add new regex dns resolver, better dns routing

Author: hiddify-com

go.mod

@@ -151,7 +151,7 @@ require (
 	lukechampine.com/blake3 v1.4.0 // indirect
 )
 
-replace github.com/sagernet/sing-box => github.com/hiddify/hiddify-sing-box v1.8.9-0.20250427171527-75d1f520c1d0
+replace github.com/sagernet/sing-box => github.com/hiddify/hiddify-sing-box v1.8.9-0.20250622203549-c2a41a8cc8dd
 
 // replace github.com/sagernet/sing-box => ../../hiddify-sing-box
 

go.sum

@@ -243,8 +243,8 @@ github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8
 github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns=
 github.com/hectane/go-acl v0.0.0-20230122075934-ca0b05cb1adb h1:PGufWXXDq9yaev6xX1YQauaO1MV90e6Mpoq1I7Lz/VM=
 github.com/hectane/go-acl v0.0.0-20230122075934-ca0b05cb1adb/go.mod h1:QiyDdbZLaJ/mZP4Zwc9g2QsfaEA4o7XvvgZegSci5/E=
-github.com/hiddify/hiddify-sing-box v1.8.9-0.20250427171527-75d1f520c1d0 h1:Venb6aqoM7+R8kK3BOPDMtxoTQQqcjJFwlKEzGbJwr4=
-github.com/hiddify/hiddify-sing-box v1.8.9-0.20250427171527-75d1f520c1d0/go.mod h1:P2Jl+D3230kPWANXuUpITOUacVTlx4YXCFBXSdzBOsk=
+github.com/hiddify/hiddify-sing-box v1.8.9-0.20250622203549-c2a41a8cc8dd h1:NOBVy6sqaE36kmcIx0qCO3ad1lYE+/vEYJx2MqUmX8A=
+github.com/hiddify/hiddify-sing-box v1.8.9-0.20250622203549-c2a41a8cc8dd/go.mod h1:P2Jl+D3230kPWANXuUpITOUacVTlx4YXCFBXSdzBOsk=
 github.com/hiddify/ray2sing v0.0.0-20250421090415-3f7c0fc24042 h1:rR7v56h185wZ5yQf8n8HgK0YFpdTYFE0/E/Fjc2DPhY=
 github.com/hiddify/ray2sing v0.0.0-20250421090415-3f7c0fc24042/go.mod h1:jBi91UH2/k3c8vpcGRS8Flhodi+uJZADZeWafkLfRQs=
 github.com/hiddify/warp-plus v0.0.0-20240717223357-4f3122e0d11d h1:vRGKh9ou+/vQGfVYa8MczhbIVjHxlP52OWwrDWO77RA=

v2/config/config.go

@@ -86,6 +86,7 @@ func BuildConfig(opt HiddifyOptions, input option.Options) (*option.Options, err
 	setNTP(&options)
 	setRoutingOptions(&options, &opt)
 	err := setOutbounds(&options, &input, &opt)
+
 	if err != nil {
 		return nil, err
 	}
@@ -154,7 +155,7 @@ func setOutbounds(options *option.Options, input *option.Options, opt *HiddifyOp
 		if contains(PredefinedOutboundTags, out.Tag) {
 			continue
 		}
-		outbound, err := patchOutbound(out, *opt, options.DNS.StaticIPs)
+		outbound, err := patchOutbound(out, *opt, options.DNS)
 		if err != nil {
 			return err
 		}
@@ -434,37 +435,19 @@ func setDns(options *option.Options, opt *HiddifyOptions) {
 			},
 		},
 	}
-	domains := map[string][]string{
-		"time.apple.com":     {"time.g.aaplimg.com", "time.apple.com"},
-		"ipinfo.io":          {"ipinfo.io"},
-		"dns.cloudflare.com": {"www.speedtest.net", "cloudflare.com"},
-		"ipwho.is":           {"ipwho.is"},
-		"api.my-ip.io":       {"api.my-ip.io"},
-		"myip.expert":        {"myip.expert"},
-		"ip-api.com":         {"ip-api.com"},
-	}
-	var wg sync.WaitGroup
-	var mu sync.Mutex
-	for key, domainList := range domains {
-		wg.Add(1)
-		go func(k string, dList []string) {
-			defer wg.Done()
-			ips := getIPs(dList...)
-			if len(ips) > 0 {
-				mu.Lock()
-				options.DNS.StaticIPs[k] = ips
-				mu.Unlock()
-			}
-		}(key, domainList)
-	}
 
-	wg.Wait()
-	if dnsstr := options.DNS.StaticIPs["dns.cloudflare.com"]; dnsstr != nil {
-		options.DNS.StaticIPs["api.ip.sb"] = dnsstr
-		options.DNS.StaticIPs["ipapi.co"] = dnsstr
-		options.DNS.StaticIPs["reallyfreegeoip.org"] = dnsstr
-		options.DNS.StaticIPs["freeipapi.com"] = dnsstr
-	}
+	options.DNS.StaticIPs["time.apple.com"] = []string{"time.g.aaplimg.com", "time.apple.com"}
+	options.DNS.StaticIPs["ipinfo.io"] = []string{"ipinfo.io"}
+	options.DNS.StaticIPs["dns.cloudflare.com"] = []string{"www.speedtest.net", "cloudflare.com"}
+	options.DNS.StaticIPs["ipwho.is"] = []string{"ipwho.is"}
+	options.DNS.StaticIPs["api.my-ip.io"] = []string{"api.my-ip.io"}
+	options.DNS.StaticIPs["myip.expert"] = []string{"myip.expert"}
+	options.DNS.StaticIPs["ip-api.com"] = []string{"ip-api.com"}
+	options.DNS.StaticIPs["freeipapi.com"] = []string{"www.speedtest.net", "cloudflare.com"}
+	options.DNS.StaticIPs["reallyfreegeoip.org"] = []string{"www.speedtest.net", "cloudflare.com"}
+	options.DNS.StaticIPs["ipapi.co"] = []string{"www.speedtest.net", "cloudflare.com"}
+	options.DNS.StaticIPs["api.ip.sb"] = []string{"www.speedtest.net", "cloudflare.com"}
+
 }
 
 func addForceDirect(options *option.Options, opt *HiddifyOptions) {
@@ -491,43 +474,47 @@ func addForceDirect(options *option.Options, opt *HiddifyOptions) {
 			}
 		}
 	}
+
 	if len(dnsMap) > 0 {
 		unique_dns_detours := make(map[string]bool)
 		for _, detour := range dnsMap {
 			unique_dns_detours[detour] = true
 		}
 
 		for detour := range unique_dns_detours {
-			if detour == OutboundDirectTag {
-				detour = "direct"
-			} else {
+			dns_detour := "dns-direct"
+			if detour != OutboundDirectTag {
+				dns_detour = "dns-" + detour
 				options.DNS.Servers = append(options.DNS.Servers, option.DNSServerOptions{
-					Tag:             "dns-" + detour,
+					Tag:             dns_detour,
 					Address:         opt.RemoteDnsAddress,
 					AddressResolver: DNSDirectTag,
 					Strategy:        opt.RemoteDnsDomainStrategy,
 					Detour:          detour,
 				})
 			}
+
 			domains := []string{}
 			for domain, d := range dnsMap {
 				if d == detour {
 					domains = append(domains, domain)
 				}
 			}
+
 			if len(domains) == 0 {
 				continue
 			}
 			options.DNS.Rules = append(options.DNS.Rules, option.DNSRule{
 				Type: C.RuleTypeDefault,
 				DefaultOptions: option.DefaultDNSRule{
-					Server: "dns-" + detour,
+					Server: dns_detour,
 					Domain: domains,
 				},
 			})
 		}
 
 	}
+
 }
 
 func setFakeDns(options *option.Options, opt *HiddifyOptions) {
@@ -836,6 +823,16 @@ func setRoutingOptions(options *option.Options, opt *HiddifyOptions) {
 			},
 		})
 	}
+	if opt.RouteOptions.BlockQuic {
+		routeRules = append(routeRules, option.Rule{
+			Type: C.RuleTypeDefault,
+			DefaultOptions: option.DefaultRule{
+				Port:     []uint16{443},
+				Network:  []string{"udp"},
+				Outbound: OutboundBlockTag,
+			},
+		})
+	}
 	options.Route = &option.RouteOptions{
 		Rules:               routeRules,
 		Final:               OutboundMainProxyTag,
@@ -862,14 +859,7 @@ func setRoutingOptions(options *option.Options, opt *HiddifyOptions) {
 			}
 		}
 	}
-	routeRules = append(routeRules, option.Rule{
-		Type: C.RuleTypeDefault,
-		DefaultOptions: option.DefaultRule{
-			Port:     []uint16{443},
-			Network:  []string{"udp"},
-			Outbound: OutboundBlockTag,
-		},
-	})
+
 }
 
 func patchHiddifyWarpFromConfig(out option.Outbound, opt HiddifyOptions) option.Outbound {

v2/config/hiddify_option.go

@@ -27,6 +27,8 @@ type HiddifyOptions struct {
 	Warp2     WarpOptions `json:"warp2,omitempty"`
 	Mux       MuxOptions  `json:"mux,omitempty" overridable:"true"`
 	TLSTricks TLSTricks   `json:"tls-tricks,omitempty"`
+	EnableNTP bool        `json:"enable-ntp,omitempty"`
+
 	DNSOptions
 	InboundOptions
 	URLTestOptions
@@ -66,6 +68,7 @@ type RouteOptions struct {
 	IPv6Mode               option.DomainStrategy `json:"ipv6-mode,omitempty"`
 	BypassLAN              bool                  `json:"bypass-lan,omitempty"`
 	AllowConnectionFromLAN bool                  `json:"allow-connection-from-lan,omitempty"`
+	BlockQuic              bool                  `json:"block-quic,omitempty"`
 }
 
 type TLSTricks struct {
@@ -101,6 +104,7 @@ type WarpOptions struct {
 
 func DefaultHiddifyOptions() *HiddifyOptions {
 	return &HiddifyOptions{
+		EnableNTP: true,
 		DNSOptions: DNSOptions{
 			RemoteDnsAddress:        "1.1.1.1",
 			RemoteDnsDomainStrategy: option.DomainStrategy(dns.DomainStrategyAsIS),
@@ -136,6 +140,7 @@ func DefaultHiddifyOptions() *HiddifyOptions {
 		LogFile:        "data/box.log",
 		Region:         "other",
 		EnableClashApi: true,
+
 		ClashApiPort:   16756,
 		ClashApiSecret: "",
 		// GeoIPPath:      "geoip.db",

v2/config/outbound.go

@@ -116,11 +116,11 @@ func isOutboundReality(base option.Outbound) bool {
 	return base.VLESSOptions.OutboundTLSOptionsContainer.TLS.Reality.Enabled
 }
 
-func patchOutbound(base option.Outbound, configOpt HiddifyOptions, staticIpsDns map[string][]string) (*option.Outbound, error) {
+func patchOutbound(base option.Outbound, configOpt HiddifyOptions, dns *option.DNSOptions) (*option.Outbound, error) {
 	formatErr := func(err error) error {
 		return fmt.Errorf("error patching outbound[%s][%s]: %w", base.Tag, base.Type, err)
 	}
-	err := patchWarp(&base, &configOpt, true, staticIpsDns)
+	err := patchWarp(&base, &configOpt, true, dns.StaticIPs)
 	if err != nil {
 		return nil, formatErr(err)
 	}
@@ -143,7 +143,7 @@ func patchOutbound(base option.Outbound, configOpt HiddifyOptions, staticIpsDns
 	case C.TypeVMess, C.TypeVLESS, C.TypeTrojan, C.TypeShadowsocks:
 		obj = patchOutboundMux(base, configOpt, obj)
 	}
-	obj = patchOutboundXray(base, configOpt, obj, staticIpsDns)
+	obj = patchOutboundXray(base, configOpt, obj, dns.StaticIPs)
 	modifiedJson, err := json.Marshal(obj)
 	if err != nil {
 		return nil, formatErr(err)