diff --git a/etc/smartdns/smartdns.conf b/etc/smartdns/smartdns.conf
index 58ab226..4f8ae3b 100644
--- a/etc/smartdns/smartdns.conf
+++ b/etc/smartdns/smartdns.conf
@@ -39,6 +39,7 @@
 #   -no-cache: skip cache.
 #   -no-rule-soa: Skip address SOA(#) rules.
 #   -no-dualstack-selection: Disable dualstack ip selection.
+#   -no-ip-alias: ignore ip alias.
 #   -force-aaaa-soa: force AAAA query return SOA.
 #   -ipset ipsetname: use ipset rule.
 #   -nftset nftsetname: use nftset rule.
@@ -116,7 +117,7 @@ bind [::]:53
 
 # force specific qtype return soa
 # force-qtype-SOA [qtypeid |...]
-# force-qtype-SOA [qtypeid,...]
+# force-qtype-SOA [qtypeid|start_id-end_id|,...]
 # force-qtype-SOA 65 28
 # force-qtype-SOA 65,28
 force-qtype-SOA 65
@@ -326,3 +327,24 @@ log-level info
 # nameserver /domain-set:domain-list/server-group
 # ipset /domain-set:domain-list/ipset
 # domain-rules /domain-set:domain-list/ -speed-check-mode ping
+
+# set ip rules
+# ip-rules ip-cidrs [-ip-alias [...]]
+# rules:
+#   [-c] -ip-alias [ip1,ip2]: same as ip-alias option
+#   [-a] -whitelist-ip: same as whitelist-ip option
+#   [-n] -blacklist-ip: same as blacklist-ip option
+#   [-p] -bogus-nxdomain: same as bogus-nxdomain option
+#   [-t] -ignore-ip: same as ignore-ip option
+
+# collection of IPs 
+# the ip-set can be used with /ip-cidr/ for ip-alias, ignore-ip, etc.
+# ip-set -name [set-name] -type list -file [/path/to/file]
+#   [-n] -name [set name]: ip set name
+#   [-t] -type [list]: ip set type, list only now
+#   [-f] -file [path/to/set]: file path of ip set
+# 
+# example:
+# ip-set -name ip-list -file /etc/smartdns/ip-list.conf
+# bogus-nxdomain ip-set:ip-list
+# ip-alias ip-set:ip-list 1.2.3.4
diff --git a/src/dns_conf.c b/src/dns_conf.c
index da9b66e..224ac16 100644
--- a/src/dns_conf.c
+++ b/src/dns_conf.c
@@ -2084,6 +2084,7 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 		{"no-speed-check", no_argument, NULL, 'S'},  
 		{"no-cache", no_argument, NULL, 'C'},  
 		{"no-dualstack-selection", no_argument, NULL, 'D'},
+		{"no-ip-alias", no_argument, NULL, 'a'},
 		{"force-aaaa-soa", no_argument, NULL, 'F'},
 		{"ipset", required_argument, NULL, 255},
 		{"nftset", required_argument, NULL, 256},
@@ -2138,6 +2139,10 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 			server_flag |= BIND_FLAG_NO_RULE_ADDR;
 			break;
 		}
+		case 'a': {
+			server_flag |= BIND_FLAG_NO_IP_ALIAS;
+			break;
+		}
 		case 'N': {
 			server_flag |= BIND_FLAG_NO_RULE_NAMESERVER;
 			break;
@@ -2509,6 +2514,7 @@ static void _dns_ip_rule_put(struct dns_ip_rule *rule)
 			struct ip_rule_alias *alias = container_of(rule, struct ip_rule_alias, head);
 			if (alias->ip_alias.ipaddr) {
 				free(alias->ip_alias.ipaddr);
+				alias->ip_alias.ipaddr = NULL;
 				alias->ip_alias.ipaddr_num = 0;
 			}
 		}
@@ -2861,7 +2867,7 @@ static int _config_ip_rules_free(struct dns_ip_rules *ip_rules)
 		return 0;
 	}
 
-	for (i = 0; i < DOMAIN_RULE_MAX; i++) {
+	for (i = 0; i < IP_RULE_MAX; i++) {
 		if (ip_rules->rules[i] == NULL) {
 			continue;
 		}
diff --git a/src/dns_conf.h b/src/dns_conf.h
index c7240ce..71cab90 100644
--- a/src/dns_conf.h
+++ b/src/dns_conf.h
@@ -144,6 +144,7 @@ typedef enum {
 #define BIND_FLAG_FORCE_AAAA_SOA (1 << 8)
 #define BIND_FLAG_NO_RULE_CNAME (1 << 9)
 #define BIND_FLAG_NO_RULE_NFTSET (1 << 10)
+#define BIND_FLAG_NO_IP_ALIAS (1 << 11)
 
 enum response_mode_type {
 	DNS_RESPONSE_MODE_FIRST_PING_IP = 0,
diff --git a/src/dns_server.c b/src/dns_server.c
index 73236d8..256d66f 100644
--- a/src/dns_server.c
+++ b/src/dns_server.c
@@ -4121,6 +4121,19 @@ static void _dns_server_get_domain_rule(struct dns_request *request)
 	_dns_server_get_domain_rule_by_domain(request, request->domain, 1);
 }
 
+static int _dns_server_pre_process_server_flags(struct dns_request *request)
+{
+	if (_dns_server_has_bind_flag(request, BIND_FLAG_NO_CACHE) == 0) {
+		request->no_cache = 1;
+	}
+
+	if (_dns_server_has_bind_flag(request, BIND_FLAG_NO_IP_ALIAS) == 0) {
+		request->no_ipalias = 1;
+	}
+
+	return -1;
+}
+
 static int _dns_server_pre_process_rule_flags(struct dns_request *request)
 {
 	struct dns_rule_flags *rule_flag = NULL;
@@ -4141,7 +4154,7 @@ static int _dns_server_pre_process_rule_flags(struct dns_request *request)
 		request->no_serve_expired = 1;
 	}
 
-	if ((flags & DOMAIN_FLAG_NO_CACHE) || (_dns_server_has_bind_flag(request, BIND_FLAG_NO_CACHE) == 0)) {
+	if (flags & DOMAIN_FLAG_NO_CACHE) {
 		request->no_cache = 1;
 	}
 
@@ -5356,6 +5369,10 @@ static int _dns_server_do_query(struct dns_request *request, int skip_notify_eve
 		goto clean_exit;
 	}
 
+	if (_dns_server_pre_process_server_flags(request) == 0) {
+		goto clean_exit;
+	}
+
 	/* process domain flag */
 	if (_dns_server_pre_process_rule_flags(request) == 0) {
 		goto clean_exit;