Remove legacy DNS server formats

2026-04-13 20:28:32 +10:00 · 2026-03-25 19:09:13 +08:00
parent 618dcc5aac
commit 01079a2483
18 changed files with 99 additions and 509 deletions
--- a/adapter/dns.go
+++ b/adapter/dns.go
@@ -72,11 +72,6 @@ type DNSTransport interface {
 	Exchange(ctx context.Context, message *dns.Msg) (*dns.Msg, error)
 }

-type LegacyDNSTransport interface {
-	LegacyStrategy() C.DomainStrategy
-	LegacyClientSubnet() netip.Prefix
-}
-
 type DNSTransportRegistry interface {
 	option.DNSTransportOptionsRegistry
 	CreateDNSTransport(ctx context.Context, logger log.ContextLogger, tag string, transportType string, options any) (DNSTransport, error)
--- a/constant/dns.go
+++ b/constant/dns.go
@@ -15,19 +15,18 @@ const (
 )

 const (
-	DNSTypeLegacy      = "legacy"
-	DNSTypeLegacyRcode = "legacy_rcode"
-	DNSTypeUDP         = "udp"
-	DNSTypeTCP         = "tcp"
-	DNSTypeTLS         = "tls"
-	DNSTypeHTTPS       = "https"
-	DNSTypeQUIC        = "quic"
-	DNSTypeHTTP3       = "h3"
-	DNSTypeLocal       = "local"
-	DNSTypeHosts       = "hosts"
-	DNSTypeFakeIP      = "fakeip"
-	DNSTypeDHCP        = "dhcp"
-	DNSTypeTailscale   = "tailscale"
+	DNSTypeLegacy    = "legacy"
+	DNSTypeUDP       = "udp"
+	DNSTypeTCP       = "tcp"
+	DNSTypeTLS       = "tls"
+	DNSTypeHTTPS     = "https"
+	DNSTypeQUIC      = "quic"
+	DNSTypeHTTP3     = "h3"
+	DNSTypeLocal     = "local"
+	DNSTypeHosts     = "hosts"
+	DNSTypeFakeIP    = "fakeip"
+	DNSTypeDHCP      = "dhcp"
+	DNSTypeTailscale = "tailscale"
 )

 const (
--- a/dns/router.go
+++ b/dns/router.go
@@ -180,14 +180,6 @@ func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, ruleIndex int,
 				if action.ClientSubnet.IsValid() {
 					options.ClientSubnet = action.ClientSubnet
 				}
-				if legacyTransport, isLegacy := transport.(adapter.LegacyDNSTransport); isLegacy {
-					if options.Strategy == C.DomainStrategyAsIS {
-						options.Strategy = legacyTransport.LegacyStrategy()
-					}
-					if !options.ClientSubnet.IsValid() {
-						options.ClientSubnet = legacyTransport.LegacyClientSubnet()
-					}
-				}
 				return transport, currentRule, currentRuleIndex
 			case *R.RuleActionDNSRouteOptions:
 				if action.Strategy != C.DomainStrategyAsIS {
@@ -210,28 +202,9 @@ func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, ruleIndex int,
 		}
 	}
 	transport := r.transport.Default()
-	if legacyTransport, isLegacy := transport.(adapter.LegacyDNSTransport); isLegacy {
-		if options.Strategy == C.DomainStrategyAsIS {
-			options.Strategy = legacyTransport.LegacyStrategy()
-		}
-		if !options.ClientSubnet.IsValid() {
-			options.ClientSubnet = legacyTransport.LegacyClientSubnet()
-		}
-	}
 	return transport, nil, -1
 }

-func (r *Router) applyTransportDefaults(transport adapter.DNSTransport, options *adapter.DNSQueryOptions) {
-	if legacyTransport, isLegacy := transport.(adapter.LegacyDNSTransport); isLegacy {
-		if options.Strategy == C.DomainStrategyAsIS {
-			options.Strategy = legacyTransport.LegacyStrategy()
-		}
-		if !options.ClientSubnet.IsValid() {
-			options.ClientSubnet = legacyTransport.LegacyClientSubnet()
-		}
-	}
-}
-
 func (r *Router) applyDNSRouteOptions(options *adapter.DNSQueryOptions, routeOptions R.RuleActionDNSRouteOptions) bool {
 	var strategyOverridden bool
 	if routeOptions.Strategy != C.DomainStrategyAsIS {
@@ -271,7 +244,6 @@ func (r *Router) resolveDNSRoute(action *R.RuleActionDNSRoute, allowFakeIP bool,
 	if isFakeIP {
 		options.DisableCache = true
 	}
-	r.applyTransportDefaults(transport, options)
 	return transport, dnsRouteStatusResolved, strategyOverridden
 }

@@ -367,7 +339,6 @@ func (r *Router) exchangeWithRules(ctx context.Context, message *mDNS.Msg, optio
 	}
 	queryOptions := effectiveOptions
 	transport := r.transport.Default()
-	r.applyTransportDefaults(transport, &queryOptions)
 	exchangeOptions := queryOptions
 	if exchangeOptions.Strategy == C.DomainStrategyAsIS {
 		exchangeOptions.Strategy = r.defaultDomainStrategy
@@ -521,7 +492,6 @@ func (r *Router) Exchange(ctx context.Context, message *mDNS.Msg, options adapte
 	metadata.Domain = FqdnToDomain(message.Question[0].Name)
 	if options.Transport != nil {
 		transport = options.Transport
-		r.applyTransportDefaults(transport, &options)
 		if options.Strategy == C.DomainStrategyAsIS {
 			options.Strategy = r.defaultDomainStrategy
 		}
@@ -631,7 +601,6 @@ func (r *Router) Lookup(ctx context.Context, domain string, options adapter.DNSQ
 	metadata.DestinationAddressMatchFromResponse = false
 	if options.Transport != nil {
 		transport := options.Transport
-		r.applyTransportDefaults(transport, &options)
 		if options.Strategy == C.DomainStrategyAsIS {
 			options.Strategy = r.defaultDomainStrategy
 		}
--- a/dns/transport_adapter.go
+++ b/dns/transport_adapter.go
@@ -1,21 +1,13 @@
 package dns

 import (
-	"net/netip"
-
-	"github.com/sagernet/sing-box/adapter"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 )

-var _ adapter.LegacyDNSTransport = (*TransportAdapter)(nil)
-
 type TransportAdapter struct {
 	transportType string
 	transportTag  string
 	dependencies  []string
-	strategy      C.DomainStrategy
-	clientSubnet  netip.Prefix
 }

 func NewTransportAdapter(transportType string, transportTag string, dependencies []string) TransportAdapter {
@@ -35,8 +27,6 @@ func NewTransportAdapterWithLocalOptions(transportType string, transportTag stri
 		transportType: transportType,
 		transportTag:  transportTag,
 		dependencies:  dependencies,
-		strategy:      C.DomainStrategy(localOptions.LegacyStrategy),
-		clientSubnet:  localOptions.LegacyClientSubnet,
 	}
 }

@@ -45,15 +35,10 @@ func NewTransportAdapterWithRemoteOptions(transportType string, transportTag str
 	if remoteOptions.DomainResolver != nil && remoteOptions.DomainResolver.Server != "" {
 		dependencies = append(dependencies, remoteOptions.DomainResolver.Server)
 	}
-	if remoteOptions.LegacyAddressResolver != "" {
-		dependencies = append(dependencies, remoteOptions.LegacyAddressResolver)
-	}
 	return TransportAdapter{
 		transportType: transportType,
 		transportTag:  transportTag,
 		dependencies:  dependencies,
-		strategy:      C.DomainStrategy(remoteOptions.LegacyStrategy),
-		clientSubnet:  remoteOptions.LegacyClientSubnet,
 	}
 }

@@ -68,11 +53,3 @@ func (a *TransportAdapter) Tag() string {
 func (a *TransportAdapter) Dependencies() []string {
 	return a.dependencies
 }
-
-func (a *TransportAdapter) LegacyStrategy() C.DomainStrategy {
-	return a.strategy
-}
-
-func (a *TransportAdapter) LegacyClientSubnet() netip.Prefix {
-	return a.clientSubnet
-}
--- a/dns/transport_dialer.go
+++ b/dns/transport_dialer.go
@@ -2,104 +2,25 @@ package dns

 import (
 	"context"
-	"net"
-	"time"

-	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/service"
 )

 func NewLocalDialer(ctx context.Context, options option.LocalDNSServerOptions) (N.Dialer, error) {
-	if options.LegacyDefaultDialer {
-		return dialer.NewDefaultOutbound(ctx), nil
-	} else {
-		return dialer.NewWithOptions(dialer.Options{
-			Context:         ctx,
-			Options:         options.DialerOptions,
-			DirectResolver:  true,
-			LegacyDNSDialer: options.Legacy,
-		})
-	}
+	return dialer.NewWithOptions(dialer.Options{
+		Context:        ctx,
+		Options:        options.DialerOptions,
+		DirectResolver: true,
+	})
 }

 func NewRemoteDialer(ctx context.Context, options option.RemoteDNSServerOptions) (N.Dialer, error) {
-	if options.LegacyDefaultDialer {
-		transportDialer := dialer.NewDefaultOutbound(ctx)
-		if options.LegacyAddressResolver != "" {
-			transport := service.FromContext[adapter.DNSTransportManager](ctx)
-			resolverTransport, loaded := transport.Transport(options.LegacyAddressResolver)
-			if !loaded {
-				return nil, E.New("address resolver not found: ", options.LegacyAddressResolver)
-			}
-			transportDialer = newTransportDialer(transportDialer, service.FromContext[adapter.DNSRouter](ctx), resolverTransport, C.DomainStrategy(options.LegacyAddressStrategy), time.Duration(options.LegacyAddressFallbackDelay))
-		} else if options.ServerIsDomain() {
-			return nil, E.New("missing address resolver for server: ", options.Server)
-		}
-		return transportDialer, nil
-	} else {
-		return dialer.NewWithOptions(dialer.Options{
-			Context:         ctx,
-			Options:         options.DialerOptions,
-			RemoteIsDomain:  options.ServerIsDomain(),
-			DirectResolver:  true,
-			LegacyDNSDialer: options.Legacy,
-		})
-	}
-}
-
-type legacyTransportDialer struct {
-	dialer        N.Dialer
-	dnsRouter     adapter.DNSRouter
-	transport     adapter.DNSTransport
-	strategy      C.DomainStrategy
-	fallbackDelay time.Duration
-}
-
-func newTransportDialer(dialer N.Dialer, dnsRouter adapter.DNSRouter, transport adapter.DNSTransport, strategy C.DomainStrategy, fallbackDelay time.Duration) *legacyTransportDialer {
-	return &legacyTransportDialer{
-		dialer,
-		dnsRouter,
-		transport,
-		strategy,
-		fallbackDelay,
-	}
-}
-
-func (d *legacyTransportDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	if destination.IsIP() {
-		return d.dialer.DialContext(ctx, network, destination)
-	}
-	addresses, err := d.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{
-		Transport: d.transport,
-		Strategy:  d.strategy,
+	return dialer.NewWithOptions(dialer.Options{
+		Context:        ctx,
+		Options:        options.DialerOptions,
+		RemoteIsDomain: options.ServerIsDomain(),
+		DirectResolver: true,
 	})
-	if err != nil {
-		return nil, err
-	}
-	return N.DialParallel(ctx, d.dialer, network, destination, addresses, d.strategy == C.DomainStrategyPreferIPv6, d.fallbackDelay)
-}
-
-func (d *legacyTransportDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	if destination.IsIP() {
-		return d.dialer.ListenPacket(ctx, destination)
-	}
-	addresses, err := d.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{
-		Transport: d.transport,
-		Strategy:  d.strategy,
-	})
-	if err != nil {
-		return nil, err
-	}
-	conn, _, err := N.ListenSerial(ctx, d.dialer, destination, addresses)
-	return conn, err
-}
-
-func (d *legacyTransportDialer) Upstream() any {
-	return d.dialer
 }
--- a/docs/configuration/dns/fakeip.md
+++ b/docs/configuration/dns/fakeip.md
@@ -1,10 +1,10 @@
 ---
-icon: material/delete-clock
+icon: material/note-remove
 ---

-!!! failure "Deprecated in sing-box 1.12.0"
+!!! failure "Removed in sing-box 1.14.0"

-    Legacy fake-ip configuration is deprecated and will be removed in sing-box 1.14.0, check [Migration](/migration/#migrate-to-new-dns-servers).
+    Legacy fake-ip configuration is deprecated in sing-box 1.12.0 and removed in sing-box 1.14.0, check [Migration](/migration/#migrate-to-new-dns-servers).

 ### Structure

--- a/docs/configuration/dns/fakeip.zh.md
+++ b/docs/configuration/dns/fakeip.zh.md
@@ -1,10 +1,10 @@
 ---
-icon: material/delete-clock
+icon: material/note-remove
 ---

-!!! failure "已在 sing-box 1.12.0 废弃"
+!!! failure "已在 sing-box 1.14.0 移除"

-    旧的 fake-ip 配置已废弃且将在 sing-box 1.14.0 中被移除，参阅 [迁移指南](/zh/migration/#迁移到新的-dns-服务器格式)。
+    旧的 fake-ip 配置已在 sing-box 1.12.0 废弃且已在 sing-box 1.14.0 中被移除，参阅 [迁移指南](/zh/migration/#迁移到新的-dns-服务器格式)。

 ### 结构

--- a/docs/configuration/dns/index.md
+++ b/docs/configuration/dns/index.md
@@ -39,7 +39,7 @@ icon: material/alert-decagram
 |----------|---------------------------------|
 | `server` | List of [DNS Server](./server/) |
 | `rules`  | List of [DNS Rule](./rule/)     |
-| `fakeip` | [FakeIP](./fakeip/)             |
+| `fakeip` | :material-note-remove: [FakeIP](./fakeip/) |

 #### final

--- a/docs/configuration/dns/index.zh.md
+++ b/docs/configuration/dns/index.zh.md
@@ -88,6 +88,6 @@ LRU 缓存容量。

 可以被 `servers.[].client_subnet` 或 `rules.[].client_subnet` 覆盖。

-#### fakeip
+#### fakeip :material-note-remove:

 [FakeIP](./fakeip/) 设置。
--- a/docs/configuration/dns/server/index.md
+++ b/docs/configuration/dns/server/index.md
@@ -29,7 +29,7 @@ The type of the DNS server.

 | Type            | Format                    |
 |-----------------|---------------------------|
-| empty (default) | [Legacy](./legacy/)       |
+| empty (default) | :material-note-remove: [Legacy](./legacy/) |
 | `local`         | [Local](./local/)         |
 | `hosts`         | [Hosts](./hosts/)         |
 | `tcp`           | [TCP](./tcp/)             |
--- a/docs/configuration/dns/server/index.zh.md
+++ b/docs/configuration/dns/server/index.zh.md
@@ -29,7 +29,7 @@ DNS 服务器的类型。

 | 类型              | 格式                        |
 |-----------------|---------------------------|
-| empty (default) | [Legacy](./legacy/)       |
+| empty (default) | :material-note-remove: [Legacy](./legacy/) |
 | `local`         | [Local](./local/)         |
 | `hosts`         | [Hosts](./hosts/)         |
 | `tcp`           | [TCP](./tcp/)             |
--- a/docs/configuration/dns/server/legacy.md
+++ b/docs/configuration/dns/server/legacy.md
@@ -1,10 +1,10 @@
 ---
-icon: material/delete-clock
+icon: material/note-remove
 ---

-!!! failure "Deprecated in sing-box 1.12.0"
+!!! failure "Removed in sing-box 1.14.0"

-    Legacy DNS servers is deprecated and will be removed in sing-box 1.14.0, check [Migration](/migration/#migrate-to-new-dns-servers).
+    Legacy DNS servers is deprecated in sing-box 1.12.0 and removed in sing-box 1.14.0, check [Migration](/migration/#migrate-to-new-dns-servers).

 !!! quote "Changes in sing-box 1.9.0"

--- a/docs/configuration/dns/server/legacy.zh.md
+++ b/docs/configuration/dns/server/legacy.zh.md
@@ -1,10 +1,10 @@
 ---
-icon: material/delete-clock
+icon: material/note-remove
 ---

-!!! failure "Deprecated in sing-box 1.12.0"
+!!! failure "已在 sing-box 1.14.0 移除"

-    旧的 DNS 服务器配置已废弃且将在 sing-box 1.14.0 中被移除，参阅 [迁移指南](/zh/migration/#迁移到新的-dns-服务器格式)。
+    旧的 DNS 服务器配置已在 sing-box 1.12.0 废弃且已在 sing-box 1.14.0 中被移除，参阅 [迁移指南](/zh/migration/#迁移到新的-dns-服务器格式)。

 !!! quote "sing-box 1.9.0 中的更改"

--- a/docs/deprecated.md
+++ b/docs/deprecated.md
@@ -21,7 +21,7 @@ Old fields will be removed in sing-box 1.16.0.
 DNS servers are refactored,
 check [Migration](../migration/#migrate-to-new-dns-servers).

-Compatibility for old formats will be removed in sing-box 1.14.0.
+Old formats were removed in sing-box 1.14.0.

 #### `outbound` DNS rule item

--- a/docs/deprecated.zh.md
+++ b/docs/deprecated.zh.md
@@ -21,7 +21,7 @@ TLS 中的内联 ACME 选项（`tls.acme`）已废弃，
 DNS 服务器已重构，
 参阅 [迁移指南](/zh/migration/#迁移到新的-dns-服务器格式).

-对旧格式的兼容性将在 sing-box 1.14.0 中被移除。
+旧格式已在 sing-box 1.14.0 中被移除。

 #### `outbound` DNS 规则项

--- a/experimental/deprecated/constants.go
+++ b/experimental/deprecated/constants.go
@@ -57,24 +57,6 @@ func (n Note) MessageWithLink() string {
 	}
 }

-var OptionLegacyDNSTransport = Note{
-	Name:              "legacy-dns-transport",
-	Description:       "legacy DNS servers",
-	DeprecatedVersion: "1.12.0",
-	ScheduledVersion:  "1.14.0",
-	EnvName:           "LEGACY_DNS_SERVERS",
-	MigrationLink:     "https://sing-box.sagernet.org/migration/#migrate-to-new-dns-server-formats",
-}
-
-var OptionLegacyDNSFakeIPOptions = Note{
-	Name:              "legacy-dns-fakeip-options",
-	Description:       "legacy DNS fakeip options",
-	DeprecatedVersion: "1.12.0",
-	ScheduledVersion:  "1.14.0",
-	EnvName:           "LEGACY_DNS_FAKEIP_OPTIONS",
-	MigrationLink:     "https://sing-box.sagernet.org/migration/#migrate-to-new-dns-server-formats",
-}
-
 var OptionOutboundDNSRuleItem = Note{
 	Name:              "outbound-dns-rule-item",
 	Description:       "outbound DNS rule item",
@@ -136,8 +118,6 @@ var OptionLegacyDNSAddressFilter = Note{
 }

 var Options = []Note{
-	OptionLegacyDNSTransport,
-	OptionLegacyDNSFakeIPOptions,
 	OptionOutboundDNSRuleItem,
 	OptionMissingDomainResolver,
 	OptionLegacyDomainStrategyOptions,
--- a/option/dns.go
+++ b/option/dns.go
@@ -3,19 +3,14 @@ package option
 import (
 	"context"
 	"net/netip"
-	"net/url"

 	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/experimental/deprecated"
-	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/json"
 	"github.com/sagernet/sing/common/json/badjson"
 	"github.com/sagernet/sing/common/json/badoption"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/service"
-
-	"github.com/miekg/dns"
 )

 type RawDNSOptions struct {
@@ -26,121 +21,29 @@ type RawDNSOptions struct {
 	DNSClientOptions
 }

-type LegacyDNSOptions struct {
-	FakeIP *LegacyDNSFakeIPOptions `json:"fakeip,omitempty"`
-}
-
 type DNSOptions struct {
 	RawDNSOptions
-	LegacyDNSOptions
 }

-type contextKeyDontUpgrade struct{}
+const (
+	legacyDNSFakeIPRemovedMessage = "legacy DNS fakeip options are deprecated in sing-box 1.12.0 and removed in sing-box 1.14.0, checkout migration: https://sing-box.sagernet.org/migration/#migrate-to-new-dns-server-formats"
+	legacyDNSServerRemovedMessage = "legacy DNS server formats are deprecated in sing-box 1.12.0 and removed in sing-box 1.14.0, checkout migration: https://sing-box.sagernet.org/migration/#migrate-to-new-dns-server-formats"
+)

-func ContextWithDontUpgrade(ctx context.Context) context.Context {
-	return context.WithValue(ctx, (*contextKeyDontUpgrade)(nil), true)
-}
-
-func dontUpgradeFromContext(ctx context.Context) bool {
-	return ctx.Value((*contextKeyDontUpgrade)(nil)) == true
+type removedLegacyDNSOptions struct {
+	FakeIP json.RawMessage `json:"fakeip,omitempty"`
 }

 func (o *DNSOptions) UnmarshalJSONContext(ctx context.Context, content []byte) error {
-	err := json.UnmarshalContext(ctx, content, &o.LegacyDNSOptions)
+	var legacyOptions removedLegacyDNSOptions
+	err := json.UnmarshalContext(ctx, content, &legacyOptions)
 	if err != nil {
 		return err
 	}
-	dontUpgrade := dontUpgradeFromContext(ctx)
-	legacyOptions := o.LegacyDNSOptions
-	if !dontUpgrade {
-		if o.FakeIP != nil && o.FakeIP.Enabled {
-			deprecated.Report(ctx, deprecated.OptionLegacyDNSFakeIPOptions)
-			ctx = context.WithValue(ctx, (*LegacyDNSFakeIPOptions)(nil), o.FakeIP)
-		}
-		o.LegacyDNSOptions = LegacyDNSOptions{}
+	if len(legacyOptions.FakeIP) != 0 {
+		return E.New(legacyDNSFakeIPRemovedMessage)
 	}
-	err = badjson.UnmarshallExcludedContext(ctx, content, legacyOptions, &o.RawDNSOptions)
-	if err != nil {
-		return err
-	}
-	if !dontUpgrade {
-		rcodeMap := make(map[string]int)
-		for _, server := range o.Servers {
-			if server.Type == C.DNSTypeLegacyRcode {
-				rcodeMap[server.Tag] = server.Options.(int)
-			}
-		}
-		if len(rcodeMap) > 0 {
-			for i := 0; i < len(o.Rules); i++ {
-				err = rejectEvaluateLegacyRcode(rcodeMap, o.Rules[i])
-				if err != nil {
-					return E.Cause(err, "dns rule[", i, "]")
-				}
-			}
-		}
-		o.Servers = common.Filter(o.Servers, func(it DNSServerOptions) bool {
-			if it.Type == C.DNSTypeLegacyRcode {
-				return false
-			}
-			return true
-		})
-		if len(rcodeMap) > 0 {
-			for i := 0; i < len(o.Rules); i++ {
-				rewriteRcode(rcodeMap, &o.Rules[i])
-			}
-		}
-	}
-	return nil
-}
-
-func rejectEvaluateLegacyRcode(rcodeMap map[string]int, rule DNSRule) error {
-	switch rule.Type {
-	case C.RuleTypeDefault:
-		return rejectEvaluateLegacyRcodeAction(rcodeMap, &rule.DefaultOptions.DNSRuleAction)
-	case C.RuleTypeLogical:
-		err := rejectEvaluateLegacyRcodeAction(rcodeMap, &rule.LogicalOptions.DNSRuleAction)
-		if err != nil {
-			return err
-		}
-		for i, subRule := range rule.LogicalOptions.Rules {
-			err = rejectEvaluateLegacyRcode(rcodeMap, subRule)
-			if err != nil {
-				return E.Cause(err, "sub rule[", i, "]")
-			}
-		}
-	}
-	return nil
-}
-
-func rejectEvaluateLegacyRcodeAction(rcodeMap map[string]int, ruleAction *DNSRuleAction) error {
-	if ruleAction.Action != C.RuleActionTypeEvaluate {
-		return nil
-	}
-	if _, loaded := rcodeMap[ruleAction.RouteOptions.Server]; loaded {
-		return E.New("evaluate action cannot reference legacy rcode server: ", ruleAction.RouteOptions.Server)
-	}
-	return nil
-}
-
-func rewriteRcode(rcodeMap map[string]int, rule *DNSRule) {
-	switch rule.Type {
-	case C.RuleTypeDefault:
-		rewriteRcodeAction(rcodeMap, &rule.DefaultOptions.DNSRuleAction)
-	case C.RuleTypeLogical:
-		rewriteRcodeAction(rcodeMap, &rule.LogicalOptions.DNSRuleAction)
-	}
-}
-
-func rewriteRcodeAction(rcodeMap map[string]int, ruleAction *DNSRuleAction) {
-	if ruleAction.Action != C.RuleActionTypeRoute {
-		return
-	}
-	rcode, loaded := rcodeMap[ruleAction.RouteOptions.Server]
-	if !loaded {
-		return
-	}
-	ruleAction.Action = C.RuleActionTypePredefined
-	ruleAction.PredefinedOptions.Rcode = common.Ptr(DNSRCode(rcode))
+	return badjson.UnmarshallExcludedContext(ctx, content, legacyOptions, &o.RawDNSOptions)
 }

 type DNSClientOptions struct {
@@ -152,12 +55,6 @@ type DNSClientOptions struct {
 	ClientSubnet     *badoption.Prefixable `json:"client_subnet,omitempty"`
 }

-type LegacyDNSFakeIPOptions struct {
-	Enabled    bool              `json:"enabled,omitempty"`
-	Inet4Range *badoption.Prefix `json:"inet4_range,omitempty"`
-	Inet6Range *badoption.Prefix `json:"inet6_range,omitempty"`
-}
-
 type DNSTransportOptionsRegistry interface {
 	CreateOptions(transportType string) (any, bool)
 }
@@ -170,10 +67,6 @@ type _DNSServerOptions struct {
 type DNSServerOptions _DNSServerOptions

 func (o *DNSServerOptions) MarshalJSONContext(ctx context.Context) ([]byte, error) {
-	switch o.Type {
-	case C.DNSTypeLegacy:
-		o.Type = ""
-	}
 	return badjson.MarshallObjectsContext(ctx, (*_DNSServerOptions)(o), o.Options)
 }

@@ -189,9 +82,7 @@ func (o *DNSServerOptions) UnmarshalJSONContext(ctx context.Context, content []b
 	var options any
 	switch o.Type {
 	case "", C.DNSTypeLegacy:
-		o.Type = C.DNSTypeLegacy
-		options = new(LegacyDNSServerOptions)
-		deprecated.Report(ctx, deprecated.OptionLegacyDNSTransport)
+		return E.New(legacyDNSServerRemovedMessage)
 	default:
 		var loaded bool
 		options, loaded = registry.CreateOptions(o.Type)
@@ -204,169 +95,6 @@ func (o *DNSServerOptions) UnmarshalJSONContext(ctx context.Context, content []b
 		return err
 	}
 	o.Options = options
-	if o.Type == C.DNSTypeLegacy && !dontUpgradeFromContext(ctx) {
-		err = o.Upgrade(ctx)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
-	if o.Type != C.DNSTypeLegacy {
-		return nil
-	}
-	options := o.Options.(*LegacyDNSServerOptions)
-	serverURL, _ := url.Parse(options.Address)
-	var serverType string
-	if serverURL != nil && serverURL.Scheme != "" {
-		serverType = serverURL.Scheme
-	} else {
-		switch options.Address {
-		case "local", "fakeip":
-			serverType = options.Address
-		default:
-			serverType = C.DNSTypeUDP
-		}
-	}
-	remoteOptions := RemoteDNSServerOptions{
-		RawLocalDNSServerOptions: RawLocalDNSServerOptions{
-			DialerOptions: DialerOptions{
-				Detour: options.Detour,
-				DomainResolver: &DomainResolveOptions{
-					Server:   options.AddressResolver,
-					Strategy: options.AddressStrategy,
-				},
-				FallbackDelay: options.AddressFallbackDelay,
-			},
-			Legacy:              true,
-			LegacyStrategy:      options.Strategy,
-			LegacyDefaultDialer: options.Detour == "",
-			LegacyClientSubnet:  options.ClientSubnet.Build(netip.Prefix{}),
-		},
-		LegacyAddressResolver:      options.AddressResolver,
-		LegacyAddressStrategy:      options.AddressStrategy,
-		LegacyAddressFallbackDelay: options.AddressFallbackDelay,
-	}
-	switch serverType {
-	case C.DNSTypeLocal:
-		o.Type = C.DNSTypeLocal
-		o.Options = &LocalDNSServerOptions{
-			RawLocalDNSServerOptions: remoteOptions.RawLocalDNSServerOptions,
-		}
-	case C.DNSTypeUDP:
-		o.Type = C.DNSTypeUDP
-		o.Options = &remoteOptions
-		var serverAddr M.Socksaddr
-		if serverURL == nil || serverURL.Scheme == "" {
-			serverAddr = M.ParseSocksaddr(options.Address)
-		} else {
-			serverAddr = M.ParseSocksaddr(serverURL.Host)
-		}
-		if !serverAddr.IsValid() {
-			return E.New("invalid server address")
-		}
-		remoteOptions.Server = serverAddr.AddrString()
-		if serverAddr.Port != 0 && serverAddr.Port != 53 {
-			remoteOptions.ServerPort = serverAddr.Port
-		}
-	case C.DNSTypeTCP:
-		o.Type = C.DNSTypeTCP
-		o.Options = &remoteOptions
-		if serverURL == nil {
-			return E.New("invalid server address")
-		}
-		serverAddr := M.ParseSocksaddr(serverURL.Host)
-		if !serverAddr.IsValid() {
-			return E.New("invalid server address")
-		}
-		remoteOptions.Server = serverAddr.AddrString()
-		if serverAddr.Port != 0 && serverAddr.Port != 53 {
-			remoteOptions.ServerPort = serverAddr.Port
-		}
-	case C.DNSTypeTLS, C.DNSTypeQUIC:
-		o.Type = serverType
-		if serverURL == nil {
-			return E.New("invalid server address")
-		}
-		serverAddr := M.ParseSocksaddr(serverURL.Host)
-		if !serverAddr.IsValid() {
-			return E.New("invalid server address")
-		}
-		remoteOptions.Server = serverAddr.AddrString()
-		if serverAddr.Port != 0 && serverAddr.Port != 853 {
-			remoteOptions.ServerPort = serverAddr.Port
-		}
-		o.Options = &RemoteTLSDNSServerOptions{
-			RemoteDNSServerOptions: remoteOptions,
-		}
-	case C.DNSTypeHTTPS, C.DNSTypeHTTP3:
-		o.Type = serverType
-		httpsOptions := RemoteHTTPSDNSServerOptions{
-			RemoteTLSDNSServerOptions: RemoteTLSDNSServerOptions{
-				RemoteDNSServerOptions: remoteOptions,
-			},
-		}
-		o.Options = &httpsOptions
-		if serverURL == nil {
-			return E.New("invalid server address")
-		}
-		serverAddr := M.ParseSocksaddr(serverURL.Host)
-		if !serverAddr.IsValid() {
-			return E.New("invalid server address")
-		}
-		httpsOptions.Server = serverAddr.AddrString()
-		if serverAddr.Port != 0 && serverAddr.Port != 443 {
-			httpsOptions.ServerPort = serverAddr.Port
-		}
-		if serverURL.Path != "/dns-query" {
-			httpsOptions.Path = serverURL.Path
-		}
-	case "rcode":
-		var rcode int
-		if serverURL == nil {
-			return E.New("invalid server address")
-		}
-		switch serverURL.Host {
-		case "success":
-			rcode = dns.RcodeSuccess
-		case "format_error":
-			rcode = dns.RcodeFormatError
-		case "server_failure":
-			rcode = dns.RcodeServerFailure
-		case "name_error":
-			rcode = dns.RcodeNameError
-		case "not_implemented":
-			rcode = dns.RcodeNotImplemented
-		case "refused":
-			rcode = dns.RcodeRefused
-		default:
-			return E.New("unknown rcode: ", serverURL.Host)
-		}
-		o.Type = C.DNSTypeLegacyRcode
-		o.Options = rcode
-	case C.DNSTypeDHCP:
-		o.Type = C.DNSTypeDHCP
-		dhcpOptions := DHCPDNSServerOptions{}
-		if serverURL == nil {
-			return E.New("invalid server address")
-		}
-		if serverURL.Host != "" && serverURL.Host != "auto" {
-			dhcpOptions.Interface = serverURL.Host
-		}
-		o.Options = &dhcpOptions
-	case C.DNSTypeFakeIP:
-		o.Type = C.DNSTypeFakeIP
-		fakeipOptions := FakeIPDNSServerOptions{}
-		if legacyOptions, loaded := ctx.Value((*LegacyDNSFakeIPOptions)(nil)).(*LegacyDNSFakeIPOptions); loaded {
-			fakeipOptions.Inet4Range = legacyOptions.Inet4Range
-			fakeipOptions.Inet6Range = legacyOptions.Inet6Range
-		}
-		o.Options = &fakeipOptions
-	default:
-		return E.New("unsupported DNS server scheme: ", serverType)
-	}
 	return nil
 }

@@ -391,16 +119,6 @@ func (o *DNSServerAddressOptions) ReplaceServerOptions(options ServerOptions) {
 	*o = DNSServerAddressOptions(options)
 }

-type LegacyDNSServerOptions struct {
-	Address              string                `json:"address"`
-	AddressResolver      string                `json:"address_resolver,omitempty"`
-	AddressStrategy      DomainStrategy        `json:"address_strategy,omitempty"`
-	AddressFallbackDelay badoption.Duration    `json:"address_fallback_delay,omitempty"`
-	Strategy             DomainStrategy        `json:"strategy,omitempty"`
-	Detour               string                `json:"detour,omitempty"`
-	ClientSubnet         *badoption.Prefixable `json:"client_subnet,omitempty"`
-}
-
 type HostsDNSServerOptions struct {
 	Path       badoption.Listable[string]                                `json:"path,omitempty"`
 	Predefined *badjson.TypedMap[string, badoption.Listable[netip.Addr]] `json:"predefined,omitempty"`
@@ -408,10 +126,6 @@ type HostsDNSServerOptions struct {

 type RawLocalDNSServerOptions struct {
 	DialerOptions
-	Legacy              bool           `json:"-"`
-	LegacyStrategy      DomainStrategy `json:"-"`
-	LegacyDefaultDialer bool           `json:"-"`
-	LegacyClientSubnet  netip.Prefix   `json:"-"`
 }

 type LocalDNSServerOptions struct {
@@ -422,9 +136,6 @@ type LocalDNSServerOptions struct {
 type RemoteDNSServerOptions struct {
 	RawLocalDNSServerOptions
 	DNSServerAddressOptions
-	LegacyAddressResolver      string             `json:"-"`
-	LegacyAddressStrategy      DomainStrategy     `json:"-"`
-	LegacyAddressFallbackDelay badoption.Duration `json:"-"`
 }

 type RemoteTLSDNSServerOptions struct {
--- a/option/dns_test.go
+++ b/option/dns_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"

+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common/json"
 	"github.com/sagernet/sing/service"
 	"github.com/stretchr/testify/require"
@@ -11,23 +12,60 @@ import (

 type stubDNSTransportOptionsRegistry struct{}

-func (stubDNSTransportOptionsRegistry) CreateOptions(string) (any, bool) {
-	return nil, false
+func (stubDNSTransportOptionsRegistry) CreateOptions(transportType string) (any, bool) {
+	switch transportType {
+	case C.DNSTypeUDP:
+		return new(RemoteDNSServerOptions), true
+	case C.DNSTypeFakeIP:
+		return new(FakeIPDNSServerOptions), true
+	default:
+		return nil, false
+	}
 }

-func TestDNSOptionsRejectsEvaluateLegacyRcodeServer(t *testing.T) {
+func TestDNSOptionsRejectsLegacyFakeIPOptions(t *testing.T) {
+	t.Parallel()
+
+	ctx := service.ContextWith[DNSTransportOptionsRegistry](context.Background(), stubDNSTransportOptionsRegistry{})
+	var options DNSOptions
+	err := json.UnmarshalContext(ctx, []byte(`{
+		"fakeip": {
+			"enabled": true,
+			"inet4_range": "198.18.0.0/15"
+		}
+	}`), &options)
+	require.EqualError(t, err, legacyDNSFakeIPRemovedMessage)
+}
+
+func TestDNSServerOptionsRejectsLegacyFormats(t *testing.T) {
+	t.Parallel()
+
+	ctx := service.ContextWith[DNSTransportOptionsRegistry](context.Background(), stubDNSTransportOptionsRegistry{})
+	testCases := []string{
+		`{"address":"1.1.1.1"}`,
+		`{"type":"legacy","address":"1.1.1.1"}`,
+	}
+	for _, content := range testCases {
+		var options DNSServerOptions
+		err := json.UnmarshalContext(ctx, []byte(content), &options)
+		require.EqualError(t, err, legacyDNSServerRemovedMessage)
+	}
+}
+
+func TestDNSOptionsAcceptsTypedServers(t *testing.T) {
 	t.Parallel()

 	ctx := service.ContextWith[DNSTransportOptionsRegistry](context.Background(), stubDNSTransportOptionsRegistry{})
 	var options DNSOptions
 	err := json.UnmarshalContext(ctx, []byte(`{
 		"servers": [
-			{"tag": "legacy-rcode", "address": "rcode://success"},
-			{"tag": "default", "address": "1.1.1.1"}
-		],
-		"rules": [
-			{"domain": ["example.com"], "action": "evaluate", "server": "legacy-rcode"}
+			{"type": "udp", "tag": "default", "server": "1.1.1.1"},
+			{"type": "fakeip", "tag": "fake", "inet4_range": "198.18.0.0/15"}
 		]
 	}`), &options)
-	require.ErrorContains(t, err, "evaluate action cannot reference legacy rcode server: legacy-rcode")
+	require.NoError(t, err)
+	require.Len(t, options.Servers, 2)
+	require.Equal(t, C.DNSTypeUDP, options.Servers[0].Type)
+	require.Equal(t, "1.1.1.1", options.Servers[0].Options.(*RemoteDNSServerOptions).Server)
+	require.Equal(t, C.DNSTypeFakeIP, options.Servers[1].Type)
 }