Built-in DNS Service

Custom Upstream DNS Servers

Stash supports configuring multiple DNS servers simultaneously. When making a query, Stash will request all servers concurrently and use the quickest response. Stash supports the following DNS protocols:

Use system-provided DNS: system
DNS over UDP: 8.8.8.8 or udp://8.8.8.8
DNS over TCP: tcp://8.8.8.8
DNS over TLS (opens in a new tab): tls://8.8.8.8:853 or dot://8.8.8.8:853
DNS over HTTPS (opens in a new tab): https://1.1.1.1/dns-query or doh://1.1.1.1/dns-query
DNS over QUIC (opens in a new tab): quic://dns.adguard.com:853 or doq://dns.adguard.com:853

default-nameserver is used to resolve domain names for DNS services and only accepts the IP address of DNS servers.

dns:
  # The following DNS servers will be used to resolve domain names for DNS services.
  # Only enter the IP addresses of DNS servers.
  default-nameserver:
    - 223.5.5.5
    - 114.114.114.114
  # Supports DNS services using UDP / TCP / DoT / DoH / DoQ protocols and can specify the specific connection port number.
  # All DNS requests will be sent directly to the server and will not go through any proxy.
  # Stash will reply to DNS requests with the fastest obtained resolution record.
  nameserver:
    # It is not recommended to configure more than 2 DNS servers, as it will increase system power consumption.
    - https://doh.pub/dns-query
    - https://dns.alidns.com/dns-query
    - quic://dns.adguard.com:853
    - doq://test.dns.nextdns.io:853
    - system # Use iOS system DNS
 
  # Skip certificate verification to resolve some compatibility issues https://help.nextdns.io/t/g9hdkjz
  skip-cert-verify: true

Stash uses the LRU algorithm to cache DNS queries locally. When the local cache expires, Stash will continue to use the cached result and silently update the record in the background, effectively reducing the request delay caused by DNS cache expiration.

Domain-Based Custom DNS Service

nameserver-policy can use a specific DNS server for a specified domain name.

dns:
  # Use a specific DNS server for certain domain names
  nameserver-policy:
    'www.baidu.com': 114.114.114.114
    '+.internal.crop.com': system

Custom Hosts

# Supports wildcard domains (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names have a higher priority than wildcard domain names (e.g. foo.example.com > *.example.com > .example.com)
# Note: the effect of +.foo.com is equivalent to .foo.com and foo.com
hosts:
  '*.clash.dev': 127.0.0.1
  '.dev': 127.0.0.1
  'alpha.clash.dev': '::1'

Scheduled Tasks Provide Proxy for Local Network Devices