Add options to custom DNS query timeout

documentation: Bump version
Improve nftables rules for openwrt
2026-04-12 18:17:18 +10:00 · 2025-06-30 18:29:00 +08:00 · 2025-06-30 18:28:16 +08:00 · 2025-06-30 18:27:33 +08:00 · 2025-06-30 18:24:48 +08:00 · 2025-06-29 19:20:31 +08:00
24 changed files with 98 additions and 89 deletions
--- a/4
+++ b/4
@@ -245,8 +245,8 @@ lib:
 	go run ./cmd/internal/build_libbox -target ios

 lib_install:
-	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.7
-	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.7
+	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.6
+	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.6

 docs:
 	venv/bin/mkdocs serve
--- a/adapter/dns.go
+++ b/adapter/dns.go
@@ -3,6 +3,7 @@ package adapter
 import (
 	"context"
 	"net/netip"
+	"time"

 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
@@ -36,6 +37,7 @@ type DNSQueryOptions struct {
 	Transport      DNSTransport
 	Strategy       C.DomainStrategy
 	LookupStrategy C.DomainStrategy
+	Timeout        time.Duration
 	DisableCache   bool
 	RewriteTTL     *uint32
 	ClientSubnet   netip.Prefix
@@ -53,6 +55,7 @@ func DNSQueryOptionsFrom(ctx context.Context, options *option.DomainResolveOptio
 	return &DNSQueryOptions{
 		Transport:    transport,
 		Strategy:     C.DomainStrategy(options.Strategy),
+		Timeout:      time.Duration(options.Timeout),
 		DisableCache: options.DisableCache,
 		RewriteTTL:   options.RewriteTTL,
 		ClientSubnet: options.ClientSubnet.Build(netip.Prefix{}),
@@ -70,6 +73,7 @@ type DNSTransport interface {
 	Type() string
 	Tag() string
 	Dependencies() []string
+	HasDetour() bool
 	Exchange(ctx context.Context, message *dns.Msg) (*dns.Msg, error)
 }

--- a/clients/android
+++ b/clients/android
--- a/clients/apple
+++ b/clients/apple
--- a/cmd/internal/app_store_connect/main.go
+++ b/cmd/internal/app_store_connect/main.go
@@ -177,7 +177,7 @@ func publishTestflight(ctx context.Context) error {
 			}
 			log.Info(string(platform), " ", tag, " publish")
 			response, err := client.TestFlight.AddBuildsToBetaGroup(ctx, groupID, []string{build.ID})
-			if response != nil && (response.StatusCode == http.StatusUnprocessableEntity || response.StatusCode == http.StatusNotFound) {
+			if response != nil && response.StatusCode == http.StatusUnprocessableEntity {
 				log.Info("waiting for process")
 				time.Sleep(15 * time.Second)
 				continue
--- a/cmd/internal/build_libbox/main.go
+++ b/cmd/internal/build_libbox/main.go
@@ -46,9 +46,8 @@ var (
 	sharedFlags []string
 	debugFlags  []string
 	sharedTags  []string
-	darwinTags  []string
+	iosTags     []string
 	memcTags    []string
-	notMemcTags []string
 	debugTags   []string
 )

@@ -63,9 +62,8 @@ func init() {
 	debugFlags = append(debugFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag)

 	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_utls", "with_clash_api", "with_conntrack")
-	darwinTags = append(darwinTags, "with_dhcp")
+	iosTags = append(iosTags, "with_dhcp", "with_low_memory")
 	memcTags = append(memcTags, "with_tailscale")
-	notMemcTags = append(notMemcTags, "with_low_memory")
 	debugTags = append(debugTags, "debug")
 }

@@ -155,7 +153,6 @@ func buildApple() {
 		"-v",
 		"-target", bindTarget,
 		"-libname=box",
-		"-tags-not-macos=with_low_memory",
 	}
 	if !withTailscale {
 		args = append(args, "-tags-macos="+strings.Join(memcTags, ","))
@@ -167,7 +164,7 @@ func buildApple() {
 		args = append(args, debugFlags...)
 	}

-	tags := append(sharedTags, darwinTags...)
+	tags := append(sharedTags, iosTags...)
 	if withTailscale {
 		tags = append(tags, memcTags...)
 	}
--- a/common/dialer/dialer.go
+++ b/common/dialer/dialer.go
@@ -89,6 +89,7 @@ func NewWithOptions(options Options) (N.Dialer, error) {
 			dnsQueryOptions = adapter.DNSQueryOptions{
 				Transport:    transport,
 				Strategy:     strategy,
+				Timeout:      time.Duration(dialOptions.DomainResolver.Timeout),
 				DisableCache: dialOptions.DomainResolver.DisableCache,
 				RewriteTTL:   dialOptions.DomainResolver.RewriteTTL,
 				ClientSubnet: dialOptions.DomainResolver.ClientSubnet.Build(netip.Prefix{}),
--- a/constant/timeout.go
+++ b/constant/timeout.go
@@ -9,6 +9,7 @@ const (
 	TCPTimeout                 = 15 * time.Second
 	ReadPayloadTimeout         = 300 * time.Millisecond
 	DNSTimeout                 = 10 * time.Second
+	DirectDNSTimeout           = 5 * time.Second
 	UDPTimeout                 = 5 * time.Minute
 	DefaultURLTestInterval     = 3 * time.Minute
 	DefaultURLTestIdleTimeout  = 30 * time.Minute
--- a/dns/client.go
+++ b/dns/client.go
@@ -30,7 +30,6 @@ var (
 var _ adapter.DNSClient = (*Client)(nil)

 type Client struct {
-	timeout          time.Duration
 	disableCache     bool
 	disableExpire    bool
 	independentCache bool
@@ -43,7 +42,6 @@ type Client struct {
 }

 type ClientOptions struct {
-	Timeout          time.Duration
 	DisableCache     bool
 	DisableExpire    bool
 	IndependentCache bool
@@ -55,7 +53,6 @@ type ClientOptions struct {

 func NewClient(options ClientOptions) *Client {
 	client := &Client{
-		timeout:          options.Timeout,
 		disableCache:     options.DisableCache,
 		disableExpire:    options.DisableExpire,
 		independentCache: options.IndependentCache,
@@ -63,9 +60,6 @@ func NewClient(options ClientOptions) *Client {
 		initRDRCFunc:     options.RDRC,
 		logger:           options.Logger,
 	}
-	if client.timeout == 0 {
-		client.timeout = C.DNSTimeout
-	}
 	cacheCapacity := options.CacheCapacity
 	if cacheCapacity < 1024 {
 		cacheCapacity = 1024
@@ -153,7 +147,15 @@ func (c *Client) Exchange(ctx context.Context, transport adapter.DNSTransport, m
 			return nil, ErrResponseRejectedCached
 		}
 	}
-	ctx, cancel := context.WithTimeout(ctx, c.timeout)
+	timeout := options.Timeout
+	if timeout == 0 {
+		if transport.HasDetour() {
+			timeout = C.DNSTimeout
+		} else {
+			timeout = C.DirectDNSTimeout
+		}
+	}
+	ctx, cancel := context.WithTimeout(ctx, timeout)
 	response, err := transport.Exchange(ctx, message)
 	cancel()
 	if err != nil {
@@ -195,13 +197,8 @@ func (c *Client) Exchange(ctx context.Context, transport adapter.DNSTransport, m
 		}
 	}*/
 	if responseChecker != nil {
-		var rejected bool
-		if !(response.Rcode == dns.RcodeSuccess || response.Rcode == dns.RcodeNameError) {
-			rejected = true
-		} else {
-			rejected = !responseChecker(MessageToAddresses(response))
-		}
-		if rejected {
+		addr, addrErr := MessageToAddresses(response)
+		if addrErr != nil || !responseChecker(addr) {
 			if c.rdrc != nil {
 				c.rdrc.SaveRDRCAsync(transport.Tag(), question.Name, question.Qtype, c.logger)
 			}
@@ -425,10 +422,7 @@ func (c *Client) lookupToExchange(ctx context.Context, transport adapter.DNSTran
 	if err != nil {
 		return nil, err
 	}
-	if response.Rcode != dns.RcodeSuccess {
-		return nil, RcodeError(response.Rcode)
-	}
-	return MessageToAddresses(response), nil
+	return MessageToAddresses(response)
 }

 func (c *Client) questionCache(question dns.Question, transport adapter.DNSTransport) ([]netip.Addr, error) {
@@ -436,10 +430,7 @@ func (c *Client) questionCache(question dns.Question, transport adapter.DNSTrans
 	if response == nil {
 		return nil, ErrNotCached
 	}
-	if response.Rcode != dns.RcodeSuccess {
-		return nil, RcodeError(response.Rcode)
-	}
-	return MessageToAddresses(response), nil
+	return MessageToAddresses(response)
 }

 func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransport) (*dns.Msg, int) {
@@ -516,7 +507,10 @@ func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransp
 	}
 }

-func MessageToAddresses(response *dns.Msg) []netip.Addr {
+func MessageToAddresses(response *dns.Msg) ([]netip.Addr, error) {
+	if response.Rcode != dns.RcodeSuccess {
+		return nil, RcodeError(response.Rcode)
+	}
 	addresses := make([]netip.Addr, 0, len(response.Answer))
 	for _, rawAnswer := range response.Answer {
 		switch answer := rawAnswer.(type) {
@@ -532,7 +526,7 @@ func MessageToAddresses(response *dns.Msg) []netip.Addr {
 			}
 		}
 	}
-	return addresses
+	return addresses, nil
 }

 func wrapError(err error) error {
--- a/dns/router.go
+++ b/dns/router.go
@@ -158,6 +158,9 @@ func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, ruleIndex int,
 				if action.Strategy != C.DomainStrategyAsIS {
 					options.Strategy = action.Strategy
 				}
+				if action.Timeout > 0 {
+					options.Timeout = action.Timeout
+				}
 				if isFakeIP || action.DisableCache {
 					options.DisableCache = true
 				}
@@ -180,6 +183,9 @@ func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, ruleIndex int,
 				if action.Strategy != C.DomainStrategyAsIS {
 					options.Strategy = action.Strategy
 				}
+				if action.Timeout > 0 {
+					options.Timeout = action.Timeout
+				}
 				if action.DisableCache {
 					options.DisableCache = true
 				}
--- a/dns/transport/dhcp/dhcp.go
+++ b/dns/transport/dhcp/dhcp.go
@@ -41,6 +41,7 @@ type Transport struct {
 	dns.TransportAdapter
 	ctx               context.Context
 	dialer            N.Dialer
+	hasDetour         bool
 	logger            logger.ContextLogger
 	networkManager    adapter.NetworkManager
 	interfaceName     string
@@ -59,6 +60,7 @@ func NewTransport(ctx context.Context, logger log.ContextLogger, tag string, opt
 		TransportAdapter: dns.NewTransportAdapterWithLocalOptions(C.DNSTypeDHCP, tag, options.LocalDNSServerOptions),
 		ctx:              ctx,
 		dialer:           transportDialer,
+		hasDetour:        options.Detour != "",
 		logger:           logger,
 		networkManager:   service.FromContext[adapter.NetworkManager](ctx),
 		interfaceName:    options.Interface,
@@ -89,6 +91,10 @@ func (t *Transport) Close() error {
 	return nil
 }

+func (t *Transport) HasDetour() bool {
+	return t.hasDetour
+}
+
 func (t *Transport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) {
 	err := t.fetchServers()
 	if err != nil {
--- a/dns/transport/local/local.go
+++ b/dns/transport/local/local.go
@@ -3,6 +3,7 @@ package local
 import (
 	"context"
 	"math/rand"
+	"net/netip"
 	"time"

 	"github.com/sagernet/sing-box/adapter"
@@ -90,9 +91,9 @@ func (t *Transport) exchangeParallel(ctx context.Context, systemConfig *dnsConfi
 	startRacer := func(ctx context.Context, fqdn string) {
 		response, err := t.tryOneName(ctx, systemConfig, fqdn, message)
 		if err == nil {
-			if response.Rcode != mDNS.RcodeSuccess {
-				err = dns.RcodeError(response.Rcode)
-			} else if len(dns.MessageToAddresses(response)) == 0 {
+			var addresses []netip.Addr
+			addresses, err = dns.MessageToAddresses(response)
+			if err == nil && len(addresses) == 0 {
 				err = E.New(fqdn, ": empty result")
 			}
 		}
--- a/dns/transport_adapter.go
+++ b/dns/transport_adapter.go
@@ -14,6 +14,7 @@ type TransportAdapter struct {
 	transportType string
 	transportTag  string
 	dependencies  []string
+	hasDetour     bool
 	strategy      C.DomainStrategy
 	clientSubnet  netip.Prefix
 }
@@ -35,6 +36,7 @@ func NewTransportAdapterWithLocalOptions(transportType string, transportTag stri
 		transportType: transportType,
 		transportTag:  transportTag,
 		dependencies:  dependencies,
+		hasDetour:     localOptions.Detour != "",
 		strategy:      C.DomainStrategy(localOptions.LegacyStrategy),
 		clientSubnet:  localOptions.LegacyClientSubnet,
 	}
@@ -69,6 +71,10 @@ func (a *TransportAdapter) Dependencies() []string {
 	return a.dependencies
 }

+func (a *TransportAdapter) HasDetour() bool {
+	return a.hasDetour
+}
+
 func (a *TransportAdapter) LegacyStrategy() C.DomainStrategy {
 	return a.strategy
 }
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -2,26 +2,10 @@
 icon: material/alert-decagram
 ---

-#### 1.12.0-beta.33
+#### 1.12.0-beta.30

 * Fixes and improvements

-### 1.11.15
-
-* Fixes and improvements
-
-_We are temporarily unable to update sing-box apps on the App Store because the reviewer mistakenly found that we
-violated the rules (TestFlight users are not affected)._
-
-#### 1.12.0-beta.32
-
-* Improve tun performance on Apple platforms **1**
-* Fixes and improvements
-
-**1**:
-
-We have significantly improved the performance of tun inbound on Apple platforms, especially in the gVisor stack.
-
 ### 1.11.14

 * Fixes and improvements
--- a/go.mod
+++ b/go.mod
@@ -25,16 +25,16 @@ require (
 	github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a
 	github.com/sagernet/cors v1.2.1
 	github.com/sagernet/fswatch v0.1.1
-	github.com/sagernet/gomobile v0.1.7
+	github.com/sagernet/gomobile v0.1.6
 	github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb
 	github.com/sagernet/quic-go v0.52.0-beta.1
-	github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151
+	github.com/sagernet/sing v0.6.11-0.20250521033217-30d675ea099b
 	github.com/sagernet/sing-mux v0.3.2
-	github.com/sagernet/sing-quic v0.5.0-beta.3
+	github.com/sagernet/sing-quic v0.5.0-beta.2
 	github.com/sagernet/sing-shadowsocks v0.2.8
 	github.com/sagernet/sing-shadowsocks2 v0.2.1
 	github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11
-	github.com/sagernet/sing-tun v0.6.10-0.20250703121732-a0881ada3251
+	github.com/sagernet/sing-tun v0.6.10-0.20250630100036-8763c24e4935
 	github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88
 	github.com/sagernet/smux v1.5.34-mod.2
 	github.com/sagernet/tailscale v1.80.3-mod.5
--- a/go.sum
+++ b/go.sum
@@ -157,8 +157,8 @@ github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ=
 github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI=
 github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs=
 github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
-github.com/sagernet/gomobile v0.1.7 h1:I9jCJZTH0weP5MsuydvYHX5QfN/r6Fe8ptAIj1+SJVg=
-github.com/sagernet/gomobile v0.1.7/go.mod h1:Pqq2+ZVvs10U7xK+UwJgwYWUykewi8H6vlslAO73n9E=
+github.com/sagernet/gomobile v0.1.6 h1:JkR1ToKOrdoiwULte4pYS5HYdPBzl2N+JNuuwVuLs0k=
+github.com/sagernet/gomobile v0.1.6/go.mod h1:Pqq2+ZVvs10U7xK+UwJgwYWUykewi8H6vlslAO73n9E=
 github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb h1:pprQtDqNgqXkRsXn+0E8ikKOemzmum8bODjSfDene38=
 github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb/go.mod h1:QkkPEJLw59/tfxgapHta14UL5qMUah5NXhO0Kw2Kan4=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
@@ -168,20 +168,20 @@ github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/l
 github.com/sagernet/quic-go v0.52.0-beta.1 h1:hWkojLg64zjV+MJOvJU/kOeWndm3tiEfBLx5foisszs=
 github.com/sagernet/quic-go v0.52.0-beta.1/go.mod h1:OV+V5kEBb8kJS7k29MzDu6oj9GyMc7HA07sE1tedxz4=
 github.com/sagernet/sing v0.6.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
-github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151 h1:UCiQ1d/t5Y9uKAL9ir3i06+ClqS93OGGG8oqB82RMCE=
-github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.6.11-0.20250521033217-30d675ea099b h1:ZjTCYPb5f7aHdf1UpUvE22dVmf7BL8eQ/zLZhjgh7Wo=
+github.com/sagernet/sing v0.6.11-0.20250521033217-30d675ea099b/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-mux v0.3.2 h1:meZVFiiStvHThb/trcpAkCrmtJOuItG5Dzl1RRP5/NE=
 github.com/sagernet/sing-mux v0.3.2/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA=
-github.com/sagernet/sing-quic v0.5.0-beta.3 h1:X/acRNsqQNfDlmwE7SorHfaZiny5e67hqIzM/592ric=
-github.com/sagernet/sing-quic v0.5.0-beta.3/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0=
+github.com/sagernet/sing-quic v0.5.0-beta.2 h1:j7KAbBuGmsKwSxVAQL5soJ+wDqxim4/llK2kxB0hSKk=
+github.com/sagernet/sing-quic v0.5.0-beta.2/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0=
 github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE=
 github.com/sagernet/sing-shadowsocks v0.2.8/go.mod h1:lo7TWEMDcN5/h5B8S0ew+r78ZODn6SwVaFhvB6H+PTI=
 github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnqqs2gQ2/Qioo=
 github.com/sagernet/sing-shadowsocks2 v0.2.1/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA=
-github.com/sagernet/sing-tun v0.6.10-0.20250703121732-a0881ada3251 h1:eH9naJXvyF/DZDk0V1SYkL6ypYD+A1tUFWLcT7PRezg=
-github.com/sagernet/sing-tun v0.6.10-0.20250703121732-a0881ada3251/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
+github.com/sagernet/sing-tun v0.6.10-0.20250630100036-8763c24e4935 h1:wha4BG4mrEKaIoouVyiU5BcPfKD1n0LkiL4vqdjaVps=
+github.com/sagernet/sing-tun v0.6.10-0.20250630100036-8763c24e4935/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
 github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88 h1:0pVm8sPOel+BoiCddW3pV3cKDKEaSioVTYDdTSKjyFI=
 github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88/go.mod h1:IL8Rr+EGwuqijszZkNrEFTQDKhilEpkqFqOlvdpS6/w=
 github.com/sagernet/smux v1.5.34-mod.2 h1:gkmBjIjlJ2zQKpLigOkFur5kBKdV6bNRoFu2WkltRQ4=
--- a/option/outbound.go
+++ b/option/outbound.go
@@ -91,6 +91,7 @@ type DialerOptions struct {
 type _DomainResolveOptions struct {
 	Server       string                `json:"server"`
 	Strategy     DomainStrategy        `json:"strategy,omitempty"`
+	Timeout      badoption.Duration    `json:"timeout,omitempty"`
 	DisableCache bool                  `json:"disable_cache,omitempty"`
 	RewriteTTL   *uint32               `json:"rewrite_ttl,omitempty"`
 	ClientSubnet *badoption.Prefixable `json:"client_subnet,omitempty"`
@@ -102,6 +103,7 @@ func (o DomainResolveOptions) MarshalJSON() ([]byte, error) {
 	if o.Server == "" {
 		return []byte("{}"), nil
 	} else if o.Strategy == DomainStrategy(C.DomainStrategyAsIS) &&
+		o.Timeout == 0 &&
 		!o.DisableCache &&
 		o.RewriteTTL == nil &&
 		o.ClientSubnet == nil {
--- a/option/rule_action.go
+++ b/option/rule_action.go
@@ -180,6 +180,7 @@ func (r *RouteOptionsActionOptions) UnmarshalJSON(data []byte) error {
 type DNSRouteActionOptions struct {
 	Server       string                `json:"server,omitempty"`
 	Strategy     DomainStrategy        `json:"strategy,omitempty"`
+	Timeout      badoption.Duration    `json:"timeout,omitempty"`
 	DisableCache bool                  `json:"disable_cache,omitempty"`
 	RewriteTTL   *uint32               `json:"rewrite_ttl,omitempty"`
 	ClientSubnet *badoption.Prefixable `json:"client_subnet,omitempty"`
@@ -187,6 +188,7 @@ type DNSRouteActionOptions struct {

 type _DNSRouteOptionsActionOptions struct {
 	Strategy     DomainStrategy        `json:"strategy,omitempty"`
+	Timeout      badoption.Duration    `json:"timeout,omitempty"`
 	DisableCache bool                  `json:"disable_cache,omitempty"`
 	RewriteTTL   *uint32               `json:"rewrite_ttl,omitempty"`
 	ClientSubnet *badoption.Prefixable `json:"client_subnet,omitempty"`
--- a/protocol/tun/inbound.go
+++ b/protocol/tun/inbound.go
@@ -130,15 +130,9 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		deprecated.Report(ctx, deprecated.OptionTUNGSO)
 	}

-	platformInterface := service.FromContext[platform.Interface](ctx)
 	tunMTU := options.MTU
 	if tunMTU == 0 {
-		if platformInterface != nil && platformInterface.UnderNetworkExtension() {
-			// In Network Extension, when MTU exceeds 4064 (4096-UTUN_IF_HEADROOM_SIZE), the performance of tun will drop significantly, which may be a system bug.
-			tunMTU = 4064
-		} else {
-			tunMTU = 9000
-		}
+		tunMTU = 9000
 	}
 	var udpTimeout time.Duration
 	if options.UDPTimeout != 0 {
@@ -214,7 +208,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		},
 		udpTimeout:        udpTimeout,
 		stack:             options.Stack,
-		platformInterface: platformInterface,
+		platformInterface: service.FromContext[platform.Interface](ctx),
 		platformOptions:   common.PtrValueOrDefault(options.Platform),
 	}
 	for _, routeAddressSet := range options.RouteAddressSet {
--- a/route/conn.go
+++ b/route/conn.go
@@ -277,7 +277,7 @@ func (m *ConnectionManager) connectionCopy(ctx context.Context, source net.Conn,
 			return
 		}
 	}
-	_, err := bufio.CopyWithCounters(destinationWriter, sourceReader, source, readCounters, writeCounters, bufio.DefaultIncreaseBufferAfter)
+	_, err := bufio.CopyWithCounters(destinationWriter, sourceReader, source, readCounters, writeCounters)
 	if err != nil {
 		common.Close(source, destination)
 	} else if duplexDst, isDuplex := destination.(N.WriteCloser); isDuplex {
--- a/route/network.go
+++ b/route/network.go
@@ -76,6 +76,7 @@ func NewNetworkManager(ctx context.Context, logger logger.ContextLogger, routeOp
 			DomainResolver: defaultDomainResolver.Server,
 			DomainResolveOptions: adapter.DNSQueryOptions{
 				Strategy:     C.DomainStrategy(defaultDomainResolver.Strategy),
+				Timeout:      time.Duration(defaultDomainResolver.Timeout),
 				DisableCache: defaultDomainResolver.DisableCache,
 				RewriteTTL:   defaultDomainResolver.RewriteTTL,
 				ClientSubnet: defaultDomainResolver.ClientSubnet.Build(netip.Prefix{}),
--- a/route/route.go
+++ b/route/route.go
@@ -666,6 +666,7 @@ func (r *Router) actionResolve(ctx context.Context, metadata *adapter.InboundCon
 		addresses, err := r.dns.Lookup(adapter.WithContext(ctx, metadata), metadata.Destination.Fqdn, adapter.DNSQueryOptions{
 			Transport:    transport,
 			Strategy:     action.Strategy,
+			Timeout:      action.Timeout,
 			DisableCache: action.DisableCache,
 			RewriteTTL:   action.RewriteTTL,
 			ClientSubnet: action.ClientSubnet,
--- a/route/rule/rule_action.go
+++ b/route/rule/rule_action.go
@@ -113,6 +113,7 @@ func NewDNSRuleAction(logger logger.ContextLogger, action option.DNSRuleAction)
 			Server: action.RouteOptions.Server,
 			RuleActionDNSRouteOptions: RuleActionDNSRouteOptions{
 				Strategy:     C.DomainStrategy(action.RouteOptions.Strategy),
+				Timeout:      time.Duration(action.RouteOptions.Timeout),
 				DisableCache: action.RouteOptions.DisableCache,
 				RewriteTTL:   action.RouteOptions.RewriteTTL,
 				ClientSubnet: netip.Prefix(common.PtrValueOrDefault(action.RouteOptions.ClientSubnet)),
@@ -121,6 +122,7 @@ func NewDNSRuleAction(logger logger.ContextLogger, action option.DNSRuleAction)
 	case C.RuleActionTypeRouteOptions:
 		return &RuleActionDNSRouteOptions{
 			Strategy:     C.DomainStrategy(action.RouteOptionsOptions.Strategy),
+			Timeout:      time.Duration(action.RouteOptionsOptions.Timeout),
 			DisableCache: action.RouteOptionsOptions.DisableCache,
 			RewriteTTL:   action.RouteOptionsOptions.RewriteTTL,
 			ClientSubnet: netip.Prefix(common.PtrValueOrDefault(action.RouteOptionsOptions.ClientSubnet)),
@@ -235,20 +237,13 @@ func (r *RuleActionDNSRoute) Type() string {
 func (r *RuleActionDNSRoute) String() string {
 	var descriptions []string
 	descriptions = append(descriptions, r.Server)
-	if r.DisableCache {
-		descriptions = append(descriptions, "disable-cache")
-	}
-	if r.RewriteTTL != nil {
-		descriptions = append(descriptions, F.ToString("rewrite-ttl=", *r.RewriteTTL))
-	}
-	if r.ClientSubnet.IsValid() {
-		descriptions = append(descriptions, F.ToString("client-subnet=", r.ClientSubnet))
-	}
+	descriptions = append(descriptions, r.Descriptions()...)
 	return F.ToString("route(", strings.Join(descriptions, ","), ")")
 }

 type RuleActionDNSRouteOptions struct {
 	Strategy     C.DomainStrategy
+	Timeout      time.Duration
 	DisableCache bool
 	RewriteTTL   *uint32
 	ClientSubnet netip.Prefix
@@ -259,7 +254,17 @@ func (r *RuleActionDNSRouteOptions) Type() string {
 }

 func (r *RuleActionDNSRouteOptions) String() string {
+	return F.ToString("route-options(", strings.Join(r.Descriptions(), ","), ")")
+}
+
+func (r *RuleActionDNSRouteOptions) Descriptions() []string {
 	var descriptions []string
+	if r.Strategy != C.DomainStrategyAsIS {
+		descriptions = append(descriptions, F.ToString("strategy=", option.DomainStrategy(r.Strategy)))
+	}
+	if r.Timeout > 0 {
+		descriptions = append(descriptions, F.ToString("timeout=", r.Timeout.String()))
+	}
 	if r.DisableCache {
 		descriptions = append(descriptions, "disable-cache")
 	}
@@ -269,7 +274,7 @@ func (r *RuleActionDNSRouteOptions) String() string {
 	if r.ClientSubnet.IsValid() {
 		descriptions = append(descriptions, F.ToString("client-subnet=", r.ClientSubnet))
 	}
-	return F.ToString("route-options(", strings.Join(descriptions, ","), ")")
+	return descriptions
 }

 type RuleActionDirect struct {
@@ -421,6 +426,7 @@ func (r *RuleActionSniff) String() string {
 type RuleActionResolve struct {
 	Server       string
 	Strategy     C.DomainStrategy
+	Timeout      time.Duration
 	DisableCache bool
 	RewriteTTL   *uint32
 	ClientSubnet netip.Prefix
@@ -438,6 +444,9 @@ func (r *RuleActionResolve) String() string {
 	if r.Strategy != C.DomainStrategyAsIS {
 		options = append(options, F.ToString(option.DomainStrategy(r.Strategy)))
 	}
+	if r.Timeout > 0 {
+		options = append(options, F.ToString("timeout=", r.Timeout.String()))
+	}
 	if r.DisableCache {
 		options = append(options, "disable_cache")
 	}
--- a/transport/v2rayhttp/conn.go
+++ b/transport/v2rayhttp/conn.go
@@ -31,9 +31,6 @@ type HTTPConn struct {
 }

 func NewHTTP1Conn(conn net.Conn, request *http.Request) *HTTPConn {
-	if request.Header.Get("Host") == "" {
-		request.Header.Set("Host", request.Host)
-	}
 	return &HTTPConn{
 		Conn:    conn,
 		request: request,
@@ -92,6 +89,9 @@ func (c *HTTPConn) writeRequest(payload []byte) error {
 	if err != nil {
 		return err
 	}
+	if c.request.Header.Get("Host") == "" {
+		c.request.Header.Set("Host", c.request.Host)
+	}
 	for key, value := range c.request.Header {
 		_, err = writer.Write([]byte(F.ToString(key, ": ", strings.Join(value, ", "), CRLF)))
 		if err != nil {
Author	SHA1	Message	Date
世界	0d8c15932f	Add options to custom DNS query timeout	2025-06-30 18:29:00 +08:00
世界	70371c3cbe	documentation: Bump version	2025-06-30 18:28:16 +08:00
世界	32bc8b48f1	Improve nftables rules for openwrt	2025-06-30 18:27:33 +08:00
世界	b5df508bc9	Fixed DoH server recover from conn freezes	2025-06-30 18:24:48 +08:00
世界	4789846113	Update libresolv usage	2025-06-29 19:20:31 +08:00
yu	ad94f94cfb	documentation: Update client configuration manual	2025-06-29 19:11:15 +08:00
yanwo	1f9de9f321	documentation: Fix typo Signed-off-by: yanwo <ogilvy@gmail.com>	2025-06-29 19:11:15 +08:00
anytinz	344bbf9494	documentation: Fix wrong SideStore loopback ip	2025-06-29 18:57:04 +08:00
世界	b7e16e70ab	Revert "release: Add IPA build" After testing, it seems that since extensions are not handled correctly, it cannot be installed by SideStore.	2025-06-29 18:57:04 +08:00
世界	391153ecb8	release: Add IPA build	2025-06-29 18:57:03 +08:00
世界	3d821db0b2	Add API to dump AdGuard rules	2025-06-29 18:57:03 +08:00
Sukka	344ecd3798	Improve AdGuard rule-set parser	2025-06-29 18:57:03 +08:00
Restia-Ashbell	a8a3f863cd	Add ECH support for uTLS	2025-06-29 18:57:02 +08:00
世界	ea190ca428	Improve TLS fragments	2025-06-29 18:57:02 +08:00
世界	e65b78d1e4	Add cache support for ssm-api	2025-06-29 18:57:02 +08:00
世界	84f7d80da7	Fix service will not be closed	2025-06-29 18:57:02 +08:00
世界	2b57eb0b30	Add loopback address support for tun	2025-06-29 18:57:01 +08:00
世界	9884f81298	Fix tproxy listener	2025-06-29 18:57:01 +08:00
世界	8493b4f1da	Fix systemd package	2025-06-29 18:57:01 +08:00
世界	8f1a8add85	Fix missing home for derp service	2025-06-29 18:57:01 +08:00
Zero Clover	85ee6bb266	documentation: Fix services	2025-06-29 18:57:01 +08:00
世界	c4387f7c37	Fix `dns.client_subnet` ignored	2025-06-29 18:57:01 +08:00
世界	dcb7a5caed	documentation: Minor fixes	2025-06-29 18:57:00 +08:00
世界	ae77cdeedd	Fix tailscale forward	2025-06-29 18:57:00 +08:00
世界	ec05d4e5e3	Minor fixes	2025-06-29 18:56:59 +08:00
世界	1f766d2b89	Add SSM API service	2025-06-29 18:56:59 +08:00
世界	a5a6c1f7d4	Add resolved service and DNS server	2025-06-29 18:56:59 +08:00
世界	cd43786279	Add DERP service	2025-06-29 18:56:59 +08:00
世界	43a211db28	Add service component type	2025-06-29 18:56:58 +08:00
世界	d4f6bdf792	Fix tproxy tcp control	2025-06-29 18:56:58 +08:00
愚者	99cf27bedd	release: Fix build tags for android Signed-off-by: 愚者 <11926619+FansChou@users.noreply.github.com>	2025-06-29 18:56:58 +08:00
世界	0a14c5ab1f	prevent creation of bind and mark controls on unsupported platforms	2025-06-29 18:56:58 +08:00
PuerNya	533b31e1f6	documentation: Fix description of reject DNS action behavior	2025-06-29 18:56:57 +08:00
Restia-Ashbell	8ed6523872	Fix TLS record fragment	2025-06-29 18:56:57 +08:00
世界	e5c162222d	Add missing `accept_routes` option for Tailscale	2025-06-29 18:56:57 +08:00
世界	88babbf3a7	Add TLS record fragment support	2025-06-29 18:56:56 +08:00
世界	49a03e0b23	Fix set edns0 client subnet	2025-06-29 18:56:56 +08:00
世界	9a8e9a34c0	Update minor dependencies	2025-06-29 18:56:56 +08:00
世界	17551db7be	Update certmagic and providers	2025-06-29 18:56:56 +08:00
世界	83201bb088	Update protobuf and grpc	2025-06-29 18:56:56 +08:00
世界	f0f1942f1f	Add control options for listeners	2025-06-29 18:56:55 +08:00
世界	c7e318be61	Update quic-go to v0.52.0	2025-06-29 18:56:54 +08:00
世界	2a5e0d0c92	Update utls to v1.7.2	2025-06-29 18:56:54 +08:00
世界	956e485342	Handle EDNS version downgrade	2025-06-29 18:56:54 +08:00
世界	23ede74e74	documentation: Fix anytls padding scheme description	2025-06-29 18:56:54 +08:00
安容	03317e61dd	Report invalid DNS address early	2025-06-29 18:56:54 +08:00
世界	fc81bd9a5b	Fix wireguard `listen_port`	2025-06-29 18:56:53 +08:00
世界	4d406cad84	clash-api: Add more meta api	2025-06-29 18:56:53 +08:00
世界	1f0282de9c	Fix DNS lookup	2025-06-29 18:56:53 +08:00
世界	b097912418	Fix fetch ECH configs	2025-06-29 18:56:52 +08:00
reletor	056c29e73a	documentation: Minor fixes	2025-06-29 18:56:52 +08:00
caelansar	7aa0a57e60	Fix callback deletion in UDP transport	2025-06-29 18:56:52 +08:00
世界	2673e64bcb	documentation: Try to make the play review happy	2025-06-29 18:56:51 +08:00
世界	3d3c1709d7	Fix missing handling of legacy `domain_strategy` options	2025-06-29 18:56:51 +08:00
世界	9de29a590f	Improve local DNS server	2025-06-29 18:56:50 +08:00
anytls	a5282b08ec	Update anytls Co-authored-by: anytls <anytls>	2025-06-29 18:56:50 +08:00
世界	b26c2083bf	Fix DNS dialer	2025-06-29 18:56:50 +08:00
世界	c1f4c691dc	release: Skip override version for iOS	2025-06-29 18:56:49 +08:00
iikira	c0ef6eb728	Fix UDP DNS server crash Signed-off-by: iikira <i2@mail.iikira.com>	2025-06-29 18:56:49 +08:00
ReleTor	074d61021f	Fix fetch ECH configs	2025-06-29 18:56:49 +08:00
世界	246c9d4e40	Allow direct outbounds without `domain_resolver`	2025-06-29 18:56:49 +08:00
世界	3e3466c8d7	Fix Tailscale dialer	2025-06-29 18:56:48 +08:00
dyhkwong	f73415a732	Fix DNS over QUIC stream close	2025-06-29 18:56:48 +08:00
anytls	ecabe9ffe1	Update anytls Co-authored-by: anytls <anytls>	2025-06-29 18:56:48 +08:00
Rambling2076	2dae1ee284	Fix missing `with_tailscale` in Dockerfile Signed-off-by: Rambling2076 <Rambling2076@proton.me>	2025-06-29 18:56:47 +08:00
世界	2afb24d698	Fail when default DNS server not found	2025-06-29 18:56:47 +08:00
世界	ade83ee758	Update gVisor to 20250319.0	2025-06-29 18:56:47 +08:00
世界	ac9c300ca7	Explicitly reject detour to empty direct outbounds	2025-06-29 18:56:47 +08:00
世界	e6eb3cec2b	Add netns support	2025-06-29 18:56:46 +08:00
世界	601b79371b	Add wildcard name support for predefined records	2025-06-29 18:56:46 +08:00
世界	56b957d30d	Remove map usage in options	2025-06-29 18:56:45 +08:00
世界	eb87b1a708	Fix unhandled DNS loop	2025-06-29 18:56:45 +08:00
世界	c0a5561bd4	Add wildcard-sni support for shadow-tls inbound	2025-06-29 18:56:45 +08:00
k9982874	4a3fe1d41c	Add ntp protocol sniffing	2025-06-29 18:56:45 +08:00
世界	4cbbcfb04d	option: Fix marshal legacy DNS options	2025-06-29 18:56:44 +08:00
世界	b3ad4e0e39	Make `domain_resolver` optional when only one DNS server is configured	2025-06-29 18:56:44 +08:00
世界	49f9c0011d	Fix DNS lookup context pollution	2025-06-29 18:56:44 +08:00
世界	c8c165af87	Fix http3 DNS server connecting to wrong address	2025-06-29 18:56:43 +08:00
Restia-Ashbell	3f790ff8c9	documentation: Fix typo	2025-06-29 18:56:43 +08:00
anytls	f2272ae1e7	Update sing-anytls Co-authored-by: anytls <anytls>	2025-06-29 18:56:43 +08:00
k9982874	b40c264c0a	Fix hosts DNS server	2025-06-29 18:56:43 +08:00
世界	29fc8d6a86	Fix UDP DNS server crash	2025-06-29 18:56:43 +08:00
世界	46ca27c926	documentation: Fix missing `ip_accept_any` DNS rule option	2025-06-29 18:56:42 +08:00
世界	243a5dd477	Fix anytls dialer usage	2025-06-29 18:56:42 +08:00
世界	844e9f09a6	Move predefined DNS server to rule action	2025-06-29 18:56:41 +08:00
世界	9aa673f79e	Fix domain resolver on direct outbound	2025-06-29 18:56:41 +08:00
Zephyruso	5abd74ffe3	Fix missing AnyTLS display name	2025-06-29 18:56:41 +08:00
anytls	68a32960bd	Update sing-anytls Co-authored-by: anytls <anytls>	2025-06-29 18:56:41 +08:00
Estel	1e62e3e5d4	documentation: Fix typo Signed-off-by: Estel <callmebedrockdigger@gmail.com>	2025-06-29 18:56:41 +08:00
TargetLocked	40c03a9913	Fix parsing legacy DNS options	2025-06-29 18:56:40 +08:00
世界	2ea4029868	Fix DNS fallback	2025-06-29 18:56:40 +08:00
世界	66f5cdd014	documentation: Fix missing hosts DNS server	2025-06-29 18:56:39 +08:00
anytls	89da2b6355	Add MinIdleSession option to AnyTLS outbound Co-authored-by: anytls <anytls>	2025-06-29 18:56:39 +08:00
ReleTor	ee2b8498e6	documentation: Minor fixes	2025-06-29 18:56:39 +08:00
libtry486	b1eaf537bd	documentation: Fix typo fix typo Signed-off-by: libtry486 <89328481+libtry486@users.noreply.github.com>	2025-06-29 18:56:39 +08:00
Alireza Ahmadi	63739c1621	Fix Outbound deadlock	2025-06-29 18:56:38 +08:00
世界	3c8ddee029	documentation: Fix AnyTLS doc	2025-06-29 18:56:38 +08:00
anytls	23aad70045	Add AnyTLS protocol	2025-06-29 18:56:38 +08:00
世界	0d67b51267	Migrate to stdlib ECH support	2025-06-29 18:56:37 +08:00
世界	c02f939265	Add fallback local DNS server for iOS	2025-06-29 18:56:37 +08:00
世界	36b84e25c2	Get darwin local DNS server from libresolv	2025-06-29 18:56:37 +08:00
世界	9fd4b0e9ae	Improve resolve action	2025-06-29 18:56:36 +08:00
世界	e68cdcc98a	Add back port hopping to hysteria 1	2025-06-29 18:56:36 +08:00
xchacha20-poly1305	2691617c5e	Remove single quotes of raw Moziila certs	2025-06-29 18:56:35 +08:00
世界	04056a1357	Add Tailscale endpoint	2025-06-29 18:56:35 +08:00
世界	faac858e5d	Build legacy binaries with latest Go	2025-06-29 18:56:35 +08:00
世界	a818c8abeb	documentation: Remove outdated icons	2025-06-29 18:56:34 +08:00
世界	15cbe9fc87	documentation: Certificate store	2025-06-29 18:56:34 +08:00
世界	e186f2d31e	documentation: TLS fragment	2025-06-29 18:56:34 +08:00
世界	e9323481a4	documentation: Outbound domain resolver	2025-06-29 18:56:33 +08:00
世界	a0a41ff2bb	documentation: Refactor DNS	2025-06-29 18:56:33 +08:00
世界	549daf9d41	Add certificate store	2025-06-29 18:56:33 +08:00
世界	fa370f7d04	Add TLS fragment support	2025-06-29 18:56:33 +08:00
世界	795cb17bfa	refactor: Outbound domain resolver	2025-06-29 18:56:32 +08:00
世界	00d8add761	refactor: DNS	2025-06-29 18:56:32 +08:00