# ============================================
# MosDNS v5 最终优化配置
# 基于增强的 mikrotik_addresslist 插件
# ============================================

log:
  level: info

# 管理 API
api:
  http: "0.0.0.0:5535"

plugins:
  # ========= 基础组件 =========
  
  # GFW 域名列表（仅用于分流，不写入设备）
  - tag: GFW_domains
    type: domain_set
    args:
      files:
        - "/usr/local/jinlingma/config/gfwlist.out.txt"

  # 中国大陆 IP 列表
  - tag: geoip_cn
    type: ip_set
    args:
      files:
        - "/usr/local/jinlingma/config/cn.txt"

  # 缓存
  - tag: cache
    type: cache
    args:
      size: 32768
      lazy_cache_ttl: 43200

  # ========= 上游 DNS 定义 =========
  
  # 国内 DNS
  - tag: china-dns
    type: forward
    args:
      concurrent: 6
      upstreams:
        - addr: "udp://202.96.128.86"
        - addr: "udp://202.96.128.166"
        - addr: "udp://119.29.29.29"
        - addr: "udp://223.5.5.5"
        - addr: "udp://114.114.114.114"
        - addr: "udp://180.76.76.76"

  # 国外 DNS（DoT）
  - tag: overseas-dns
    type: forward
    args:
      concurrent: 4
      upstreams:
        - addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
          dial_addr: "1.1.1.1"
          enable_pipeline: true
        - addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
          dial_addr: "1.0.0.1"
          enable_pipeline: true
        - addr: "tls://dns.google"
          dial_addr: "8.8.8.8"
          enable_pipeline: true
        - addr: "tls://dns.google"
          dial_addr: "8.8.4.4"
          enable_pipeline: true

  # fallback 封装
  - tag: forward_local
    type: fallback
    args:
      primary: china-dns
      secondary: china-dns
      threshold: 500
      always_standby: true

  - tag: forward_remote
    type: fallback
    args:
      primary: overseas-dns
      secondary: overseas-dns
      threshold: 500
      always_standby: true

  # 便捷封装：国内/国外
  - tag: forward_local_upstream
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: query_summary forward_local
      - exec: $forward_local

  - tag: forward_remote_upstream
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: query_summary forward_remote
      - exec: $forward_remote

  # ========= 🚀 增强的 MikroTik 插件（支持多设备多规则）=========
  
  # 设备 A：Amazon 相关域名
  - tag: mikrotik_amazon
    type: mikrotik_addresslist
    domain_files:
      - "/usr/local/jinlingma/config/amazon.txt"
      - "/usr/local/jinlingma/config/aws.txt"
    args:
      host: "10.96.1.22"
      port: 9728
      username: "admin"
      password: "szn0s!nw@pwd()"
      use_tls: false
      timeout: 3
      address_list4: "Amazon"
      address_list6: "Amazon6"
      mask4: 24                      # 使用/24网段，减少条目数量
      mask6: 64
      comment: "Amazon-AutoAdd"
      timeout_addr: 43200            # 12小时
      cache_ttl: 3600                # 1小时缓存
      verify_add: false              # 关闭验证，提升性能
      add_all_ips: true              # 添加所有IP
      max_ips: 20                    # 限制每域名最多20个IP

  # 设备 B：Google 相关域名
  - tag: mikrotik_google
    type: mikrotik_addresslist
    domain_files:
      - "/usr/local/jinlingma/config/google.txt"
      - "/usr/local/jinlingma/config/youtube.txt"
    args:
      host: "10.96.1.23"
      port: 9728
      username: "admin"
      password: "szn0s!nw@pwd()"
      use_tls: false
      timeout: 3
      address_list4: "Google"
      mask4: 32                      # 精确匹配单个IP
      comment: "Google-AutoAdd"
      timeout_addr: 21600            # 6小时
      cache_ttl: 1800                # 30分钟缓存
      verify_add: false
      add_all_ips: true
      max_ips: 15

  # 设备 C：流媒体相关域名
  - tag: mikrotik_streaming
    type: mikrotik_addresslist
    domain_files:
      - "/usr/local/jinlingma/config/netflix.txt"
      - "/usr/local/jinlingma/config/disney.txt"
    args:
      host: "10.96.1.24"
      port: 9728
      username: "admin"
      password: "szn0s!nw@pwd()"
      use_tls: false
      timeout: 5                     # 流媒体可能需要更长时间
      address_list4: "Streaming"
      mask4: 32
      comment: "Streaming-AutoAdd"
      timeout_addr: 21600            # 6小时（流媒体IP变化较频繁）
      cache_ttl: 1800                # 30分钟缓存
      verify_add: false
      add_all_ips: true
      max_ips: 30                    # 流媒体服务IP较多

  # ========= 查询逻辑 =========
  
  # 检查是否有响应
  - tag: has_resp_sequence
    type: sequence
    args:
      - matches: has_resp
        exec: accept

  # 拒绝无效查询
  - tag: reject_invalid
    type: sequence
    args:
      - matches: qtype 65
        exec: reject 3

  # GFW 域名分流（仅解析，不写入设备）
  - tag: gfw_routing_only
    type: sequence
    args:
      - matches: qname $GFW_domains
        exec: $forward_remote_upstream
      - exec: query_summary gfw_overseas_routing

  # 智能 fallback 处理
  - tag: smart_fallback_handler
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: $forward_local_upstream
      - matches: resp_ip $geoip_cn
        exec: accept
      - exec: $forward_remote_upstream
      - exec: query_summary fallback_to_overseas

  # 🚀 主序列（极简版）
  - tag: main_sequence
    type: sequence
    args:
      # 1. 缓存检查
      - exec: $cache
      
      # 2. 拒绝无效查询
      - exec: $reject_invalid
      - exec: jump has_resp_sequence

      # 3. GFW 域名分流（仅解析）
      - exec: $gfw_routing_only
      - exec: jump has_resp_sequence

      # 4. 智能 fallback
      - exec: $smart_fallback_handler
      - exec: jump has_resp_sequence

      # 5. 🚀 MikroTik 设备处理（每个插件自动匹配域名）
      - exec: $mikrotik_amazon       # 自动处理 Amazon 域名
      - exec: $mikrotik_google       # 自动处理 Google 域名  
      - exec: $mikrotik_streaming    # 自动处理流媒体域名

  # ========= 服务监听 =========
  - tag: udp_server
    type: udp_server
    args:
      entry: main_sequence
      listen: ":5322"

  - tag: tcp_server
    type: tcp_server
    args:
      entry: main_sequence
      listen: ":5322"