diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index f5e62e1fb6..023f1f82a3 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -334,6 +334,17 @@ if api.is_finded("chinadns-ng") then
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks" })
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray" })
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "sing-box" })
+ chinadns_ng_default_tag = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
+ chinadns_ng_default_tag.default = "smart"
+ chinadns_ng_default_tag:value("smart", translate("Smart DNS"))
+ chinadns_ng_default_tag:value("gfw", translate("Remote DNS"))
+ chinadns_ng_default_tag:value("chn", translate("Direct DNS"))
+ chinadns_ng_default_tag.description = ""
+ .. "- " .. translate("Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result") .. "
"
+ .. "- " .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "
"
+ .. "- " .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "
"
+ .. "
"
+ chinadns_ng_default_tag:depends("chinadns_ng", true)
end
if has_chnlist then
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 47ee2ad0be..1fb99e94c4 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -382,6 +382,17 @@ o.rmempty = false
if api.is_finded("chinadns-ng") then
o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
o.default = "0"
+ chinadns_ng_default_tag = s:taboption("DNS", ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
+ chinadns_ng_default_tag.default = "smart"
+ chinadns_ng_default_tag:value("smart", translate("Smart DNS"))
+ chinadns_ng_default_tag:value("gfw", translate("Remote DNS"))
+ chinadns_ng_default_tag:value("chn", translate("Direct DNS"))
+ chinadns_ng_default_tag.description = ""
+ .. "- " .. translate("Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result") .. "
"
+ .. "- " .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "
"
+ .. "- " .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "
"
+ .. "
"
+ chinadns_ng_default_tag:depends("chinadns_ng", true)
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "dns2tcp"})
o:depends({dns_mode = "sing-box", remote_fakedns = false})
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index 3a4ea132a3..ec62291768 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -169,6 +169,15 @@ msgstr "远程DNS可以避免更多的DNS泄露,但会导致规则列表外的
msgid "Direct DNS Internet experience may be better, but DNS will be leaked!"
msgstr "直连DNS上网体验可能会更佳,但是会泄露DNS!"
+msgid "ChinaDNS-NG Domain Default Tag"
+msgstr "ChinaDNS-NG 域名默认标签"
+
+msgid "Smart DNS"
+msgstr "智能 DNS"
+
+msgid "Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result"
+msgstr "同时转发给远程和直连DNS,如果直连DNS解析结果是大陆ip,则使用直连结果,否则使用远程结果"
+
msgid "Filter Proxy Host IPv6"
msgstr "过滤代理域名 IPv6"
diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config
index 1d293a8a9c..de46b8a307 100644
--- a/luci-app-passwall/root/usr/share/passwall/0_default_config
+++ b/luci-app-passwall/root/usr/share/passwall/0_default_config
@@ -11,6 +11,7 @@ config global
option when_chnroute_default_dns 'direct'
option tcp_proxy_mode 'chnroute'
option udp_proxy_mode 'chnroute'
+ option chinadns_ng_default_tag 'smart'
option localhost_tcp_proxy_mode 'default'
option localhost_udp_proxy_mode 'default'
option acl_enable '0'
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 58555fdd5a..fff3f8024f 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -485,7 +485,7 @@ run_chinadns_ng() {
echolog " | - (chinadns-ng) 最高支持4级域名过滤..."
- local _default_tag
+ local _default_tag=$(config_t_get global chinadns_ng_default_tag smart)
local _extra_param=""
[ -n "$_chnlist" ] && {
[ -s "${RULES_PATH}/chnlist" ] && {
@@ -510,7 +510,7 @@ run_chinadns_ng() {
#当只有使用gfwlist模式时设置默认DNS为本地直连
[ -n "$_gfwlist" ] && [ -z "$_chnlist" ] && _default_tag="chn"
}
- [ -n "$_default_tag" ] && _extra_param="${_extra_param} -d ${_default_tag}"
+ [ -n "$_default_tag" ] && [ "$_default_tag" != "smart" ] && _extra_param="${_extra_param} -d ${_default_tag}"
_log_path="/dev/null"
ln_run "$(first_type chinadns-ng)" chinadns-ng "$_log_path" -v -b 127.0.0.1 -l "${_listen_port}" ${_dns_china:+-c "${_dns_china}"} ${_dns_trust:+-t "${_dns_trust}"} ${_extra_param} -f ${_no_ipv6_rules:+-N=${_no_ipv6_rules}}