mixin:
  dns:
    enable: true
    enhanced-mode: fake-ip
    listen: '0.0.0.0:53'
    ipv6: true
    default-nameserver:
      - 'tls://[2400:3200::1]:853'
      - 'tls://[2400:3200:baba::1]:853'
      - 'tls://223.5.5.5:853'
      - 'tls://223.6.6.6:853' #阿里加密DNS
      - 'tls://1.12.12.12:853'
      - 'tls://120.53.53.53:853' #DNSPOD加密DNS
    nameserver:
      - 'tls://[2400:3200::1]:853'
      - 'tls://[2400:3200:baba::1]:853'
      - 'tls://223.5.5.5:853'
      - 'tls://223.6.6.6:853' #阿里加密DNS
      - 'tls://1.12.12.12:853'
      - 'tls://120.53.53.53:853' #DNSPOD加密DNS
    fallback:
      - 'tls://dns.google:853' #Google加密DNS(支持ECS)
      - 'https://doh.opendns.com/dns-query' #Cisco OpenDNS加密DNS(支持ECS)
      - 'https://dns11.quad9.net/dns-query' #IBM Quad9加密DNS(支持ECS)
      - 'https://101.101.101.101/dns-query' #TWNIC加密DNS(支持ECS)
    fake-ip-filter:
      - '*.msftncsi.com'
      - '*.msftconnecttest.com'
      - +.lan
      - +.cn
      - +.10010.com
      - +.chinaunicom.com
      - +.baidu.com
      - '*.alipay.com'
      - '*.alipayobjects.com'
      - '*.jijifun.com'
      - connect.rom.miui.com
      - localhost.ptlogin2.qq.com
      - dl.google.com
      - +.stun.*.*
      - +.stun.*.*.*
      - +.stun.*.*.*.*
      - +.stun.*.*.*.*.*
      - lens.l.google.com
      - '*.n.n.srv.nintendo.net'
      - +.stun.playstation.net
      - '*.mcdn.bilivideo.cn'
      - ntp.ntsc.ac.cn
    fallback-filter:
      geoip: true
      geoip-code: CN
      ipcidr:
        - 0.0.0.0/32
        - 127.0.0.1/32
        - 240.0.0.0/4
        - '::/128'
        - '::1/128'
  tun:
    enable: true
    stack: gvisor #改成system可提高性能,但需要在Windows防火墙放行Clash流量
    auto-detect-interface: true
    auto-route: true
    dns-hijack:
      - '198.18.0.2:53'