github yandexru45/netshift 0.9.3

4 hours ago

NetShift 0.9.3

What's new

DNS-via-outbound routing modes — the dns_outbound_mode UCI option
(single | multi | paranoid, default single) now steers
resolver queries that reach sing-box via the dns-in inbound
(127.0.0.42:53) through the chosen proxy outbound in multi/paranoid mode.
This makes recursive-aware multi-resolver proxy work end-to-end: a query
lands on the internal DNS, gets routed through the same outbound as the
rest of the section, and resolves against the panel's recursive chain
instead of the upstream ISP resolver.

The single mode keeps the byte-identical behaviour from 0.9.2
(no regression for users who don't touch the option).

Internals

  • netshift/files/etc/config/netshift: new commented option
    dns_outbound_mode with a usage hint
  • netshift/files/usr/bin/netshift: sing_box_configure_dns case
    arm — appends a dns.rules[] entry with action=route,
    inbound=[dns-in], outbound=<vpn-tag> for multi/paranoid; emits
    a fail-open warn when dns_detour_tag is empty; logs unknown-mode
    values and falls back to single
  • netshift/files/usr/lib/constants.sh: SB_DNS_INBOUND_ROUTING_TAG
    ("dns-inbound-routing-rule-tag") — internal tag for the appended
    rule, stripped on save via the existing __service_tag mechanism
  • tests/entrypoint.sh: +2 gates
    (dns-multi-fail-open-production-warn, dns-multi-unknown-mode-warn).
    Smoke suite 24/4 OK

Compatibility

  • single (default) is byte-identical to 0.9.2 — safe drop-in upgrade.
  • No changes to runtime contract (ports, marks, nft, dnsmasq, UCI schema
    default).
  • No changes to sing-box minimum version (1.12.0).

Don't miss a new netshift release

NewReleases is sending notifications on new releases.