fix: system:// should ignore dns server setting by tun listener

component/resolver/system.go

@@ -0,0 +1,39 @@
+package resolver
+
+import "sync"
+
+var blacklist struct {
+	Map   map[string]struct{}
+	Mutex sync.Mutex
+}
+
+func init() {
+	blacklist.Map = make(map[string]struct{})
+}
+
+func AddSystemDnsBlacklist(names ...string) {
+	blacklist.Mutex.Lock()
+	defer blacklist.Mutex.Unlock()
+	for _, name := range names {
+		blacklist.Map[name] = struct{}{}
+	}
+}
+
+func RemoveSystemDnsBlacklist(names ...string) {
+	blacklist.Mutex.Lock()
+	defer blacklist.Mutex.Unlock()
+	for _, name := range names {
+		delete(blacklist.Map, name)
+	}
+}
+
+func IsSystemDnsBlacklisted(names ...string) bool {
+	blacklist.Mutex.Lock()
+	defer blacklist.Mutex.Unlock()
+	for _, name := range names {
+		if _, ok := blacklist.Map[name]; ok {
+			return true
+		}
+	}
+	return false
+}

dns/system.go

@@ -8,6 +8,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/metacubex/mihomo/component/resolver"
 	"github.com/metacubex/mihomo/log"
 
 	D "github.com/miekg/dns"
@@ -39,6 +40,9 @@ func (c *systemClient) getDnsClients() ([]dnsClient, error) {
 		if nameservers, err = dnsReadConfig(); err == nil {
 			log.Debugln("[DNS] system dns update to %s", nameservers)
 			for _, addr := range nameservers {
+				if resolver.IsSystemDnsBlacklisted(addr) {
+					continue
+				}
 				if _, ok := c.dnsClients[addr]; !ok {
 					clients := transform(
 						[]NameServer{{

listener/sing_tun/server.go

@@ -12,6 +12,7 @@ import (
 	"github.com/metacubex/mihomo/adapter/inbound"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/iface"
+	"github.com/metacubex/mihomo/component/resolver"
 	C "github.com/metacubex/mihomo/constant"
 	LC "github.com/metacubex/mihomo/listener/config"
 	"github.com/metacubex/mihomo/listener/sing"
@@ -39,6 +40,8 @@ type Listener struct {
 	networkUpdateMonitor    tun.NetworkUpdateMonitor
 	defaultInterfaceMonitor tun.DefaultInterfaceMonitor
 	packageManager          tun.PackageManager
+
+	dnsServerIp []string
 }
 
 func CalculateInterfaceName(name string) (tunName string) {
@@ -147,12 +150,16 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis
 
 		dnsAdds = append(dnsAdds, addrPort)
 	}
+
+	var dnsServerIp []string
 	for _, a := range options.Inet4Address {
 		addrPort := netip.AddrPortFrom(a.Addr().Next(), 53)
+		dnsServerIp = append(dnsServerIp, a.Addr().Next().String())
 		dnsAdds = append(dnsAdds, addrPort)
 	}
 	for _, a := range options.Inet6Address {
 		addrPort := netip.AddrPortFrom(a.Addr().Next(), 53)
+		dnsServerIp = append(dnsServerIp, a.Addr().Next().String())
 		dnsAdds = append(dnsAdds, addrPort)
 	}
 
@@ -244,6 +251,10 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis
 		return
 	}
 
+	l.dnsServerIp = dnsServerIp
+	// after tun.New sing-tun has set DNS to TUN interface
+	resolver.AddSystemDnsBlacklist(dnsServerIp...)
+
 	stackOptions := tun.StackOptions{
 		Context:                context.TODO(),
 		Tun:                    tunIf,
@@ -336,6 +347,7 @@ func parseRange(uidRanges []ranges.Range[uint32], rangeList []string) ([]ranges.
 
 func (l *Listener) Close() error {
 	l.closed = true
+	resolver.RemoveSystemDnsBlacklist(l.dnsServerIp...)
 	return common.Close(
 		l.tunStack,
 		l.tunIf,