rules: update default clash & surfboard & surge rules

Signed-off-by: Beta Soft <betaxab@gmail.com>

resources/rules/default.clash.yaml

@@ -4,6 +4,7 @@
 # tproxy-port: 7893
 mixed-port: 7890
 allow-lan: true
+bind-address: "*"
 mode: rule
 log-level: info
 external-controller: 127.0.0.1:9090
@@ -20,15 +21,16 @@ dns:
   fake-ip-range: 198.18.0.1/16
   use-hosts: true
   nameserver:
-    - https://dns.alidns.com/dns-query
     - https://doh.pub/dns-query
   fallback:
     - tls://1.0.0.1:853
+    - https://cloudflare-dns.com/dns-query
     - https://dns.google/dns-query
   fallback-filter:
     geoip: true
     ipcidr:
       - 240.0.0.0/4
+      - 0.0.0.0/32
 
 proxies:
 

resources/rules/default.surfboard.conf

@@ -55,22 +55,22 @@ DOMAIN,itunes.apple.com,Proxy
 DOMAIN-SUFFIX,apps.apple.com,Proxy
 DOMAIN-SUFFIX,blobstore.apple.com,Proxy
 DOMAIN,cvws.icloud-content.com,Proxy
-DOMAIN-SUFFIX,mzstatic.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,itunes.apple.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,icloud.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,icloud-content.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,me.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,aaplimg.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,cdn20.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,cdn-apple.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,akadns.net,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,akamaiedge.net,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,edgekey.net,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,mwcloudcdn.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,mwcname.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,apple.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,apple-cloudkit.com,DIRECT,force-remote-dns
-DOMAIN-SUFFIX,apple-mapkit.com,DIRECT,force-remote-dns
+DOMAIN-SUFFIX,mzstatic.com,DIRECT
+DOMAIN-SUFFIX,itunes.apple.com,DIRECT
+DOMAIN-SUFFIX,icloud.com,DIRECT
+DOMAIN-SUFFIX,icloud-content.com,DIRECT
+DOMAIN-SUFFIX,me.com,DIRECT
+DOMAIN-SUFFIX,aaplimg.com,DIRECT
+DOMAIN-SUFFIX,cdn20.com,DIRECT
+DOMAIN-SUFFIX,cdn-apple.com,DIRECT
+DOMAIN-SUFFIX,akadns.net,DIRECT
+DOMAIN-SUFFIX,akamaiedge.net,DIRECT
+DOMAIN-SUFFIX,edgekey.net,DIRECT
+DOMAIN-SUFFIX,mwcloudcdn.com,DIRECT
+DOMAIN-SUFFIX,mwcname.com,DIRECT
+DOMAIN-SUFFIX,apple.com,DIRECT
+DOMAIN-SUFFIX,apple-cloudkit.com,DIRECT
+DOMAIN-SUFFIX,apple-mapkit.com,DIRECT
 
 # 国内网站
 DOMAIN-SUFFIX,cn,DIRECT
@@ -203,22 +203,7 @@ DOMAIN-SUFFIX,zhimg.com,DIRECT
 DOMAIN-SUFFIX,zimuzu.tv,DIRECT
 DOMAIN-SUFFIX,zoho.com,DIRECT
 
-# 抗 DNS 污染
-DOMAIN-KEYWORD,amazon,Proxy
-DOMAIN-KEYWORD,gmail,Proxy
-DOMAIN-KEYWORD,youtube,Proxy
-DOMAIN-KEYWORD,facebook,Proxy
-DOMAIN-SUFFIX,fb.me,Proxy
-DOMAIN-SUFFIX,fbcdn.net,Proxy
-DOMAIN-KEYWORD,twitter,Proxy
-DOMAIN-KEYWORD,instagram,Proxy
-DOMAIN-KEYWORD,dropbox,Proxy
-DOMAIN-SUFFIX,twimg.com,Proxy
-DOMAIN-KEYWORD,blogspot,Proxy
-DOMAIN-SUFFIX,youtu.be,Proxy
-DOMAIN-KEYWORD,whatsapp,Proxy
-
-# 常见广告域名关键词屏蔽
+# 常见广告域名屏蔽
 DOMAIN-KEYWORD,admarvel,REJECT
 DOMAIN-KEYWORD,admaster,REJECT
 DOMAIN-KEYWORD,adsage,REJECT
@@ -247,6 +232,22 @@ DOMAIN-SUFFIX,vungle.com,REJECT
 DOMAIN-KEYWORD,wlmonitor,REJECT
 DOMAIN-KEYWORD,zjtoolbar,REJECT
 
+# 抗 DNS 污染
+DOMAIN-KEYWORD,amazon,Proxy
+DOMAIN-KEYWORD,google,Proxy
+DOMAIN-KEYWORD,gmail,Proxy
+DOMAIN-KEYWORD,youtube,Proxy
+DOMAIN-KEYWORD,facebook,Proxy
+DOMAIN-SUFFIX,fb.me,Proxy
+DOMAIN-SUFFIX,fbcdn.net,Proxy
+DOMAIN-KEYWORD,twitter,Proxy
+DOMAIN-KEYWORD,instagram,Proxy
+DOMAIN-KEYWORD,dropbox,Proxy
+DOMAIN-SUFFIX,twimg.com,Proxy
+DOMAIN-KEYWORD,blogspot,Proxy
+DOMAIN-SUFFIX,youtu.be,Proxy
+DOMAIN-KEYWORD,whatsapp,Proxy
+
 # 国外网站
 DOMAIN-SUFFIX,9to5mac.com,Proxy
 DOMAIN-SUFFIX,abpchina.org,Proxy

resources/rules/default.surge.conf

@@ -4,9 +4,9 @@
 [General]
 loglevel = notify
 # 从 Surge iOS 4 / Surge Mac 3.3.0 起，工具开始支持 DoH
-doh-server = https://dns.alidns.com/dns-query
-# https://13800000000.rubyfish.cn/, https://doh.360.cn/dns-query, https://dns.google/dns-query
-dns-server = 223.5.5.5, 114.114.114.114, 119.29.29.29
+doh-server = https://doh.pub/dns-query
+# https://dns.alidns.com/dns-query, https://13800000000.rubyfish.cn/, https://dns.google/dns-query
+dns-server = 223.5.5.5, 114.114.114.114
 tun-excluded-routes = 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 192.0.2.0/24, 192.168.0.0/16, 192.88.99.0/24, 198.51.100.0/24, 203.0.113.0/24, 224.0.0.0/4, 255.255.255.255/32
 skip-proxy = localhost, *.local, injections.adguard.org, local.adguard.org, captive.apple.com, guzzoni.apple.com, 0.0.0.0/8, 10.0.0.0/8, 17.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 192.0.2.0/24, 192.168.0.0/16, 192.88.99.0/24, 198.18.0.0/15, 198.51.100.0/24, 203.0.113.0/24, 224.0.0.0/4, 240.0.0.0/4, 255.255.255.255/32
 
@@ -58,7 +58,7 @@ fallback = fallback, $proxy_group, url=http://www.gstatic.com/generate_204, inte
 # 实用规则片段集
 # RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-News.list,Proxy
 RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-proxy.list,Proxy
-RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-direct.list,DIRECT,force-remote-dns
+RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-direct.list,DIRECT
 RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/CN.list,DIRECT
 RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/common-ad-keyword.list,REJECT-TINYGIF
 RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/foreign.list,Proxy