Built-in DNS Service
Custom Upstream DNS Servers
Stash supports the configuration of multiple DNS servers at the same time. When making a query, Stash will concurrently request all servers and adopt the fastest response. Stash supports the following DNS protocols:
- Using the system-provided DNS:
system
- DNS over UDP:
8.8.8.8
orudp://8.8.8.8
- DNS over TCP:
tcp://8.8.8.8
- DNS over TLS (opens in a new tab):
tls://8.8.8.8:853
ordot://8.8.8.8:853
- DNS over HTTPS (opens in a new tab):
https://1.1.1.1/dns-query
ordoh://1.1.1.1/dns-query
- DNS over HTTP/3:
http3://1.1.1.1/dns-query
ordoh3://1.1.1.1/dns-query
- DNS over QUIC (opens in a new tab):
quic://dns.adguard.com:853
ordoq://dns.adguard.com:853
default-nameserver
will be used to resolve the domain name of the DNS service, only the IP address of the DNS server can be filled in.
dns:
# The following DNS servers will be used to resolve the domain name of the DNS service
# Only fill in the IP address of the DNS server
default-nameserver:
- 223.5.5.5
- 114.114.114.114
# DNS services supporting UDP / TCP / DoT / DoH / DoQ protocols, can specify the specific connection port number.
# All DNS requests will be sent directly to the server, without going through any proxy.
# Stash will use the first obtained resolution record to reply to the DNS request
nameserver:
# It is not recommended to configure more than 2 DNS servers, which will increase system power consumption
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
- quic://dns.adguard.com:853
- doq://test.dns.nextdns.io:853
- system # Use iOS system DNS
# Skip certificate verification, solve some compatibility issues https://help.nextdns.io/t/g9hdkjz
skip-cert-verify: true
# DNS query follows proxy rules
follow-rule: false
Stash will use the LRU algorithm for local caching of DNS queries. When the local cache expires, Stash will continue to use the cache result and silently update the record in the background, which will effectively reduce the request delay caused by DNS cache expiration.
Domain-based Custom DNS Service
nameserver-policy
can use a specific DNS server for a specified domain name.
dns:
# Use separate DNS servers for some domain names
nameserver-policy:
'www.baidu.com': 114.114.114.114
'+.internal.crop.com': system
Custom Hosts
# Support wildcard domain names (for example: *.clash.dev, *.foo.*.example.com)
# Domain names without wildcards have higher priority than those with wildcards (for example: foo.example.com > *.example.com > .example.com)
# Note: The effect of +.foo.com is equivalent to .foo.com and foo.com
hosts:
'*.clash.dev': 127.0.0.1
'.dev': 127.0.0.1
'alpha.clash.dev': '::1'
DNS Query Follows Rules
By default, all DNS queries sent by Stash will go directly outbound, without being forwarded by any proxy rules. After enabling the follow-rule
option, Stash will forward DNS queries according to the proxy rules.
In most scenarios, this configuration does not need to be enabled. After the DNS query is forwarded by the proxy, it may disrupt the global optimization strategy of the cloud service provider's CDN, causing slow loading of static resources. The DNS query request entering the Stash network engine will also cause a slight increase in delay.
Please only enable this configuration when necessary.
Since connecting to the proxy server may require DNS resolution, there will be a problem of recursive queries after the DNS query is forwarded by the proxy. Before enabling this configuration, please ensure that one of the following conditions is met:
- The proxy address forwarding the DNS request is an IP address, not a domain name
- The DNS server address is an IP address, not a domain name