Skip to main content

DNS

Brief Introduction

Egern's DNS supports multiple protocols such as traditional DNS, DNS over HTTPS, DNS over TLS, and DNS over QUIC. Users can configure forwarding rules to direct specific domain requests to different DNS servers.

Main Components

1. Bootstrap (Default DNS Server)

Egern uses the system-configured DNS server by default, which is the DNS server of the Wi-Fi or cellular network. This server only supports the traditional DNS protocol and is used to resolve the domain names of DNS servers configured in Upstreams. The Bootstrap DNS server does not follow proxy rules, and traffic connects directly to the server.

2. Upstreams (DNS Server Groups)

Upstreams configuration includes DNS servers using traditional DNS, DNS over HTTPS, DNS over TLS, and DNS over QUIC protocols. These servers are used in DNS forwarding rules to handle domain requests and follow proxy rules.

3. Forward (DNS Forwarding Rules)

Forward is used to define DNS forwarding rules, with each rule consisting of a domain match and an Upstream. It supports wildcard formats, regular expressions, and proxy rule sets for matching.

4. Public IP Lookup Address

This address is used to query the public IP of the device, serving as a parameter for EDNS Client Subnet. It helps DNS servers provide domain resolution results closest to the device's public IP.

5. Hosts (Hostname Mapping)

Hosts are used to map hostnames to IP addresses or other hostnames. Hostname mappings support wildcard matching.

6. BlockIps (Blocked IPs)

This component is used to block specific IP addresses in domain resolutions, supporting both IP and CIDR formats.

Configuration Example

dns:
  bootstrap:
    - system  # Use the system default DNS configuration as bootstrap.
  upstreams:  # Define the list of upstream DNS servers.
    google:  # Use Google's public DNS servers as one of the upstream servers.
    - https://8.8.8.8  # Google's primary DNS server.
    - https://8.8.4.4  # Google's backup DNS server.
  forward:  # Rules for forwarding DNS requests.
  - wildcard:
      match: '*.cn'  # Forward all domain requests ending with .cn to the system default DNS server.
      value: system
  - proxy_rule_set:  # Match domains from the China domain list of ACL4SSR.
      match: https://github.com/ACL4SSR/ACL4SSR/raw/master/Clash/ChinaDomain.list
      value: system  # These matching domains use the system default DNS server.
  - regex:
      match: ^ad\..*|^ads\..*  # Regex to match domains starting with "ad." or "ads." (typically ad-related domains).
      value: quic://dns.adguard-dns.com  # These ad-related domains use AdGuard's QUIC DNS server.
  - wildcard:
      match: '*'  # Match all other domains not caught by the previous rules.
      value: google  # Forward these domain requests to Google's DNS server.
  hosts:  # Local DNS hostname mappings.
    example.com: www.example.com  # Map example.com to www.example.com.
    localhost: 127.0.0.1  # Map localhost to the local address 127.0.0.1.
  block_ips:  # List of blocked IP addresses or subnets.
  - 1.2.3.4  # Block IP address 1.2.3.4.
  - 4.3.2.1/32  # Block IP address 4.3.2.1/32 (single IP address).
  public_ip_lookup_url: https://ifconfig.me/ip  # URL for querying the public IP address, used to get the device's public IP.

Frequently Asked Questions

Why do we need a Bootstrap DNS server when we already have Upstreams?

This is because resolving the domain names of the DNS servers in Upstreams may require the Bootstrap DNS server for the initial resolution.