From 11340f6d2be93bd0a9439c642982153c9996b71a Mon Sep 17 00:00:00 2001
From: root <myaddr@cock.li>
Date: Thu, 26 Jun 2025 15:54:00 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20loon/loon.conf?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 loon/loon.conf | 164 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 158 insertions(+), 6 deletions(-)

diff --git a/loon/loon.conf b/loon/loon.conf
index aaf527a..a31a346 100644
--- a/loon/loon.conf
+++ b/loon/loon.conf
@@ -6,8 +6,14 @@
 [General]
 ip-mode = dual
 ipv6-vif = off
-dns-server = 1.1.1.1,8.8.8.8
-doh-server = https://1.1.1.1/dns-query,https://8.8.8.8/dns-query
+# 防DNS泄露优化：只保留最快的加密DNS，移除明文DNS
+dns-server = system
+# 主力DoH服务器：选择最快最稳定的
+doh-server = https://1.1.1.1/dns-query,https://8.8.8.8/dns-query,https://223.5.5.5/dns-query,https://dns.alidns.com/dns-query
+# 新增：DoQ支持，更好的隐私保护和速度
+doq-server = quic://dns.adguard.com:784,quic://dns.nextdns.io:784
+# 新增：DoH3支持，最新的加密DNS技术
+doh3-server = h3://cloudflare-dns.com/dns-query
 real-ip = *.iCloud.com,*.apple.com,*.crashlytics.com,msftconnecttest.com
 sni-sniffing = true
 disable-stun = true
@@ -40,7 +46,6 @@ bypass-tun = 10.0.0.0/8,100.64.0.0/10,127.0.0.0/8,169.254.0.0/16,172.16.0.0/12,1
 🇭🇰 IEP(NII)L-CNFHK SS = shadowsocks,niiiepl.812371.xyz,36192,2022-blake3-aes-128-gcm,"8eLTxLWml4weLT9KW2x9ig==:x8uB5bQzZ7VHEOeKc6zJ0A==",fast-open=false,udp=true,block-quic=false
 🇭🇰 IEP(NII)L-Jinx SS = shadowsocks,niiiepl.812371.xyz,36193,2022-blake3-aes-128-gcm,"8eLTxLWml4weLT9KW2x9ig==:x8uB5bQzZ7VHEOeKc6zJ0A==",fast-open=false,udp=true,block-quic=false
 [Remote Proxy]
-isif = http://152.53.33.92:50004/hatGZgTX6VUe2T2EwZJjf4PY3sr7/download/isif18r?target=Loon&includeUnsupportedProxy=true,udp=true,block-quic=false,fast-open=default,vmess-aead=true,skip-cert-verify=true,enabled=true,flexible-sni=false
 
 
 [Remote Filter]
@@ -134,19 +139,166 @@ https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/OKX/OK
 https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/Gemini/Gemini.list, policy=🤖 Gemini, tag=Gemini, enabled=true
 https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/WeChat/WeChat.list, policy=🎯 全球直连, tag=WeChat, enabled=true
 [Host]
-# 防止DNS泄露
+# 防止DNS泄露核心配置
 localhost = 127.0.0.1
 
-# 代理服务器域名使用国内DNS（模拟proxy-server-nameserver）
+# 代理服务器域名强制使用加密DNS（防泄露）
 *.812371.xyz = server:https://223.5.5.5/dns-query
 cnfus.812371.xyz = server:https://223.5.5.5/dns-query
 racknerdus.812371.xyz = server:https://223.5.5.5/dns-query
 niiiepl.812371.xyz = server:https://223.5.5.5/dns-query
 
-# Apple服务保持系统DNS
+# Apple服务保持系统DNS（兼容性最佳）
 *.apple.com = server:system
 *.icloud.com = server:system
 
+# 🇨🇳 智能国内DNS策略
+# 只保留关键的国内服务，其他靠通用规则自动识别
+# 国内AI服务
+*.deepseek.com = server:https://dns.alidns.com/dns-query
+*.moonshot.cn = server:https://dns.alidns.com/dns-query
+
+# 国内CDN
+*.chinanetcenter.com = server:https://dns.alidns.com/dns-query
+*.ccgslb.com = server:https://dns.alidns.com/dns-query
+*.ccgslb.net = server:https://dns.alidns.com/dns-query
+*.bootcdn.net = server:https://dns.alidns.com/dns-query
+*.staticfile.org = server:https://dns.alidns.com/dns-query
+
+# 海外服务使用Cloudflare DoH（速度+隐私）
+# 流媒体服务
+*.netflix.com = server:https://1.1.1.1/dns-query
+*.nflximg.net = server:https://1.1.1.1/dns-query
+*.nflxext.com = server:https://1.1.1.1/dns-query
+*.nflxvideo.net = server:https://1.1.1.1/dns-query
+*.disney.com = server:https://1.1.1.1/dns-query
+*.disneyplus.com = server:https://1.1.1.1/dns-query
+*.hulu.com = server:https://1.1.1.1/dns-query
+*.primevideo.com = server:https://1.1.1.1/dns-query
+*.amazon.com = server:https://1.1.1.1/dns-query
+*.amazonvideo.com = server:https://1.1.1.1/dns-query
+
+# Google 全家桶
+*.google.com = server:https://1.1.1.1/dns-query
+*.google.com.hk = server:https://1.1.1.1/dns-query
+*.googleadservices.com = server:https://1.1.1.1/dns-query
+*.googlesyndication.com = server:https://1.1.1.1/dns-query
+*.googletagmanager.com = server:https://1.1.1.1/dns-query
+*.googletagservices.com = server:https://1.1.1.1/dns-query
+*.googleusercontent.com = server:https://1.1.1.1/dns-query
+*.youtube.com = server:https://1.1.1.1/dns-query
+*.youtubei.googleapis.com = server:https://1.1.1.1/dns-query
+*.ytimg.com = server:https://1.1.1.1/dns-query
+*.ggpht.com = server:https://1.1.1.1/dns-query
+*.gmail.com = server:https://1.1.1.1/dns-query
+*.googledrive.com = server:https://1.1.1.1/dns-query
+
+# 社交媒体
+*.facebook.com = server:https://1.1.1.1/dns-query
+*.facebook.net = server:https://1.1.1.1/dns-query
+*.fbcdn.net = server:https://1.1.1.1/dns-query
+*.instagram.com = server:https://1.1.1.1/dns-query
+*.cdninstagram.com = server:https://1.1.1.1/dns-query
+*.twitter.com = server:https://1.1.1.1/dns-query
+*.twimg.com = server:https://1.1.1.1/dns-query
+*.x.com = server:https://1.1.1.1/dns-query
+*.whatsapp.com = server:https://1.1.1.1/dns-query
+*.whatsapp.net = server:https://1.1.1.1/dns-query
+*.linkedin.com = server:https://1.1.1.1/dns-query
+*.licdn.com = server:https://1.1.1.1/dns-query
+*.telegram.org = server:https://1.1.1.1/dns-query
+*.telegram.me = server:https://1.1.1.1/dns-query
+*.t.me = server:https://1.1.1.1/dns-query
+*.discord.com = server:https://1.1.1.1/dns-query
+*.discordapp.com = server:https://1.1.1.1/dns-query
+*.discordapp.net = server:https://1.1.1.1/dns-query
+
+# Microsoft 系
+*.microsoft.com = server:https://1.1.1.1/dns-query
+*.microsoftonline.com = server:https://1.1.1.1/dns-query
+*.office.com = server:https://1.1.1.1/dns-query
+*.office365.com = server:https://1.1.1.1/dns-query
+*.outlook.com = server:https://1.1.1.1/dns-query
+*.live.com = server:https://1.1.1.1/dns-query
+*.skype.com = server:https://1.1.1.1/dns-query
+*.xbox.com = server:https://1.1.1.1/dns-query
+
+# 其他常用海外服务
+*.spotify.com = server:https://1.1.1.1/dns-query
+*.scdn.co = server:https://1.1.1.1/dns-query
+*.twitch.tv = server:https://1.1.1.1/dns-query
+*.ttvnw.net = server:https://1.1.1.1/dns-query
+*.reddit.com = server:https://1.1.1.1/dns-query
+*.redd.it = server:https://1.1.1.1/dns-query
+*.redditstatic.com = server:https://1.1.1.1/dns-query
+*.dropbox.com = server:https://1.1.1.1/dns-query
+*.dropboxapi.com = server:https://1.1.1.1/dns-query
+*.onedrive.com = server:https://1.1.1.1/dns-query
+
+# 🌍 海外CDN和开发资源
+*.cloudflare.com = server:https://1.1.1.1/dns-query
+*.cf-assets.com = server:https://1.1.1.1/dns-query
+*.github.com = server:https://1.1.1.1/dns-query
+*.githubusercontent.com = server:https://1.1.1.1/dns-query
+*.githubassets.com = server:https://1.1.1.1/dns-query
+*.fastly.com = server:https://1.1.1.1/dns-query
+*.akamai.net = server:https://1.1.1.1/dns-query
+*.akamaiedge.net = server:https://1.1.1.1/dns-query
+*.edgecastcdn.net = server:https://1.1.1.1/dns-query
+
+# 🤖 海外AI服务
+*.openai.com = server:https://1.1.1.1/dns-query
+*.oaistatic.com = server:https://1.1.1.1/dns-query
+*.oaiusercontent.com = server:https://1.1.1.1/dns-query
+*.chatgpt.com = server:https://1.1.1.1/dns-query
+*.anthropic.com = server:https://1.1.1.1/dns-query
+*.claude.ai = server:https://1.1.1.1/dns-query
+
+# 🎮 游戏平台（海外）
+*.steam-chat.com = server:https://1.1.1.1/dns-query
+*.steamcommunity.com = server:https://1.1.1.1/dns-query
+*.steampowered.com = server:https://1.1.1.1/dns-query
+*.steamstatic.com = server:https://1.1.1.1/dns-query
+*.epic.com = server:https://1.1.1.1/dns-query
+*.epicgames.com = server:https://1.1.1.1/dns-query
+*.unrealengine.com = server:https://1.1.1.1/dns-query
+*.ea.com = server:https://1.1.1.1/dns-query
+*.origin.com = server:https://1.1.1.1/dns-query
+*.ubisoft.com = server:https://1.1.1.1/dns-query
+
+# 📊 特殊DNS服务器（海外需要翻墙的）
+*.tiktok.com = server:https://1.1.1.1/dns-query
+
+# 🎯 通用策略：国内域名自动走国内DNS
+# 中国顶级域名全部使用国内加密DNS
+*.cn = server:https://dns.alidns.com/dns-query
+*.com.cn = server:https://dns.alidns.com/dns-query
+*.net.cn = server:https://dns.alidns.com/dns-query
+*.org.cn = server:https://dns.alidns.com/dns-query
+*.edu.cn = server:https://dns.alidns.com/dns-query
+*.gov.cn = server:https://dns.alidns.com/dns-query
+*.mil.cn = server:https://dns.alidns.com/dns-query
+*.ac.cn = server:https://dns.alidns.com/dns-query
+
+# 🌐 默认策略：其他域名走海外DNS
+# GEOIP CN域名会被路由规则自动识别为国内，这里不需要单独配置
+# 所有非明确指定的域名默认走加密DNS（配置在上面的doh-server）
+
+# ⚡ IP模式优化（只保留关键的海外服务）
+*.netflix.com = ip-mode:ipv4-preferred
+*.youtube.com = ip-mode:ipv4-preferred
+*.google.com = ip-mode:ipv4-preferred
+*.facebook.com = ip-mode:ipv4-preferred
+*.instagram.com = ip-mode:ipv4-preferred
+*.twitter.com = ip-mode:ipv4-preferred
+
+# 防止常见DNS劫持目标泄露
+*.gstatic.com = server:https://1.1.1.1/dns-query
+*.googleapis.com = server:https://1.1.1.1/dns-query
+*.googlevideo.com = server:https://1.1.1.1/dns-query
+*.googlecode.com = server:https://1.1.1.1/dns-query
+*.gmail.com = server:https://1.1.1.1/dns-query
+
 [Rewrite]
 
 [Script]