Add --dns-local and --dns-local-cn support. Rename --china-direct to --cn-direct

Dockerfile.amd64

@@ -8,6 +8,7 @@ RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/re
 RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
 
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf
+RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
 
@@ -23,19 +24,18 @@ COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/
 COPY --from=builder /tmp/geosite.dat /usr/local/bin/
 COPY --from=builder /tmp/geoip.dat /usr/local/bin/
 
-RUN mkdir -p /etc/dnsmasq-china.d
+RUN mkdir -p /etc/dnsmasq.disable
 
-COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq-china.d/
-COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq-china.d/
-COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq-china.d/
+COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/google.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq.disable/
 
 RUN apk update && apk add bash openssl curl jq moreutils \
-    bind-tools whois dnsmasq ca-certificates proxychains-ng npm
+    whois dnsmasq ca-certificates proxychains-ng npm
 RUN npm config set unsafe-perm true
 RUN npm install -g qrcode-terminal
 
-RUN echo -e "no-resolv\nserver=127.0.0.1#5353" >/etc/dnsmasq.d/upstream.conf
-
 RUN sed -i "s/^socks4.*/socks5\t127.0.0.1 1080/g" /etc/proxychains/proxychains.conf
 
 ADD proxy-ltx.sh    /proxy-ltx.sh

Dockerfile.arm

@@ -8,6 +8,7 @@ RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/re
 RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
 
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf
+RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
 
@@ -23,19 +24,18 @@ COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/
 COPY --from=builder /tmp/geosite.dat /usr/local/bin/
 COPY --from=builder /tmp/geoip.dat /usr/local/bin/
 
-RUN mkdir -p /etc/dnsmasq-china.d
+RUN mkdir -p /etc/dnsmasq.disable
 
-COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq-china.d/
-COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq-china.d/
-COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq-china.d/
+COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/google.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq.disable/
 
 RUN apk update && apk add bash openssl curl jq moreutils \
-    bind-tools whois dnsmasq ca-certificates proxychains-ng npm
+    whois dnsmasq ca-certificates proxychains-ng npm
 RUN npm config set unsafe-perm true
 RUN npm install -g qrcode-terminal
 
-RUN echo -e "no-resolv\nserver=127.0.0.1#5353" >/etc/dnsmasq.d/upstream.conf
-
 RUN sed -i "s/^socks4.*/socks5\t127.0.0.1 1080/g" /etc/proxychains/proxychains.conf
 
 ADD proxy-ltx.sh    /proxy-ltx.sh

Dockerfile.arm64

@@ -8,6 +8,7 @@ RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/re
 RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
 
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf
+RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf
 RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
 
@@ -23,19 +24,18 @@ COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/
 COPY --from=builder /tmp/geosite.dat /usr/local/bin/
 COPY --from=builder /tmp/geoip.dat /usr/local/bin/
 
-RUN mkdir -p /etc/dnsmasq-china.d
+RUN mkdir -p /etc/dnsmasq.disable
 
-COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq-china.d/
-COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq-china.d/
-COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq-china.d/
+COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/google.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq.disable/
 
 RUN apk update && apk add bash openssl curl jq moreutils \
-    bind-tools whois dnsmasq ca-certificates proxychains-ng npm
+    whois dnsmasq ca-certificates proxychains-ng npm
 RUN npm config set unsafe-perm true
 RUN npm install -g qrcode-terminal
 
-RUN echo -e "no-resolv\nserver=127.0.0.1#5353" >/etc/dnsmasq.d/upstream.conf
-
 RUN sed -i "s/^socks4.*/socks5\t127.0.0.1 1080/g" /etc/proxychains/proxychains.conf
 
 ADD proxy-ltx.sh    /proxy-ltx.sh

README.md

@@ -32,14 +32,16 @@ $ docker run --rm samuelhbne/proxy-xray
 proxy-xray <connection-options>
     -i|--stdin                         [Optional] Read config from stdin instead of auto generation
     -d|--debug                         [Optional] Start in debug mode with verbose output
-    --dns <upstream-DNS-ip>            [Optional] Designated upstream DNS server ip, 1.1.1.1 will be applied by default
-    --china-direct                     [Optional] Add routing rules to avoid domain and ip located in China being proxied
+    --dns <upstream-DNS-ip>            [Optional] Designated upstream DNS server IP, 1.1.1.1 will be applied by default
+    --dns-local <local-conf-file>      [Optional] Enable designated domain conf file. Like apple.china.conf
+    --dns-local-cn                     [Optional] Enable China related domains to be resolved in China
     --domain-direct <domain-rule>      [Optional] Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn
     --domain-proxy  <domain-rule>      [Optional] Add a domain rule for proxy routing, like twitter.com or geosite:google-cn
     --domain-block  <domain-rule>      [Optional] Add a domain rule for block routing, like geosite:category-ads-all
     --ip-direct     <ip-rule>          [Optional] Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn
     --ip-proxy      <ip-rule>          [Optional] Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix
     --ip-block      <ip-rule>          [Optional] Add a ip-addr rule for block routing, like geoip:private
+    --cn-direct                        [Optional] Add routing rules to avoid domains and IPs located in China being proxied
     --ltx  <VLESS-TCP-XTLS option>     id@host:port
     --ltt  <VLESS-TCP-TLS option>      id@host:port
     --lttw <VLESS-TCP-TLS-WS option>   id@host:port:/webpath
@@ -50,7 +52,7 @@ proxy-xray <connection-options>
     --tttw <TROJAN-TCP-TLS-WS option>  password@host:port:/webpath
 
 $ docker run --name proxy-xray -p 2080:1080 -p 2080:1080/udp -p 8223:8123 -p 65353:53/udp \
--d samuelhbne/proxy-xray --ltx myid@mydomain.duckdns.org:443 --china-direct
+-d samuelhbne/proxy-xray --ltx myid@mydomain.duckdns.org:443 --cn-direct
 ...
 ```
 
@@ -64,7 +66,7 @@ $ docker run --name proxy-xray -p 2080:1080 -p 2080:1080/udp -p 8223:8123 -p 653
 
 ### NOTE4
 
-Name query for sites outside China like twitter.com will be always forwarded to designated DNS like 1.1.1.1 to avoid the contaminated result. Name query for sites inside China like apple.com.cn will be forwarded to local DNS servers in China to avoid cross region slow access when "--china-direct" options applied. Or dnsmasq will act as a forwarder only cache server otherwise.
+Name query for sites outside China like twitter.com will be always forwarded to designated DNS like 1.1.1.1 to avoid the contaminated result. Name query for sites inside China like apple.com.cn will be forwarded to local DNS servers in China to avoid cross region slow access when "--cn-direct" options applied. Or dnsmasq will act as a forwarder only cache server otherwise.
 
 ## How to verify if proxy tunnel is working properly
 
@@ -122,7 +124,7 @@ The following instruction connect to Xray server port 443 in Vless+TCP+XTLS mode
 
 ```shell
 $ docker run --name proxy-xray -p 1080:1080 -p 1080:1080/udp -d samuelhbne/proxy-xray \
---ltx myid@mydomain.duckdns.org:443 --china-direct
+--ltx myid@mydomain.duckdns.org:443 --cn-direct
 ```
 
 ### 2. Connect to Vless+TCP+TLS+Websocket server

run.sh

@@ -8,14 +8,16 @@ usage() {
     echo "proxy-xray <connection-options>"
     echo "    -i|--stdin                         [Optional] Read config from stdin instead of auto generation"
     echo "    -d|--debug                         [Optional] Start in debug mode with verbose output"
-    echo "    --dns <upstream-DNS-ip>            [Optional] Designated upstream DNS server ip, 1.1.1.1 will be applied by default"
-    echo "    --china-direct                     [Optional] Add routing rules to avoid domain and ip located in China being proxied"
+    echo "    --dns <upstream-DNS-ip>            [Optional] Designated upstream DNS server IP, 1.1.1.1 will be applied by default"
+    echo "    --dns-local <local-conf-file>      [Optional] Enable designated domain conf file. Like apple.china.conf"
+    echo "    --dns-local-cn                     [Optional] Enable China related domains to be resolved in China"
     echo "    --domain-direct <domain-rule>      [Optional] Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn"
     echo "    --domain-proxy  <domain-rule>      [Optional] Add a domain rule for proxy routing, like twitter.com or geosite:google-cn"
     echo "    --domain-block  <domain-rule>      [Optional] Add a domain rule for block routing, like geosite:category-ads-all"
     echo "    --ip-direct     <ip-rule>          [Optional] Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn"
     echo "    --ip-proxy      <ip-rule>          [Optional] Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix"
     echo "    --ip-block      <ip-rule>          [Optional] Add a ip-addr rule for block routing, like geoip:private"
+    echo "    --cn-direct                        [Optional] Add routing rules to avoid domains and IPs located in China being proxied"
     echo "    --ltx  <VLESS-TCP-XTLS option>     id@host:port"
     echo "    --ltt  <VLESS-TCP-TLS option>      id@host:port"
     echo "    --lttw <VLESS-TCP-TLS-WS option>   id@host:port:/webpath"
@@ -31,7 +33,7 @@ usage() {
 
 Jrules='{"rules":[]}'
 
-TEMP=`getopt -o di --long ltx:,ltt:,lttw:,lttg:,mtt:,mttw:,ttt:,tttw:,ssa:,sst:,dns:,domain-direct:,domain-proxy:,domain-block:,ip-direct:,ip-proxy:,ip-block:,china-direct,stdin,debug -n "$0" -- $@`
+TEMP=`getopt -o di --long ltx:,ltt:,lttw:,lttg:,mtt:,mttw:,ttt:,tttw:,ssa:,sst:,dns:,dns-local:,dns-local-cn,domain-direct:,domain-proxy:,domain-block:,ip-direct:,ip-proxy:,ip-block:,cn-direct,stdin,debug -n "$0" -- $@`
 if [ $? != 0 ] ; then usage; exit 1 ; fi
 eval set -- "$TEMP"
 while true ; do
@@ -51,14 +53,28 @@ while true ; do
             DNS=$2
             shift 2
             ;;
-        --china-direct)
+        --dns-local)
+            DNSLOCAL+=$2
+            shift 2
+            ;;
+        --dns-local-cn)
+            DNSLOCAL+="apple.china.conf"
+            DNSLOCAL+="google.china.conf"
+            DNSLOCAL+="bogus-nxdomain.china.conf"
+            DNSLOCAL+="accelerated-domains.china.conf"
+            shift 1
+            ;;
+        --cn-direct)
             Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:apple-cn" \
             '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
+            Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:google-cn" \
+            '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
             Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:geolocation-cn" \
             '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
+            Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:cn" \
+            '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
             Jrules=`echo "${Jrules}" | jq --arg ignip "geoip:cn" \
             '.rules += [{"type":"field", "outboundTag":"direct", "ip":[$ignip]}]'`
-            IGCHINA=1
             shift 1
             ;;
         --domain-direct)
@@ -116,11 +132,13 @@ if [ "${XRAY}" != "1" ]; then
     exit 1
 fi
 
-if [ "${IGCHINA}" = "1" ]; then
-    cp -a /etc/dnsmasq-china.d/*.china.conf /etc/dnsmasq.d/
-else
-    rm -rf /etc/dnsmasq.d/*.china.conf
+if [ -n "${DNSLOCAL}" ]; then
+    for dnslocal in "${DNSLOCAL}"
+    do
+        cp -a /etc/dnsmasq.disable/${dnslocal} /etc/dnsmasq.d/
+    done
 fi
+echo -e "no-resolv\nserver=127.0.0.1#5353" >/etc/dnsmasq.d/upstream.conf
 /usr/sbin/dnsmasq
 
 if [ -z "${DNS}" ]; then