Notice that, if DNS requests do not go through dae, dae cannot split traffic by domain.Ĥ. It is useful for users whose DNS requests do not go through dae but want faster proxy response time. Based on domain mode but do not check the reality of sniffed domain. That is to say, domain rewrite will be after traffic split of routing and dae will not re-route it.ģ. Generally, this mode brings faster proxy response time because proxy will re-resolve the domain in remote, thus get better IP result to connect. This will relieve DNS pollution problem to a great extent if have impure DNS environment. Dial proxy using the domain from sniffing. This may solve some wierd full-cone problem if your are be your node support that.Sniffing will be disabled in this mode.Ģ. For example, if you use curl -4 ip.sb, you will request IPv4 via proxy and get a IPv4 echo. This allows your ipv4, ipv6 to choose the optimal path respectively, and makes the IP version requested by the application meet expectations. Dial proxy using the IP from DNS directly. "dial_mode": `Optional values of dial_mode are:ġ. It is not recommended to turn it on unless you have to.", "allow_insecure": "Allow insecure TLS certificates. "wan_interface": "The WAN interface to bind. "lan_interface": "The LAN interface to bind. "check_tolerance": "Group will switch node only when new_latency <= old_latency - tolerance.", "check_interval": "Interval of connectivity check for TCP and UDP", And if dns_upstream below contains tcp, it also be used to check TCP DNS connectivity of nodes.\nThis DNS should have both IPv4 and IPv6 if you have double stack in local.", "udp_check_dns": "This DNS will be used to check UDP connectivity of nodes. Use 'HEAD' by default because some server implementations bypass accounting for this kind of traffic.", "tcp_check_http_method": "The HTTP request method to `tcp_check_url`. "tcp_check_url": "Node connectivity check.\nHost of URL should have both IPv4 and IPv6 if you have double stack in local.\nConsidering traffic consumption, it is recommended to choose a site with anycast IP and less response.", "log_level": "Log level: error, warn, info, debug, trace.", It is useful to avoid traffic loop with iptables tproxy rules.", "so_mark_from_dae": "If not zero, traffic sent from dae will be set SO_MARK. Set it false to allow users to use self-managed iptables tproxy rules.", "tproxy_port_protect": "Set it true to protect tproxy port from unsolicited traffic. It is NOT a HTTP/SOCKS port, and is just used by eBPF program.\nIn normal case, you do not need to use it.", "tproxy_port": "tproxy port to listen on. "response": `DNS responses will follow this routing.Īvailable functions: qname, qtype, ip, upstream`, "request": `DNS requests will follow this routing. "upstream": "Value can be scheme://host:port, where the scheme can be tcp/udp/tcp udp.\nIf host is a domain and has both IPv4 and IPv6 record, dae will automatically choose IPv4 or IPv6 to use according to group policy (such as min latency policy).\nPlease make sure DNS traffic will go through and be forwarded by dae, which is REQUIRED for domain routing.\nIf dial_mode is \"ip\", the upstream DNS answer SHOULD NOT be polluted, so domestic public DNS is not recommended.", Zero means that dae will request to upstream every time and not cache DNS results for these domains.", "fixed_domain_ttl": "Give a fixed ttl for domains. "ipversion_prefer": "For example, if ipversion_prefer is 4 and the domain name has both type A and type AAAA records, the dae will only respond to type A queries and response empty answer to type AAAA queries.", func ExportOutline(version string) *Outline.func (m *Merger) Merge() (sections *config_parser.Section, entries string, err error).func (m *Marshaller) MarshalSection(name string, from reflect.Value, depth int) (err error).func (c *Config) Marshal(indentSpace int) (b byte, err error).func New(sections *config_parser.Section) (conf *Config, err error).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |