GoForum › 🌐 V2EX
sing-box 运行时 DNS 请求被直接发往 tun 的 ip 导致网络访问全都失败, 怎么解决?
cairnechen ·
2026-01-22 12:37 ·
0 次点赞 · 4 条回复
折腾了下 Sing-Box ,服务端配置好了,但是客户端遇到一个问题
所有 DNS 请求被直接发往 tun 的 ip 172.18.0.2 导致解析失败
问了下 AI ,说这是不对的 dns 请求应该当做普通流量被 hijack dns 捕获,正常路径是这样的:
应用 ↓ 系统构造 DNS 请求(目标 = 公网 DNS ) ↓ DNS 请求作为普通流量被路由 ↓ 进入 TUN ↓ 进入 sing-box ↓ route.rules 命中 protocol=dns ↓ action=hijack-dns ↓ sing-box DNS resolver
然后它建议我手动取消注册这个连接地址,大概这样: Set-DnsClient -InterfaceIndex 25 -RegisterThisConnectionsAddress $false
我感觉 sing-box 配置应该不至于要做到这种程度,所以来求助一下,看是哪里出了问题
Windows 环境
4 条回复
cairnechen · 2026-01-22 13:22
{ “log”: {
"disabled": false,
"level": "info",
"timestamp": true
}, “dns”: {
"rules": [
{
"rule_set": ["geosite-cn"],
"server": "ali"
}
],
"servers": [
{
"type": "https",
"tag": "ali",
"domain_resolver": {
"server": "local",
"strategy": "ipv4_only",
"client_subnet": "59.70.63.44"
},
"server": "dns.alidns.com",
"server_port": 443
},
{
"type": "dhcp",
"tag": "local"
},
{
"type": "https",
"tag": "cfg-google-dns",
"detour": "ss",
"domain_resolver": {
"server": "local",
"strategy": "ipv4_only",
"client_subnet": "59.70.63.44"
},
"server": "dns.google",
"server_port": 443
}
],
"final": "cfg-google-dns",
"strategy": "ipv4_only",
"client_subnet": "59.70.63.44"
}, “inbounds”: [
{
"type": "tun",
"tag": "tun-in",
"mtu": 9000,
"address": ["172.18.0.1/30"],
"route_address": ["0.0.0.0/1", "128.0.0.0/1", "::/1", "8000::/1"],
"route_exclude_address": [
"192.168.0.0/16",
"10.0.0.0/8",
"172.16.0.0/12",
"fc00::/7"
],
"auto_route": true,
"strict_route": false
},
{
"type": "mixed",
"tag": "mixed-in",
"listen": "127.0.0.1",
"listen_port": 7890
}
], “outbounds”: [
{
"type": "shadowsocks",
"tag": "ss",
"server": "<server_ip>",
"server_port": 49628,
"method": "2022-blake3-aes-128-gcm",
"password": "<password>",
"multiplex": {
"enabled": false
}
},
{
"type": "direct",
"tag": "direct"
}
], “route”: {
"auto_detect_interface": true,
"default_domain_resolver": {
"server": "local",
"strategy": "ipv4_only",
"client_subnet": "59.70.63.44"
},
"rules": [
{
"ip_is_private": true,
"outbound": "direct"
},
{
"action": "sniff"
},
{
"protocol": "dns",
"action": "hijack-dns"
},
{
"protocol": [
"bittorrent",
"quic"
],
"action": "reject",
"method": "default"
},
{
"clash_mode": "Direct",
"outbound": "direct"
},
{
"clash_mode": "Proxy",
"outbound": "ss"
},
{
"rule_set": [
"geosite-openai",
"geosite-anthropic"
],
"outbound": "ss"
},
{
"rule_set": ["geosite-category-ads-all"],
"action": "reject"
},
{
"rule_set": ["geosite-cn"],
"outbound": "direct"
},
{
"rule_set": ["geoip-cn"],
"outbound": "direct"
}
],
"rule_set": [
{
"tag": "geosite-openai",
"type": "remote",
"format": "binary",
"url": "https://github.com/SagerNet/sing-geosite/raw/rule-set/geosite-openai.srs",
"download_detour": "direct"
},
{
"tag": "geosite-anthropic",
"type": "remote",
"format": "binary",
"url": "https://github.com/SagerNet/sing-geosite/raw/rule-set/geosite-anthropic.srs",
"download_detour": "direct"
},
{
"tag": "geosite-cn",
"type": "remote",
"format": "binary",
"url": "https://github.com/SagerNet/sing-geosite/raw/rule-set/geosite-cn.srs",
"download_detour": "direct"
},
{
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://github.com/SagerNet/sing-geoip/raw/rule-set/geoip-cn.srs",
"download_detour": "direct"
},
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://github.com/SagerNet/sing-geosite/raw/rule-set/geosite-category-ads-all.srs",
"download_detour": "direct"
}
],
"final": "ss"
}, “experimental”: {
"cache_file": {
"enabled": true
},
"clash_api": {
"external_controller": "127.0.0.1:9090",
"access_control_allow_origin": [
"http://127.0.0.1",
"http://yacd.haishan.me"
],
"access_control_allow_private_network": true
}
} }
cairnechen · 2026-01-22 13:22
@poxiaogg 补上了 网上抄了一部分,自己写了一部分
添加回复
你还需要 登录
后发表回复
站内找到一个极有可能遇到同样问题的朋友 /t/1184470