# ============================================
# MosDNS v5 最终优化配置
# 基于增强的 mikrotik_addresslist 插件
# ============================================

log:
  level: debug  # 🔧 改为 debug 级别，查看详细日志

# 管理 API
api:
  http: "0.0.0.0:5541"
web:
  http: "0.0.0.0:5555"
plugins:
  # ========= 基础组件 =========
  
  # GFW 域名列表（仅用于分流，不写入设备）
  - tag: GFW_domains
    type: domain_set
    args:
      files:
        - "/usr/local/yltx-dns/geosite/geosite_gfw.txt"

  # 🆕 海外域名列表（包含所有需要海外解析的域名）
  - tag: overseas_domains
    type: domain_set
    args:
      files:
        - "/usr/local/yltx-dns/geosite/geosite_gfw.txt"
        - "/usr/local/yltx-dns/config/openai.txt"
        
  # 中国大陆 IP 列表
  - tag: geoip_cn
    type: ip_set
    args:
      files:
        - "/usr/local/yltx-dns/config/cn.txt"

  # 缓存
  - tag: cache
    type: cache
    args:
      size: 82768
      lazy_cache_ttl: 43200

  # ========= 上游 DNS 定义 =========
  
  # 国内 DNS
  - tag: china-dns
    type: forward
    args:
      concurrent: 6
      upstreams:
        - addr: "udp://202.96.128.86"
        - addr: "udp://202.96.128.166"
        - addr: "udp://119.29.29.29"
        - addr: "udp://223.5.5.5"
        - addr: "udp://114.114.114.114"
        - addr: "udp://180.76.76.76"

  # 国外 DNS（DoT）
  - tag: overseas-dns
    type: forward
    args:
      concurrent: 4
      upstreams:
        - addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
          dial_addr: "1.1.1.1"
          enable_pipeline: true
        - addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
          dial_addr: "1.0.0.1"
          enable_pipeline: true
        - addr: "tls://dns.google"
          dial_addr: "8.8.8.8"
          enable_pipeline: true
        - addr: "tls://dns.google"
          dial_addr: "8.8.4.4"
          enable_pipeline: true

  # fallback 封装
  - tag: forward_local
    type: fallback
    args:
      primary: china-dns
      secondary: china-dns
      threshold: 500
      always_standby: true

  - tag: forward_remote
    type: fallback
    args:
      primary: overseas-dns
      secondary: overseas-dns
      threshold: 500
      always_standby: true

  # 便捷封装：国内/国外
  - tag: forward_local_upstream
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: query_summary forward_local
      - exec: $forward_local

  - tag: forward_remote_upstream
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: query_summary forward_remote
      - exec: $forward_remote

  # ========= 🚀 增强的 MikroTik 插件（支持多设备多规则）=========
  
  # 设备 A：OpenAI 相关域名
  - tag: mikrotik_amazon
    type: mikrotik_addresslist
    args:
      domain_files:
        - "/usr/local/yltx-dns/config/openai.txt"
      host: "10.248.0.1"
      port: 9728
      username: "admin"
      password: "szn0s!nw@pwd()"
      use_tls: false
      timeout: 3
      address_list4: "OpenAI"
      mask4: 24
      comment: "OpenAI-AutoAdd"
      timeout_addr: 43200
      cache_ttl: 3600
      verify_add: false
      add_all_ips: true
      max_ips: 50

  # 设备 B：Google 相关域名（示例 - 已注释）
#  - tag: mikrotik_google
#    type: mikrotik_addresslist
#    args:
#      domain_files:
#        - "/usr/local/jinlingma/config/google.txt"
#        - "/usr/local/jinlingma/config/youtube.txt"
#      host: "10.96.1.23"
#      port: 9728
#      username: "admin"
#      password: "szn0s!nw@pwd()"
#      use_tls: false
#      timeout: 3
#      address_list4: "Google"
#      mask4: 32                      # 精确匹配单个IP
#      comment: "Google-AutoAdd"
#      timeout_addr: 21600            # 6小时
#      cache_ttl: 1800                # 30分钟缓存
#      verify_add: false
#      add_all_ips: true
#      max_ips: 15

  # 设备 C：流媒体相关域名（示例 - 已注释）
#  - tag: mikrotik_streaming
#    type: mikrotik_addresslist
#    args:
#      domain_files:
#        - "/usr/local/jinlingma/config/netflix.txt"
#        - "/usr/local/jinlingma/config/disney.txt"
#      host: "10.96.1.24"
#      port: 9728
#      username: "admin"
#      password: "szn0s!nw@pwd()"
#      use_tls: false
#      timeout: 5                     # 流媒体可能需要更长时间
#      address_list4: "Streaming"
#      mask4: 32
#      comment: "Streaming-AutoAdd"
#      timeout_addr: 21600            # 6小时（流媒体IP变化较频繁）
#      cache_ttl: 1800                # 30分钟缓存
#      verify_add: false
#      add_all_ips: true
#      max_ips: 30                    # 流媒体服务IP较多

  # ========= 查询逻辑 =========
  
  # 检查是否有响应
  - tag: has_resp_sequence
    type: sequence
    args:
      - matches: has_resp
        exec: accept

  # 拒绝无效查询
  - tag: reject_invalid
    type: sequence
    args:
      - matches: qtype 65
        exec: reject 3


  # 智能 fallback 处理
  - tag: smart_fallback_handler
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: $forward_local_upstream
      - matches: resp_ip $geoip_cn
        exec: accept
      - exec: $forward_remote_upstream
      - exec: query_summary fallback_to_overseas

  # 🚀 海外域名分流 + MikroTik 处理
  - tag: overseas_routing_with_mikrotik
    type: sequence
    args:
      - matches: qname $overseas_domains
        exec: $forward_remote_upstream
      - matches: has_resp
        exec: $mikrotik_amazon       # 🔧 修复：在有DNS响应后才调用MikroTik
      - matches: has_resp
        exec: accept
      - exec: query_summary overseas_routing

  # 🚀 并行处理序列：优化的DNS解析流程
  - tag: parallel_dns_and_mikrotik
    type: sequence
    args:      
      # DNS 解析逻辑
      - exec: $overseas_routing_with_mikrotik # 🚀 海外域名分流 + MikroTik处理
      - matches: has_resp
        exec: accept
      - exec: $smart_fallback_handler # 智能 fallback

  # 🚀 主序列（优化版 - 并行处理）
  - tag: main_sequence
    type: sequence
    args:
      # 1. 缓存检查
      - exec: $cache
      
      # 2. 拒绝无效查询
      - exec: $reject_invalid
      - exec: jump has_resp_sequence

      # 3. 🚀 并行处理：DNS解析 + MikroTik处理
      - exec: $parallel_dns_and_mikrotik
      - exec: jump has_resp_sequence

  # ========= 服务监听 =========
  - tag: udp_server
    type: udp_server
    args:
      entry: main_sequence
      listen: ":531"

  - tag: tcp_server
    type: tcp_server
    args:
      entry: main_sequence
      listen: ":531"