From a1eb072fa70d8308fa8cca90c58b8b39ca32a3c8 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Fri, 12 Dec 2025 12:32:02 +0800
Subject: [PATCH] =?UTF-8?q?~=E5=A2=9E=E5=8A=A0=E6=96=B0=E7=9A=84DNS?=
 =?UTF-8?q?=E6=A8=A1=E5=BC=8F-route=E6=A8=A1=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/menu.sh  | 24 ++++++++++++++++-----
 scripts/start.sh | 54 ++++++++++++++++++++++--------------------------
 2 files changed, 44 insertions(+), 34 deletions(-)

diff --git a/scripts/menu.sh b/scripts/menu.sh
index c035bdb..eed63b4 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -1602,15 +1602,17 @@ set_dns_mod() { #DNS模式设置
 	echo -e "当前DNS运行模式为：\033[47;30m $dns_mod \033[0m"
 	echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
 	echo -----------------------------------------------
-	echo -e " 1 fake-ip模式：   \033[32m响应快，兼容性较差\033[0m"
+	echo -e " 1 fake-ip模式：   响应快，\033[33m兼容性较差\033[0m"
 	echo -e "                   不支持CN-IP绕过功能"
-	echo -e " 2 redir_host模式：\033[32m不安全，易被污染\033[0m"
+	echo -e " 2 redir_host模式：\033[33m不安全，易被污染\033[0m"
 	echo -e "                   建议搭配第三方DNS服务使用"
 	if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
-		echo -e " 3 mix混合模式：   \033[32m内部realip外部fakeip\033[0m"
-		echo -e "                   依赖geosite.dat/geosite-cn.srs数据库"
+		echo -e " 3 mix混合模式：   \033[32m防污染防泄露，响应快，推荐！\033[0m"
+		echo -e "                   cn域名realip其他fakeip分流"
+		echo -e " 4 route模式：     \033[32m防污染防泄露，全真实IP\033[0m"
+		echo -e "                   cn域名realip其他dns2proxy分流"
 	fi
-	echo -e " 4 \033[36mDNS进阶设置\033[0m"
+	echo -e " 9 \033[36mDNS进阶设置\033[0m"
 	echo " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	case $num in
@@ -1639,6 +1641,17 @@ set_dns_mod() { #DNS模式设置
 		fi
 		;;
 	4)
+		if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
+			dns_mod=route
+			setconfig dns_mod $dns_mod
+			echo -----------------------------------------------
+			echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+		else
+			echo -e "\033[31m当前内核不支持的功能！！！\033[0m"
+			sleep 1
+		fi
+		;;
+	9)
 		setdns
 		set_dns_mod
 		;;
@@ -1728,6 +1741,7 @@ normal_set() { #基础设置
 
 	elif [ "$num" = 2 ]; then
 		set_dns_mod
+		sleep 1
 		normal_set
 
 	elif [ "$num" = 3 ]; then
diff --git a/scripts/start.sh b/scripts/start.sh
index 1c3d44b..fe5f896 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -418,28 +418,26 @@ dns:
   fake-ip-range6: fc00::/16
   fake-ip-filter:
 EOF
-		if [ "$dns_mod" != "redir_host" ]; then
+		if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "fake-ip" ];then
 			cat "$CRASHDIR"/configs/fake_ip_filter "$CRASHDIR"/configs/fake_ip_filter.list 2>/dev/null | grep -v '#' | sed "s/^/    - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml
-			[ "$dns_mod" = "mix" ] && {
-				#插入MIX模式防泄露设置
-				cat >>"$TMPDIR"/dns.yaml <<EOF
-    - "rule-set:cn"
+		else
+			echo "    - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host
+		fi
+		#mix模式fakeip绕过cn
+		[ "$dns_mod" = "mix" ] && echo '    - "rule-set:cn"' >>"$TMPDIR"/dns.yaml
+		#mix模式和route模式插入分流设置
+		if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ];then
+			cat >>"$TMPDIR"/dns.yaml <<EOF
   respect-rules: true
   nameserver-policy: {'rule-set:cn': [ $dns_nameserver ]}
   proxy-server-nameserver : [ $dns_resolver ]
   nameserver: [ $dns_fallback ]
 EOF
-			}
 		else
-			echo "    - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host
-		fi
-		[ "$dns_mod" != "mix" ] && cat >>"$TMPDIR"/dns.yaml <<EOF
+			cat >>"$TMPDIR"/dns.yaml <<EOF
   nameserver: [ $dns_nameserver ]
 EOF
-		# [ -s "$CRASHDIR"/configs/fallback_filter.list ] && {
-			# echo "    domain:" >>"$TMPDIR"/dns.yaml
-			# cat "$CRASHDIR"/configs/fallback_filter.list | grep -v '#' | sed "s/^/      - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml
-		# }
+		fi
 	}
 	#域名嗅探配置
 	[ "$sniffer" = "已启用" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
@@ -683,9 +681,9 @@ EOF
 	#根据dns模式生成
 	[ "$dns_mod" = "redir_host" ] && {
 		global_dns=dns_proxy
-		direct_dns="{ \"inbound\": [ \"dns-in\" ], \"server\": \"dns_direct\" },"
+		direct_dns="{ \"inbound\": [ \"dns-in\" ], \"server\": \"dns_direct\" }"
 	}
-	[ "$dns_mod" = "fake-ip" ] && {
+	[ "$dns_mod" = "fake-ip" ] || [ "$dns_mod" = "mix" ] && {
 		global_dns=dns_fakeip
 		fake_ip_filter_domain=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
 		fake_ip_filter_suffix=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
@@ -693,18 +691,18 @@ EOF
 		[ -n "$fake_ip_filter_domain" ] && fake_ip_filter_domain="{ \"domain\": [$fake_ip_filter_domain], \"server\": \"dns_direct\" },"
 		[ -n "$fake_ip_filter_suffix" ] && fake_ip_filter_suffix="{ \"domain_suffix\": [$fake_ip_filter_suffix], \"server\": \"dns_direct\" },"
 		[ -n "$fake_ip_filter_regex" ] && fake_ip_filter_regex="{ \"domain_regex\": [$fake_ip_filter_regex], \"server\": \"dns_direct\" },"
+		proxy_dns='{ "query_type": ["A", "AAAA"], "server": "dns_fakeip", "strategy": "'"$strategy"'", "rewrite_ttl": 1 }'
+		#mix模式插入fakeip过滤规则
+		[ "$dns_mod" = "mix" ] && direct_dns="{ \"rule_set\": [\"cn\"], \"server\": \"dns_direct\" },"
+	}
+	[ "$dns_mod" = "route" ] && {
+		global_dns=dns_proxy
+		direct_dns="{ \"rule_set\": [\"cn\"], \"server\": \"dns_direct\" }"
 	}
-	[ "$dns_mod" = "mix" ] && {
-		global_dns=dns_fakeip
-		fake_ip_filter_domain=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
-		fake_ip_filter_suffix=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
-		fake_ip_filter_regex=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/^*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
-		[ -n "$fake_ip_filter_domain" ] && fake_ip_filter_domain="{ \"domain\": [$fake_ip_filter_domain], \"server\": \"dns_direct\" },"
-		[ -n "$fake_ip_filter_suffix" ] && fake_ip_filter_suffix="{ \"domain_suffix\": [$fake_ip_filter_suffix], \"server\": \"dns_direct\" },"
-		[ -n "$fake_ip_filter_regex" ] && fake_ip_filter_regex="{ \"domain_regex\": [$fake_ip_filter_regex], \"server\": \"dns_direct\" },"
-		direct_dns="{ \"rule_set\": [\"cn\"], \"server\": \"dns_direct\" },"
 		#生成add_rule_set.json
-		[ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -Ei '"tag" *: *"cn"')" ] && cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
+		[ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && \
+		[ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -Ei '"tag" *: *"cn"')" ] && \
+		cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
 {
   "route": {
     "rule_set": [
@@ -719,7 +717,6 @@ EOF
   }
 }
 EOF
-	}
 	cat >"$TMPDIR"/jsons/dns.json <<EOF
 {
   "dns": {
@@ -761,7 +758,6 @@ EOF
 	  { "clash_mode": "Global", "query_type": ["A", "AAAA"], "server": "$global_dns", "strategy": "$strategy", "rewrite_ttl": 1 },
       $direct_dns
 	  $proxy_dns
-      { "query_type": ["A", "AAAA"], "server": "dns_fakeip", "strategy": "$strategy", "rewrite_ttl": 1 }
     ],
     "final": "dns_proxy",
 	"strategy": "$strategy",
@@ -1059,8 +1055,8 @@ start_ipt_route() { #iptables-route通用工具
 		fi
 		#将所在链指定流量指向shellcrash表
 		$1 $w -t $2 -I $3 -p $5 $ports -j $4
-		[ "$dns_mod" != "redir_host" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 $w -t $2 -I $3 -p $5 -d 28.0.0.1/8 -j $4
-		[ "$dns_mod" != "redir_host" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && $1 $w -t $2 -I $3 -p $5 -d fc00::/16 -j $4
+		[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 $w -t $2 -I $3 -p $5 -d 28.0.0.1/8 -j $4
+		[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && $1 $w -t $2 -I $3 -p $5 -d fc00::/16 -j $4
 	}
 	[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 tcp
 	[ "$5" = "udp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 udp