ShellCrash/scripts/menus/dns.sh

#!/bin/sh
# Copyright (C) Juewuy

[ -n "$__IS_MODULE_DNS_LOADED" ] && return
__IS_MODULE_DNS_LOADED=1

set_dns_mod() { #DNS模式设置
	[ -z "$hosts_opt" ] && hosts_opt=ON
    [ -z "$dns_protect" ] && dns_protect=ON
	[ -z "$ecs_subnet" ] && ecs_subnet=OFF
    echo "-----------------------------------------------"
    echo -e "当前DNS运行模式为：\033[47;30m $dns_mod \033[0m"
    echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
    echo "-----------------------------------------------"
	echo -e " 1 MIX模式：  \033[32mCN域名realip其他fake-ip分流\033[0m"
	echo -e " 2 Route模式：\033[32mCN域名realip其他dns2proxy分流\033[0m"
    echo -e " 3 Redir模式：\033[33m不安全,需搭配第三方DNS服务使用\033[0m"
	echo "-----------------------------------------------"
    echo -e " 4 DNS防泄漏：  \033[36m$dns_protect\033[0m	———启用时少量网站可能连接卡顿"
    echo -e " 5 Hosts优化：  \033[36m$hosts_opt\033[0m	———调用本机hosts并劫持NTP服务"
	echo -e " 6 ECS优化：    \033[36m$ecs_subnet\033[0m	———解决CDN下载浪费流量等问题"
    echo -e " 7 DNS劫持端口：\033[36m$dns_redir_port\033[0m	———用于兼容第三方DNS服务"
    [ "$dns_mod" = "mix" ] &&
    echo -e " 8 管理MIX模式\033[33mFake-ip过滤列表\033[0m"
    echo -e " 9 修改\033[36mDNS服务器\033[0m"
	echo "-----------------------------------------------"
    echo " 0 返回上级菜单"
    read -p "请输入对应数字 > " num
    case "$num" in
    0) ;;
    1)
        if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
            dns_mod=mix
            setconfig dns_mod $dns_mod
            echo "-----------------------------------------------"
            echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
        else
            echo -e "\033[31m当前内核不支持的功能！！！\033[0m"
            sleep 1
        fi
		set_dns_mod
    ;;
    2)
        if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
            dns_mod=route
            setconfig dns_mod $dns_mod
            echo "-----------------------------------------------"
            echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
        else
            echo -e "\033[31m当前内核不支持的功能！！！\033[0m"
            sleep 1
        fi
		set_dns_mod
    ;;
    3)
        dns_mod=redir_host
        setconfig dns_mod $dns_mod
        echo "-----------------------------------------------"
        echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
		set_dns_mod
    ;;
    4)
        [ "$dns_protect" = "ON" ] && dns_protect=OFF || dns_protect=ON
        setconfig dns_protect $dns_protect
        set_dns_mod
	;;
    5)
		[ "$hosts_opt" = "ON" ] && hosts_opt=OFF || hosts_opt=ON
        setconfig hosts_opt $hosts_opt
        set_dns_mod
	;;
    6)
		[ "$ecs_subnet" = "ON" ] && ecs_subnet=OFF || ecs_subnet=ON
		setconfig ecs_subnet "$ecs_subnet"
		set_dns_mod
	;;
    7)
        echo "-----------------------------------------------"
        echo -e "\033[31m仅限搭配第三方DNS服务(AdGuard、SmartDNS……)使用！\033[0m"
		echo -e "\033[33m设置为第三方DNS服务的监听端口即可修改防火墙劫持！\n建议在第三方DNS服务中将上游DNS指向【localhost:$dns_port】\033[0m"
		echo "-----------------------------------------------"
		read -p "请输入第三方DNS服务的监听端口(0重置端口) > " num
		if [ "$num" = 0 ];then
			dns_redir_port="$dns_port"
			setconfig dns_redir_port
		elif [ "$num" -lt 65535 -a "$num" -ge 1 ];then
			if ckcmd netstat;then
				port_test=$(netstat -ntul | grep -E ":$num[[:space:]]")
			else
				port_test=0
			fi
			if [ -n "$port_test" ];then
				dns_redir_port="$num"
				setconfig dns_redir_port "$dns_redir_port"
			else
				echo -e "\033[33m此端口未检测到已运行的DNS服务！\033[0m"
			fi
		else
			errornum
		fi
        sleep 1
        set_dns_mod
	;;
    8)
        echo "-----------------------------------------------"
        fake_ip_filter
        set_dns_mod
	;;
    9)
        set_dns_adv
        set_dns_mod
    ;;
    *)
        errornum
    ;;
    esac
}
fake_ip_filter() {
    echo -e "\033[32m用于解决Fake-ip模式下部分地址或应用无法连接的问题\033[0m"
    echo -e "\033[31m脚本已经内置了大量地址，你只需要添加出现问题的地址！\033[0m"
    echo -e "\033[36m示例：a.b.com"
    echo -e "示例：*.b.com"
    echo -e "示例：*.*.b.com\033[0m"
    echo "-----------------------------------------------"
    if [ -s ${CRASHDIR}/configs/fake_ip_filter ]; then
        echo -e "\033[33m已添加Fake-ip过滤地址：\033[0m"
        cat ${CRASHDIR}/configs/fake_ip_filter | awk '{print NR" "$1}'
    else
        echo -e "\033[33m你还未添加Fake-ip过滤地址\033[0m"
    fi
    echo "-----------------------------------------------"
    echo -e "\033[32m输入数字直接移除对应地址，输入地址直接添加！\033[0m"
    read -p "请输入数字或地址 > " input
    case "$input" in
    0) ;;
    '') ;;
    *)
        if [ $input -ge 1 ] 2>/dev/null; then
            sed -i "${input}d" ${CRASHDIR}/configs/fake_ip_filter 2>/dev/null
            echo -e "\033[32m移除成功！\033[0m"
        else
            echo -e "你输入的地址是：\033[32m$input\033[0m"
            read -p "确认添加？(1/0) > " res
            [ "$res" = 1 ] && echo $input >>${CRASHDIR}/configs/fake_ip_filter
        fi
        sleep 1
        fake_ip_filter
    ;;
    esac
}
set_dns_adv() { #DNS详细设置
    echo "-----------------------------------------------"
    echo -e "当前基础DNS：\033[32m$dns_nameserver\033[0m"
    echo -e "PROXY-DNS：\033[36m$dns_fallback\033[0m"
    echo -e "解析DNS：\033[33m$dns_resolver\033[0m"
    echo -e "多个DNS地址请用\033[30;47m“|”\033[0m或者\033[30;47m“, ”\033[0m分隔输入"
    echo -e "\033[33m必须拥有本地根证书文件才能使用dot/doh类型的加密dns\033[0m"
    echo -e "\033[31m注意singbox内核只有首个dns会被加载！\033[0m"
    echo "-----------------------------------------------"
    echo -e " 1 修改\033[32m基础DNS\033[0m"
    echo -e " 2 修改\033[36mPROXY-DNS\033[0m(该DNS查询会经过节点)"
    echo -e " 3 修改\033[33m解析DNS\033[0m(必须是IP,用于解析其他DNS)"
    echo -e " 4 一键配置\033[32m加密DNS\033[0m"
    echo -e " 9 \033[33m重置\033[0m默认DNS配置"
    echo -e " 0 返回上级菜单"
    echo "-----------------------------------------------"
    read -p "请输入对应数字 > " num
    case "$num" in
    0) ;;
    1)
        read -p "请输入新的DNS > " dns_nameserver
        dns_nameserver=$(echo $dns_nameserver | sed 's#|#\,\ #g')
        if [ -n "$dns_nameserver" ]; then
            setconfig dns_nameserver "'$dns_nameserver'"
            echo -e "\033[32m设置成功！！！\033[0m"
        fi
        sleep 1
        set_dns_adv
	;;
    2)
        read -p "请输入新的DNS > " dns_fallback
        dns_fallback=$(echo $dns_fallback | sed 's/|/\,\ /g')
        if [ -n "$dns_fallback" ]; then
            setconfig dns_fallback "'$dns_fallback'"
            echo -e "\033[32m设置成功！！！\033[0m"
        fi
        sleep 1
        set_dns_adv
	;;
    3)
        read -p "请输入新的DNS > " text
        if echo "$text" | grep -qE '://.*::'; then
            echo -e "\033[31m此选项暂不支持ipv6加密DNS！！！\033[0m"
        elif [ -n "$text" ]; then
            dns_resolver=$(echo $text | sed 's/|/\,\ /g')
            setconfig dns_resolver "'$dns_resolver'"
            echo -e "\033[32m设置成功！！！\033[0m"
        fi
        sleep 1
        set_dns_adv
	;;
    4)
        echo "-----------------------------------------------"
        openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
        if [ -s "$openssldir/certs/ca-certificates.crt" ] || [ -s "/etc/ssl/certs/ca-certificates.crt" ] ||
            echo "$crashcore" | grep -qE 'meta|singbox'; then
            dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
            dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
            dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
            setconfig dns_nameserver "'$dns_nameserver'"
            setconfig dns_fallback "'$dns_fallback'"
            setconfig dns_resolver "'$dns_resolver'"
            echo -e "\033[32m已设置加密DNS，如出现DNS解析问题，请尝试重置DNS配置！\033[0m"
        else
            echo -e "\033[31m找不到根证书文件，无法启用加密DNS，Linux系统请自行搜索安装OpenSSL的方式！\033[0m"
        fi
        sleep 1
        set_dns_adv
	;;
    9)
        setconfig dns_nameserver
        setconfig dns_fallback
        setconfig dns_resolver
		. "$CRASHDIR"/libs/get_config.sh
        echo -e "\033[33mDNS配置已重置！！！\033[0m"
        sleep 1
        set_dns_adv
	;;
    *)
        errornum
        sleep 1
	;;
    esac
}