small-package/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config-chinadns.yaml

log:
    level: info
plugins:
    # Num0: Cache
    - tag: lazy_cache
      type: cache
      args:
        size: 20000
        lazy_cache_ttl: 86400

    # Num1: CN domain
    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/direct-list.txt
    # cat direct-list.txt | grep -v "regexp:\|full:" | sort -u | uniq -u > china-domain-2.lst
    - tag: geosite_cn
      type: domain_set
      args:
        files:
          - "/etc/ssrplus/mosdns-chinadns/geosite_cn.txt"
          - "/etc/ssrplus/white.list"

    # Num2: CN IP
    # https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
    - tag: geoip_cn
      type: ip_set
      args:
        files:
          - "/etc/ssrplus/china_ssr.txt"

    # Num3: Domain need proxy (gfwlist)
    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/proxy-list.txt
    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/gfw.txt
    - tag: geosite_not_cn
      type: domain_set
      args:
        files:
          - "/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt"
          - "/etc/ssrplus/black.list"

    # Num4: Forward to google
    - tag: forward_remote
      type: forward
      args:
        concurrent: 2
        upstreams:

    # Num5: Forward to local
    # ifstatus wan | jsonfilter -e '@["dns-server"]'
    - tag: forward_local
      type: forward
      args:
        concurrent: 2
        upstreams:

    # Num6
    - tag: local_sequence
      type: sequence
      args:
        - exec: $forward_local

    # Num7
    - tag: remote_sequence_with_IPv6
      type: sequence
      args:
        - exec: prefer_ipv4
        - exec: $forward_remote

    # Num8
    - tag: remote_sequence_disable_IPv6
      type: sequence
      args:
        - exec: prefer_ipv4
        - exec: $forward_remote
        - matches: 
          - qtype 28 65
          exec: reject 0

    # Num9
    - tag: query_is_local_domain
      type: sequence
      args:
        - matches: qname $geosite_cn
          exec: $local_sequence
    
    # Num10
    - tag: query_is_proxy_domain
      type: sequence
      args:
        - matches: qname $geosite_not_cn
        - exec: ipset blacklist,inet,24

    # fallback 用本地服务器 sequence
    # 返回非国内 ip 则 drop_resp
    # Num11
    - tag: query_is_local_ip
      type: sequence
      args:
        - exec: $local_sequence
        - matches: "!resp_ip $geoip_cn"
          exec: drop_resp

    # Num12
    # fallback 用远程服务器 sequence
    - tag: query_is_remote_ip
      type: sequence
      args:
        - exec: $remote_sequence_disable_IPv6
        - exec: ipset blacklist,inet,24

    # fallback 用远程服务器 sequence
    # query_is_local_ip to query_is_remote_ip
    # Num13
    - tag: fallback
      type: fallback
      args:
        # DNS Leak solution
        primary: query_is_local_ip
        secondary: query_is_remote_ip
        threshold: 600
        always_standby: true

    # 有响应终止返回
    # Num14
    - tag: has_resp_sequence
      type: sequence
      args:
        - matches: has_resp
          exec: accept

    # Num15
    - tag: main_sequence
      type: sequence
      args:
        - exec: $lazy_cache
        - exec: $query_is_local_domain
        - exec: jump has_resp_sequence
        - exec: $query_is_proxy_domain
        - exec: jump has_resp_sequence
        - exec: $fallback

    # Num16
    - tag: udp_server
      type: udp_server
      args:
        entry: main_sequence

    # Num17
    - tag: tcp_server
      type: tcp_server
      args:
        entry: main_sequence