DNS fully broken since v1.7.3 with sing-box core

[Anderhar]

For my setup, BFR got into top shape around ~1.7.0, finally getting rid of all the previously observed DNS leaks for both IPv6 and WiFi tethering. Unfortunately, starting with 1.7.3 things suddenly got worse than ever: the DNS leak test shows that Cloudflare DNS defined in the sing-box config does not work at all, always showing only my ISP's servers.

The experiments were done on two very different devices, in different networks and with different sing-box core versions. They clearly showed that the problem starts when upgrading BFR from 1.7.2 to 1.7.3 and still relevant for the latest 1.8.0.

My settings.ini tweaks is:

ipv6="true" #changing to "false" does not make any difference again
bin_name="sing-box"
network_mode="tun"
proxy_mode="whitelist"
packages_list=("browser.app")

Also attaching my current sing-box config: config.json

[ghost]

try updating using sing-box version v1.11.0-beta.15
Use stack: mixed

      "stack": "mixed",
      "sniff": true,
      "include_package": [
        "browser.app"
      ],

latest configuration sing-box 1.11+
config.json

[Anderhar]

No luck. Here's my course of action:

1. Clean install BFR 1.7.3 and make sure it automatically fetches sing-box v1.11.0-beta.15
2. Push your config.json, changing only the VLESS outbound to my real one.
3. Repeat the DNS leak test and see the same result.

Sorry if I can't do more tests, because it's kind of my work environment, so I have to roll back to 1.7.2 for now. But in any case, the root of the problem is clearly localized in the DNS-related optimizations you introduced in 1.7.3, so it makes clear sense to revise them for the next release (personally, I would greatly appreciate it). Also, "stack": "mixed" doesn't seem to be the best option in terms of nativeness, so it's better to avoid it if possible, I think.

And thanks for your work, anyway.

[denniskwan]

box.iptables
tun_forward="enable" >>tun_forward="disable"
reboot your device