1.8 KiB
hide
| hide | |
|---|---|
|
Use ipset and nftset
Like Dnsmasq, smartdns supports ipset and nftset, which can use TPROXY to transparently forward specific domain names. The comparison of transparent forwarding tools is as follows:
-
Tools: iptable, nftable
iptable: A mature routing rule configuration tool.
nftable: A more powerful rule configuration tool that is becoming mainstream.
ipset configuration
-
Basic configuration
The following parameters can be used to configure IPSet rules for specified domain names.
nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6] -
Timeout
SmartDNS sets IPSet to support enabling timeout function, which can avoid too many IP addresses in IPSet and reduce gateway performance.
nftset-timeout yes -
Automatically add to IPSet after speed measurement fails
SmartDNS can add IP addresses that fail the speed measurement to IPSet, and then forward them through related IP rules.
nftset-no-speed ipsetname -
Debugging
If debugging is needed, nftset's debugging function can be enabled.
nftset-debug yes
nftset configuration
-
Basic configuration
The following parameters can be used to configure NFTSet rules for specified domain names.
ipset /domain/ipset -
Timeout
SmartDNS sets IPSet to support enabling timeout function, which can avoid too many IP addresses in NFTSet and reduce gateway performance.
ipset-timeout yes -
Automatically add to IPSet after speed measurement fails
SmartDNS can add IP addresses that fail the speed measurement to IPSet, and then forward them through related IP rules.
ipset-no-speed ipsetname