documentation: Bump version

Fix DNS reject check
Improve copy
2025-07-24 06:54:08 +08:00 · 2025-07-08 13:14:46 +08:00 · 2025-07-08 13:14:46 +08:00 · 2025-07-08 13:14:46 +08:00 · 2025-07-08 13:14:46 +08:00 · 2025-07-08 13:14:46 +08:00
9 changed files with 43 additions and 24 deletions
--- a/clients/android
+++ b/clients/android
@ -1 +1 @@
-Subproject commit eb2e13a6f9a8c03a35ae672395ccab0a6bdcd954
+Subproject commit 7f1fa971e3c7bbc504c2bd455f4e813a562990cb
--- a/clients/apple
+++ b/clients/apple
@ -1 +1 @@
-Subproject commit ae5818ee5a24af965dc91f80bffa16e1e6c109c1
+Subproject commit f7883b0f3ec26c449cba26b3b1a692f070f5424d
--- a/dns/client.go
+++ b/dns/client.go
@ -195,8 +195,13 @@ func (c *Client) Exchange(ctx context.Context, transport adapter.DNSTransport, m
 		}
 	}*/
 	if responseChecker != nil {
-		addr, addrErr := MessageToAddresses(response)
-		if addrErr != nil || !responseChecker(addr) {
+		var rejected bool
+		if !(response.Rcode == dns.RcodeSuccess || response.Rcode == dns.RcodeNameError) {
+			rejected = true
+		} else {
+			rejected = !responseChecker(MessageToAddresses(response))
+		}
+		if rejected {
 			if c.rdrc != nil {
 				c.rdrc.SaveRDRCAsync(transport.Tag(), question.Name, question.Qtype, c.logger)
 			}
@ -420,7 +425,10 @@ func (c *Client) lookupToExchange(ctx context.Context, transport adapter.DNSTran
 	if err != nil {
 		return nil, err
 	}
-	return MessageToAddresses(response)
+	if response.Rcode != dns.RcodeSuccess {
+		return nil, RcodeError(response.Rcode)
+	}
+	return MessageToAddresses(response), nil
 }

 func (c *Client) questionCache(question dns.Question, transport adapter.DNSTransport) ([]netip.Addr, error) {
@ -428,7 +436,10 @@ func (c *Client) questionCache(question dns.Question, transport adapter.DNSTrans
 	if response == nil {
 		return nil, ErrNotCached
 	}
-	return MessageToAddresses(response)
+	if response.Rcode != dns.RcodeSuccess {
+		return nil, RcodeError(response.Rcode)
+	}
+	return MessageToAddresses(response), nil
 }

 func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransport) (*dns.Msg, int) {
@ -505,10 +516,7 @@ func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransp
 	}
 }

-func MessageToAddresses(response *dns.Msg) ([]netip.Addr, error) {
-	if response.Rcode != dns.RcodeSuccess {
-		return nil, RcodeError(response.Rcode)
-	}
+func MessageToAddresses(response *dns.Msg) []netip.Addr {
 	addresses := make([]netip.Addr, 0, len(response.Answer))
 	for _, rawAnswer := range response.Answer {
 		switch answer := rawAnswer.(type) {
@ -524,7 +532,7 @@ func MessageToAddresses(response *dns.Msg) ([]netip.Addr, error) {
 			}
 		}
 	}
-	return addresses, nil
+	return addresses
 }

 func wrapError(err error) error {
--- a/dns/transport/local/local.go
+++ b/dns/transport/local/local.go
@ -3,7 +3,6 @@ package local
 import (
 	"context"
 	"math/rand"
-	"net/netip"
 	"time"

 	"github.com/sagernet/sing-box/adapter"
@ -91,9 +90,9 @@ func (t *Transport) exchangeParallel(ctx context.Context, systemConfig *dnsConfi
 	startRacer := func(ctx context.Context, fqdn string) {
 		response, err := t.tryOneName(ctx, systemConfig, fqdn, message)
 		if err == nil {
-			var addresses []netip.Addr
-			addresses, err = dns.MessageToAddresses(response)
-			if err == nil && len(addresses) == 0 {
+			if response.Rcode != mDNS.RcodeSuccess {
+				err = dns.RcodeError(response.Rcode)
+			} else if len(dns.MessageToAddresses(response)) == 0 {
 				err = E.New(fqdn, ": empty result")
 			}
 		}
--- a/docs/changelog.md
+++ b/docs/changelog.md
@ -2,7 +2,18 @@
 icon: material/alert-decagram
 ---

-#### 1.12.0-beta.31
+#### 1.12.0-beta.33
+
+* Fixes and improvements
+
+### 1.11.15
+
+* Fixes and improvements
+
+_We are temporarily unable to update sing-box apps on the App Store because the reviewer mistakenly found that we
+violated the rules (TestFlight users are not affected)._
+
+#### 1.12.0-beta.32

 * Improve tun performance on Apple platforms **1**
 * Fixes and improvements
--- a/go.mod
+++ b/go.mod
@ -28,9 +28,9 @@ require (
 	github.com/sagernet/gomobile v0.1.7
 	github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb
 	github.com/sagernet/quic-go v0.52.0-beta.1
-	github.com/sagernet/sing v0.6.12-0.20250703120903-7081a0c40539
+	github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151
 	github.com/sagernet/sing-mux v0.3.2
-	github.com/sagernet/sing-quic v0.5.0-beta.2
+	github.com/sagernet/sing-quic v0.5.0-beta.3
 	github.com/sagernet/sing-shadowsocks v0.2.8
 	github.com/sagernet/sing-shadowsocks2 v0.2.1
 	github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11
--- a/go.sum
+++ b/go.sum
@ -168,12 +168,12 @@ github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/l
 github.com/sagernet/quic-go v0.52.0-beta.1 h1:hWkojLg64zjV+MJOvJU/kOeWndm3tiEfBLx5foisszs=
 github.com/sagernet/quic-go v0.52.0-beta.1/go.mod h1:OV+V5kEBb8kJS7k29MzDu6oj9GyMc7HA07sE1tedxz4=
 github.com/sagernet/sing v0.6.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
-github.com/sagernet/sing v0.6.12-0.20250703120903-7081a0c40539 h1:SK4M4FCNdwV4EiYKIUZ9qM4lr/1NQogJe1YoyYw5DV8=
-github.com/sagernet/sing v0.6.12-0.20250703120903-7081a0c40539/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151 h1:UCiQ1d/t5Y9uKAL9ir3i06+ClqS93OGGG8oqB82RMCE=
+github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-mux v0.3.2 h1:meZVFiiStvHThb/trcpAkCrmtJOuItG5Dzl1RRP5/NE=
 github.com/sagernet/sing-mux v0.3.2/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA=
-github.com/sagernet/sing-quic v0.5.0-beta.2 h1:j7KAbBuGmsKwSxVAQL5soJ+wDqxim4/llK2kxB0hSKk=
-github.com/sagernet/sing-quic v0.5.0-beta.2/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0=
+github.com/sagernet/sing-quic v0.5.0-beta.3 h1:X/acRNsqQNfDlmwE7SorHfaZiny5e67hqIzM/592ric=
+github.com/sagernet/sing-quic v0.5.0-beta.3/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0=
 github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE=
 github.com/sagernet/sing-shadowsocks v0.2.8/go.mod h1:lo7TWEMDcN5/h5B8S0ew+r78ZODn6SwVaFhvB6H+PTI=
 github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnqqs2gQ2/Qioo=
--- a/protocol/tun/inbound.go
+++ b/protocol/tun/inbound.go
@ -134,7 +134,8 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	tunMTU := options.MTU
 	if tunMTU == 0 {
 		if platformInterface != nil && platformInterface.UnderNetworkExtension() {
-			tunMTU = 4000
+			// In Network Extension, when MTU exceeds 4064 (4096-UTUN_IF_HEADROOM_SIZE), the performance of tun will drop significantly, which may be a system bug.
+			tunMTU = 4064
 		} else {
 			tunMTU = 9000
 		}
--- a/route/conn.go
+++ b/route/conn.go
@ -277,7 +277,7 @@ func (m *ConnectionManager) connectionCopy(ctx context.Context, source net.Conn,
 			return
 		}
 	}
-	_, err := bufio.CopyWithCounters(destinationWriter, sourceReader, source, readCounters, writeCounters)
+	_, err := bufio.CopyWithCounters(destinationWriter, sourceReader, source, readCounters, writeCounters, bufio.DefaultIncreaseBufferAfter)
 	if err != nil {
 		common.Close(source, destination)
 	} else if duplexDst, isDuplex := destination.(N.WriteCloser); isDuplex {
Author	SHA1	Message	Date
世界	8ec5593805	documentation: Bump version	2025-07-08 13:14:46 +08:00
世界	c0dd4a3f07	Fix DNS reject check	2025-07-08 13:14:46 +08:00
世界	497ddb5829	Improve copy	2025-07-08 13:14:46 +08:00
世界	811ff93549	Increase default mtu under network extension to 4064	2025-07-08 13:14:46 +08:00
世界	96df69bcdc	release: Fix publish testflight	2025-07-08 13:14:46 +08:00
世界	6cfa2b8b86	Improve darwin tun performance	2025-07-08 13:14:46 +08:00
世界	eea1e701b7	Improve nftables rules for openwrt	2025-07-08 13:14:46 +08:00
世界	455e5de74d	Fixed DoH server recover from conn freezes	2025-07-08 13:14:45 +08:00
世界	9533031891	Update libresolv usage	2025-07-08 13:14:45 +08:00
yu	80f8ea6849	documentation: Update client configuration manual	2025-07-08 13:14:45 +08:00
yanwo	50eadb00c7	documentation: Fix typo Signed-off-by: yanwo <ogilvy@gmail.com>	2025-07-08 13:14:45 +08:00
anytinz	d4012bd0b2	documentation: Fix wrong SideStore loopback ip	2025-07-08 13:14:45 +08:00
世界	a902e9f9f6	Revert "release: Add IPA build" After testing, it seems that since extensions are not handled correctly, it cannot be installed by SideStore.	2025-07-08 13:14:45 +08:00
世界	da3ba573d8	release: Add IPA build	2025-07-08 13:14:45 +08:00
世界	bea9048cfe	Add API to dump AdGuard rules	2025-07-08 13:14:44 +08:00
Sukka	fc0f5ed83a	Improve AdGuard rule-set parser	2025-07-08 13:14:44 +08:00
Restia-Ashbell	c0588c30d7	Add ECH support for uTLS	2025-07-08 13:14:44 +08:00
世界	24c940c51c	Improve TLS fragments	2025-07-08 13:14:44 +08:00
世界	407ee08d8a	Add cache support for ssm-api	2025-07-08 13:14:44 +08:00
世界	756585fb2a	Fix service will not be closed	2025-07-08 13:14:44 +08:00
世界	5662784afb	Add loopback address support for tun	2025-07-08 13:14:44 +08:00
世界	3801901726	Fix tproxy listener	2025-07-08 13:14:43 +08:00
世界	7d58174f1f	Fix systemd package	2025-07-08 13:14:43 +08:00
世界	d339f85087	Fix missing home for derp service	2025-07-08 13:14:43 +08:00
Zero Clover	b6a114f7f4	documentation: Fix services	2025-07-08 13:14:43 +08:00
世界	e586ef070e	Fix `dns.client_subnet` ignored	2025-07-08 13:14:43 +08:00
世界	71a76e9ecb	documentation: Minor fixes	2025-07-08 13:14:42 +08:00
世界	1d66474022	Fix tailscale forward	2025-07-08 13:14:42 +08:00
世界	3934e53476	Minor fixes	2025-07-08 13:14:42 +08:00
世界	0146fbfc40	Add SSM API service	2025-07-08 13:14:42 +08:00
世界	6ee3117755	Add resolved service and DNS server	2025-07-08 13:14:41 +08:00
世界	e2440a569e	Add DERP service	2025-07-08 13:14:41 +08:00
世界	7a1eee78df	Add service component type	2025-07-08 13:14:41 +08:00
世界	e3c8c0705f	Fix tproxy tcp control	2025-07-08 13:14:40 +08:00
愚者	886d427337	release: Fix build tags for android Signed-off-by: 愚者 <11926619+FansChou@users.noreply.github.com>	2025-07-08 13:14:40 +08:00
世界	d5432b4c27	prevent creation of bind and mark controls on unsupported platforms	2025-07-08 13:14:40 +08:00
PuerNya	42064fe7ec	documentation: Fix description of reject DNS action behavior	2025-07-08 13:14:40 +08:00
Restia-Ashbell	7cee76f9a6	Fix TLS record fragment	2025-07-08 13:14:39 +08:00
世界	ed5b2f2997	Add missing `accept_routes` option for Tailscale	2025-07-08 13:14:39 +08:00
世界	3b480de38a	Add TLS record fragment support	2025-07-08 13:14:38 +08:00
世界	f990630ccc	Fix set edns0 client subnet	2025-07-08 13:14:38 +08:00
世界	d33614d6a0	Update minor dependencies	2025-07-08 13:14:38 +08:00
世界	b3866bcea0	Update certmagic and providers	2025-07-08 13:14:38 +08:00
世界	26ec73c71b	Update protobuf and grpc	2025-07-08 13:14:38 +08:00
世界	c3403c5413	Add control options for listeners	2025-07-08 13:14:38 +08:00
世界	3b6ddcae37	Update quic-go to v0.52.0	2025-07-08 13:14:19 +08:00
世界	dbdcce20a8	Update utls to v1.7.2	2025-07-08 13:12:35 +08:00
世界	e7ef1b2368	Handle EDNS version downgrade	2025-07-08 13:12:35 +08:00
世界	ce32d1c2c3	documentation: Fix anytls padding scheme description	2025-07-08 13:12:34 +08:00
安容	596b66f397	Report invalid DNS address early	2025-07-08 13:12:34 +08:00
世界	d4fd43cf6f	Fix wireguard `listen_port`	2025-07-08 13:12:34 +08:00
世界	6c377f16e7	clash-api: Add more meta api	2025-07-08 13:12:34 +08:00
世界	349db7baec	Fix DNS lookup	2025-07-08 13:12:33 +08:00
世界	1f3097da00	Fix fetch ECH configs	2025-07-08 13:12:33 +08:00
reletor	0b4b5e6f0f	documentation: Minor fixes	2025-07-08 13:12:33 +08:00
caelansar	245273e6c1	Fix callback deletion in UDP transport	2025-07-08 13:12:32 +08:00
世界	54a0004de6	documentation: Try to make the play review happy	2025-07-08 13:12:32 +08:00
世界	6a211f6ed6	Fix missing handling of legacy `domain_strategy` options	2025-07-08 13:12:32 +08:00
世界	aadb44ebd6	Improve local DNS server	2025-07-08 13:12:32 +08:00
anytls	9b0db6ab15	Update anytls Co-authored-by: anytls <anytls>	2025-07-08 13:12:31 +08:00
世界	5b363c347f	Fix DNS dialer	2025-07-08 13:12:31 +08:00
世界	cdea3f63d4	release: Skip override version for iOS	2025-07-08 13:12:31 +08:00
iikira	40a6260f6e	Fix UDP DNS server crash Signed-off-by: iikira <i2@mail.iikira.com>	2025-07-08 13:12:31 +08:00
ReleTor	a5e47f4e0f	Fix fetch ECH configs	2025-07-08 13:12:30 +08:00
世界	ac7bc587cb	Allow direct outbounds without `domain_resolver`	2025-07-08 13:12:30 +08:00
世界	4e11a3585a	Fix Tailscale dialer	2025-07-08 13:12:30 +08:00
dyhkwong	63d3e9f6e5	Fix DNS over QUIC stream close	2025-07-08 13:12:30 +08:00
anytls	d115e36ed8	Update anytls Co-authored-by: anytls <anytls>	2025-07-08 13:12:30 +08:00
Rambling2076	af56b1a950	Fix missing `with_tailscale` in Dockerfile Signed-off-by: Rambling2076 <Rambling2076@proton.me>	2025-07-08 13:12:29 +08:00
世界	f9999a76fe	Fail when default DNS server not found	2025-07-08 13:12:28 +08:00
世界	42eb3841a1	Update gVisor to 20250319.0	2025-07-08 13:12:28 +08:00
世界	fb622ccbdf	Explicitly reject detour to empty direct outbounds	2025-07-08 13:12:28 +08:00
世界	d2dc3ddf72	Add netns support	2025-07-08 13:12:28 +08:00
世界	e8499452f8	Add wildcard name support for predefined records	2025-07-08 13:12:27 +08:00
世界	e0a6b31c03	Remove map usage in options	2025-07-08 13:12:27 +08:00
世界	7c923209ad	Fix unhandled DNS loop	2025-07-08 13:12:27 +08:00
世界	bca2bd2fa1	Add wildcard-sni support for shadow-tls inbound	2025-07-08 13:12:26 +08:00
k9982874	fa99ca2757	Add ntp protocol sniffing	2025-07-08 13:12:26 +08:00
世界	7073f2a272	option: Fix marshal legacy DNS options	2025-07-08 13:12:26 +08:00
世界	390e30ae7b	Make `domain_resolver` optional when only one DNS server is configured	2025-07-08 13:12:26 +08:00
世界	23cf8c49e0	Fix DNS lookup context pollution	2025-07-08 13:12:25 +08:00
世界	b17a024f6c	Fix http3 DNS server connecting to wrong address	2025-07-08 13:12:25 +08:00
Restia-Ashbell	1ed21085bb	documentation: Fix typo	2025-07-08 13:12:25 +08:00
anytls	56409ff269	Update sing-anytls Co-authored-by: anytls <anytls>	2025-07-08 13:12:24 +08:00
k9982874	0c523980ff	Fix hosts DNS server	2025-07-08 13:12:24 +08:00
世界	32873d06bc	Fix UDP DNS server crash	2025-07-08 13:12:24 +08:00
世界	4accaccf77	documentation: Fix missing `ip_accept_any` DNS rule option	2025-07-08 13:12:23 +08:00
世界	ff416aacaf	Fix anytls dialer usage	2025-07-08 13:12:23 +08:00
世界	b97947e8ac	Move predefined DNS server to rule action	2025-07-08 13:12:23 +08:00
世界	dfcd9fb8c3	Fix domain resolver on direct outbound	2025-07-08 13:12:22 +08:00
Zephyruso	803811568e	Fix missing AnyTLS display name	2025-07-08 13:12:22 +08:00
anytls	50b0bd5c39	Update sing-anytls Co-authored-by: anytls <anytls>	2025-07-08 13:12:22 +08:00
Estel	2d02b2b1cf	documentation: Fix typo Signed-off-by: Estel <callmebedrockdigger@gmail.com>	2025-07-08 13:12:22 +08:00
TargetLocked	456fbecf16	Fix parsing legacy DNS options	2025-07-08 13:12:21 +08:00
世界	668923c392	Fix DNS fallback	2025-07-08 13:12:21 +08:00
世界	c51e9cbe06	documentation: Fix missing hosts DNS server	2025-07-08 13:12:20 +08:00
anytls	60b451e6cf	Add MinIdleSession option to AnyTLS outbound Co-authored-by: anytls <anytls>	2025-07-08 13:12:20 +08:00
ReleTor	3e35390d8f	documentation: Minor fixes	2025-07-08 13:12:20 +08:00
libtry486	f2dad289fb	documentation: Fix typo fix typo Signed-off-by: libtry486 <89328481+libtry486@users.noreply.github.com>	2025-07-08 13:12:20 +08:00
Alireza Ahmadi	b4a8fa59f5	Fix Outbound deadlock	2025-07-08 13:12:19 +08:00
世界	73de2a7d07	documentation: Fix AnyTLS doc	2025-07-08 13:12:19 +08:00
anytls	1699a7ce33	Add AnyTLS protocol	2025-07-08 13:12:19 +08:00
世界	7743c6e881	Migrate to stdlib ECH support	2025-07-08 13:12:19 +08:00
世界	9a5f69f435	Add fallback local DNS server for iOS	2025-07-08 13:12:18 +08:00
世界	5c4211e849	Get darwin local DNS server from libresolv	2025-07-08 13:12:18 +08:00
世界	c1189e2a7b	Improve resolve action	2025-07-08 13:12:18 +08:00
世界	f18889369f	Add back port hopping to hysteria 1	2025-07-08 13:12:17 +08:00
xchacha20-poly1305	91c7b638e8	Remove single quotes of raw Moziila certs	2025-07-08 13:12:17 +08:00
世界	6f793a0273	Add Tailscale endpoint	2025-07-08 13:12:16 +08:00
世界	0f6c417c3c	Build legacy binaries with latest Go	2025-07-08 13:12:16 +08:00
世界	c830e9a634	documentation: Remove outdated icons	2025-07-08 13:12:16 +08:00
世界	e809623ec9	documentation: Certificate store	2025-07-08 13:12:16 +08:00
世界	061276902b	documentation: TLS fragment	2025-07-08 13:12:15 +08:00
世界	fa6f7d396e	documentation: Outbound domain resolver	2025-07-08 13:12:15 +08:00
世界	23666a9230	documentation: Refactor DNS	2025-07-08 13:12:15 +08:00
世界	17576e9f66	Add certificate store	2025-07-08 13:12:14 +08:00
世界	90ec9c8bcb	Add TLS fragment support	2025-07-08 13:12:14 +08:00
世界	988ac62a1b	refactor: Outbound domain resolver	2025-07-08 13:12:14 +08:00
世界	3016338e34	refactor: DNS	2025-07-08 13:12:14 +08:00
世界	bc35aca017	Bump version	2025-07-08 13:11:13 +08:00
世界	281d52a1ea	Fix hy2 server crash	2025-07-08 13:11:13 +08:00
世界	b8502759b5	Fix DNS reject check	2025-07-07 13:57:37 +08:00