ipset无法在指定domain-rules或者ipset指令下生效，会将所有解析结果都加入setname中

[cnnvito]

想指定域名的解析记录加入ipset的dnstest中，但是经过测试只要使用下面这个配置所有记录结果都会加入dnstest中；
已确认foreign.txt和internal.txt没有交集域名，并且不在这两个文件中的域名也同样会加入到dnstest中

版本如下

[root ~]# ./smartdns-x86_64 -v
smartdns 1.2025.11.09-1443 (Release47.1)
[root ~]# ipset version
ipset v7.1, protocol version: 7

配置文件如下

bind :5353
cache-persist no
speed-check-mode none
log-level debug
ipset dnstest
ipset-timeout no
force-AAAA-SOA yes

server udp://192.168.2.230
server udp://111.111.111.111 -g internal -fallback
server udp://111.111.111.111 -g internal -fallback

hosts-file /etc/smartdns/hosts

domain-set -name foreign-list -type list -file /etc/smartdns/rules/foreign.txt
domain-set -name internal-list -type list -file /etc/smartdns/rules/internal.txt

domain-rules /domain-set:internal-list/ -speed-check-mode none -nameserver internal

# 两种方式都测试过，结果都一样
ipset /domain-set:foreign-list/dnstest
# domain-rules /domain-set:foreign-list/ -speed-check-mode none -ipset dnstest

比如jd.com这个域名，不在列表中，一样会加入到ipset中

[2026-01-11 14:06:01,842][DEBUG][     dns_server.c:474 ] query jd.com from 127.0.0.1, qtype: 1, id: 32694, query-num: 1
[2026-01-11 14:06:01,842][DEBUG][     dns_client.c:292 ] send query to server 192.168.2.230:53, type:0
[2026-01-11 14:06:01,842][ INFO][     dns_client.c:493 ] request: jd.com, qtype: 1, id: 27074, group: default
[2026-01-11 14:06:01,851][DEBUG][     client_udp.c:374 ] recv udp packet from 192.168.2.230:53, len: 99, ttl: 64, latency: 10
[2026-01-11 14:06:01,851][DEBUG][     dns_client.c:111 ] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 99, id = 27074, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2026-01-11 14:06:01,851][DEBUG][     dns_client.c:123 ] domain: jd.com qtype: 1  qclass: 1
[2026-01-11 14:06:01,851][DEBUG][     dns_server.c:145 ] query result from server 192.168.2.230:53, type: 0, domain: jd.com qtype: 1 rcode: 0, id: 32694
[2026-01-11 14:06:01,851][DEBUG][         answer.c:187 ] domain: jd.com TTL: 422 IP: 211.144.27.126
[2026-01-11 14:06:01,851][DEBUG][         answer.c:187 ] domain: jd.com TTL: 422 IP: 106.39.171.134
[2026-01-11 14:06:01,851][DEBUG][         answer.c:187 ] domain: jd.com TTL: 422 IP: 211.144.24.218
[2026-01-11 14:06:01,851][DEBUG][         answer.c:187 ] domain: jd.com TTL: 422 IP: 111.13.149.108
[2026-01-11 14:06:01,851][ INFO][        request.c:84  ] result: jd.com, qtype: 1, rtt: -0.1 ms, 211.144.27.126
[2026-01-11 14:06:01,851][DEBUG][        context.c:775 ] reply jd.com qtype: 1, rcode: 0, reply: 1
[2026-01-11 14:06:01,851][DEBUG][        context.c:340 ] result: jd.com, rtt: -0.1 ms, 211.144.27.126
[2026-01-11 14:06:01,851][DEBUG][          cache.c:143 ] cache jd.com qtype: 1 ttl: 600
[2026-01-11 14:06:01,851][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: jd.com, ipset: dnstest, IP: 211.144.27.126
[2026-01-11 14:06:01,851][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: jd.com, ipset: dnstest, IP: 106.39.171.134
[2026-01-11 14:06:01,851][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: jd.com, ipset: dnstest, IP: 211.144.24.218
[2026-01-11 14:06:01,851][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: jd.com, ipset: dnstest, IP: 111.13.149.108
[2026-01-11 14:06:01,851][ INFO][        context.c:830 ] result: jd.com, client: 127.0.0.1, qtype: 1, id: 32694, group: default, time: 10ms
[2026-01-11 14:06:01,852][DEBUG][          query.c:50  ] result: jd.com, qtype: 1, has-result: 1, id 27074

ipset结果

[root ~]# dig @127.0.0.1 -p 5353 jd.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> @127.0.0.1 -p 5353 jd.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64192
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;jd.com.                                IN      A

;; ANSWER SECTION:
jd.com.                 600     IN      A       211.144.27.126
jd.com.                 600     IN      A       106.39.171.134
jd.com.                 600     IN      A       211.144.24.218
jd.com.                 600     IN      A       111.13.149.108

;; Query time: 11 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sun Jan 11 14:09:08 CST 2026
;; MSG SIZE  rcvd: 88

[root ~]# ipset list dnstest
Name: dnstest
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 360
References: 0
Number of entries: 4
Members:
211.144.27.126
111.13.149.108
211.144.24.218
106.39.171.134

[pymumu]

检查你的配置文件吧，是不是吧com都加到列表里面了

[cnnvito]

我想不出来啥原因，两个域名列表文件是这样的

[root /etc/smartdns/rules]#cat foreign.txt
api.bitwarden.com
api-broadcast.push.apple.com
api-carry.push.apple.com
api-cn.push.apple.com
api.deepl.com
api.docker.io
api.dso.docker.com
api.push.apple.com
auth.docker.io
bitwarden.com
cdn.auth0.com
dl-cdn.alpinelinux.org
dv.acme-v02.api.pki.goog
hub.docker.com
identity.bitwarden.com
login.docker.com
mr-api.push.apple.com
ms-api.push.apple.com
production.cloudflare.docker.com
push.bitwarden.com
pv-api.push.apple.com
registry-1.docker.io
st-api.push.apple.com
vault.bitwarden.com
www2.deepl.com
download.maxmind.com

[root /etc/smartdns/rules]# cat internal.txt
aliyun.com
alicdn.com
taobao.com
aliyuncs.com

比如这个域名twitch.tv的日志

从日志上看是有关键字IPSET-MATCH

[2026-01-11 16:37:17,514][DEBUG][     dns_server.c:474 ] query twitch.tv from 127.0.0.1, qtype: 1, id: 30085, query-num: 1
[2026-01-11 16:37:17,514][DEBUG][     dns_client.c:292 ] send query to server 192.168.2.230:53, type:0
[2026-01-11 16:37:17,514][ INFO][     dns_client.c:493 ] request: twitch.tv, qtype: 1, id: 38190, group: default
[2026-01-11 16:37:17,540][DEBUG][     client_udp.c:374 ] recv udp packet from 192.168.2.230:53, len: 102, ttl: 64, latency: 26
[2026-01-11 16:37:17,540][DEBUG][     dns_client.c:111 ] qdcount = 1, ancount = 4, nscount = 0, nrcount = 0, len = 102, id = 38190, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 4096
[2026-01-11 16:37:17,540][DEBUG][     dns_client.c:123 ] domain: twitch.tv qtype: 1  qclass: 1
[2026-01-11 16:37:17,540][DEBUG][     dns_server.c:145 ] query result from server 192.168.2.230:53, type: 0, domain: twitch.tv qtype: 1 rcode: 0, id: 30085
[2026-01-11 16:37:17,540][DEBUG][         answer.c:187 ] domain: twitch.tv TTL: 600 IP: 151.101.66.167
[2026-01-11 16:37:17,540][DEBUG][         answer.c:187 ] domain: twitch.tv TTL: 600 IP: 151.101.2.167
[2026-01-11 16:37:17,540][DEBUG][         answer.c:187 ] domain: twitch.tv TTL: 600 IP: 151.101.194.167
[2026-01-11 16:37:17,540][DEBUG][         answer.c:187 ] domain: twitch.tv TTL: 600 IP: 151.101.130.167
[2026-01-11 16:37:17,540][ INFO][        request.c:84  ] result: twitch.tv, qtype: 1, rtt: -0.1 ms, 151.101.66.167
[2026-01-11 16:37:17,540][DEBUG][        context.c:775 ] reply twitch.tv qtype: 1, rcode: 0, reply: 1
[2026-01-11 16:37:17,540][DEBUG][        context.c:340 ] result: twitch.tv, rtt: -0.1 ms, 151.101.66.167
[2026-01-11 16:37:17,540][DEBUG][          cache.c:143 ] cache twitch.tv qtype: 1 ttl: 600
[2026-01-11 16:37:17,540][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: twitch.tv, ipset: dnstest, IP: 151.101.66.167
[2026-01-11 16:37:17,540][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: twitch.tv, ipset: dnstest, IP: 151.101.2.167
[2026-01-11 16:37:17,540][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: twitch.tv, ipset: dnstest, IP: 151.101.194.167
[2026-01-11 16:37:17,540][DEBUG][   ipset_nftset.c:31  ] IPSET-MATCH: domain: twitch.tv, ipset: dnstest, IP: 151.101.130.167
[2026-01-11 16:37:17,540][ INFO][        context.c:830 ] result: twitch.tv, client: 127.0.0.1, qtype: 1, id: 30085, group: default, time: 26ms
[2026-01-11 16:37:17,540][DEBUG][          query.c:50  ] result: twitch.tv, qtype: 1, has-result: 1, id 38190

结果

[root ~]# dig @127.0.0.1 -p 5353 twitch.tv

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> @127.0.0.1 -p 5353 twitch.tv
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30085
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;twitch.tv.                     IN      A

;; ANSWER SECTION:
twitch.tv.              600     IN      A       151.101.66.167
twitch.tv.              600     IN      A       151.101.2.167
twitch.tv.              600     IN      A       151.101.194.167
twitch.tv.              600     IN      A       151.101.130.167

;; Query time: 26 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sun Jan 11 16:37:17 CST 2026
;; MSG SIZE  rcvd: 91

[root ~]# ipset list dnstest
Name: dnstest
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 560
References: 0
Number of entries: 9
Members:
211.144.27.126
151.101.66.167
111.13.149.108
151.101.2.167
151.101.130.167
75.2.115.196
211.144.24.218
151.101.194.167
106.39.171.134

[PikuZheng]

能否发下 internal.txt

两个txt最后都有一个空行 如果删掉空行也会这样吗

[cnnvito]

能否发下 internal.txt

两个txt最后都有一个空行 如果删掉空行也会这样吗

两个文件都没有空行，上面是我加的。。

[root ~]# grep -nE '^$' /etc/smartdns/rules/*.txt
[root ~]#

[pymumu]

ipset dnstest

你这个配置的意思就是所有域名都加入ipset
仔细阅读配置帮助吧

[cnnvito]

原来如此，我以为这个指令全局的意思是创建dnstest这个setname