diff --git a/loon/loon.conf b/loon/loon.conf index 22d8b99..830c5f7 100644 --- a/loon/loon.conf +++ b/loon/loon.conf @@ -8,18 +8,16 @@ ip-mode = dual ipv6-vif = off -# DNS配置 - 增强防泄露并优化速度 -dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114,180.76.76.76 +# DNS配置 - 平衡防泄露和连接稳定性 +dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114 doh-server = https://doh.pub/dns-query,https://dns.alidns.com/dns-query doq-server = quic://dns.adguard.com:784 -doh3-server = h3://223.5.5.5/dns-query,h3://223.6.6.6/dns-query -# DNS安全配置 - 强化防泄露 +# DNS安全配置 sni-sniffing = true disable-stun = true dns-reject-mode = LoopbackIP domain-reject-mode = DNS -hijack-dns = *:53 # Real IP配置 - 防止FakeIP导致的问题 real-ip = *.apple.com,*.icloud.com,*.push.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com,*.mzstatic.com,*.itunes.apple.com,*.crashlytics.com,*.facebook.com,*.instagram.com,*.812371.xyz,cnfus.812371.xyz,racknerdus.812371.xyz,niiiepl.812371.xyz @@ -47,9 +45,6 @@ geoip-url = https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat skip-proxy = 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,localhost,*.local,e.crashlynatics.com bypass-tun = 10.0.0.0/8,100.64.0.0/10,127.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.0.0.0/24,192.0.2.0/24,192.88.99.0/24,192.168.0.0/16,198.51.100.0/24,203.0.113.0/24,224.0.0.0/4,255.255.255.255/32 -# 防止WebRTC泄露 -disable-udp-ports = 80,443 - [Proxy] 🇯🇵 WAP SS = shadowsocks,103.238.129.85,8546,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false 🇯🇵 橙子云 SS = shadowsocks,74.113.96.208,21001,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false @@ -101,24 +96,9 @@ isif = http://152.53.33.92:50004/hatGZgTX6VUe2T2EwZJjf4PY3sr7/download/isif18r?t [Proxy Chain] [Rule] -# DNS防泄露规则 - 强化版 -DOMAIN,dns.google,REJECT -DOMAIN,dns.google.com,REJECT -DOMAIN,dns64.dns.google,REJECT -DOMAIN,cloudflare-dns.com,REJECT -DOMAIN-SUFFIX,doh.opendns.com,REJECT +# DNS防泄露规则 - 温和版 DOMAIN-KEYWORD,dnsleaktest,REJECT DOMAIN-KEYWORD,ipleak,REJECT -DOMAIN-KEYWORD,whoer,REJECT -DOMAIN,browserleaks.com,REJECT -DOMAIN,ipx.ac,REJECT -IP-CIDR,8.8.8.8/32,REJECT,no-resolve -IP-CIDR,8.8.4.4/32,REJECT,no-resolve -IP-CIDR,1.1.1.1/32,REJECT,no-resolve -IP-CIDR,1.0.0.1/32,REJECT,no-resolve -IP-CIDR,208.67.222.222/32,REJECT,no-resolve -IP-CIDR,208.67.220.220/32,REJECT,no-resolve -IP-CIDR,9.9.9.9/32,REJECT,no-resolve # 工具应用 DOMAIN-KEYWORD,1password,🐧 论坛 @@ -175,23 +155,10 @@ https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/OKX/OK https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/Gemini/Gemini.list, policy=🤖 Gemini, tag=Gemini, enabled=true https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/WeChat/WeChat.list, policy=🎯 全球直连, tag=WeChat, enabled=true [Host] -# DNS映射 - 防止DNS泄露 -# 阻止常见的DNS泄露地址 -dns.google = reject -8.8.8.8 = reject -8.8.4.4 = reject -1.1.1.1 = reject -1.0.0.1 = reject -208.67.222.222 = reject -208.67.220.220 = reject -9.9.9.9 = reject -149.112.112.112 = reject -# 阻止DNS泄露检测网站 +# DNS映射 - 温和的防泄露 +# 阻止部分DNS泄露检测网站 dnsleaktest.com = reject ipleak.net = reject -whoer.net = reject -browserleaks.com = reject -ipx.ac = reject # 苹果服务使用直连DNS *.apple.com = server:system @@ -206,11 +173,8 @@ ipx.ac = reject *.weibo.com = server:119.29.29.29 *.douyin.com = server:223.5.5.5 -# 特定域名使用快速DNS -*.812371.xyz = server:119.29.29.29 -cnfus.812371.xyz = server:119.29.29.29 -racknerdus.812371.xyz = server:119.29.29.29 -niiiepl.812371.xyz = server:119.29.29.29 +# 特定域名优化 - 仅使用系统DNS +*.812371.xyz = server:system [Rewrite]