diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 7283c8f..1b5014a 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -688,6 +688,46 @@ sing_box_inbound_proxy() { }' > $SING_BOX_CONFIG } +get_doh_url() { + local dns_server="$1" + local url="" + + # Special case for Quad9 servers + if echo "$dns_server" | grep -q "quad9.net" || \ + echo "$dns_server" | grep -qE "^9\.9\.9\.(9|10|11)$|^149\.112\.112\.(112|10|11)$|^2620:fe::(fe|9|10|11)$|^2620:fe::fe:(10|11)$"; then + url="https://$dns_server:5053/dns-query" + if curl --connect-timeout 3 -s -o /dev/null -w "%{http_code}" -H "accept: application/dns-json" "$url?name=example.com&type=A" 2>/dev/null | grep -q "200"; then + echo "$url" + return 0 + fi + fi + + # Try standard DoH path first (most common) + url="https://$dns_server/dns-query" + if curl --connect-timeout 3 -s -o /dev/null -w "%{http_code}" -H "accept: application/dns-json" "$url?name=example.com&type=A" 2>/dev/null | grep -q "200"; then + echo "$url" + return 0 + fi + + # Try alternative path + url="https://$dns_server/resolve" + if curl --connect-timeout 3 -s -o /dev/null -w "%{http_code}" -H "accept: application/dns-json" "$url?name=example.com&type=A" 2>/dev/null | grep -q "200"; then + echo "$url" + return 0 + fi + + # Try root path + url="https://$dns_server" + if curl --connect-timeout 3 -s -o /dev/null -w "%{http_code}" -H "accept: application/dns-json" "$url?name=example.com&type=A" 2>/dev/null | grep -q "200"; then + echo "$url" + return 0 + fi + + # If no paths worked, return error + echo "error: no working DoH endpoint found for $dns_server" + return 1 +} + sing_box_dns() { local dns_type local dns_server @@ -711,25 +751,30 @@ sing_box_dns() { fi log "Configure DNS in sing-box" + + local dns_address="" + if [ "$dns_type" = "doh" ]; then + dns_address=$(get_doh_url "$dns_server") + if [ $? -ne 0 ] || [ "${dns_address#error:}" != "$dns_address" ]; then + log "[critical] Failed to get working DoH URL for $dns_server" + exit 1 + fi + elif [ "$dns_type" = "dot" ]; then + dns_address="tls://$dns_server" + else + dns_address="$dns_server" + fi server_json=$(jq -n \ --arg type "$dns_type" \ - --arg server "$dns_server" \ + --arg address "$dns_address" \ --arg resolver "$resolver_tag" \ --arg is_ip "$is_ip" \ '{ "servers": [ { "tag": "dns-server", - "address": ( - if $type == "doh" then - "https://" + $server + "/dns-query" - elif $type == "dot" then - "tls://" + $server - else - $server - end - ), + "address": $address, "detour": "direct-out" } + ( if $is_ip == "0" then @@ -2078,20 +2123,8 @@ check_dns_available() { fi if [ "$dns_type" = "doh" ]; then - local result="" - - if echo "$dns_server" | grep -q "quad9.net" || \ - echo "$dns_server" | grep -qE "^9\.9\.9\.(9|10|11)$|^149\.112\.112\.(112|10|11)$|^2620:fe::(fe|9|10|11)$|^2620:fe::fe:(10|11)$"; then - result=$(curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$dns_server:5053/dns-query?name=itdog.info&type=A") - else - result=$(curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$dns_server/dns-query?name=itdog.info&type=A") - if [ $? -eq 0 ] && echo "$result" | grep -q "data"; then - is_available=1 - status="available" - else - result=$(curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$dns_server/resolve?name=itdog.info&type=A") - fi - fi + local doh_url=$(get_doh_url "$dns_server") + local result=$(curl --connect-timeout 5 -s -H "accept: application/dns-json" "$doh_url?name=itdog.info&type=A") if [ $? -eq 0 ] && echo "$result" | grep -q "data"; then is_available=1