📝 Release Notes
- Refactor DNS servers 1
- Add domain resolver options2
- Add TLS fragment route options 3
- Add certificate options 4
1:
DNS servers are refactored for better performance and scalability.
See DNS server.
For migration, see Migrate to new DNS server formats.
Compatibility for old formats will be removed in sing-box 1.14.0.
2:
Legacy outbound DNS rules are deprecated
and can be replaced by the new domain_resolver option.
See Dial Fields and Route.
For migration, see Migrate outbound DNS rule items to domain resolver.
3:
The new TLS fragment route options allow you to fragment TLS handshakes to bypass firewalls.
This feature is intended to circumvent simple firewalls based on plaintext packet matching, and should not be used to circumvent real censorship.
Since it is not designed for performance, it should not be applied to all connections, but only to server names that are known to be blocked.
See Route Action.
4:
New certificate options allow you to manage the default list of trusted X509 CA certificates.
For the system certificate list, fixed Go not reading Android trusted certificates correctly.
You can also use the Mozilla Included List instead, or add trusted certificates yourself.
See Certificate.