-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Proposal] remove must_*
and add dns
as a builtin outbound
#677
Comments
Thanks for opening this issue! |
从语义上,这样的拆分是较为成功的。但从实际出发,dae 不希望 dns 流量绕过 dns 模块,从而带来 domain 内核侧分流失败的问题。 |
那么这样呢: 当检测到配置中不存在 |
@luochen1990 这是一个好主意,但我建议通过显式给出 isdns -> no_inherent_hijack 使得隐式规则失效。这应该是个固定语句,任何其他的语句指向该出站都需要报错。 |
@mzz2017 那我感觉可以做成一个选项,可以就放 dns 下面
|
用 enable_manual_hijack 吧,开启之后 isdns 和 dns 出站才可使用。 |
那就 enable_explicit_hijack ? 或者 disable_implicit_hijack ? 我感觉后者好一点,因为它更显著的效果是 disable |
@luochen1990 可以 |
Proposal
提案
把 must_* 去掉,由
isdns
匹配规则和显式的dns
outbound 替代原有功能,相关变更有must_*
以及*(must)
outboundisdns
匹配规则dns
outbound一些可能的变种
isdns
可以命名为is_dns
或者其他更合适的名字, 甚至直接用dport(53)
替代 (如果我们认为这个判断标准已经足够并且在未来不太会发生变化的话)dns
可以命名为builtin_dns
或者其他更合适的名字Use Cases
比如原来的配置:
可以替换成
类似地
可以替换成
或者
Potential Benefits
Scope
No response
Reference
No response
Implementation
No response
The text was updated successfully, but these errors were encountered: