From af6a5cc7a4a6c1e191dc46fa7be8ee6aa552b0f4 Mon Sep 17 00:00:00 2001
From: Mattraks <16359027+Mattraks@users.noreply.github.com>
Date: Wed, 23 Dec 2020 12:31:24 +0800
Subject: [PATCH] Fix flowoffload and SFE disable DNS acceleration without
 deleting DNS forwarding errors (#6086)

---
 .../root/etc/init.d/flowoffload               | 312 ++++++++---------
 package/lean/luci-app-sfe/root/etc/init.d/sfe | 329 +++++++++---------
 2 files changed, 323 insertions(+), 318 deletions(-)

diff --git a/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload b/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload
index 97863924a..fe9c4452a 100755
--- a/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload
+++ b/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload
@@ -10,134 +10,135 @@ DNSMASQ_RESTART=N
 DNS_SERVER="114.114.114.114,114.114.115.115"
 
 pdnsd_genconfig() {
-  DNS_SERVER=$(uci get flowoffload.@flow[0].dns_server 2>/dev/null)
+	DNS_SERVER=$(uci get flowoffload.@flow[0].dns_server 2>/dev/null)
 
 	[ -d /var/etc ] || mkdir -p /var/etc
-	
-  if [ ! -f /var/dnscache/pdnsd.cache ]; then
-    mkdir -p /var/dnscache
-    echo -ne "pd13\000\000\000\000" > /var/dnscache/pdnsd.cache
-    chown -R nobody.nogroup /var/dnscache
+
+	if [ ! -f /var/dnscache/pdnsd.cache ]; then
+		mkdir -p /var/dnscache
+		echo -ne "pd13\000\000\000\000" >/var/dnscache/pdnsd.cache
+		chown -R nobody.nogroup /var/dnscache
 	fi
-	
-	cat > /var/etc/dnscache.conf <<EOF
-global {
-    perm_cache=1024;        # dns»º´æ´óÐ¡£¬µ¥Î»KB£¬½¨Òé²»ÒªÐ´µÄÌ«´ó
-    cache_dir="/var/dnscache";     # »º´æÎÄ¼þµÄÎ»ÖÃ
-    pid_file = /var/run/dnscache.pid;
-    server_ip = 0.0.0.0;        # pdnsd¼àÌýµÄÍø¿¨£¬0.0.0.0ÊÇÈ«²¿Íø¿¨
-    server_port=5333;           # pdnsd¼àÌýµÄ¶Ë¿Ú£¬²»ÒªºÍ±ðµÄ·þÎñ³åÍ»¼´¿É
-    status_ctl = on;
-    paranoid=on;                  # ¶þ´ÎÇëÇóÄ£Ê½£¬Èç¹ûÇëÇóÖ÷DNS·þÎñÆ÷·µ»ØµÄÊÇÀ¬»øµØÖ·£¬¾ÍÏò±¸ÓÃ·þÎñÆ÷ÇëÇó
-    query_method=udp_only;      
-    neg_domain_pol = off;  
-    par_queries = 400;          # ×î¶àÍ¬Ê±ÇëÇóÊý
-    min_ttl = 1h;               # DNS½á¹û×î¶Ì»º´æÊ±¼ä
-    max_ttl = 1w;               # DNS½á¹û×î³¤»º´æÊ±¼ä
-    timeout = 10;               # DNSÇëÇó³¬Ê±Ê±¼ä£¬µ¥Î»Ãë
-}
 
-server {  
-    label = "routine";         
-    ip = $DNS_SERVER;     # ÕâÀïÎªÖ÷ÒªÉÏ¼¶ dns µÄ ip µØÖ·£¬½¨ÒéÌîÐ´Ò»¸öµ±µØ×î¿ìµÄDNSµØÖ·  
-    timeout = 5;              # DNSÇëÇó³¬Ê±Ê±¼ä
-    reject = 74.125.127.102,  # ÒÔÏÂÊÇÔàIP£¬Ò²¾ÍÊÇDNSÎÛÈ¾Ò»°ã»á·µ»ØµÄ½á¹û£¬Èç¹ûÊÕµ½ÈçÏÂDNS½á¹û»á´¥·¢¶þ´ÎÇëÇó£¨TCPÐ­ÒéÒ»°ã²»»áÅöµ½ÔàIP£©
-        74.125.155.102,  
-        74.125.39.102,  
-        74.125.39.113,  
-        209.85.229.138,  
-        128.121.126.139,  
-        159.106.121.75,  
-        169.132.13.103,  
-        192.67.198.6,  
-        202.106.1.2,  
-        202.181.7.85,  
-        203.161.230.171,  
-        203.98.7.65,  
-        207.12.88.98,  
-        208.56.31.43,  
-        209.145.54.50,  
-        209.220.30.174,  
-        209.36.73.33,  
-        211.94.66.147,  
-        213.169.251.35,  
-        216.221.188.182,  
-        216.234.179.13,  
-        243.185.187.39,  
-        37.61.54.158,  
-        4.36.66.178,  
-        46.82.174.68,  
-        59.24.3.173,  
-        64.33.88.161,  
-        64.33.99.47,  
-        64.66.163.251,  
-        65.104.202.252,  
-        65.160.219.113,  
-        66.45.252.237,  
-        69.55.52.253,  
-        72.14.205.104,  
-        72.14.205.99,  
-        78.16.49.15,  
-        8.7.198.45,  
-        93.46.8.89,  
-        37.61.54.158,  
-        243.185.187.39,  
-        190.93.247.4,  
-        190.93.246.4,  
-        190.93.245.4,  
-        190.93.244.4,  
-        65.49.2.178,  
-        189.163.17.5,  
-        23.89.5.60,  
-        49.2.123.56,  
-        54.76.135.1,  
-        77.4.7.92,  
-        118.5.49.6,  
-        159.24.3.173,  
-        188.5.4.96,  
-        197.4.4.12,  
-        220.250.64.24,  
-        243.185.187.30,  
-        249.129.46.48,  
-        253.157.14.165;  
-    reject_policy = fail;  
-}
+	cat <<-EOF >/var/etc/dnscache.conf
+		global {
+			perm_cache=1024;        # dnsç¼“å­˜å¤§å°ï¼Œå•ä½KBï¼Œå»ºè®®ä¸è¦å†™çš„å¤ªå¤§
+			cache_dir="/var/dnscache";     # ç¼“å­˜æ–‡ä»¶çš„ä½ç½®
+			pid_file = /var/run/dnscache.pid;
+			run_as="nobody";
+			server_ip = 0.0.0.0;        # pdnsdç›‘å¬çš„ç½‘å¡ï¼Œ0.0.0.0æ˜¯å…¨éƒ¨ç½‘å¡
+			server_port=5333;           # pdnsdç›‘å¬çš„ç«¯å£ï¼Œä¸è¦å’Œåˆ«çš„æœåŠ¡å†²çªå³å¯
+			status_ctl = on;
+			paranoid=on;                  # äºŒæ¬¡è¯·æ±‚æ¨¡å¼ï¼Œå¦‚æžœè¯·æ±‚ä¸»DNSæœåŠ¡å™¨è¿”å›žçš„æ˜¯åžƒåœ¾åœ°å€ï¼Œå°±å‘å¤‡ç”¨æœåŠ¡å™¨è¯·æ±‚
+			query_method=udp_only;
+			neg_domain_pol = off;
+			par_queries = 400;          # æœ€å¤šåŒæ—¶è¯·æ±‚æ•°
+			min_ttl = 1h;               # DNSç»“æžœæœ€çŸ­ç¼“å­˜æ—¶é—´
+			max_ttl = 1w;               # DNSç»“æžœæœ€é•¿ç¼“å­˜æ—¶é—´
+			timeout = 10;               # DNSè¯·æ±‚è¶…æ—¶æ—¶é—´ï¼Œå•ä½ç§’
+		}
 
-server {  
-    label = "special";                  # Õâ¸öËæ±ãÐ´  
-    ip = 208.67.222.222,208.67.220.220; # ÕâÀïÎª±¸ÓÃDNS·þÎñÆ÷µÄ ip µØÖ·  
-    port = 5353;                        # ÍÆ¼öÊ¹ÓÃ53ÒÔÍâµÄ¶Ë¿Ú£¨DNS·þÎñÆ÷±ØÐëÖ§³Ö£© 
-    proxy_only = on;
-    timeout = 5;  
-}  
+		server {
+			label = "routine";
+			ip = $DNS_SERVER;     # è¿™é‡Œä¸ºä¸»è¦ä¸Šçº§ dns çš„ ip åœ°å€ï¼Œå»ºè®®å¡«å†™ä¸€ä¸ªå½“åœ°æœ€å¿«çš„DNSåœ°å€
+			timeout = 5;              # DNSè¯·æ±‚è¶…æ—¶æ—¶é—´
+			reject = 74.125.127.102,  # ä»¥ä¸‹æ˜¯è„IPï¼Œä¹Ÿå°±æ˜¯DNSæ±¡æŸ“ä¸€èˆ¬ä¼šè¿”å›žçš„ç»“æžœï¼Œå¦‚æžœæ”¶åˆ°å¦‚ä¸‹DNSç»“æžœä¼šè§¦å‘äºŒæ¬¡è¯·æ±‚ï¼ˆTCPåè®®ä¸€èˆ¬ä¸ä¼šç¢°åˆ°è„IPï¼‰
+				74.125.155.102,
+				74.125.39.102,
+				74.125.39.113,
+				209.85.229.138,
+				128.121.126.139,
+				159.106.121.75,
+				169.132.13.103,
+				192.67.198.6,
+				202.106.1.2,
+				202.181.7.85,
+				203.161.230.171,
+				203.98.7.65,
+				207.12.88.98,
+				208.56.31.43,
+				209.145.54.50,
+				209.220.30.174,
+				209.36.73.33,
+				211.94.66.147,
+				213.169.251.35,
+				216.221.188.182,
+				216.234.179.13,
+				243.185.187.39,
+				37.61.54.158,
+				4.36.66.178,
+				46.82.174.68,
+				59.24.3.173,
+				64.33.88.161,
+				64.33.99.47,
+				64.66.163.251,
+				65.104.202.252,
+				65.160.219.113,
+				66.45.252.237,
+				69.55.52.253,
+				72.14.205.104,
+				72.14.205.99,
+				78.16.49.15,
+				8.7.198.45,
+				93.46.8.89,
+				37.61.54.158,
+				243.185.187.39,
+				190.93.247.4,
+				190.93.246.4,
+				190.93.245.4,
+				190.93.244.4,
+				65.49.2.178,
+				189.163.17.5,
+				23.89.5.60,
+				49.2.123.56,
+				54.76.135.1,
+				77.4.7.92,
+				118.5.49.6,
+				159.24.3.173,
+				188.5.4.96,
+				197.4.4.12,
+				220.250.64.24,
+				243.185.187.30,
+				249.129.46.48,
+				253.157.14.165;
+			reject_policy = fail;
+		}
 
-source {
-	owner=localhost;
-//	serve_aliases=on;
-	file="/etc/hosts";
-}
+		server {
+			label = "special";                  # è¿™ä¸ªéšä¾¿å†™
+			ip = 208.67.222.222,208.67.220.220; # è¿™é‡Œä¸ºå¤‡ç”¨DNSæœåŠ¡å™¨çš„ ip åœ°å€
+			port = 5353;                        # æŽ¨èä½¿ç”¨53ä»¥å¤–çš„ç«¯å£ï¼ˆDNSæœåŠ¡å™¨å¿…é¡»æ”¯æŒï¼‰
+			proxy_only = on;
+			timeout = 5;
+		}
 
-rr {
-	name=localhost;
-	reverse=on;
-	a=127.0.0.1;
-	owner=localhost;
-	soa=localhost,root.localhost,42,86400,900,86400,86400;
-}
-EOF
-  
-  [ -d /var/sbin ] || mkdir -p /var/sbin
-  [ -f /var/sbin/dnscache ] || cp -a /usr/sbin/pdnsd /var/sbin/dnscache
+		source {
+			owner=localhost;
+		// serve_aliases=on;
+			file="/etc/hosts";
+		}
+
+		rr {
+			name=localhost;
+			reverse=on;
+			a=127.0.0.1;
+			owner=localhost;
+			soa=localhost,root.localhost,42,86400,900,86400,86400;
+		}
+	EOF
+
+	[ -d /var/sbin ] || mkdir -p /var/sbin
+	[ -f /var/sbin/dnscache ] || ln -s /usr/sbin/pdnsd /var/sbin/dnscache
 	echo "Start DNS Cache"
 }
 
 stop_pdnsd() {
-  kill $(pidof dnscache) >/dev/null 2>&1 || kill -9 $(ps | grep dnscache | grep -v grep | awk '{print $1}') >/dev/null 2>&1
-  echo "Stop DNS Cache"
+	kill $(pidof dnscache) >/dev/null 2>&1 || kill -9 $(ps | grep dnscache | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+	echo "Stop DNS Cache"
 }
 
 change_dns() {
- 	uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1
+	uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1
 	uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5333
 	uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.d/resolv.conf.auto
 	uci set dhcp.@dnsmasq[0].noresolv=0
@@ -151,49 +152,50 @@ revert_dns() {
 	uci commit dhcp
 }
 
-start_service(){
-  dns=$(uci get flowoffload.@flow[0].dns 2>/dev/null)
-  bbr=$(uci get flowoffload.@flow[0].bbr 2>/dev/null)
-  if [ $dns -eq 1 ];  then
-    pdnsd_genconfig
-    procd_open_instance
-    procd_set_param command "$PDNSD_BIN" -c /var/etc/dnscache.conf
-    procd_set_param respawn
-    procd_set_param stderr 1
-    procd_close_instance
-    change_dns
-  fi
-  if [ $bbr -eq 1 ];  then
-    sysctl -w net.ipv4.tcp_congestion_control=bbr
-  else
-    sysctl -w net.ipv4.tcp_congestion_control=cubic
-  fi
-  uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading)
-  uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw)
-  uci commit firewall
-  if [ "$DNSMASQ_RESTART" = N ]; then
-    /etc/init.d/dnsmasq restart && echo "DNSMASQ change"
-    /etc/init.d/firewall restart >/dev/null 2>&1
-  fi
+start_service() {
+	dns=$(uci get flowoffload.@flow[0].dns 2>/dev/null)
+	bbr=$(uci get flowoffload.@flow[0].bbr 2>/dev/null)
+	if [ $dns -eq 1 ]; then
+		pdnsd_genconfig
+		procd_open_instance
+		procd_set_param command "$PDNSD_BIN" -c /var/etc/dnscache.conf
+		procd_set_param respawn
+		procd_set_param stderr 1
+		procd_close_instance
+		change_dns
+	else
+		revert_dns
+	fi
+	if [ $bbr -eq 1 ]; then
+		sysctl -w net.ipv4.tcp_congestion_control=bbr
+	else
+		sysctl -w net.ipv4.tcp_congestion_control=cubic
+	fi
+	uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading)
+	uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw)
+	uci commit firewall
+	if [ "$DNSMASQ_RESTART" = N ]; then
+		/etc/init.d/dnsmasq restart && echo "DNSMASQ change"
+		/etc/init.d/firewall restart >/dev/null 2>&1
+	fi
 }
 
-stop_service(){
-    dns=$(uci get firewall.@defaults[0].dns 2>/dev/null)
-    revert_dns
-    uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading)
-    uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw)
-    uci commit firewall
-	  if [ "$DNSMASQ_RESTART" = N ]; then
-      /etc/init.d/dnsmasq restart && echo "DNSMASQ revert"
-      /etc/init.d/firewall restart >/dev/null 2>&1
-    fi
+stop_service() {
+	dns=$(uci get firewall.@defaults[0].dns 2>/dev/null)
+	revert_dns
+	uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading)
+	uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw)
+	uci commit firewall
+	if [ "$DNSMASQ_RESTART" = N ]; then
+		/etc/init.d/dnsmasq restart && echo "DNSMASQ revert"
+		/etc/init.d/firewall restart >/dev/null 2>&1
+	fi
 }
 
-restart(){
-    DNSMASQ_RESTART=Y
-    stop
-    start
-	  /etc/init.d/dnsmasq restart && echo "DNSMASQ restart"
-    /etc/init.d/firewall restart >/dev/null 2>&1
+restart() {
+	DNSMASQ_RESTART=Y
+	stop
+	start
+	/etc/init.d/dnsmasq restart && echo "DNSMASQ restart"
+	/etc/init.d/firewall restart >/dev/null 2>&1
 }
-
diff --git a/package/lean/luci-app-sfe/root/etc/init.d/sfe b/package/lean/luci-app-sfe/root/etc/init.d/sfe
index 6920e79b0..061c5d6c6 100755
--- a/package/lean/luci-app-sfe/root/etc/init.d/sfe
+++ b/package/lean/luci-app-sfe/root/etc/init.d/sfe
@@ -10,128 +10,129 @@ DNSMASQ_RESTART=N
 DNS_SERVER="114.114.114.114,114.114.115.115"
 
 pdnsd_genconfig() {
-  DNS_SERVER=$(uci get sfe.config.dns_server 2>/dev/null)
+	DNS_SERVER=$(uci get sfe.config.dns_server 2>/dev/null)
 
 	[ -d /var/etc ] || mkdir -p /var/etc
-	
-  if [ ! -f /var/dnscache/pdnsd.cache ]; then
-    mkdir -p /var/dnscache
-    echo -ne "pd13\000\000\000\000" > /var/dnscache/pdnsd.cache
-    chown -R nobody.nogroup /var/dnscache
+
+	if [ ! -f /var/dnscache/pdnsd.cache ]; then
+		mkdir -p /var/dnscache
+		echo -ne "pd13\000\000\000\000" >/var/dnscache/pdnsd.cache
+		chown -R nobody.nogroup /var/dnscache
 	fi
-	
-	cat > /var/etc/dnscache.conf <<EOF
-global {
-    perm_cache=1024;        # dnsç¼“å­˜å¤§å°ï¼Œå•ä½KBï¼Œå»ºè®®ä¸è¦å†™çš„å¤ªå¤§
-    cache_dir="/var/dnscache";     # ç¼“å­˜æ–‡ä»¶çš„ä½ç½®
-    pid_file = /var/run/dnscache.pid;
-    server_ip = 0.0.0.0;        # pdnsdç›‘å¬çš„ç½‘å¡ï¼Œ0.0.0.0æ˜¯å…¨éƒ¨ç½‘å¡
-    server_port=5333;           # pdnsdç›‘å¬çš„ç«¯å£ï¼Œä¸è¦å’Œåˆ«çš„æœåŠ¡å†²çªå³å¯
-    status_ctl = on;
-    paranoid=on;                  # äºŒæ¬¡è¯·æ±‚æ¨¡å¼ï¼Œå¦‚æžœè¯·æ±‚ä¸»DNSæœåŠ¡å™¨è¿”å›žçš„æ˜¯åžƒåœ¾åœ°å€ï¼Œå°±å‘å¤‡ç”¨æœåŠ¡å™¨è¯·æ±‚
-    query_method=udp_only;      
-    neg_domain_pol = off;  
-    par_queries = 400;          # æœ€å¤šåŒæ—¶è¯·æ±‚æ•°
-    min_ttl = 1h;               # DNSç»“æžœæœ€çŸ­ç¼“å­˜æ—¶é—´
-    max_ttl = 1w;               # DNSç»“æžœæœ€é•¿ç¼“å­˜æ—¶é—´
-    timeout = 10;               # DNSè¯·æ±‚è¶…æ—¶æ—¶é—´ï¼Œå•ä½ç§’
-}
 
-server {  
-    label = "routine";         
-    ip = $DNS_SERVER;     # è¿™é‡Œä¸ºä¸»è¦ä¸Šçº§ dns çš„ ip åœ°å€ï¼Œå»ºè®®å¡«å†™ä¸€ä¸ªå½“åœ°æœ€å¿«çš„DNSåœ°å€  
-    timeout = 5;              # DNSè¯·æ±‚è¶…æ—¶æ—¶é—´
-    reject = 74.125.127.102,  # ä»¥ä¸‹æ˜¯è„IPï¼Œä¹Ÿå°±æ˜¯DNSæ±¡æŸ“ä¸€èˆ¬ä¼šè¿”å›žçš„ç»“æžœï¼Œå¦‚æžœæ”¶åˆ°å¦‚ä¸‹DNSç»“æžœä¼šè§¦å‘äºŒæ¬¡è¯·æ±‚ï¼ˆTCPåè®®ä¸€èˆ¬ä¸ä¼šç¢°åˆ°è„IPï¼‰
-        74.125.155.102,  
-        74.125.39.102,  
-        74.125.39.113,  
-        209.85.229.138,  
-        128.121.126.139,  
-        159.106.121.75,  
-        169.132.13.103,  
-        192.67.198.6,  
-        202.106.1.2,  
-        202.181.7.85,  
-        203.161.230.171,  
-        203.98.7.65,  
-        207.12.88.98,  
-        208.56.31.43,  
-        209.145.54.50,  
-        209.220.30.174,  
-        209.36.73.33,  
-        211.94.66.147,  
-        213.169.251.35,  
-        216.221.188.182,  
-        216.234.179.13,  
-        243.185.187.39,  
-        37.61.54.158,  
-        4.36.66.178,  
-        46.82.174.68,  
-        59.24.3.173,  
-        64.33.88.161,  
-        64.33.99.47,  
-        64.66.163.251,  
-        65.104.202.252,  
-        65.160.219.113,  
-        66.45.252.237,  
-        69.55.52.253,  
-        72.14.205.104,  
-        72.14.205.99,  
-        78.16.49.15,  
-        8.7.198.45,  
-        93.46.8.89,  
-        37.61.54.158,  
-        243.185.187.39,  
-        190.93.247.4,  
-        190.93.246.4,  
-        190.93.245.4,  
-        190.93.244.4,  
-        65.49.2.178,  
-        189.163.17.5,  
-        23.89.5.60,  
-        49.2.123.56,  
-        54.76.135.1,  
-        77.4.7.92,  
-        118.5.49.6,  
-        159.24.3.173,  
-        188.5.4.96,  
-        197.4.4.12,  
-        220.250.64.24,  
-        243.185.187.30,  
-        249.129.46.48,  
-        253.157.14.165;  
-    reject_policy = fail;  
-}
+	cat <<-EOF >/var/etc/dnscache.conf
+		global {
+			perm_cache=1024;        # dnsç¼“å­˜å¤§å°ï¼Œå•ä½KBï¼Œå»ºè®®ä¸è¦å†™çš„å¤ªå¤§
+			cache_dir="/var/dnscache";     # ç¼“å­˜æ–‡ä»¶çš„ä½ç½®
+			pid_file="/var/run/dnscache.pid";
+			run_as="nobody";
+			server_ip = 0.0.0.0;        # pdnsdç›‘å¬çš„ç½‘å¡ï¼Œ0.0.0.0æ˜¯å…¨éƒ¨ç½‘å¡
+			server_port=5333;           # pdnsdç›‘å¬çš„ç«¯å£ï¼Œä¸è¦å’Œåˆ«çš„æœåŠ¡å†²çªå³å¯
+			status_ctl = on;
+			paranoid=on;                  # äºŒæ¬¡è¯·æ±‚æ¨¡å¼ï¼Œå¦‚æžœè¯·æ±‚ä¸»DNSæœåŠ¡å™¨è¿”å›žçš„æ˜¯åžƒåœ¾åœ°å€ï¼Œå°±å‘å¤‡ç”¨æœåŠ¡å™¨è¯·æ±‚
+			query_method=udp_only;
+			neg_domain_pol = off;
+			par_queries = 400;          # æœ€å¤šåŒæ—¶è¯·æ±‚æ•°
+			min_ttl = 1h;               # DNSç»“æžœæœ€çŸ­ç¼“å­˜æ—¶é—´
+			max_ttl = 1w;               # DNSç»“æžœæœ€é•¿ç¼“å­˜æ—¶é—´
+			timeout = 10;               # DNSè¯·æ±‚è¶…æ—¶æ—¶é—´ï¼Œå•ä½ç§’
+		}
 
-server {  
-    label = "special";                  # è¿™ä¸ªéšä¾¿å†™  
-    ip = 208.67.222.222,208.67.220.220; # è¿™é‡Œä¸ºå¤‡ç”¨DNSæœåŠ¡å™¨çš„ ip åœ°å€  
-    port = 5353;                        # æŽ¨èä½¿ç”¨53ä»¥å¤–çš„ç«¯å£ï¼ˆDNSæœåŠ¡å™¨å¿…é¡»æ”¯æŒï¼‰ 
-    proxy_only = on;
-    timeout = 5;  
-}  
+		server {
+			label = "routine";
+			ip = $DNS_SERVER;     # è¿™é‡Œä¸ºä¸»è¦ä¸Šçº§ dns çš„ ip åœ°å€ï¼Œå»ºè®®å¡«å†™ä¸€ä¸ªå½“åœ°æœ€å¿«çš„DNSåœ°å€
+			timeout = 5;              # DNSè¯·æ±‚è¶…æ—¶æ—¶é—´
+			reject = 74.125.127.102,  # ä»¥ä¸‹æ˜¯è„IPï¼Œä¹Ÿå°±æ˜¯DNSæ±¡æŸ“ä¸€èˆ¬ä¼šè¿”å›žçš„ç»“æžœï¼Œå¦‚æžœæ”¶åˆ°å¦‚ä¸‹DNSç»“æžœä¼šè§¦å‘äºŒæ¬¡è¯·æ±‚ï¼ˆTCPåè®®ä¸€èˆ¬ä¸ä¼šç¢°åˆ°è„IPï¼‰
+				74.125.155.102,
+				74.125.39.102,
+				74.125.39.113,
+				209.85.229.138,
+				128.121.126.139,
+				159.106.121.75,
+				169.132.13.103,
+				192.67.198.6,
+				202.106.1.2,
+				202.181.7.85,
+				203.161.230.171,
+				203.98.7.65,
+				207.12.88.98,
+				208.56.31.43,
+				209.145.54.50,
+				209.220.30.174,
+				209.36.73.33,
+				211.94.66.147,
+				213.169.251.35,
+				216.221.188.182,
+				216.234.179.13,
+				243.185.187.39,
+				37.61.54.158,
+				4.36.66.178,
+				46.82.174.68,
+				59.24.3.173,
+				64.33.88.161,
+				64.33.99.47,
+				64.66.163.251,
+				65.104.202.252,
+				65.160.219.113,
+				66.45.252.237,
+				69.55.52.253,
+				72.14.205.104,
+				72.14.205.99,
+				78.16.49.15,
+				8.7.198.45,
+				93.46.8.89,
+				37.61.54.158,
+				243.185.187.39,
+				190.93.247.4,
+				190.93.246.4,
+				190.93.245.4,
+				190.93.244.4,
+				65.49.2.178,
+				189.163.17.5,
+				23.89.5.60,
+				49.2.123.56,
+				54.76.135.1,
+				77.4.7.92,
+				118.5.49.6,
+				159.24.3.173,
+				188.5.4.96,
+				197.4.4.12,
+				220.250.64.24,
+				243.185.187.30,
+				249.129.46.48,
+				253.157.14.165;
+			reject_policy = fail;
+		}
 
-source {
-	owner=localhost;
-//	serve_aliases=on;
-	file="/etc/hosts";
-}
+		server {
+			label = "special";                  # è¿™ä¸ªéšä¾¿å†™
+			ip = 208.67.222.222,208.67.220.220; # è¿™é‡Œä¸ºå¤‡ç”¨DNSæœåŠ¡å™¨çš„ ip åœ°å€
+			port = 5353;                        # æŽ¨èä½¿ç”¨53ä»¥å¤–çš„ç«¯å£ï¼ˆDNSæœåŠ¡å™¨å¿…é¡»æ”¯æŒï¼‰
+			proxy_only = on;
+			timeout = 5;
+		}
 
-rr {
-	name=localhost;
-	reverse=on;
-	a=127.0.0.1;
-	owner=localhost;
-	soa=localhost,root.localhost,42,86400,900,86400,86400;
-}
-EOF
+		source {
+			owner=localhost;
+		// serve_aliases=on;
+			file="/etc/hosts";
+		}
+
+		rr {
+			name=localhost;
+			reverse=on;
+			a=127.0.0.1;
+			owner=localhost;
+			soa=localhost,root.localhost,42,86400,900,86400,86400;
+		}
+	EOF
 
 	[ -d /var/sbin ] || mkdir -p /var/sbin
-  [ -f /var/sbin/dnscache ] || cp -a /usr/sbin/pdnsd /var/sbin/dnscache
+	[ -f /var/sbin/dnscache ] || ln -s /usr/sbin/pdnsd /var/sbin/dnscache
 }
 
 change_dns() {
- 	uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1
+	uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1
 	uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5333
 	uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.d/resolv.conf.auto
 	uci set dhcp.@dnsmasq[0].noresolv=0
@@ -146,61 +147,63 @@ revert_dns() {
 }
 
 start_service() {
-  enable=$(uci get sfe.config.enabled 2>/dev/null)
-  wifi=$(uci get sfe.config.wifi)
-  ipv6=$(uci get sfe.config.ipv6)
-  dns=$(uci get sfe.config.dns 2>/dev/null)
-  bbr=$(uci get sfe.config.bbr 2>/dev/null)
-  
-  if [ $enable -eq 1 ]; then
-      ! (lsmod | grep fast_classifier >/dev/null) && (modprobe fast_classifier)
-      if [ $wifi -eq 1 ] ;  then
-       echo 1 > /sys/fast_classifier/skip_to_bridge_ingress
-      else
-       echo 0 > /sys/fast_classifier/skip_to_bridge_ingress
-      fi
-      if [ $ipv6 -eq 1 ];  then
-        sfe_ipv6=$(cat /sys/sfe_ipv6/debug_dev)
-        [ ! -f /dev/sfe_ipv6 ] && mknod /dev/sfe_ipv6 c $sfe_ipv6 0
-      else
-        rm -f /dev/sfe_ipv6
-      fi
-   else
-      rmmod fast_classifier >/dev/null 2>&1 
-  fi
-  
-  if [ $dns -eq 1 ];  then
-    pdnsd_genconfig
-    procd_open_instance
-    procd_set_param command "$PDNSD_BIN" -c /var/etc/dnscache.conf
-    procd_set_param respawn
-    procd_set_param stderr 1
-    procd_close_instance
-    change_dns
-  fi
-  
-  if [ $bbr -eq 1 ];  then
-    sysctl -w net.ipv4.tcp_congestion_control=bbr
-  else
-    sysctl -w net.ipv4.tcp_congestion_control=cubic
-  fi
-  if [ "$DNSMASQ_RESTART" = N ]; then
-    /etc/init.d/dnsmasq restart
-  fi
+	enable=$(uci get sfe.config.enabled 2>/dev/null)
+	wifi=$(uci get sfe.config.wifi)
+	ipv6=$(uci get sfe.config.ipv6)
+	dns=$(uci get sfe.config.dns 2>/dev/null)
+	bbr=$(uci get sfe.config.bbr 2>/dev/null)
+
+	if [ $enable -eq 1 ]; then
+		! (lsmod | grep fast_classifier >/dev/null) && (modprobe fast_classifier)
+		if [ $wifi -eq 1 ]; then
+			echo 1 >/sys/fast_classifier/skip_to_bridge_ingress
+		else
+			echo 0 >/sys/fast_classifier/skip_to_bridge_ingress
+		fi
+		if [ $ipv6 -eq 1 ]; then
+			sfe_ipv6=$(cat /sys/sfe_ipv6/debug_dev)
+			[ ! -f /dev/sfe_ipv6 ] && mknod /dev/sfe_ipv6 c $sfe_ipv6 0
+		else
+			rm -f /dev/sfe_ipv6
+		fi
+	else
+		rmmod fast_classifier >/dev/null 2>&1
+	fi
+
+	if [ $dns -eq 1 ]; then
+		pdnsd_genconfig
+		procd_open_instance
+		procd_set_param command "$PDNSD_BIN" -c /var/etc/dnscache.conf
+		procd_set_param respawn
+		procd_set_param stderr 1
+		procd_close_instance
+		change_dns
+	else
+		revert_dns
+	fi
+
+	if [ $bbr -eq 1 ]; then
+		sysctl -w net.ipv4.tcp_congestion_control=bbr
+	else
+		sysctl -w net.ipv4.tcp_congestion_control=cubic
+	fi
+	if [ "$DNSMASQ_RESTART" = N ]; then
+		/etc/init.d/dnsmasq restart
+	fi
 }
 
-stop_service(){
-    enable=$(uci get sfe.config.enabled 2>/dev/null)
-    [ $enable -ne 1 ] && rmmod fast_classifier >/dev/null 2>&1 
-    revert_dns
-	  if [ "$DNSMASQ_RESTART" = N ]; then
-      /etc/init.d/dnsmasq restart
-    fi
+stop_service() {
+	enable=$(uci get sfe.config.enabled 2>/dev/null)
+	[ $enable -ne 1 ] && rmmod fast_classifier >/dev/null 2>&1
+	revert_dns
+	if [ "$DNSMASQ_RESTART" = N ]; then
+		/etc/init.d/dnsmasq restart
+	fi
 }
 
-restart(){
-    DNSMASQ_RESTART=Y
-	  stop
-	  start
-	  /etc/init.d/dnsmasq restart && echo "DNSMASQ restart"
+restart() {
+	DNSMASQ_RESTART=Y
+	stop
+	start
+	/etc/init.d/dnsmasq restart && echo "DNSMASQ restart"
 }