更新 loon/loon.conf

2025-06-26 17:09:36 +08:00 · 2025-06-26 17:09:36 +08:00 · 01b0dd6ae3
commit 01b0dd6ae3
parent ada7fceaca
1 changed files with 8 additions and 44 deletions
--- a/loon/loon.conf
+++ b/loon/loon.conf
@ -8,18 +8,16 @@
 ip-mode = dual
 ipv6-vif = off
-# DNS配置 - 增强防泄露并优化速度
+# DNS配置 - 平衡防泄露和连接稳定性
-dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114,180.76.76.76
+dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114
 doh-server = https://doh.pub/dns-query,https://dns.alidns.com/dns-query
 doq-server = quic://dns.adguard.com:784
 doh3-server = h3://223.5.5.5/dns-query,h3://223.6.6.6/dns-query
-# DNS安全配置 - 强化防泄露
+# DNS安全配置
 sni-sniffing = true
 disable-stun = true
 dns-reject-mode = LoopbackIP
 domain-reject-mode = DNS
 hijack-dns = *:53
 # Real IP配置 - 防止FakeIP导致的问题
 real-ip = *.apple.com,*.icloud.com,*.push.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com,*.mzstatic.com,*.itunes.apple.com,*.crashlytics.com,*.facebook.com,*.instagram.com,*.812371.xyz,cnfus.812371.xyz,racknerdus.812371.xyz,niiiepl.812371.xyz
@ -47,9 +45,6 @@ geoip-url = https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat
 skip-proxy = 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,localhost,*.local,e.crashlynatics.com
 bypass-tun = 10.0.0.0/8,100.64.0.0/10,127.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.0.0.0/24,192.0.2.0/24,192.88.99.0/24,192.168.0.0/16,198.51.100.0/24,203.0.113.0/24,224.0.0.0/4,255.255.255.255/32
 # 防止WebRTC泄露
 disable-udp-ports = 80,443
 [Proxy]
 🇯🇵 WAP SS = shadowsocks,103.238.129.85,8546,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false
 🇯🇵 橙子云 SS = shadowsocks,74.113.96.208,21001,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false
@ -101,24 +96,9 @@ isif = http://152.53.33.92:50004/hatGZgTX6VUe2T2EwZJjf4PY3sr7/download/isif18r?t
 [Proxy Chain]
 [Rule]
-# DNS防泄露规则 - 强化版
+# DNS防泄露规则 - 温和版
 DOMAIN,dns.google,REJECT
 DOMAIN,dns.google.com,REJECT
 DOMAIN,dns64.dns.google,REJECT
 DOMAIN,cloudflare-dns.com,REJECT
 DOMAIN-SUFFIX,doh.opendns.com,REJECT
 DOMAIN-KEYWORD,dnsleaktest,REJECT
 DOMAIN-KEYWORD,ipleak,REJECT
 DOMAIN-KEYWORD,whoer,REJECT
 DOMAIN,browserleaks.com,REJECT
 DOMAIN,ipx.ac,REJECT
 IP-CIDR,8.8.8.8/32,REJECT,no-resolve
 IP-CIDR,8.8.4.4/32,REJECT,no-resolve
 IP-CIDR,1.1.1.1/32,REJECT,no-resolve
 IP-CIDR,1.0.0.1/32,REJECT,no-resolve
 IP-CIDR,208.67.222.222/32,REJECT,no-resolve
 IP-CIDR,208.67.220.220/32,REJECT,no-resolve
 IP-CIDR,9.9.9.9/32,REJECT,no-resolve
 # 工具应用
 DOMAIN-KEYWORD,1password,🐧 论坛
@ -175,23 +155,10 @@ https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/OKX/OK
 https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/Gemini/Gemini.list, policy=🤖 Gemini, tag=Gemini, enabled=true
 https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/WeChat/WeChat.list, policy=🎯 全球直连, tag=WeChat, enabled=true
 [Host]
-# DNS映射 - 防止DNS泄露
+# DNS映射 - 温和的防泄露
-# 阻止常见的DNS泄露地址
+# 阻止部分DNS泄露检测网站
 dns.google = reject
 8.8.8.8 = reject
 8.8.4.4 = reject
 1.1.1.1 = reject
 1.0.0.1 = reject
 208.67.222.222 = reject
 208.67.220.220 = reject
 9.9.9.9 = reject
 149.112.112.112 = reject
 # 阻止DNS泄露检测网站
 dnsleaktest.com = reject
 ipleak.net = reject
 whoer.net = reject
 browserleaks.com = reject
 ipx.ac = reject
 # 苹果服务使用直连DNS
 *.apple.com = server:system
@ -206,11 +173,8 @@ ipx.ac = reject
 *.weibo.com = server:119.29.29.29
 *.douyin.com = server:223.5.5.5
-# 特定域名使用快速DNS
+# 特定域名优化 - 仅使用系统DNS
-*.812371.xyz = server:119.29.29.29
+*.812371.xyz = server:system
 cnfus.812371.xyz = server:119.29.29.29
 racknerdus.812371.xyz = server:119.29.29.29
 niiiepl.812371.xyz = server:119.29.29.29
 [Rewrite]