conf: support space in filename

ReadMe.md

@@ -4,7 +4,7 @@
 
 ![SmartDNS](doc/smartdns-banner.png)
 SmartDNS 是一个运行在本地的 DNS 服务器，它接受来自本地客户端的 DNS 查询请求，然后从多个上游 DNS 服务器获取 DNS 查询结果，并将访问速度最快的结果返回给客户端，以此提高网络访问速度。
-SmartDNS 同时支持指定特定域名 IP 地址，并高性匹配，可达到过滤广告的效果。  
+SmartDNS 同时支持指定特定域名 IP 地址，并高性匹配，可达到过滤广告的效果; 支持DOT(DNS over TLS)和DOH(DNS over HTTPS)，更好的保护隐私。
 与 DNSmasq 的 all-servers 不同，SmartDNS 返回的是访问速度最快的解析结果。详细差异请看[常见问题](#常见问题)。
 
 支持树莓派、OpenWrt、华硕路由器原生固件和 Windows 系统等。  
@@ -103,7 +103,7 @@ rtt min/avg/max/mdev = 5.954/6.133/6.313/0.195 ms
    支持从域名所属 IP 地址列表中查找到访问速度最快的 IP 地址，并返回给客户端，提高网络访问速度。
 
 3. **支持多种查询协议**  
-   支持 UDP、TCP、TLS 和 HTTPS 查询，以及非 53 端口查询。
+   支持 UDP、TCP、DOT 和 DOH 查询，以及非 53 端口查询。
 
 4. **特定域名 IP 地址指定**  
    支持指定域名的 IP 地址，达到广告过滤效果、避免恶意网站的效果。
@@ -143,10 +143,10 @@ smartdns已经合入主流系统的软件仓库，可以直接使用系统安装
 
 系统|安装方式|说明|
 --|--|--
-openwrt|opkg update</br>opkg install luci-app-smartdns</br>opkg install smartdns|22.03之后的系统。软件源路径：https://downloads.openwrt.org/releases/
+openwrt|opkg update<br>opkg install luci-app-smartdns<br>opkg install smartdns|22.03之后的系统。软件源路径：https://downloads.openwrt.org/releases/
 ddwrt|官方最新固件service页面->SmartDNS Resolver->启用。|选择界面参考：https://forum.dd-wrt.com/demo/Services.html
 debian|apt-get install smartdns|
-entware|ipkg update</br>ipkg install smartdns|软件源路径：https://bin.entware.net/
+entware|ipkg update<br>ipkg install smartdns|软件源路径：https://bin.entware.net/
 
 ### 手工下载安装
 

ReadMe_en.md

@@ -1,7 +1,7 @@
 # SmartDNS
 
 ![SmartDNS](doc/smartdns-banner.png)  
-SmartDNS is a local DNS server. SmartDNS accepts DNS query requests from local clients, obtains DNS query results from multiple upstream DNS servers, and returns the fastest access results to clients.  
+SmartDNS is a local DNS server. SmartDNS accepts DNS query requests from local clients, obtains DNS query results from multiple upstream DNS servers, and returns the fastest access results to clients. supports secure DNS protocols like DoT (DNS over TLS), DoH (DNS over HTTPS), better protect privacy,  
 Avoiding DNS pollution and improving network access speed, supports high-performance ad filtering.  
 Unlike dnsmasq's all-servers, smartdns returns the fastest access resolution. （[read more](#faq)）
 
@@ -101,7 +101,7 @@ From the comparison, smartdns found the fastest IP address to visit www.baidu.co
    Supports finding the fastest access IP address from the IP address list of the domain name and returning it to the client to avoid DNS pollution and improve network access speed.
 
 3. **Support for multiple query protocols**  
-   Support UDP, TCP, TLS, HTTPS queries, and non-53 port queries, effectively avoiding DNS pollution.
+   Support UDP, TCP, DOT(DNS over TLS), DOH(DNS over HTTPS) queries, and non-53 port queries, effectively avoiding DNS pollution and protect privacy.
 
 4. **Domain IP address specification**  
    Support configuring IP address of specific domain to achieve the effect of advertising filtering, and avoid malicious websites.
@@ -135,10 +135,10 @@ smartdns can already be installed using system package management tools.
 
 System|Installation|Instructions|
 --|--|--
-openwrt|opkg update</br>opkg install luci-app-smartdns</br>opkg install smartdns|systems after 22.03. Software source: https://downloads.openwrt.org/releases/
+openwrt|opkg update<br>opkg install luci-app-smartdns<br>opkg install smartdns|systems after 22.03. Software source: https://downloads.openwrt.org/releases/
 ddwrt|latest firmware. goto services page abd enable SmartDNS Resolver. |Demo: https://forum.dd-wrt.com/demo/Services.html
 debian|apt-get install smartdns|
-entware|ipkg update</br>ipkg install smartdns|Software source: https://bin.entware.net/
+entware|ipkg update<br>ipkg install smartdns|Software source: https://bin.entware.net/
 
 ### Download the package
 
@@ -508,7 +508,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |nftset|Domain nftset|None|nftset /domain/[#4\|#6\|-]:[family#nftable#nftset\|-][,#[4\|6]:[family#nftable#nftset\|-]]], `-` to ignore; the valid families are inet and ip for ipv4 addresses while the valid ones are inet and ip6 for ipv6 addresses; due to the limitation of nft, two types of addresses have to be stored in two sets|nftset /www.example.com/#4:inet#mytab#dns4,#6:-
 |nftset-timeout|nftset timeout enable|no|[yes\|no]|nftset-timeout yes
 |nftset-debug|nftset debug enable|no|[yes\|no]|nftset-debug yes
-|domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br>`[-c\|-speed-check-mode]`: set speed check mode，same as parameter `speed-check-mode`<br>`[-a\|-address]`: same as  parameter `address` <br>`[-n\|-nameserver]`: same as parameter `nameserver`<br>`[-p\|-ipset]`: same as parameter `nftset`<br>`[-t\|-nftset]`: same as parameter `nftset`<br>`[-d\|-dualstack-ip-selection]`: same as parameter `dualstack-ip-selection`|domain-rules /www.example.com/ -speed-check-mode none
+|domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br>[-c\|-speed-check-mode]: set speed check mode，same as parameter speed-check-mode<br>[-a\|-address]: same as  parameter `address` <br>[-n\|-nameserver]: same as parameter `nameserver`<br>[-p\|-ipset]: same as parameter `nftset`<br>[-t\|-nftset]: same as parameter `nftset`<br>[-d\|-dualstack-ip-selection]: same as parameter `dualstack-ip-selection`|domain-rules /www.example.com/ -speed-check-mode none
 | domain-set | collection of domains|None| domain-set [options...]<br>[-n\|-name]：name of set <br>[-t\|-type] [list]: set type, only support list, one domain per line <br>[-f\|-file]：file path of domain set<br> used with address, nameserver, ipset, nftset, example: /domain-set:[name]/ | domain-set -name set -type list -file /path/to/list <br> address /domain-set:set/1.2.4.8 |
 |bogus-nxdomain|bogus IP address|None|[IP/subnet], Repeatable| bogus-nxdomain 1.2.3.4/16
 |ignore-ip|ignore ip address|None|[ip/subnet], Repeatable| ignore-ip 1.2.3.4/16

package/linux/install

@@ -84,7 +84,7 @@ get_systemd_path()
 	fi
 
 	SERVICE_PATH="/lib/systemd/system"
-	if [ ! -d "$SERVICE_PATH" ]; then
+	if [ -d "$SERVICE_PATH" ]; then
 		echo "$SERVICE_PATH"
 		return 0
 	fi

package/luci-compat/files/luci/i18n/smartdns.zh-cn.po

@@ -22,7 +22,7 @@ msgstr "自动设置为Dnsmasq的上游服务器"
 msgid "Cache Size"
 msgstr "缓存大小"
 
-msgid "Collecting data ..."
+msgid "Collecting data..."
 msgstr "正在收集数据..."
 
 msgid ""
@@ -30,12 +30,27 @@ msgid ""
 "DNS server."
 msgstr "配置需要从指定域名服务器结果过滤的IP黑名单。"
 
+msgid "Configure block domain list."
+msgstr "配置屏蔽域名列表"
+
+msgid "Configure forwarding domain name list."
+msgstr "配置分流域名列表"
+
 msgid "Custom Settings"
 msgstr "自定义设置"
 
+msgid "DNS Block Setting"
+msgstr "域名屏蔽设置"
+
+msgid "DNS Forwarding Setting"
+msgstr "域名分流设置"
+
 msgid "DNS Server Name"
 msgstr "DNS服务器名称"
 
+msgid "DNS Server group belongs to, such as office, home."
+msgstr "配置归属服务器组，例如office, home"
+
 msgid ""
 "DNS Server group belongs to, used with nameserver, such as office, home."
 msgstr "DNS服务器所属组， 配合nameserver使用，例如：office，home。"
@@ -52,8 +67,8 @@ msgstr "协议类型"
 msgid "DNS domain result cache size"
 msgstr "缓存DNS的结果，缓存大小，配置零则不缓存"
 
-msgid "Dnsmasq Forwared To Smartdns Failure"
-msgstr "重定向dnsmasq到smartdns失败"
+msgid "Description"
+msgstr "描述"
 
 msgid "Do not check certificate."
 msgstr "不校验证书的合法性。"
@@ -64,6 +79,18 @@ msgstr "禁用测速。"
 msgid "Domain Address"
 msgstr "域名地址"
 
+msgid "Domain List"
+msgstr "域名列表"
+
+msgid "Domain List File"
+msgstr "域名列表文件"
+
+msgid "Domain Rules"
+msgstr "域名规则"
+
+msgid "Domain Rules Settings"
+msgstr "域名规则设置"
+
 msgid "Domain TTL"
 msgstr "域名TTL"
 
@@ -82,12 +109,26 @@ msgstr "捐助"
 msgid "Donate to smartdns"
 msgstr "捐助smartdns项目"
 
+msgid "Download Files"
+msgstr "下载文件"
+
+msgid "Download Files Setting"
+msgstr "下载文件设置"
+
+msgid ""
+"Download domain list files for domain-rule and include config files, please "
+"refresh the page after download to take effect."
+msgstr "下载域名文件列表，下载后刷新页面生效"
+
 msgid "Dual-stack IP Selection"
 msgstr "双栈IP优选"
 
 msgid "Enable"
 msgstr "启用"
 
+msgid "Enable Auto Update"
+msgstr "启用自动更新"
+
 msgid "Enable IP selection between IPV4 and IPV6"
 msgstr "启用 IPV4 和 IPV6 间的 IP 优选策略"
 
@@ -97,6 +138,9 @@ msgstr "启用IPV6服务器"
 msgid "Enable TCP DNS Server"
 msgstr "启用TCP服务器"
 
+msgid "Enable daily auto update."
+msgstr "启用每日自动更新。"
+
 msgid "Enable domain prefetch, accelerate domain response speed."
 msgstr "启用域名预加载，加速域名响应速度。"
 
@@ -106,6 +150,18 @@ msgstr "是否启用第二DNS服务器。"
 msgid "Enable or disable smartdns server"
 msgstr "启用或禁用SmartDNS服务"
 
+msgid "Exclude DNS Server from default group."
+msgstr "从default默认服务器组中排除"
+
+msgid "Exclude Default Group"
+msgstr "从默认服务器组排除"
+
+msgid "File Name"
+msgstr "文件名"
+
+msgid "File Type"
+msgstr "文件类型"
+
 msgid "Filtering IP with blacklist"
 msgstr "使用IP黑名单过滤"
 
@@ -133,9 +189,6 @@ msgid ""
 msgstr ""
 "当smartdns异常时生成coredump文件，coredump文件在/tmp/smartdns.xxx.core."
 
-msgid "Grant access to LuCI app smartdns"
-msgstr "授予访问 LuCI 应用 smartdns 的权限"
-
 msgid "HTTP Host"
 msgstr "HTTP主机"
 
@@ -148,9 +201,26 @@ msgstr "IP黑名单过滤"
 msgid "IPV6 Server"
 msgstr "IPV6服务器"
 
+msgid "IPset Name"
+msgstr "IPSet名称"
+
+msgid "IPset name."
+msgstr "IPSet名称。"
+
 msgid "If you like this software, please buy me a cup of coffee."
 msgstr "如果本软件对你有帮助，请给作者加个蛋。"
 
+msgid "Include Config Files<br>/etc/smartdns/conf.d"
+msgstr "包含配置文件"
+
+msgid ""
+"Include other config files from /etc/smartdns/conf.d or custom path, can be "
+"downloaded from the download page."
+msgstr "包含配置文件，路径为/etc/smartdns/conf.d，或自定义配置文件路径，可以从下载页"
+
+msgid "List of files to download."
+msgstr "下载的文件列表。"
+
 msgid "Local Port"
 msgstr "本地端口"
 
@@ -160,6 +230,15 @@ msgstr "所有域名的最大 TTL 值。"
 msgid "Minimum TTL for all domain result."
 msgstr "所有域名的最小 TTL 值。"
 
+msgid "NFTset Name"
+msgstr "NFTSet名称"
+
+msgid "NFTset name format error, format: [#[4|6]:[family#table#set]]"
+msgstr "NFTSet名称格式错误，格式：[#[4|6]:[family#table#set]]"
+
+msgid "NFTset name, format: [#[4|6]:[family#table#set]]"
+msgstr "NFTSet名称，格式：[#[4|6]:[family#table#set]]"
+
 msgid "NOT RUNNING"
 msgstr "未运行"
 
@@ -184,6 +263,12 @@ msgstr "解析本地主机名"
 msgid "Resolve local hostnames by reading Dnsmasq lease file."
 msgstr "读取Dnsmasq的租约文件解析本地主机名。"
 
+msgid "Restart"
+msgstr "重启"
+
+msgid "Restart smartdns"
+msgstr "重启服务"
+
 msgid "Second Server Settings"
 msgstr "第二DNS服务器"
 
@@ -193,6 +278,9 @@ msgstr "缓存过期服务"
 msgid "Server Group"
 msgstr "服务器组"
 
+msgid "Server Group not exists"
+msgstr "服务器组不存在"
+
 msgid "Server Name"
 msgstr "服务器名称"
 
@@ -275,7 +363,8 @@ msgstr "SmartDNS本地服务端口"
 msgid ""
 "Smartdns local server port, smartdns will be automatically set as main dns "
 "when the port is 53."
-msgstr "SmartDNS本地服务端口，当端口号设置为53时，smartdns将会自动配置为主dns。"
+msgstr ""
+"SmartDNS本地服务端口，当端口号设置为53时，smartdns将会自动配置为主dns。"
 
 msgid "Smartdns server name"
 msgstr "SmartDNS的服务器名称，默认为smartdns，留空为主机名"
@@ -306,6 +395,38 @@ msgstr "设置所有域名的 TTL 值。"
 msgid "Technical Support"
 msgstr "技术支持"
 
+msgid "URL"
+msgstr "URL"
+
+msgid "URL format error, format: http:// or https://"
+msgstr "URL格式错误，格式：http://或https://"
+
+msgid "Update Files"
+msgstr "更新文件"
+
+msgid "Upload Config File"
+msgstr "上传域名列表文件"
+
+msgid "Upload Domain List File"
+msgstr "上传域名列表文件"
+
+msgid "Upload domain list file to /etc/smartdns/domain-set"
+msgstr "上传域名列表文件到/etc/smartdns/domain-set目录"
+
+msgid ""
+"Upload domain list file, or configure auto download from Download File "
+"Setting page."
+msgstr "上传域名列表文件，或在下载文件设置页面设置自动下载。"
+
+msgid "Upload domain list file."
+msgstr "上传域名列表文件。"
+
+msgid "Upload smartdns config file to /etc/smartdns/conf.d"
+msgstr "上传配置文件到/etc/smartdns/conf.d目录"
+
+msgid "Upstream DNS Server Configuration"
+msgstr "上游服务器配置"
+
 msgid "Upstream Servers"
 msgstr "上游服务器"
 
@@ -324,6 +445,9 @@ msgstr ""
 "用于校验 TLS 服务器的有效性，数值为 Base64 编码的 SPKI 指纹，留空表示不验证 "
 "TLS 的合法性。"
 
+msgid "domain list (/etc/smartdns/domain-set)"
+msgstr "域名列表（/etc/smartdns/domain-set）"
+
 msgid "https"
 msgstr "https"
 
@@ -336,6 +460,9 @@ msgstr "打开网站"
 msgid "port"
 msgstr "端口"
 
+msgid "smartdns config (/etc/smartdns/conf.d)"
+msgstr "配置文件（/etc/smartdns/conf.d）"
+
 msgid "smartdns custom settings"
 msgstr "smartdns 自定义设置，具体配置参数参考指导"
 
@@ -350,3 +477,6 @@ msgstr "类型"
 
 msgid "udp"
 msgstr "udp"
+
+msgid "update domain list files"
+msgstr "更新列表文件"

package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua

@@ -19,6 +19,8 @@ require ("luci.http")
 require ("luci.dispatcher")
 require ("nixio.fs")
 
+local uci = require "luci.model.uci".cursor()
+
 m = Map("smartdns")
 m.title	= translate("SmartDNS Server")
 m.description = translate("SmartDNS is a local high-performance DNS server, supports finding fastest IP, supports ad filtering, and supports avoiding DNS poisoning.")
@@ -30,6 +32,7 @@ s = m:section(TypedSection, "smartdns", translate("Settings"), translate("Genera
 s.anonymous = true
 
 s:tab("settings", translate("General Settings"))
+s:tab("advanced", translate('Advanced Settings'))
 s:tab("seconddns", translate("Second Server Settings"))
 s:tab("custom", translate("Custom Settings"))
 
@@ -69,7 +72,7 @@ o.cfgvalue    = function(...)
 end
 
 ---- Support DualStack ip selection
-o = s:taboption("settings", Flag, "dualstack_ip_selection", translate("Dual-stack IP Selection"), translate("Enable IP selection between IPV4 and IPV6"))
+o = s:taboption("advanced", Flag, "dualstack_ip_selection", translate("Dual-stack IP Selection"), translate("Enable IP selection between IPV4 and IPV6"))
 o.rmempty     = false
 o.default     = o.enabled
 o.cfgvalue    = function(...)
@@ -77,7 +80,7 @@ o.cfgvalue    = function(...)
 end
 
 ---- Domain prefetch load 
-o = s:taboption("settings", Flag, "prefetch_domain", translate("Domain prefetch"), translate("Enable domain prefetch, accelerate domain response speed."))
+o = s:taboption("advanced", Flag, "prefetch_domain", translate("Domain prefetch"), translate("Enable domain prefetch, accelerate domain response speed."))
 o.rmempty     = false
 o.default     = o.disabled
 o.cfgvalue    = function(...)
@@ -85,7 +88,7 @@ o.cfgvalue    = function(...)
 end
 
 ---- Domain Serve expired
-o = s:taboption("settings", Flag, "serve_expired", translate("Serve expired"), 
+o = s:taboption("advanced", Flag, "serve_expired", translate("Serve expired"), 
 	translate("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."))
 o.rmempty     = false
 o.default     = o.enabled
@@ -94,11 +97,11 @@ o.cfgvalue    = function(...)
 end
 
 ---- cache-size
-o = s:taboption("settings", Value, "cache_size", translate("Cache Size"), translate("DNS domain result cache size"))
+o = s:taboption("advanced", Value, "cache_size", translate("Cache Size"), translate("DNS domain result cache size"))
 o.rempty      = true
 
 -- cache-size
-o = s:taboption("settings", Flag, "resolve_local_hostnames", translate("Resolve Local Hostnames"), translate("Resolve local hostnames by reading Dnsmasq lease file."));
+o = s:taboption("advanced", Flag, "resolve_local_hostnames", translate("Resolve Local Hostnames"), translate("Resolve local hostnames by reading Dnsmasq lease file."))
 o.rmempty     = false
 o.default     = o.enabled
 o.cfgvalue    = function(...)
@@ -106,7 +109,7 @@ o.cfgvalue    = function(...)
 end
 
 -- Automatically Set Dnsmasq
-o = s:taboption("settings", Flag, "auto_set_dnsmasq", translate("Automatically Set Dnsmasq"), translate("Automatically set as upstream of dnsmasq when port changes."));
+o = s:taboption("advanced", Flag, "auto_set_dnsmasq", translate("Automatically Set Dnsmasq"), translate("Automatically set as upstream of dnsmasq when port changes."))
 o.rmempty     = false
 o.default     = o.enabled
 o.cfgvalue    = function(...)
@@ -114,7 +117,7 @@ o.cfgvalue    = function(...)
 end
 
 -- Force AAAA SOA
-o = s:taboption("settings", Flag, "force_aaaa_soa", translate("Force AAAA SOA"), translate("Force AAAA SOA."));
+o = s:taboption("advanced", Flag, "force_aaaa_soa", translate("Force AAAA SOA"), translate("Force AAAA SOA."))
 o.rmempty     = false
 o.default     = o.enabled
 o.cfgvalue    = function(...)
@@ -122,7 +125,7 @@ o.cfgvalue    = function(...)
 end
 
 -- Force HTTPS SOA
-o = s:taboption("settings", Flag, "force_https_soa", translate("Force HTTPS SOA"), translate("Force HTTPS SOA."));
+o = s:taboption("advanced", Flag, "force_https_soa", translate("Force HTTPS SOA"), translate("Force HTTPS SOA."))
 o.rmempty     = false
 o.default     = o.enabled
 o.cfgvalue    = function(...)
@@ -130,24 +133,35 @@ o.cfgvalue    = function(...)
 end
 
 ---- rr-ttl
-o = s:taboption("settings", Value, "rr_ttl", translate("Domain TTL"), translate("TTL for all domain result."))
+o = s:taboption("advanced", Value, "rr_ttl", translate("Domain TTL"), translate("TTL for all domain result."))
 o.rempty      = true
 
 ---- rr-ttl-min
-o = s:taboption("settings", Value, "rr_ttl_min", translate("Domain TTL Min"), translate("Minimum TTL for all domain result."))
+o = s:taboption("advanced", Value, "rr_ttl_min", translate("Domain TTL Min"), translate("Minimum TTL for all domain result."))
 o.rempty      = true
 o.placeholder = "600"
 o.default     = 600
 o.optional    = true
 
 ---- rr-ttl-max
-o = s:taboption("settings", Value, "rr_ttl_max", translate("Domain TTL Max"), translate("Maximum TTL for all domain result."))
+o = s:taboption("advanced", Value, "rr_ttl_max", translate("Domain TTL Max"), translate("Maximum TTL for all domain result."))
 o.rempty      = true
 
 ---- rr-ttl-reply-max
-o = s:taboption("settings", Value, "rr_ttl_reply_max", translate("Reply Domain TTL Max"), translate("Reply maximum TTL for all domain result."))
+o = s:taboption("advanced", Value, "rr_ttl_reply_max", translate("Reply Domain TTL Max"), translate("Reply maximum TTL for all domain result."))
 o.rempty      = true
 
+o = s:taboption("advanced", DynamicList, "conf_files", translate("Include Config Files<br>/etc/smartdns/conf.d"),
+    translate("Include other config files from /etc/smartdns/conf.d or custom path, can be downloaded from the download page."));
+uci:foreach("smartdns", "download-file", function(section)
+    local filetype = section.type
+    if (filetype ~= 'config') then
+        return
+    end
+
+    o:value(section.name);
+end)
+
 ---- second dns server
 ---- Eanble
 o = s:taboption("seconddns", Flag, "seconddns_enabled", translate("Enable"), translate("Enable or disable second DNS server."))
@@ -305,11 +319,122 @@ o:value("https", translate("https"))
 o.default     = "udp"
 o.rempty      = false
 
-s = m:section(TypedSection, "smartdns", translate("Advanced Settings"), translate("Advanced Settings"));
-s.anonymous = true;
+---- domain rules;
+s = m:section(TypedSection, "domain-rule", translate("Domain Rules"), translate("Domain Rules Settings"))
+s.anonymous = true
+s.nodescriptions = true
 
-s:tab("domain-address", translate("Domain Address"), translate("Set Specific domain ip address."));
-s:tab("blackip-list", translate("IP Blacklist"), translate("Set Specific ip blacklist."));
+s:tab("forwarding", translate('DNS Forwarding Setting'))
+s:tab("block", translate("DNS Block Setting"))
+s:tab("domain-address", translate("Domain Address"), translate("Set Specific domain ip address."))
+s:tab("blackip-list", translate("IP Blacklist"), translate("Set Specific ip blacklist."))
+
+---- domain forwarding;
+o = s:taboption("forwarding", Value, "server_group", translate("Server Group"), translate("DNS Server group belongs to, such as office, home."))
+o.rmempty = true
+o.placeholder = "default"
+o.datatype = "hostname"
+o.rempty = true
+uci:foreach("smartdns", "server", function(section)
+    local server_group = section.server_group
+    o:value(server_group);
+end)
+
+function o.validate (section_id, value) 
+    if (value == "") then
+        return value
+    end
+
+    local exists = false
+    uci:foreach("smartdns", "server", function(section)
+        local server_group = section.server_group
+        if (exists == true) then
+            return
+        end
+
+        if (value == server_group) then
+            exists = true
+        end
+    end)
+
+    if (exists == false) then
+        return nil, translate('Server Group not exists')
+    end
+
+    return value;
+
+end
+
+o = s:taboption("forwarding", Flag, "no_speed_check", translate("Skip Speed Check"),
+    translate("Do not check speed."))
+o.rmempty = false
+o.default = o.disabled
+
+o = s:taboption("forwarding", Flag, "force_aaaa_soa", translate("Force AAAA SOA"), translate("Force AAAA SOA."))
+o.rmempty = false
+o.default = o.disabled
+
+o = s:taboption("forwarding", Value, "ipset_name", translate("IPset Name"), translate("IPset name."))
+o.rmempty = true
+o.datatype = "hostname"
+o.rempty = true
+
+o = s:taboption("forwarding", Value, "nftset_name", translate("NFTset Name"), translate("NFTset name, format: [#[4|6]:[family#table#set]]"))
+o.rmempty = true
+o.datatype = "string"
+o.rempty = true
+function o.validate(self, value) 
+    if (value == "") then
+        return value
+    end
+
+    if (value:match("#[4|6]:[a-zA-Z0-9%-_]+#[a-zA-Z0-9%-_]+#[a-zA-Z0-9%-_]+$")) then
+        return value
+    end
+
+    return nil, translate("NFTset name format error, format: [#[4|6]:[family#table#set]]")
+end
+
+o = s:taboption("forwarding", FileUpload, "forwarding_domain_set_file", translate("Domain List File"),
+    translate("Upload domain list file, or configure auto download from Download File Setting page."))
+o.rmempty = true
+o.datatype = "file"
+o.rempty = true
+o.editable = true
+o.root_directory = "/etc/smartdns/domain-set"
+
+o = s:taboption("forwarding", TextValue, "domain_forwarding_list",
+    translate("Domain List"), translate("Configure forwarding domain name list."))
+o.rows = 10
+o.cols = 64
+o.monospace = true
+function o.cfgvalue(self, section)
+	return nixio.fs.readfile("/etc/smartdns/domain-forwarding.list")
+end
+function o.write(self, section, value)
+	value = value:gsub("\r\n?", "\n")
+	nixio.fs.writefile("/etc/smartdns/domain-forwarding.list", value)
+end
+
+---- domain block;
+o = s:taboption("block", FileUpload, "block_domain_set_file", translate("Domain List File"), translate("Upload domain list file."))
+o.rmempty = true
+o.datatype = "file"
+o.rempty = true
+o.editable = true
+o.root_directory = "/etc/smartdns/domain-set"
+
+o = s:taboption("block", TextValue, "domain_block_list",
+    translate("Domain List"), translate("Configure block domain list."))
+o.rows = 10
+o.cols = 64
+function o.cfgvalue(self, section)
+	return nixio.fs.readfile("/etc/smartdns/domain-block.list")
+end
+function o.write(self, section, value)
+	value = value:gsub("\r\n?", "\n")
+	nixio.fs.writefile("/etc/smartdns/domain-block.list", value)
+end
 
 -- Doman addresss
 addr = s:taboption("domain-address", Value, "address",
@@ -345,6 +470,77 @@ function addr.write(self, section, value)
 	nixio.fs.writefile("/etc/smartdns/blacklist-ip.conf", value)
 end
 
+s = m:section(TypedSection, "smartdns", translate("Download Files Setting"), translate("Download domain list files for domain-rule and include config files, please refresh the page after download to take effect."))
+s.anonymous = true
+
+---- download Files Settings
+o = s:option(Flag, "enable_auto_update", translate("Enable Auto Update"), translate("Enable daily auto update."))
+o.rmempty = false
+o.default = o.disabled
+o.rempty = true
+
+o = s:option(FileUpload, "upload_conf_file", translate("Upload Config File"),
+    translate("Upload smartdns config file to /etc/smartdns/conf.d"))
+o.rmempty = true
+o.datatype = "file"
+o.rempty = true
+o.editable = true
+o.root_directory = "/etc/smartdns/conf.d"
+
+o = s:option(FileUpload, "upload_list_file", translate("Upload Domain List File"),
+    translate("Upload domain list file to /etc/smartdns/domain-set"))
+o.rmempty = true
+o.datatype = "file"
+o.rempty = true
+o.editable = true
+o.root_directory = "/etc/smartdns/domain-set"
+
+o = s:option(Button, "_updateate")
+o.title = translate("Update Files")
+o.inputtitle = translate("update domain list files")
+o.inputstyle = "apply"
+o.write = function()
+	luci.sys.call("/etc/init.d/smartdns updatefiles >/dev/null 2>&1")
+end
+
+s = m:section(TypedSection, "download-file", translate("Download Files"), translate("List of files to download."))
+s.anonymous = true
+s.addremove = true
+s.template = "cbi/tblsection"
+
+o = s:option(Value, 'name', translate('File Name'), translate('File Name'))
+o.rmempty = false
+o.datatype = 'string'
+
+o = s:option(Value, 'url', translate('URL'), translate('URL'))
+o.rmempty = false
+o.datatype = 'string'
+function o.validate(self, value, section)
+    if value == "" then
+        return nil
+    end
+
+    if value.find(value, "http://") then
+        return value
+    end
+
+    if value.find(value, "https://") then
+        return value
+    end
+
+    return nil, translate("URL format error, format: http:// or https://")
+end
+
+o = s:option(ListValue, "type", translate("type"), translate("File Type"))
+o:value("list", translate("domain list (/etc/smartdns/domain-set)"))
+o:value("config", translate("smartdns config (/etc/smartdns/conf.d)"))
+o.default = "list"
+o.rempty = false
+
+o = s:option(Value, 'desc', translate('Description'), translate('Description'))
+o.rmempty = true
+o.datatype = 'string'
+
 -- Technical Support
 s = m:section(TypedSection, "smartdns", translate("Technical Support"), 
 	translate("If you like this software, please buy me a cup of coffee."))
@@ -366,5 +562,13 @@ o.write = function()
 	luci.http.redirect("https://pymumu.github.io/smartdns/#donate")
 end
 
+o = s:option(Button, "Restart")
+o.title = translate("Restart smartdns")
+o.inputtitle = translate("Restart")
+o.inputstyle = "apply"
+o.write = function()
+	luci.sys.call("/etc/init.d/smartdns restart >/dev/null 2>&1")
+end
+
 return m
 

package/luci-compat/files/luci/model/cbi/smartdns/upstream.lua

@@ -62,6 +62,13 @@ o.placeholder = "default"
 o.datatype    = "hostname"
 o.rempty      = true
 
+---- exclude default group
+o = s:option(Flag, "exclude_default_group", translate("Exclude Default Group"), translate("Exclude DNS Server from default group."))
+o.rmempty = false
+o.default = o.disabled
+o.editable = true
+o.modalonly = true
+
 ---- blacklist_ip
 o = s:option(Flag, "blacklist_ip", translate("IP Blacklist Filtering"), translate("Filtering IP with blacklist"))
 o.rmempty     = false

package/luci-compat/files/usr/share/rpcd/acl.d/luci-app-smartdns.json

@@ -0,0 +1,22 @@
+{
+	"luci-app-smartdns": {
+		"description": "Grant access to LuCI app smartdns",
+		"read": {
+			"file": {
+				"/etc/smartdns/*": [ "read" ]
+			},
+			"ubus": {
+				"service": [ "list" ]
+			},
+			"uci": [ "smartdns" ]
+		},
+		"write": {
+			"file": {
+				"/etc/smartdns/*": [ "write" ],
+				"/etc/init.d/smartdns restart": [ "exec" ],
+				"/etc/init.d/smartdns updatefiles": [ "exec" ]
+			},
+			"uci": [ "smartdns" ]
+		}
+	}
+}

package/luci-compat/make.sh

@@ -54,6 +54,7 @@ build()
 	build_tool
 	mkdir $ROOT/root/usr/lib/lua/ -p
 	cp $ROOT/files/luci $ROOT/root/usr/lib/lua/ -af
+	cp $ROOT/files/usr $ROOT/root/ -af
 	
 	#Generate Language
 	$PO2LMO $ROOT/files/luci/i18n/smartdns.zh-cn.po $ROOT/root/usr/lib/lua/luci/i18n/smartdns.zh-cn.lmo

package/luci/files/luci/i18n/smartdns.zh-cn.po

@@ -17,7 +17,7 @@ msgid "Automatically Set Dnsmasq"
 msgstr "自动设置Dnsmasq"
 
 msgid "Automatically set as upstream of dnsmasq when port changes."
-msgstr "自动设置为Dnsmasq的上游服务器"
+msgstr "端口更改时自动设为 dnsmasq 的上游。"
 
 msgid "Cache Size"
 msgstr "缓存大小"
@@ -30,15 +30,29 @@ msgid ""
 "DNS server."
 msgstr "配置需要从指定域名服务器结果过滤的IP黑名单。"
 
+msgid "Configure block domain list."
+msgstr "配置屏蔽域名列表"
+
+msgid "Configure forwarding domain name list."
+msgstr "配置分流域名列表"
+
 msgid "Custom Settings"
 msgstr "自定义设置"
 
+msgid "DNS Block Setting"
+msgstr "域名屏蔽设置"
+
+msgid "DNS Forwarding Setting"
+msgstr "域名分流设置"
+
 msgid "DNS Server Name"
 msgstr "DNS服务器名称"
 
-msgid ""
-"DNS Server group belongs to, used with nameserver, such as office, home."
-msgstr "DNS服务器所属组， 配合nameserver使用，例如：office，home。"
+msgid "DNS Server group"
+msgstr "服务器组"
+
+msgid "DNS Server group belongs to, such as office, home."
+msgstr "设置服务器组，例如office，home"
 
 msgid "DNS Server ip"
 msgstr "DNS服务器IP"
@@ -52,6 +66,9 @@ msgstr "协议类型"
 msgid "DNS domain result cache size"
 msgstr "缓存DNS的结果，缓存大小，配置零则不缓存"
 
+msgid "Description"
+msgstr "描述"
+
 msgid "Dnsmasq Forwared To Smartdns Failure"
 msgstr "重定向dnsmasq到smartdns失败"
 
@@ -64,6 +81,18 @@ msgstr "禁用测速。"
 msgid "Domain Address"
 msgstr "域名地址"
 
+msgid "Domain List"
+msgstr "域名列表"
+
+msgid "Domain List File"
+msgstr "域名列表文件"
+
+msgid "Domain Rules"
+msgstr "域名规则"
+
+msgid "Domain Rules Settings"
+msgstr "域名规则设置"
+
 msgid "Domain TTL"
 msgstr "域名TTL"
 
@@ -82,12 +111,27 @@ msgstr "捐助"
 msgid "Donate to smartdns"
 msgstr "捐助smartdns项目"
 
+msgid "Download Files"
+msgstr "下载文件"
+
+msgid "Download Files Setting"
+msgstr "下载文件设置"
+
+msgid ""
+"Download domain list files for domain-rule and include config files, please "
+"refresh the page after download to take effect."
+msgstr ""
+"下载域名规则所需要的域名列表文件和smartdns配置文件，下载完成后刷新页面。"
+
 msgid "Dual-stack IP Selection"
 msgstr "双栈IP优选"
 
 msgid "Enable"
 msgstr "启用"
 
+msgid "Enable Auto Update"
+msgstr "启用自动更新"
+
 msgid "Enable IP selection between IPV4 and IPV6"
 msgstr "启用 IPV4 和 IPV6 间的 IP 优选策略"
 
@@ -97,6 +141,9 @@ msgstr "启用IPV6服务器"
 msgid "Enable TCP DNS Server"
 msgstr "启用TCP服务器"
 
+msgid "Enable daily auto update."
+msgstr "启用每日自动更新"
+
 msgid "Enable domain prefetch, accelerate domain response speed."
 msgstr "启用域名预加载，加速域名响应速度。"
 
@@ -106,6 +153,18 @@ msgstr "是否启用第二DNS服务器。"
 msgid "Enable or disable smartdns server"
 msgstr "启用或禁用SmartDNS服务"
 
+msgid "Exclude DNS Server from default group."
+msgstr "从default默认服务器组中排除"
+
+msgid "Exclude Default Group"
+msgstr "从默认组中排除"
+
+msgid "File Name"
+msgstr "文件名"
+
+msgid "File Type"
+msgstr "文件类型"
+
 msgid "Filtering IP with blacklist"
 msgstr "使用IP黑名单过滤"
 
@@ -148,9 +207,28 @@ msgstr "IP黑名单过滤"
 msgid "IPV6 Server"
 msgstr "IPV6服务器"
 
+msgid "IPset Name"
+msgstr "IPset名称"
+
+msgid "IPset name."
+msgstr "IPSet名称。"
+
 msgid "If you like this software, please buy me a cup of coffee."
 msgstr "如果本软件对你有帮助，请给作者加个蛋。"
 
+msgid "Include Config Files<br>/etc/smartdns/conf.d"
+msgstr "包含配置文件<br>/etc/smartdns/conf.d"
+
+msgid ""
+"Include other config files from /etc/smartdns/conf.d or custom path, can be "
+"downloaded from the download page."
+msgstr ""
+"包含配置文件，路径为/etc/smartdns/conf.d，或自定义配置文件路径，可以从下载页"
+"面配置自动下载。"
+
+msgid "List of files to download."
+msgstr "下载文件列表"
+
 msgid "Local Port"
 msgstr "本地端口"
 
@@ -160,6 +238,15 @@ msgstr "所有域名的最大 TTL 值。"
 msgid "Minimum TTL for all domain result."
 msgstr "所有域名的最小 TTL 值。"
 
+msgid "NFTset Name"
+msgstr "NFTSet名称"
+
+msgid "NFTset name format error, format: [#[4|6]:[family#table#set]]"
+msgstr "NFTSet名称格式错误，格式：[#[4|6]:[family#table#set]]"
+
+msgid "NFTset name, format: [#[4|6]:[family#table#set]]"
+msgstr "NFTSet名称，格式：[#[4|6]:[family#table#set]]"
+
 msgid "NOT RUNNING"
 msgstr "未运行"
 
@@ -199,6 +286,9 @@ msgstr "缓存过期服务"
 msgid "Server Group"
 msgstr "服务器组"
 
+msgid "Server Group %s not exists"
+msgstr "服务器组%s不存在"
+
 msgid "Server Name"
 msgstr "服务器名称"
 
@@ -216,8 +306,8 @@ msgid ""
 "the URL address is an IP address."
 msgstr "设置查询时使用的HTTP主机，当URL地址的host是IP地址时，使用此参数。"
 
-msgid "Sets the server name indication for query."
-msgstr "设置查询时使用的服务器SNI名称。"
+msgid "Sets the server name indication for query. '-' for disable SNI name."
+msgstr "设置服务器SNI名称，‘-’表示禁用SNI名称。"
 
 msgid "Settings"
 msgstr "设置"
@@ -281,7 +371,8 @@ msgstr "SmartDNS本地服务端口"
 msgid ""
 "Smartdns local server port, smartdns will be automatically set as main dns "
 "when the port is 53."
-msgstr "SmartDNS本地服务端口，当端口号设置为53时，smartdns将会自动配置为主dns。"
+msgstr ""
+"SmartDNS本地服务端口，当端口号设置为53时，smartdns将会自动配置为主dns。"
 
 msgid "Smartdns server name"
 msgstr "SmartDNS的服务器名称，默认为smartdns，留空为主机名"
@@ -312,6 +403,38 @@ msgstr "设置所有域名的 TTL 值。"
 msgid "Technical Support"
 msgstr "技术支持"
 
+msgid "URL"
+msgstr "URL"
+
+msgid "URL format error, format: http:// or https://"
+msgstr "URL格式错误，格式：http://或https://"
+
+msgid "Update"
+msgstr "更新"
+
+msgid "Update Files"
+msgstr "更新文件"
+
+msgid "Upload Config File"
+msgstr "上传配置文件"
+
+msgid "Upload Domain List File"
+msgstr "上传域名列表文件"
+
+msgid "Upload domain list file to /etc/smartdns/domain-set"
+msgstr "上传域名列表文件到/etc/smartdns/domain-set"
+
+msgid ""
+"Upload domain list file, or configure auto download from Download File "
+"Setting page."
+msgstr "上传域名列表文件，或在下载文件设置页面设置自动下载。"
+
+msgid "Upload domain list file."
+msgstr "上传域名列表文件"
+
+msgid "Upload smartdns config file to /etc/smartdns/conf.d"
+msgstr "上传配置文件到/etc/smartdns/conf.d"
+
 msgid "Upstream Servers"
 msgstr "上游服务器"
 
@@ -330,6 +453,9 @@ msgstr ""
 "用于校验 TLS 服务器的有效性，数值为 Base64 编码的 SPKI 指纹，留空表示不验证 "
 "TLS 的合法性。"
 
+msgid "domain list (/etc/smartdns/domain-set)"
+msgstr "域名列表（/etc/smartdns/domain-set）"
+
 msgid "https"
 msgstr "https"
 
@@ -342,6 +468,9 @@ msgstr "打开网站"
 msgid "port"
 msgstr "端口"
 
+msgid "smartdns config (/etc/smartdns/conf.d)"
+msgstr "配置文件（/etc/smartdns/conf.d）"
+
 msgid "smartdns custom settings"
 msgstr "smartdns 自定义设置，具体配置参数参考指导"
 

package/luci/files/root/usr/share/rpcd/acl.d/luci-app-smartdns.json

@@ -13,7 +13,8 @@
 		"write": {
 			"file": {
 				"/etc/smartdns/*": [ "write" ],
-				"/etc/init.d/smartdns restart": [ "exec" ]
+				"/etc/init.d/smartdns restart": [ "exec" ],
+				"/etc/init.d/smartdns updatefiles": [ "exec" ]
 			},
 			"uci": [ "smartdns" ]
 		}

package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js

@@ -89,6 +89,8 @@ return view.extend({
 	},
 	render: function (stats) {
 		var m, s, o;
+		var ss, so;
+		var servers, downlfiles;
 
 		m = new form.Map('smartdns', _('SmartDNS'));
 		m.title = _("SmartDNS Server");
@@ -120,14 +122,21 @@ return view.extend({
 			]);
 		}
 
+		////////////////
 		// Basic;
+		////////////////
 		s = m.section(form.TypedSection, "smartdns", _("Settings"), _("General Settings"));
 		s.anonymous = true;
 
 		s.tab("settings", _("General Settings"));
+		s.tab("advanced", _('Advanced Settings'));
 		s.tab("seconddns", _("Second Server Settings"));
+		s.tab("files", _("Download Files Setting"), _("Download domain list files for domain-rule and include config files, please refresh the page after download to take effect."));
 		s.tab("custom", _("Custom Settings"));
 
+		///////////////////////////////////////
+		// Basic Settings
+		///////////////////////////////////////
 		o = s.taboption("settings", form.Flag, "enabled", _("Enable"), _("Enable or disable smartdns server"));
 		o.rmempty = false;
 		o.default = o.disabled;
@@ -156,54 +165,57 @@ return view.extend({
 		o.rmempty = false;
 		o.default = o.enabled;
 
+		///////////////////////////////////////
+		// advanced settings;
+		///////////////////////////////////////
 		// Support DualStack ip selection;
-		o = s.taboption("settings", form.Flag, "dualstack_ip_selection", _("Dual-stack IP Selection"),
+		o = s.taboption("advanced", form.Flag, "dualstack_ip_selection", _("Dual-stack IP Selection"),
 			_("Enable IP selection between IPV4 and IPV6"));
 		o.rmempty = false;
 		o.default = o.enabled;
 
 		// Domain prefetch load ;
-		o = s.taboption("settings", form.Flag, "prefetch_domain", _("Domain prefetch"),
+		o = s.taboption("advanced", form.Flag, "prefetch_domain", _("Domain prefetch"),
 			_("Enable domain prefetch, accelerate domain response speed."));
 		o.rmempty = false;
 		o.default = o.disabled;
 
 		// Domain Serve expired
-		o = s.taboption("settings", form.Flag, "serve_expired", _("Serve expired"),
+		o = s.taboption("advanced", form.Flag, "serve_expired", _("Serve expired"),
 			_("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."));
 		o.rmempty = false;
 		o.default = o.enabled;
 
 		// cache-size;
-		o = s.taboption("settings", form.Value, "cache_size", _("Cache Size"), _("DNS domain result cache size"));
+		o = s.taboption("advanced", form.Value, "cache_size", _("Cache Size"), _("DNS domain result cache size"));
 		o.rempty = true;
 
 		// cache-size;
-		o = s.taboption("settings", form.Flag, "resolve_local_hostnames", _("Resolve Local Hostnames"), _("Resolve local hostnames by reading Dnsmasq lease file."));
+		o = s.taboption("advanced", form.Flag, "resolve_local_hostnames", _("Resolve Local Hostnames"), _("Resolve local hostnames by reading Dnsmasq lease file."));
 		o.rmempty = false;
 		o.default = o.enabled;
 
 		// auto-conf-dnsmasq;
-		o = s.taboption("settings", form.Flag, "auto_set_dnsmasq", _("Automatically Set Dnsmasq"), _("Automatically set as upstream of dnsmasq when port changes."));
+		o = s.taboption("advanced", form.Flag, "auto_set_dnsmasq", _("Automatically Set Dnsmasq"), _("Automatically set as upstream of dnsmasq when port changes."));
 		o.rmempty = false;
 		o.default = o.enabled;
 
 		// Force AAAA SOA
-		o = s.taboption("settings", form.Flag, "force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA."));
+		o = s.taboption("advanced", form.Flag, "force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA."));
 		o.rmempty = false;
 		o.default = o.disabled;
 
 		// Force HTTPS SOA
-		o = s.taboption("settings", form.Flag, "force_https_soa", _("Force HTTPS SOA"), _("Force HTTPS SOA."));
+		o = s.taboption("advanced", form.Flag, "force_https_soa", _("Force HTTPS SOA"), _("Force HTTPS SOA."));
 		o.rmempty = false;
 		o.default = o.enabled;
 
 		// rr-ttl;
-		o = s.taboption("settings", form.Value, "rr_ttl", _("Domain TTL"), _("TTL for all domain result."));
+		o = s.taboption("advanced", form.Value, "rr_ttl", _("Domain TTL"), _("TTL for all domain result."));
 		o.rempty = true;
 
 		// rr-ttl-min;
-		o = s.taboption("settings", form.Value, "rr_ttl_min", _("Domain TTL Min"),
+		o = s.taboption("advanced", form.Value, "rr_ttl_min", _("Domain TTL Min"),
 			_("Minimum TTL for all domain result."));
 		o.rempty = true;
 		o.placeholder = "600";
@@ -211,16 +223,34 @@ return view.extend({
 		o.optional = true;
 
 		// rr-ttl-max;
-		o = s.taboption("settings", form.Value, "rr_ttl_max", _("Domain TTL Max"),
+		o = s.taboption("advanced", form.Value, "rr_ttl_max", _("Domain TTL Max"),
 			_("Maximum TTL for all domain result."));
 		o.rempty = true;
 
 		// rr-ttl-reply-max;
-		o = s.taboption("settings", form.Value, "rr_ttl_reply_max", _("Reply Domain TTL Max"),
+		o = s.taboption("advanced", form.Value, "rr_ttl_reply_max", _("Reply Domain TTL Max"),
 			_("Reply maximum TTL for all domain result."));
 		o.rempty = true;
 
+		// include config
+		downlfiles = uci.sections('smartdns', 'download-file');
+		o = s.taboption("advanced", form.DynamicList, "conf_files", _("Include Config Files<br>/etc/smartdns/conf.d"),
+			_("Include other config files from /etc/smartdns/conf.d or custom path, can be downloaded from the download page."));
+		for (var i = 0; i < downlfiles.length; i++) {
+			if (downlfiles[i].type == undefined) {
+				continue;
+			}
+
+			if (downlfiles[i].type != 'config') {
+				continue
+			}
+
+			o.value(downlfiles[i].name);
+		}
+
+		///////////////////////////////////////
 		// second dns server;
+		///////////////////////////////////////
 		// Eanble;
 		o = s.taboption("seconddns", form.Flag, "seconddns_enabled", _("Enable"),
 			_("Enable or disable second DNS server."));
@@ -291,10 +321,85 @@ return view.extend({
 		o.rmempty = false;
 		o.default = o.disabled;
 
+		///////////////////////////////////////
+		// download Files Settings
+		///////////////////////////////////////
+		o = s.taboption("files", form.Flag, "enable_auto_update", _("Enable Auto Update"), _("Enable daily auto update."));
+		o.rmempty = false;
+		o.default = o.disabled;
+		o.rempty = true;
+
+		o = s.taboption("files", form.FileUpload, "upload_conf_file", _("Upload Config File"),
+			_("Upload smartdns config file to /etc/smartdns/conf.d"));
+		o.rmempty = true
+		o.datatype = "file"
+		o.rempty = true
+		o.editable = true
+		o.root_directory = "/etc/smartdns/conf.d"
+
+		o = s.taboption("files", form.FileUpload, "upload_list_file", _("Upload Domain List File"),
+			_("Upload domain list file to /etc/smartdns/domain-set"));
+		o.rmempty = true
+		o.datatype = "file"
+		o.rempty = true
+		o.editable = true
+		o.root_directory = "/etc/smartdns/domain-set"
+
+		o = s.taboption('files', form.DummyValue, "_update", _("Update Files"));
+		o.renderWidget = function () {
+			return E('button', {
+				'class': 'btn cbi-button cbi-button-apply',
+				'id': 'btn_update',
+				'click': ui.createHandlerFn(this, function () {
+					return fs.exec('/etc/init.d/smartdns', ['updatefiles'])
+						.catch(function (e) { ui.addNotification(null, E('p', e.message), 'error') });
+				})
+			}, [_("Update")]);
+		}
+
+		o = s.taboption('files', form.SectionValue, '__files__', form.GridSection, 'download-file', _('Download Files'),
+			_('List of files to download.'));
+
+		ss = o.subsection;
+
+		ss.addremove = true;
+		ss.anonymous = true;
+		ss.sortable = true;
+
+		so = ss.option(form.Value, 'name', _('File Name'), _('File Name'));
+		so.rmempty = false;
+		so.datatype = 'file';
+
+		so = ss.option(form.Value, 'url', _('URL'), _('URL'));
+		so.rmempty = false;
+		so.datatype = 'string';
+		so.validate = function (section_id, value) {
+			if (value == "") {
+				return true;
+			}
+
+			if (!value.match(/^(http|https|ftp|sftp):\/\//)) {
+				return _("URL format error, format: http:// or https://");
+			}
+
+			return true;
+		}
+
+		so = ss.option(form.ListValue, "type", _("type"), _("File Type"));
+		so.value("list", _("domain list (/etc/smartdns/domain-set)"));
+		so.value("config", _("smartdns config (/etc/smartdns/conf.d)"));
+		so.default = "list";
+		so.rempty = false;
+
+		so = ss.option(form.Value, 'desc', _('Description'), _('Description'));
+		so.rmempty = true;
+		so.datatype = 'string';
+
+		///////////////////////////////////////
 		// custom settings;
+		///////////////////////////////////////
 		o = s.taboption("custom", form.TextValue, "custom_conf",
 			"", _("smartdns custom settings"));
-
 		o.rows = 20;
 		o.cfgvalue = function (section_id) {
 			return fs.trimmed('/etc/smartdns/custom.conf');
@@ -312,12 +417,16 @@ return view.extend({
 			_("Generate Coredump file when smartdns crash, coredump file is located at /tmp/smartdns.xxx.core."));
 		o.rmempty = false;
 		o.default = o.disabled;
+
+		////////////////
 		// Upstream servers;
+		////////////////
 		s = m.section(form.GridSection, "server", _("Upstream Servers"),
 			_("Upstream Servers, support UDP, TCP protocol. Please configure multiple DNS servers, "
 				+ "including multiple foreign DNS servers."));
 		s.anonymous = true;
 		s.addremove = true;
+		s.sortable = true;
 
 		s.tab('general', _('General Settings'));
 		s.tab('advanced', _('Advanced Settings'));
@@ -355,14 +464,30 @@ return view.extend({
 		o.default = "udp";
 		o.rempty = false;
 
-		// Advanced Options
 		// server group
-		o = s.taboption("advanced", form.Value, "server_group", _("Server Group"), _("DNS Server group belongs to, "
-			+ "used with nameserver, such as office, home."))
-		o.rmempty = true
-		o.placeholder = "default"
-		o.datatype = "hostname"
-		o.rempty = true
+		o = s.taboption("general", form.Value, "server_group", _("Server Group"), _("DNS Server group"))
+		o.rmempty = true;
+		o.placeholder = "default";
+		o.datatype = "hostname";
+		o.rempty = true;
+		servers = uci.sections('smartdns', 'server');
+		var groupnames = new Set();
+		for (var i = 0; i < servers.length; i++) {
+			if (servers[i].server_group == undefined) {
+				continue;
+			}
+			groupnames.add(servers[i].server_group);
+		}
+
+		for (const groupname of groupnames) {
+			o.value(groupname);
+		}
+
+		// Advanced Options
+		o = s.taboption("advanced", form.Flag, "exclude_default_group", _("Exclude Default Group"), _("Exclude DNS Server from default group."))
+		o.rmempty = false;
+		o.default = o.disabled;
+		o.editable = true;
 		o.modalonly = true;
 
 		// blacklist_ip
@@ -393,7 +518,7 @@ return view.extend({
 
 		// SNI host name
 		o = s.taboption("advanced", form.Value, "host_name", _("TLS SNI name"),
-			_("Sets the server name indication for query."))
+			_("Sets the server name indication for query. '-' for disable SNI name."))
 		o.default = ""
 		o.datatype = "hostname"
 		o.rempty = true
@@ -428,13 +553,155 @@ return view.extend({
 		o.rempty = true
 		o.modalonly = true;
 
-		// Doman addresss;
-		s = m.section(form.TypedSection, "smartdns", _("Advanced Settings"), _("Advanced Settings"));
+		////////////////
+		// domain rules;
+		////////////////
+		s = m.section(form.TypedSection, "domain-rule", _("Domain Rules"), _("Domain Rules Settings"));
 		s.anonymous = true;
+		s.nodescriptions = true;
 
+		s.tab("forwarding", _('DNS Forwarding Setting'));
+		s.tab("block", _("DNS Block Setting"));
 		s.tab("domain-address", _("Domain Address"), _("Set Specific domain ip address."));
 		s.tab("blackip-list", _("IP Blacklist"), _("Set Specific ip blacklist."));
 
+		///////////////////////////////////////
+		// domain forwarding;
+		///////////////////////////////////////
+		o = s.taboption("forwarding", form.Value, "server_group", _("Server Group"), _("DNS Server group belongs to, such as office, home."))
+		o.rmempty = true
+		o.placeholder = "default"
+		o.datatype = "hostname"
+		o.rempty = true
+		for (const groupname of groupnames) {
+			o.value(groupname);
+		}
+		o.validate = function (section_id, value) {
+			if (value == "") {
+				return true;
+			}
+
+			var val = uci.sections('smartdns', 'server');
+			for (var i = 0; i < val.length; i++) {
+				if (value == val[i].server_group) {
+					return true;
+				}
+			}
+
+			return _('Server Group %s not exists').format(value);
+
+		}
+
+		o = s.taboption("forwarding", form.Flag, "no_speed_check", _("Skip Speed Check"),
+			_("Do not check speed."));
+		o.rmempty = false;
+		o.default = o.disabled;
+
+		o = s.taboption("forwarding", form.Flag, "force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA."));
+		o.rmempty = false;
+		o.default = o.disabled;
+
+		o = s.taboption("forwarding", form.Value, "ipset_name", _("IPset Name"), _("IPset name."));
+		o.rmempty = true;
+		o.datatype = "hostname";
+		o.rempty = true;
+
+		o = s.taboption("forwarding", form.Value, "nftset_name", _("NFTset Name"), _("NFTset name, format: [#[4|6]:[family#table#set]]"));
+		o.rmempty = true;
+		o.datatype = "string";
+		o.rempty = true;
+		o.validate = function (section_id, value) {
+			if (value == "") {
+				return true;
+			}
+
+			var nftset = value.split(",")
+			for (var i = 0; i < nftset.length; i++) {
+				if (!nftset[i].match(/#[4|6]:[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+$/)) {
+					return _("NFTset name format error, format: [#[4|6]:[family#table#set]]");
+				}
+			}
+
+			return true;
+		}
+
+		o = s.taboption("forwarding", form.FileUpload, "forwarding_domain_set_file", _("Domain List File"),
+			_("Upload domain list file, or configure auto download from Download File Setting page."));
+		o.rmempty = true
+		o.datatype = "file"
+		o.rempty = true
+		o.editable = true
+		o.root_directory = "/etc/smartdns/domain-set"
+
+		o = s.taboption("forwarding", form.TextValue, "domain_forwarding_list",
+			_("Domain List"), _("Configure forwarding domain name list."));
+		o.rows = 10;
+		o.cols = 64;
+		o.monospace = true;
+		o.cfgvalue = function (section_id) {
+			return fs.trimmed('/etc/smartdns/domain-forwarding.list').catch(function (e) {
+				return "";
+			});
+		};
+		o.write = function (section_id, formvalue) {
+			return this.cfgvalue(section_id).then(function (value) {
+				if (value == formvalue) {
+					return
+				}
+				return fs.write('/etc/smartdns/domain-forwarding.list', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
+			});
+		};
+
+		///////////////////////////////////////
+		// domain block;
+		///////////////////////////////////////
+		o = s.taboption("block", form.FileUpload, "block_domain_set_file", _("Domain List File"), _("Upload domain list file."));
+		o.rmempty = true
+		o.datatype = "file"
+		o.rempty = true
+		o.editable = true
+		o.root_directory = "/etc/smartdns/domain-set"
+
+		o = s.taboption("block", form.TextValue, "domain_block_list",
+			_("Domain List"), _("Configure block domain list."));
+		o.rows = 10;
+		o.cols = 64;
+		o.cfgvalue = function (section_id) {
+			return fs.trimmed('/etc/smartdns/domain-block.list').catch(function (e) {
+				return "";
+			});
+		};
+		o.write = function (section_id, formvalue) {
+			return this.cfgvalue(section_id).then(function (value) {
+				if (value == formvalue) {
+					return
+				}
+				return fs.write('/etc/smartdns/domain-block.list', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
+			});
+		};
+
+		///////////////////////////////////////
+		// IP Blacklist;
+		///////////////////////////////////////
+		// blacklist;
+		o = s.taboption("blackip-list", form.TextValue, "blackip_ip_conf",
+			"", _("Configure IP blacklists that will be filtered from the results of specific DNS server."));
+		o.rows = 20;
+		o.cfgvalue = function (section_id) {
+			return fs.trimmed('/etc/smartdns/blacklist-ip.conf');
+		};
+		o.write = function (section_id, formvalue) {
+			return this.cfgvalue(section_id).then(function (value) {
+				if (value == formvalue) {
+					return
+				}
+				return fs.write('/etc/smartdns/blacklist-ip.conf', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
+			});
+		};
+
+		///////////////////////////////////////
+		// domain address
+		///////////////////////////////////////
 		o = s.taboption("domain-address", form.TextValue, "address_conf",
 			"",
 			_("Specify an IP address to return for any host in the given domains, Queries in the domains are never "
@@ -452,24 +719,9 @@ return view.extend({
 			});
 		};
 
-		// IP Blacklist;
-		// blacklist;
-		o = s.taboption("blackip-list", form.TextValue, "blackip_ip_conf",
-			"", _("Configure IP blacklists that will be filtered from the results of specific DNS server."));
-		o.rows = 20;
-		o.cfgvalue = function (section_id) {
-			return fs.trimmed('/etc/smartdns/blacklist-ip.conf');
-		};
-		o.write = function (section_id, formvalue) {
-			return this.cfgvalue(section_id).then(function (value) {
-				if (value == formvalue) {
-					return
-				}
-				return fs.write('/etc/smartdns/blacklist-ip.conf', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
-			});
-		};
-
-		// Doman addresss;
+		////////////////
+		// Support
+		////////////////
 		s = m.section(form.TypedSection, "smartdns", _("Technical Support"),
 			_("If you like this software, please buy me a cup of coffee."));
 		s.anonymous = true;

package/openwrt/domain-block.list

@@ -0,0 +1,4 @@
+# domain block list, one domain name per line.
+# example: block a.com, and b.com
+# a.com
+# b.com

package/openwrt/domain-forwarding.list

@@ -0,0 +1,4 @@
+# domain forwarding list, one domain name per line.
+# example: forwarding a.com, and b.com
+# a.com
+# b.com

package/openwrt/files/etc/config/smartdns

@@ -1,3 +1,4 @@
 config 'smartdns'
 	option 'enabled' '0'
-	
+	
+config 'domain-rule'

package/openwrt/files/etc/init.d/smartdns

@@ -23,12 +23,16 @@ SERVICE_WRITE_PID=1
 SERVICE_DAEMONIZE=1
 SERVICE_PID_FILE="/var/run/smartdns.pid"
 SMARTDNS_CONF_DIR="/etc/smartdns"
+SMARTDNS_CONF_DOWNLOAD_DIR="$SMARTDNS_CONF_DIR/conf.d"
+SMARTDNS_DOMAIN_LIST_DOWNLOAD_DIR="$SMARTDNS_CONF_DIR/domain-set"
 SMARTDNS_VAR_CONF_DIR="/var/etc/smartdns"
 SMARTDNS_CONF="$SMARTDNS_VAR_CONF_DIR/smartdns.conf"
 ADDRESS_CONF="$SMARTDNS_CONF_DIR/address.conf"
 BLACKLIST_IP_CONF="$SMARTDNS_CONF_DIR/blacklist-ip.conf"
 CUSTOM_CONF="$SMARTDNS_CONF_DIR/custom.conf"
 SMARTDNS_CONF_TMP="${SMARTDNS_CONF}.tmp"
+EXTRA_COMMANDS="updatefiles"
+EXTRA_HELP="        updatefiles      Update files"
 COREDUMP="0"
 RESPAWN="1"
 DO_RELOAD="0"
@@ -174,6 +178,7 @@ load_server()
 	config_get host_name "$section" "host_name" ""
 	config_get http_host "$section" "http_host" ""
 	config_get server_group "$section" "server_group" ""
+	config_get_bool exclude_default_group "$section" "exclude_default_group" "0"
 	config_get blacklist_ip "$section" "blacklist_ip" "0"
 	config_get check_edns "$section" "check_edns" "0"
 	config_get spki_pin "$section" "spki_pin" ""
@@ -205,6 +210,7 @@ load_server()
 	[ -z "$host_name" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -host-name $host_name"
 	[ -z "$http_host" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -http-host $http_host"
 	[ -z "$server_group" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -group $server_group"
+	[ "$exclude_default_group" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -exclude-default-group"
 	[ "$blacklist_ip" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -blacklist-ip"
 	[ "$check_edns" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -check-edns"
 	[ -z "$spki_pin" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -spki-pin $spki_pin"
@@ -220,6 +226,80 @@ load_server()
 	conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS $addition_arg"
 }
 
+restart_crond()
+{
+	/etc/init.d/cron restart >/dev/null 2>&1
+}
+
+disable_auto_update()
+{
+	local no_restart="$1"
+	grep "/etc/init.d/smartdns" /etc/crontabs/root 1>/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+		return 
+	fi
+
+	sed -i '\@/etc/init.d/smartdns@d' /etc/crontabs/root
+
+	if [ "$no_restart" = "1" ]; then
+		return
+	fi
+
+	restart_crond
+}
+
+enable_auto_update()
+{
+	grep "0 5 * * * /etc/init.d/smartdns updatefiles" /etc/crontabs/root 2>/dev/null
+	if [ $? -eq 0 ]; then
+		return 
+	fi
+
+	disable_auto_update 1
+	echo "0 5 * * * /etc/init.d/smartdns updatefiles" >> /etc/crontabs/root
+	restart_crond
+}
+
+load_domain_rules()
+{
+	local section="$1"
+	local domain_set_args=""
+	local domain_set_name="domain"
+
+	config_get server_group "$section" "server_group" ""
+	[ ! -z "$server_group" ] && domain_set_args="$domain_set_args -nameserver $server_group"
+
+	config_get_bool no_speed_check "$section" "no_speed_check" "0"
+	[ "$no_speed_check" = "1" ] && domain_set_args="$domain_set_args -speed-check-mode none"
+
+	config_get_bool force_aaaa_soa "$section" "force_aaaa_soa" "0"
+	[ "$force_aaaa_soa" = "1" ] && domain_set_args="$domain_set_args -address #6"
+
+	config_get ipset_name "$section" "ipset_name" ""
+	[ ! -z "$ipset_name" ] && domain_set_args="$domain_set_args -ipset $ipset_name"
+
+	config_get ipset_name "$section" "nftset_name" ""
+	[ ! -z "$nftset_name" ] && domain_set_args="$domain_set_args -nftset '$nftset_name'"
+
+	config_get forwarding_domain_set_file "$section" "forwarding_domain_set_file" ""
+	[ ! -z "$forwarding_domain_set_file" ] && {
+		conf_append "domain-set" "-name ${domain_set_name}-forwarding-file -file '$forwarding_domain_set_file'"
+		conf_append "domain-rules" "/domain-set:${domain_set_name}-forwarding-file/ $domain_set_args"
+	}
+
+	conf_append "domain-set" "-name ${domain_set_name}-forwarding-list -file /etc/smartdns/domain-forwarding.list"
+	conf_append "domain-rules" "/domain-set:${domain_set_name}-forwarding-list/ $domain_set_args"
+
+	config_get block_domain_set_file "$section" "block_domain_set_file"
+	[ ! -z "$block_domain_set_file" ] && {
+		conf_append "domain-set" "-name ${domain_set_name}-block-file -file '$block_domain_set_file'"
+		conf_append "domain-rules" "/domain-set:${domain_set_name}-block-file/ -group block"
+	}
+
+	conf_append "domain-set" "-name ${domain_set_name}-block-list -file /etc/smartdns/domain-block.list"
+	conf_append "domain-rules" "/domain-set:${domain_set_name}-block-list/ --address #"
+}
+
 load_second_server()
 {
 	local section="$1"
@@ -270,6 +350,21 @@ load_second_server()
 	[ "$seconddns_tcp_server" = "1" ] && conf_append "bind-tcp" "$ADDR:$seconddns_port $ARGS"
 }
 
+conf_append_conf_files()
+{
+	local conf_file="$1"
+
+	if [ "$1" != "${1#/}" ]; then
+		fullpath="$1"
+	else 
+		fullpath="$SMARTDNS_CONF_DOWNLOAD_DIR/$conf_file"
+	fi
+
+	[ -f "$fullpath" ] && {
+		conf_append "conf-file" "'$fullpath'"
+	}
+}
+
 load_service()
 {
 	local section="$1"
@@ -345,6 +440,9 @@ load_service()
 	config_get log_file "$section" "log_file" ""
 	[ -z "$log_file" ] || conf_append "log-file" "$log_file"
 
+	config_get_bool enable_auto_update "$section" "enable_auto_update" "0"
+	[ "$enable_auto_update" = "1" ] && enable_auto_update || disable_auto_update
+	
 	config_get redirect "$section" "redirect" ""
 	config_get old_port "$section" "old_port" "0"
 	config_get old_enabled "$section" "old_enabled" "0"
@@ -390,6 +488,7 @@ load_service()
 		[ "$old_enabled" = "0" ] && return 1
 		[ "$old_port" = "53" ] && stop_main_dns "0"
 		[ "$old_port" != "53" ] && [ "$old_auto_set_dnsmasq" = "1" ] && stop_forward_dnsmasq "$old_port" "0"
+		disable_auto_update
 		return 1
 	}
 
@@ -428,6 +527,10 @@ load_service()
 
 	config_foreach load_server "server"
 
+	config_list_foreach "$section" "conf_files" conf_append_conf_files
+
+	config_foreach load_domain_rules "domain-rule"
+
 	{
 		echo "conf-file $ADDRESS_CONF"
 		echo "conf-file $BLACKLIST_IP_CONF"
@@ -473,6 +576,38 @@ unload_service()
 	}
 }
 
+download_file() {
+	local section="$1"
+
+	config_get url "$section" "url" ""
+	config_get name "$section" "name" ""
+	config_get filetype "$section" "type" ""
+
+	[ -z "$url" ] && return 0
+	[ -z "$name" ] && return 0
+	[ -z "$filetype" ] && return 0
+
+	echo "download $filetype file $name from $url"
+	wget --timeout 120 -q -O "/tmp/$name" "$url"
+	if [ $? -ne 0 ]; then
+		echo "download file $name failed"
+		return 1
+	fi
+
+	echo "download file $name success"
+	if [ "$filetype" = "list" ]; then
+		mv "/tmp/$name" "$SMARTDNS_DOMAIN_LIST_DOWNLOAD_DIR/$name"	
+	elif [ "$filetype" = "config" ]; then
+		mv "/tmp/$name" "$SMARTDNS_CONF_DOWNLOAD_DIR/$name"	
+	fi
+}
+
+updatefiles() {
+	config_load "smartdns"
+	config_foreach download_file "download-file"
+	reload_service
+}
+
 service_stopped()
 {
 	config_load "smartdns"

package/openwrt/make.sh

@@ -23,6 +23,8 @@ SMARTDNS_CONF=$SMARTDNS_DIR/etc/smartdns/smartdns.conf
 ADDRESS_CONF=$CURR_DIR/address.conf
 BLACKLIST_IP_CONF=$CURR_DIR/blacklist-ip.conf
 CUSTOM_CONF=$CURR_DIR/custom.conf
+DOMAIN_BLOCK_LIST=$CURR_DIR/domain-block.list
+DOMAIN_FORWARDING_LIST=$CURR_DIR/domain-forwarding.list
 
 showhelp()
 {
@@ -45,11 +47,15 @@ build()
 	mkdir $ROOT/root/usr/sbin -p
 	mkdir $ROOT/root/etc/init.d -p
 	mkdir $ROOT/root/etc/smartdns/ -p
+	mkdir $ROOT/root/etc/smartdns/domain-set/ -p 
+	mkdir $ROOT/root/etc/smartdns/conf.d/ -p 
 
 	cp $SMARTDNS_CONF  $ROOT/root/etc/smartdns/
 	cp $ADDRESS_CONF $ROOT/root/etc/smartdns/
 	cp $BLACKLIST_IP_CONF $ROOT/root/etc/smartdns/
 	cp $CUSTOM_CONF $ROOT/root/etc/smartdns/
+	cp $DOMAIN_BLOCK_LIST $ROOT/root/etc/smartdns/
+	cp $DOMAIN_FORWARDING_LIST $ROOT/root/etc/smartdns/
 	cp $CURR_DIR/files/etc $ROOT/root/ -af
 	cp $SMARTDNS_BIN $ROOT/root/usr/sbin
 	if [ $? -ne 0 ]; then

package/optware/S50smartdns

@@ -109,7 +109,24 @@ restart_dnsmasq()
 		return 1
 	fi
 
-	PID="$(echo "$CMD" | awk '{print $1}')"
+	# check multiple dnsmasq
+	linecount="$(echo "$CMD" | wc -l)"
+	if [ $linecount -eq 1 ]; then
+		PID="$(echo "$CMD" | awk '{print $1}')"
+	elif [ $linecount -gt 1 ]; then
+		PID1="$(echo "$CMD" | awk 'NR==1{print $1}')"
+		PID2="$(echo "$CMD" | awk 'NR==2{print $1}')"
+		PID2_PPID="$(grep 'PPid:' /proc/$PID2/status | awk '{print $2}' 2>/dev/null)"
+		if [ "$PID2_PPID" != "$PID1" ]; then
+			echo "find multiple dnsmasq, but not started by the same process"
+			return 1
+		fi
+		PID=$PID1
+	else
+		echo "find multiple dnsmasq, but not started by the same process"
+		return 1
+	fi
+
 	if [ ! -d "/proc/$PID" ]; then
 		echo "dnsmasq is not running"
 		return 1
@@ -117,29 +134,61 @@ restart_dnsmasq()
 
 	kill -9 "$PID"
 
+	# get dnsmasq command
+	CMD="$(echo "$CMD" | head -n 1)"
 	DNSMASQ_CMD="$(echo "$CMD" | awk '{for(i=5; i<=NF;i++)printf $i " "}')"
 
 	$DNSMASQ_CMD
 }
 
-get_server_ip()
+add_dhcp_options6()
 {
 	CONF_FILE=$1
 	IPS="$(ifconfig | grep "inet addr" | grep -v ":127" | grep "Bcast" | awk '{print $2}' | awk -F: '{print $2}')"
 	for IP in $IPS
 	do
-		N=3
-		while [ $N -gt 0 ]
-		do
-			ADDR="$(echo "$IP" | awk -F. "{for(i=1;i<="$N";i++)printf \$i\".\"}")"
-			grep "dhcp-range=" "$CONF_FILE" | grep "$ADDR" >/dev/null 2>&1
-			if [ $? -eq 0 ]; then
-					SERVER_TAG="$(grep "^dhcp-range *=" "$CONF_FILE" | grep "$ADDR" | awk -F= '{print $2}' | awk -F, '{print $1}')"
-					LOCAL_SERVER_IP="$IP"
-					return 1
-			fi
-			N=$((N-1))
-		done
+		DHCP_OPTION="$(grep "dhcp-option=" "$CONF_FILE" | grep "$IP" | head -n 1)"
+		if [ -z "$DHCP_OPTION" ]; then
+			continue
+		fi
+
+		SERVER_TAG="$(echo "$DHCP_OPTION" | awk -F= '{print $2}' | awk -F, '{print $1}')"
+		LOCAL_SERVER_IP="$IP"
+
+		grep "dhcp-option *= *$SERVER_TAG, *6 *, *$LOCAL_SERVER_IP" $CONF_FILE 1>/dev/null 2>&1
+		if [ $? -eq 0 ]; then
+			continue
+		fi
+		
+		DHCP_OPTION="dhcp-option=$SERVER_TAG,6,$LOCAL_SERVER_IP"
+		echo "$DHCP_OPTION" >> "$CONF_FILE"
+		RESTART_DNSMASQ=1
+	done
+
+	return 1
+}
+
+clear_dhcp_options6()
+{
+	CONF_FILE=$1
+	IPS="$(ifconfig | grep "inet addr" | grep -v ":127" | grep "Bcast" | awk '{print $2}' | awk -F: '{print $2}')"
+	for IP in $IPS
+	do
+		DHCP_OPTION="$(grep "dhcp-option=" "$CONF_FILE" | grep "$IP" | head -n 1)"
+		if [ -z "$DHCP_OPTION" ]; then
+			continue
+		fi
+
+		SERVER_TAG="$(echo "$DHCP_OPTION" | awk -F= '{print $2}' | awk -F, '{print $1}')"
+		LOCAL_SERVER_IP="$IP"
+
+		grep "dhcp-option *= *$SERVER_TAG, *6 *, *$LOCAL_SERVER_IP" $CONF_FILE 1>/dev/null 2>&1
+		if [ $? -ne 0 ]; then
+			continue
+		fi
+		
+		sed -i "/^dhcp-option *=$SERVER_TAG,6,/d" "$CONF_FILE"
+		RESTART_DNSMASQ=1
 	done
 
 	return 1
@@ -150,17 +199,9 @@ set_dnsmasq_conf()
 	local LOCAL_SERVER_IP=""
 	local SERVER_TAG=""
 	local CONF_FILE=$1
+	local DHCP_OPTIONS=""
 
-	get_server_ip $CONF_FILE
-
-	if [ "$LOCAL_SERVER_IP" ] && [ "$SERVER_TAG" ]; then
-		grep "dhcp-option *=" "$CONF_FILE" | grep "$SERVER_TAG,6,$LOCAL_SERVER_IP" > /dev/null 2>&1
-		if [ $? -ne 0 ]; then
-			sed -i "/^dhcp-option *=$SERVER_TAG,6,/d" "$CONF_FILE"
-			echo "dhcp-option=$SERVER_TAG,6,$LOCAL_SERVER_IP" >> "$CONF_FILE"
-			RESTART_DNSMASQ=1
-		fi
-	fi
+	add_dhcp_options6 $CONF_FILE
 
 	grep "^port *=0" "$CONF_FILE" > /dev/null 2>&1
 	if [ $? -ne 0 ]; then
@@ -194,14 +235,7 @@ clear_dnsmasq_conf()
 	local SERVER_TAG=""
 	local CONF_FILE=$1
 	
-	get_server_ip "$CONF_FILE"
-	if [ "$LOCAL_SERVER_IP" ] && [ "$SERVER_TAG" ]; then
-		grep "dhcp-option *=" "$CONF_FILE" | grep "$SERVER_TAG,6,$LOCAL_SERVER_IP" > /dev/null 2>&1
-		if [ $? -eq 0 ]; then
-			sed -i "/^dhcp-option *=$SERVER_TAG,6,/d" "$CONF_FILE"
-			RESTART_DNSMASQ=1
-		fi
-	fi
+	clear_dhcp_options6 "$CONF_FILE"
 
 	grep "^port *=" "$CONF_FILE" > /dev/null 2>&1
 	if [ $? -eq 0 ]; then

src/dns_client.c

@@ -2916,7 +2916,7 @@ static int _dns_client_send_packet(struct dns_query_struct *query, void *packet,
 	}
 
 	if (atomic_read(&query->dns_request_sent) <= 0) {
-		tlog(TLOG_ERROR, "Send query to upstream server failed, total server number %d", total_server);
+		tlog(TLOG_WARN, "Send query to upstream server failed, total server number %d", total_server);
 		return -1;
 	}
 

src/dns_conf.c

@@ -1872,7 +1872,7 @@ static int _conf_domain_rules(void *data, int argc, char *argv[])
 	/* process extra options */
 	optind = 1;
 	while (1) {
-		opt = getopt_long_only(argc, argv, "c:a:p:n:d:", long_options, NULL);
+		opt = getopt_long_only(argc, argv, "c:a:p:t:n:d:", long_options, NULL);
 		if (opt == -1) {
 			break;
 		}

src/dns_server.c

@@ -49,6 +49,7 @@
 #define IPV6_READY_CHECK_TIME 180
 #define DNS_SERVER_TMOUT_TTL (5 * 60)
 #define DNS_SERVER_FAIL_TTL (60)
+#define DNS_SERVER_SOA_TTL (30)
 #define DNS_CONN_BUFF_SIZE 4096
 #define DNS_REQUEST_MAX_TIMEOUT 950
 #define DNS_PING_TIMEOUT (DNS_REQUEST_MAX_TIMEOUT)
@@ -669,6 +670,10 @@ static int _dns_rrs_add_all_best_ip(struct dns_server_post_context *context)
 		_dns_rrs_result_log(context, added_ip_addr);
 	}
 
+	if (request->passthrough == 2) {
+		ignore_speed = 1;
+	}
+
 	while (true) {
 		pthread_mutex_lock(&request->ip_map_lock);
 		hash_for_each_safe(request->ip_map, bucket, tmp, addr_map, node)
@@ -1588,7 +1593,7 @@ static int _dns_request_post(struct dns_server_post_context *context)
 
 	ret = _dns_reply_inpacket(request, context->inpacket, context->inpacket_len);
 	if (ret != 0) {
-		tlog(TLOG_ERROR, "replay raw packet to client failed.");
+		tlog(TLOG_WARN, "replay raw packet to client failed.");
 		return -1;
 	}
 
@@ -1599,6 +1604,10 @@ static int _dns_server_reply_SOA(int rcode, struct dns_request *request)
 {
 	/* return SOA record */
 	request->rcode = rcode;
+	if (request->ip_ttl == 0) {
+		request->ip_ttl = DNS_SERVER_SOA_TTL;
+	}
+
 	_dns_server_setup_soa(request);
 
 	struct dns_server_post_context context;
@@ -1704,9 +1713,9 @@ static int _dns_server_force_dualstack(struct dns_request *request)
 	return 0;
 }
 
-static int _dns_server_request_complete(struct dns_request *request)
+static int _dns_server_request_complete_with_all_IPs(struct dns_request *request, int with_all_ips)
 {
-	int ttl = DNS_SERVER_TMOUT_TTL;
+	int ttl = 0;
 	int reply_ttl = ttl;
 
 	if (request->rcode == DNS_RC_SERVFAIL || request->rcode == DNS_RC_NXDOMAIN) {
@@ -1721,7 +1730,7 @@ static int _dns_server_request_complete(struct dns_request *request)
 		return 0;
 	}
 
-	if (request->has_ip != 0) {
+	if (request->has_ip != 0 && request->passthrough == 0) {
 		request->has_soa = 0;
 		if (request->has_ping_result == 0 && request->ip_ttl > DNS_SERVER_TMOUT_TTL) {
 			request->ip_ttl = DNS_SERVER_TMOUT_TTL;
@@ -1777,11 +1786,17 @@ out:
 	context.do_reply = 1;
 	context.reply_ttl = reply_ttl;
 	context.skip_notify_count = 1;
+	context.select_all_best_ip = with_all_ips;
 
 	_dns_request_post(&context);
 	return _dns_server_reply_all_pending_list(request, &context);
 }
 
+static int _dns_server_request_complete(struct dns_request *request)
+{
+	return _dns_server_request_complete_with_all_IPs(request, 0);
+}
+
 static int _dns_ip_address_check_add(struct dns_request *request, char *cname, unsigned char *addr,
 									 dns_type_t addr_type)
 {
@@ -2311,6 +2326,10 @@ static int _dns_server_check_speed(struct dns_request *request, char *ip)
 		return -1;
 	}
 
+	if (request->passthrough) {
+		return -1;
+	}
+
 	ping_timeout = ping_timeout - (now - request->send_tick);
 	if (ping_timeout > DNS_PING_TIMEOUT) {
 		ping_timeout = DNS_PING_TIMEOUT;
@@ -2738,6 +2757,17 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, const
 					_dns_server_request_release(request);
 					return 0;
 				}
+
+				/* Ad blocking result */
+				if (addr[0] == 0 || addr[0] == 127) {
+					/* If half of the servers return the same result, then ignore this address */
+					if (atomic_inc_return(&request->adblock) <= (dns_server_num() / 2 + dns_server_num() % 2)) {
+						request->rcode = DNS_RC_NOERROR;
+						_dns_server_request_release(request);
+						return 0;
+					}
+				}
+
 				ttl = ttl_tmp;
 				_dns_server_request_release(request);
 			} break;
@@ -2773,6 +2803,16 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, const
 					return 0;
 				}
 
+				/* Ad blocking result */
+				if (_dns_server_is_adblock_ipv6(addr) == 0) {
+					/* If half of the servers return the same result, then ignore this address */
+					if (atomic_inc_return(&request->adblock) <= (dns_server_num() / 2 + dns_server_num() % 2)) {
+						request->rcode = DNS_RC_NOERROR;
+						_dns_server_request_release(request);
+						return 0;
+					}
+				}
+
 				ttl = ttl_tmp;
 				_dns_server_request_release(request);
 			} break;
@@ -2994,6 +3034,41 @@ static int dns_server_dualstack_callback(const char *domain, dns_rtcode_t rtcode
 	return 0;
 }
 
+static void _dns_server_passthrough_may_complete(struct dns_request *request)
+{
+	const unsigned char *addr;
+	if (request->passthrough != 2) {
+		return;
+	}
+
+	if (request->has_ip == 0 && request->has_soa == 0) {
+		return;
+	}
+
+	if (request->qtype == DNS_T_A && request->has_ip == 1) {
+		/* Ad blocking result */
+		addr = request->ip_addr;
+		if (addr[0] == 0 || addr[0] == 127) {
+			/* If half of the servers return the same result, then ignore this address */
+			if (atomic_read(&request->adblock) <= (dns_server_num() / 2 + dns_server_num() % 2)) {
+				return;
+			}
+		}
+	}
+
+	if (request->qtype == DNS_T_AAAA && request->has_ip == 1) {
+		addr = request->ip_addr;
+		if (_dns_server_is_adblock_ipv6(addr) == 0) {
+			/* If half of the servers return the same result, then ignore this address */
+			if (atomic_read(&request->adblock) <= (dns_server_num() / 2 + dns_server_num() % 2)) {
+				return;
+			}
+		}
+	}
+
+	_dns_server_request_complete_with_all_IPs(request, 1);
+}
+
 static int dns_server_resolve_callback(const char *domain, dns_result_type rtype, struct dns_server_info *server_info,
 									   struct dns_packet *packet, unsigned char *inpacket, int inpacket_len,
 									   void *user_ptr)
@@ -3010,7 +3085,7 @@ static int dns_server_resolve_callback(const char *domain, dns_result_type rtype
 		tlog(TLOG_DEBUG, "query result from server %s: %d, type: %d", dns_client_get_server_ip(server_info),
 			 dns_client_get_server_port(server_info), dns_client_get_server_type(server_info));
 
-		if (request->passthrough && atomic_read(&request->notified) == 0) {
+		if (request->passthrough == 1 && atomic_read(&request->notified) == 0) {
 			struct dns_server_post_context context;
 			int ttl = 0;
 			ret = _dns_server_passthrough_rule_check(request, domain, packet, result_flag, &ttl);
@@ -3059,6 +3134,7 @@ static int dns_server_resolve_callback(const char *domain, dns_result_type rtype
 		}
 
 		_dns_server_process_answer(request, domain, packet, result_flag);
+		_dns_server_passthrough_may_complete(request);
 		return 0;
 	} else if (rtype == DNS_QUERY_ERR) {
 		tlog(TLOG_ERROR, "request failed, %s", domain);
@@ -3575,7 +3651,6 @@ out:
 
 soa:
 	/* return SOA */
-	request->ip_ttl = 30;
 	_dns_server_reply_SOA(DNS_RC_NOERROR, request);
 	return 0;
 }
@@ -4091,6 +4166,10 @@ static void _dns_server_check_set_passthrough(struct dns_request *request)
 	if (request->passthrough == 1) {
 		request->dualstack_selection = 0;
 	}
+
+	if (request->passthrough == 1 && (request->qtype == DNS_T_A || request->qtype == DNS_T_AAAA)) {
+		request->passthrough = 2;
+	}
 }
 
 static int _dns_server_process_host(struct dns_request *request)
@@ -4313,7 +4392,7 @@ static int _dns_server_do_query(struct dns_request *request, int skip_notify_eve
 		0) {
 		request->request_wait--;
 		_dns_server_request_release(request);
-		tlog(TLOG_ERROR, "send dns request failed.");
+		tlog(TLOG_WARN, "send dns request failed.");
 		goto errout;
 	}
 
@@ -4337,7 +4416,6 @@ static int _dns_server_check_request_supported(struct dns_request *request, stru
 		return -1;
 	}
 
-
 	return 0;
 }
 
@@ -4451,7 +4529,7 @@ static int _dns_server_recv(struct dns_server_conn_head *conn, unsigned char *in
 
 	ret = _dns_server_do_query(request, 1);
 	if (ret != 0) {
-		tlog(TLOG_ERROR, "do query %s failed.\n", request->domain);
+		tlog(TLOG_WARN, "do query %s failed.\n", request->domain);
 		goto errout;
 	}
 	_dns_server_request_release_complete(request, 0);
@@ -4503,7 +4581,7 @@ static int _dns_server_prefetch_request(char *domain, dns_type_t qtype, int expi
 	_dns_server_request_set_enable_prefetch(request, expired_domain);
 	ret = _dns_server_do_query(request, 0);
 	if (ret != 0) {
-		tlog(TLOG_ERROR, "do query %s failed.\n", request->domain);
+		tlog(TLOG_WARN, "do query %s failed.\n", request->domain);
 		goto errout;
 	}
 
@@ -4956,7 +5034,7 @@ static void _dns_server_prefetch_expired_domain(struct dns_cache *dns_cache)
 	server_query_option.ecs_enable_flag = 0;
 
 	if (_dns_server_prefetch_request(dns_cache->info.domain, dns_cache->info.qtype, 1, &server_query_option) != 0) {
-		tlog(TLOG_ERROR, "prefetch domain %s, qtype %d, failed.", dns_cache->info.domain, dns_cache->info.qtype);
+		tlog(TLOG_WARN, "prefetch domain %s, qtype %d, failed.", dns_cache->info.domain, dns_cache->info.qtype);
 	}
 }
 
@@ -5186,7 +5264,7 @@ int dns_server_run(void)
 			}
 
 			if (_dns_server_process(conn_head, event, now) != 0) {
-				tlog(TLOG_ERROR, "dns server process failed.");
+				tlog(TLOG_WARN, "dns server process failed.");
 			}
 		}
 	}

src/lib/conf.c

@@ -219,8 +219,8 @@ static int conf_parse_args(char *key, char *value, int *argc, char **argv)
 			continue;
 		}
 
-		if (*ptr == '"' && start == NULL) {
-			sep_flag = '"';
+		if ((*ptr == '"' || *ptr == '\'') && start == NULL) {
+			sep_flag = *ptr;
 			start = NULL;
 		}