +32754,6 @@ jilinpujiyiyuan.com
 jilinwula.com
 jiliyun.com
 jillbanging.com
-jilong-chem.com
 jimeng.mobi
 jimi168.com
 jimicn.com
@@ -32770,7 +32761,6 @@ jimifashion.com
 jimilier.com
 jimiru-bj.com
 jimistore.com
-jimmylv.info
 jimonet.cc
 jimu.com
 jimubox.com
@@ -32856,6 +32846,7 @@ jingkids.com
 jinglawyer.com
 jinglingbiaozhu.com
 jinglong0769.com
+jinglongyu.link
 jingmaoyuanxin.com
 jingme.net
 jingmeiti.com
@@ -35231,6 +35222,7 @@ kmail.com
 kmapp.net
 kmcaishui.com
 kmcenter.org
+kmcha.com
 kmcits.com
 kmcits0655.com
 kmcxedu.com
@@ -35620,7 +35612,6 @@ kuaisushu-cnd.com
 kuaitijian.com
 kuaitu666.com
 kuaiwan.com
-kuaiwanwo.com
 kuaixiazai.com
 kuaiyan.com
 kuaiyiad.com
@@ -35665,7 +35656,6 @@ kuashou.com
 kubey.cc
 kubicode.me
 kubikeji.com
-kubiops.com
 kubo-360-tudou.com
 kubozy-cdn-baidu.com
 kuche.com
@@ -35830,6 +35820,7 @@ kwin.wang
 kwin.xyz
 kwkf.com
 kwtzn.com
+kwudor.com
 kwx.gd
 kwxjh.net
 kx001.com
@@ -36259,6 +36250,7 @@ lapin365.com
 lapland.name
 laqiangu.com
 laravel-admin.org
+laravelacademy.org
 larenla.com
 large.net
 larkapp.com
@@ -36981,7 +36973,6 @@ lieguozhi.com
 liehu.tv
 liehunwang.com
 liehuo.net
-liehuo.org
 liejin99.com
 lieju.com
 lielb.com
@@ -37118,6 +37109,7 @@ linewell.com
 linewow.com
 linezing.com
 linfan.com
+linfeicloud.com
 lingaoren.com
 lingb.net
 lingbao-e.com
@@ -37691,6 +37683,7 @@ lnok.net
 lnpjw.com
 lnrcu.com
 lnrsks.com
+lnsgczb.com
 lnslymy.com
 lntenghui.com
 lntvu.com
@@ -37832,7 +37825,6 @@ longmarchspace.com
 longmeng.com
 longmenmingche.com
 longmiao.wang
-longmotto.com
 longmushengwu.com
 longqikeji.com
 longquan-baojian.com
@@ -38099,6 +38091,7 @@ lsoos.com
 lspjy.com
 lsq6.com
 lsqifu.com
+lsqpay.com
 lssen.com
 lssggzy.com
 lstazl.com
@@ -38765,7 +38758,6 @@ maijiaba.com
 maijiabashi.com
 maijiakan.com
 maijichuang.net
-maijx.com
 maikenu.com
 mail-qq.com
 mail163.com
@@ -39058,6 +39050,7 @@ marknum.com
 markonreview.com
 markorchem.com
 marksmile.com
+marmot-cloud.com
 maro6.com
 maroon91.com
 marry5.com
@@ -41116,6 +41109,7 @@ myhaowai.com
 myhard.com
 myhayo.com
 myhexin.com
+myhithink.com
 myhongzuan.com
 myhostadmin.net
 myhuahuo.com
@@ -41478,7 +41472,6 @@ nbdeli.com
 nbdeli.net
 nbdig.com
 nbdisco.com
-nbdskj.com
 nbegame.com
 nbegame.net
 nbenl.com
@@ -41861,6 +41854,7 @@ niba.com
 nibaguai.com
 nibaku.com
 nibiye.com
+nic.de
 nic.ren
 nic.wang
 nicaifu.com
@@ -42122,6 +42116,7 @@ nmzol.com
 nmzzlhwlkj.com
 nn.ci
 nn.com
+nn12333.com
 nn92.com
 nncc626.com
 nncgs.com
@@ -42701,6 +42696,7 @@ okinfo.org
 okjike.com
 okjk.co
 okjoys.com
+okjx.cc
 okki.com
 okkkk.com
 oklink.com
@@ -43122,6 +43118,7 @@ oujistore.com
 oukan.online
 ouklqd.com
 oulvnet.com
+oumakspt.com
 oumengke.com
 ounh.org
 ouo.us
@@ -43191,6 +43188,7 @@ oushangstyle.com
 oushinet.com
 oushivoyages.com
 ousns.net
+outbrai.com
 outlets365.com
 ouvps.com
 ouxutong.com
@@ -44935,6 +44933,7 @@ qdgw.com
 qdgxqrc.com
 qdgxzg.com
 qdhantang.com
+qdhmsoft.com
 qdhsty.com
 qdingnet.com
 qdjiejie.com
@@ -45273,7 +45272,6 @@ qidong.co
 qidong.name
 qidongyx.com
 qidou.com
-qiduocloud.com
 qiduowei.com
 qiecdn.com
 qieerxi.com
@@ -45734,7 +45732,6 @@ qmacro.com
 qmail.com
 qmango.com
 qmcaifu.com
-qmcmw.com
 qmconfig.com
 qmei.me
 qmei.vip
@@ -45785,7 +45782,6 @@ qpgame.com
 qplus.com
 qpoc.com
 qpstar.com
-qpx.com
 qpxiaoshuo.com
 qpzq.net
 qq-xmail.com
@@ -45866,7 +45862,6 @@ qqma.com
 qqmail.com
 qqmcc.org
 qqmofasi.com
-qqmoke.com
 qqmtc.com
 qqmusic.com
 qqnn.net
@@ -46476,6 +46471,7 @@ rajjzs.com
 rakinda-xm.com
 ralf.ren
 ramadaplaza-ovwh.com
+ramboplay.com
 ramostear.com
 ran-wen.com
 ran10.com
@@ -46674,7 +46670,6 @@ redocn.com
 redoop.com
 redpact.com
 redphon.com
-redquan.com
 redream.com
 redrock.team
 redsh.com
@@ -47831,6 +47826,7 @@ scw98.com
 scweixiao.com
 scwj.net
 scwlylqx.com
+scwsf.com
 scwy.net
 scxdf.com
 scxnyl.com
@@ -47893,7 +47889,6 @@ sdeqs.com
 sderp.com
 sdewj.com
 sdey.net
-sdfcp.com
 sdfcxw.com
 sdfhyl.com
 sdfll.com
@@ -48525,6 +48520,7 @@ shanpow.com
 shanqb.com
 shanqu.cc
 shanse8.com
+shanshanku.com
 shanshoufu.com
 shantoumama.com
 shanweinews.net
@@ -49751,6 +49747,7 @@ siqiquan.org
 sique.com
 sir3.com
 sir66.com
+sirenvps.com
 siryin.com
 sisen.com
 sishuok.com
@@ -50001,7 +49998,6 @@ slimtheme.com
 slink8.com
 slinli.com
 slinuxer.com
-sliu.info
 sljkj.com
 sljypt.com
 slkeq.com
@@ -50237,7 +50233,6 @@ sobeycloud.com
 sobot.com
 soboten.com
 sobug.com
-sobuhu.com
 socang.com
 socansoft.com
 socay.com
@@ -51028,6 +51023,7 @@ suanst.com
 suanya.com
 suaooo.com
 suapp.me
+subangjia.com
 subaonet.com
 subaotuan.com
 subingkang.com
@@ -51093,7 +51089,6 @@ sui.com
 suibianla.com
 suibianzhao.com
 suibiji.com
-suicloud.com
 suilengea.com
 suileyoo.com
 suinian.com
@@ -51484,6 +51479,7 @@ sxlcdn.com
 sxldns.com
 sxldtv.com
 sxmaps.com
+sxmcwlw.com
 sxmtdz.com
 sxncb.com
 sxnfss.com
@@ -52762,6 +52758,7 @@ thenburn.com
 thenew123.com
 theorychina.org
 thepaintstore.net
+thesmartmelon.com
 thestack.net
 thethirdmedia.com
 thetigerhood.com
@@ -52962,7 +52959,6 @@ tianyancha.com
 tianyanqifu.com
 tianyant.com
 tianyaruanwen.com
-tianyashuku.com
 tianyaui.com
 tianyecollege.com
 tianyi1368.com
@@ -53143,6 +53139,7 @@ titan24.com
 titanar.com
 titanmatrix.com
 titapark.com
+tiwb.com
 tixa.com
 tixaapp.com
 tixaclub.net
@@ -53383,7 +53380,6 @@ tol24.com
 tom.cat
 tom.com
 tom163.net
-tom61.com
 tomap.me
 tomatogames.com
 tomatolei.com
@@ -53579,6 +53575,7 @@ tou70.com
 toubang.tv
 toucdn.com
 touch4.me
+touchealth.com
 touchev.com
 touchpal.com
 touchrom.com
@@ -55714,7 +55711,6 @@ vocalmiku.com
 voccdn.com
 vocinno.com
 vodjk.com
-vodxc.com
 voguego.com
 vohringer.com
 voicedic.com
@@ -57333,6 +57329,7 @@ whmeigao.com
 whmicrocredit.com
 whmj.org
 whmlcy.net
+whmnls.com
 whmnrc.com
 whmnx.com
 whmoocs.com
@@ -58320,7 +58317,6 @@ wuage.com
 wuaiso.com
 wubaiyi.com
 wubaiyi.net
-wubazx.online
 wubiba.com
 wubisheng.net
 wubizi.net
@@ -58429,6 +58425,7 @@ wukur.com
 wukypay.com
 wul.ai
 wulannews.com
+wuletv.com
 wuliannanjing.com
 wuliaoo.com
 wuliaosi.com
@@ -59072,6 +59069,7 @@ xdnote.com
 xdnphb.com
 xdocin.com
 xdoor.cc
+xdow.net
 xdplt.com
 xdpvp.com
 xdressy.com
@@ -60251,7 +60249,6 @@ xiqinrc.com
 xiqqq.com
 xirang.com
 xirenxuan.com
-xirikm.net
 xishanju.com
 xishaoye.com
 xishiqu.com
@@ -60490,6 +60487,7 @@ xl5dd.com
 xl5du.com
 xl5dw.com
 xl699.com
+xlb588.com
 xlcidc.com
 xlctyd.com
 xlcz.com
@@ -60719,6 +60717,7 @@ xptt.com
 xpu93.com
 xpw888.com
 xpxt.net
+xpykjsws.com
 xpyx.net
 xq0356.com
 xq5.com
@@ -61448,7 +61447,6 @@ yafanpm.com
 yafco.com
 yafdev.com
 yafeilinux.com
-yagaooem.xyz
 yageo.tech
 yago-mall.com
 yahacode.com
@@ -62789,6 +62787,7 @@ ymatou.com
 ymatou.hk
 ymbq301.com
 ymcall.com
+ymcart.com
 ymd520.net
 ymd88.com
 ymeme.com
@@ -64949,6 +64948,7 @@ zgzyqcgw.com
 zgzzs.com
 zh-itone.com
 zh.cc
+zh188.net
 zh30.com
 zh51home.com
 zhai14.com
@@ -65048,7 +65048,6 @@ zhangzishi.net
 zhangzs.com
 zhanh.com
 zhanhi.com
-zhanjindong.com
 zhankoo.com
 zhanlingol.com
 zhanmazj.com
@@ -65487,6 +65486,7 @@ zhiyuan-group.com
 zhiyuanit.com
 zhiyuanyun.com
 zhiyujit.com
+zhiyun-tech.com
 zhizaoye.net
 zhizaoyun.com
 zhizhang.com
@@ -65854,7 +65854,6 @@ zhuliuwu.com
 zhulixiaolie.com
 zhulogic.com
 zhulong.com
-zhulou.net
 zhulu86.com
 zhumengwl.com
 zhumu.me
@@ -66246,6 +66245,7 @@ zjpubservice.com
 zjqbj.com
 zjqimeng.com
 zjqk110.com
+zjqll.com
 zjrc.com
 zjrc.net
 zjrcu.com
@@ -66443,6 +66443,7 @@ zmzapi.net
 zmzjk.com
 zmzjstu.com
 zn8.com
+znb.me
 znba.net
 znbo.com
 znczz.com
diff --git a/luci-app-passwall/root/usr/share/passwall/rules/chnroute b/luci-app-passwall/root/usr/share/passwall/rules/chnroute
index 051229dfc..b050abc91 100644
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnroute
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnroute
@@ -873,6 +873,7 @@
 103.185.228.0/23
 103.185.78.0/23
 103.185.80.0/23
+103.186.4.0/23
 103.19.12.0/22
 103.19.232.0/22
 103.19.40.0/22
diff --git a/luci-app-passwall/root/usr/share/passwall/rules/chnroute6 b/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
index 609ce18e2..b562d356a 100644
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
@@ -31,7 +31,6 @@
 2001:df0:2e00::/48
 2001:df0:2e80::/48
 2001:df0:423::/48
-2001:df0:4500::/48
 2001:df0:59c0::/48
 2001:df0:85c0::/48
 2001:df0:8d40::/48
@@ -230,6 +229,7 @@
 2400:6c40::/32
 2400:6cc0::/32
 2400:6d40::/32
+2400:6da0::/32
 2400:6dc0::/32
 2400:6e00::/32
 2400:6e40::/32
diff --git a/luci-app-passwall/root/usr/share/passwall/rules/gfwlist b/luci-app-passwall/root/usr/share/passwall/rules/gfwlist
index 16429d653..23806297a 100644
--- a/luci-app-passwall/root/usr/share/passwall/rules/gfwlist
+++ b/luci-app-passwall/root/usr/share/passwall/rules/gfwlist
@@ -7123,6 +7123,7 @@ mfg-inspector.com
 mgo-images.com
 mgo.com
 mhshosting.com
+mhyurl.cn
 mi9.com.au
 mi9cdn.com
 miamifintechfestival.com
diff --git a/natflow/Makefile b/natflow/Makefile
index 8ed5756d9..39882278e 100644
--- a/natflow/Makefile
+++ b/natflow/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=natflow
-PKG_VERSION:=20220415
+PKG_VERSION:=20220416
 
 PKG_SOURCE_URL:=https://codeload.github.com/ptpt52/natflow/tar.gz/$(PKG_VERSION)?
 PKG_HASH:=skip