diff --git a/docs/config/ad-block.md b/docs/config/ad-block.md
index 5beaaf80f0..0130b30827 100644
--- a/docs/config/ad-block.md
+++ b/docs/config/ad-block.md
@@ -37,6 +37,19 @@ smartdns可以通过address选项来屏蔽广告。
address /sub.example.com/-
```
+1. 前缀通配与主域名匹配
+
+ ```shell
+ // 通配
+ *-a.example.com
+ // 仅匹配子域名
+ *.example.com
+ // 仅匹配主域名
+ -.example.com
+ ```
+
+ 注意:* 和 - 仅支持写在域名开头。其他位置的写法均不支持。
+
## 使用域名集合
对于单个域名屏蔽,可以方便使用address参数屏蔽,对于较多的域名,可通过域名集合屏蔽,更加方便管理广告域名列表。
diff --git a/docs/config/domain-address.md b/docs/config/domain-address.md
index df894d7e2b..c9c0f26fd1 100644
--- a/docs/config/domain-address.md
+++ b/docs/config/domain-address.md
@@ -27,6 +27,19 @@ address除了可以设置屏蔽广告外,还可以指定域名的IP地址。
address /example.com/::1
```
+1. 前缀通配与主域名匹配
+
+ ```shell
+ // 通配
+ *-a.example.com
+ // 仅匹配子域名
+ *.example.com
+ // 仅匹配主域名
+ -.example.com
+ ```
+
+ 注意:* 和 - 仅支持写在域名开头。其他位置的写法均不支持。
+
## 自动扩展address对应的PTR记录
如果想扩展上述address对应的PTR记录,可以使用`expand-ptr-from-address`开关开启自动扩展。`expand-ptr-from-address`参数可以重复设置,参数对设置后的`address`生效。
diff --git a/docs/configuration.md b/docs/configuration.md
index d65704825a..b774606d5a 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -45,14 +45,15 @@ hide:
| conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf |
| server | 上游 UDP DNS | 无 | 可重复。
[ip][:port]\|URL:服务器 IP:端口(可选)或 URL
[-blacklist-ip]:配置 IP 过滤结果。
[-whitelist-ip]:指定仅接受参数中配置的 IP 范围
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark mark]:设置数据包标记so-mark。
[-proxy name]:设置代理服务器。
[-bootstrap-dns]:标记此服务器为bootstrap服务器。
[-subnet]:指定服务器使用的edns-client-subnet| server 8.8.8.8:53 -blacklist-ip -group g1 -proxy proxy
server tls://8.8.8.8|
| server-tcp | 上游 TCP DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark mark]:设置数据包标记so-mark。
[-proxy name]:设置代理服务器。
[-bootstrap-dns]:标记此服务器为bootstrap服务器。
[-subnet]:指定服务器使用的edns-client-subnet| server-tcp 8.8.8.8:53 |
-| server-tls | 上游 TLS DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值
[-host-name]:TLS SNI 名称, 名称设置为-,表示停用SNI名称
[-tls-host-verify]:TLS 证书主机名校验
[-no-check-certificate]:跳过证书校验
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:仅接受参数中配置的 IP 范围
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark mark]:设置数据包标记so-mark。
[-proxy name]:设置代理服务器。
[-bootstrap-dns]:标记此服务器为bootstrap服务器。
[-subnet]:指定服务器使用的edns-client-subnet| server-tls 8.8.8.8:853 |
-| server-https | 上游 HTTPS DNS | 无 | 可重复。
https://[host>][:port]/path:服务器 IP:端口(可选)
[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值
[-host-name]:TLS SNI 名称
[-http-host]:http 协议头主机名
[-tls-host-verify]:TLS 证书主机名校验
[-no-check-certificate]:跳过证书校验
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:仅接受参数中配置的 IP 范围。
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark]:设置数据包标记so-mark。
[-proxy name]:设置代理服务器。
[-bootstrap-dns]:标记此服务器为bootstrap服务器。
[-subnet]:指定服务器使用的edns-client-subnet| server-https https://cloudflare-dns.com/dns-query |
+| server-tls | 上游 TLS DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值
[-host-name]:TLS SNI 名称, 名称设置为-,表示停用SNI名称。
[-host-ip]: 主机IP地址。
[-tls-host-verify]:TLS 证书主机名校验
[-no-check-certificate]:跳过证书校验
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:仅接受参数中配置的 IP 范围
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark mark]:设置数据包标记so-mark。
[-proxy name]:设置代理服务器。
[-bootstrap-dns]:标记此服务器为bootstrap服务器。
[-subnet]:指定服务器使用的edns-client-subnet| server-tls 8.8.8.8:853 |
+| server-https | 上游 HTTPS DNS | 无 | 可重复。
https://[host>][:port]/path:服务器 IP:端口(可选)
[-spki-pin [sha256-pin]]:TLS 合法性校验 SPKI 值,base64 编码的 sha256 SPKI pin 值
[-host-name]:TLS SNI 名称, 名称设置为-,表示停用SNI名称。
[-host-ip]: 主机IP地址。
[-http-host]:http 协议头主机名
[-tls-host-verify]:TLS 证书主机名校验
[-no-check-certificate]:跳过证书校验
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:仅接受参数中配置的 IP 范围。
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark]:设置数据包标记so-mark。
[-proxy name]:设置代理服务器。
[-bootstrap-dns]:标记此服务器为bootstrap服务器。
[-subnet]:指定服务器使用的edns-client-subnet| server-https https://cloudflare-dns.com/dns-query |
| proxy-server | 代理服务器 | 无 | 可重复。
proxy-server URL
[URL]: [socks5\|http]://[username:password@]host:port
[-name]: 代理服务器名称。 |proxy-server socks5://user:pass@1.2.3.4:1080 -name proxy|
| speed-check-mode | 测速模式选择 | 无 | [ping\|tcp:[80]\|none] | speed-check-mode ping,tcp:80,tcp:443 |
| response-mode | 首次查询响应模式 | first-ping |模式:[first-ping\|fastest-ip\|fastest-response]
[first-ping]: 最快ping响应地址模式,DNS上游最快查询时延+ping时延最短,查询等待与链接体验最佳;
[fastest-ip]: 最快IP地址模式,查询到的所有IP地址中ping最短的IP。需等待IP测速;
[fastest-response]: 最快响应的DNS结果,DNS查询等待时间最短,返回的IP地址可能不是最快。| response-mode first-ping |
| expand-ptr-from-address | 是否扩展Address对应的PTR记录 | no | [yes\|no] | expand-ptr-from-address yes |
-| address | 指定域名 IP 地址 | 无 | address /domain/[ip1[,ip2,...]\|-\|-4\|-6\|#\|#4\|#6]
- 表示忽略
# 表示返回 SOA
4 表示 IPv4
6 表示 IPv6 | address /www.example.com/1.2.3.4
address /www.example.com/::1
address /example.com/1.2.3.4,5.6.7.8 |
+| address | 指定域名 IP 地址 | 无 | address /[*\|-.]domain/[ip1[,ip2,...]\|-\|-4\|-6\|#\|#4\|#6]
- 表示忽略
# 表示返回 SOA
4 表示 IPv4
6 表示 IPv6
* 开头表示通配
- 开头表示主域名
`*` 和 `-` 只能在域名开头,其他位置不生效。| address /www.example.com/1.2.3.4
address /www.example.com/::1
address /example.com/1.2.3.4,5.6.7.8
address /\*-a.example.com/
address /\*.example.com/
address /-.example.com/|
| cname | 指定域名别名 | 无 | cname /domain/target
- 表示忽略
指定对应域名的cname | cname /www.example.com/cdn.example.com |
+| ddns-domain | 指定DDNS域名 | 无 | ddns-domain doamin.com, 用于将指定的域名解析为smartdns所在主机IP地址。| ddns-domain example.com
| dns64 | DNS64转换 | 无 | dns64 ip-prefix/mask
ipv6前缀和掩码 | dns64 64:ff9b::/96 |
| edns-client-subnet | DNS ECS | 无 | edns-client-subnet ip-prefix/mask
指定EDNS客户端子网 | ip-prefix/mask 1.2.3.4/23 |
| nameserver | 指定域名使用 server 组解析 | 无 | nameserver /domain/[group\|-], group 为组名,- 表示忽略此规则,配套 server 中的 -group 参数使用 | nameserver /www.example.com/office |
diff --git a/en/docs/config/ad-block.md b/en/docs/config/ad-block.md
index c20b677b41..22066e930d 100644
--- a/en/docs/config/ad-block.md
+++ b/en/docs/config/ad-block.md
@@ -37,6 +37,19 @@ Note: If you're using OpenWrt with LuCI, please refer to OpenWrt's domain blocki
address /sub.example.com/-
```
+1. The prefix wildcard matches the main domain name
+
+ ```shell
+ // prefix wild card
+ *-a.example.com
+ // only match subdomains
+ *.example.com
+ // only match the main domain name
+ -.example.com
+ ```
+
+ Note: * and - are only supported at the beginning of the domain name. Wording in other locations is not supported.
+
## Usage of Domain Set
For a single domain name blocking, you can conveniently use the address parameter to block it. For more domain names, you can block it through the domain-set, which is more convenient to manage the list of advertising domain names.
diff --git a/en/docs/config/domain-address.md b/en/docs/config/domain-address.md
index 7176f0f21f..ad91b7efc0 100644
--- a/en/docs/config/domain-address.md
+++ b/en/docs/config/domain-address.md
@@ -27,6 +27,19 @@ In addition to blocking ads, `address` can also be used to specify the IP addres
address /example.com/::1
```
+1. The prefix wildcard matches the main domain name
+
+ ```shell
+ // prefix wild card
+ *-a.example.com
+ // only match subdomains
+ *.example.com
+ // only match the main domain name
+ -.example.com
+ ```
+
+ Note: * and - are only supported at the beginning of the domain name. Wording in other locations is not supported.
+
## Automatically Expand PTR Records Corresponding to address
If you want to expand the PTR record corresponding to the above `address`, you can use the `expand-ptr-from-address` switch to turn on automatic expansion. The `expand-ptr-from-address` parameter can be set repeatedly, and the parameter takes effect for the `address` set after it.
diff --git a/en/docs/configuration.md b/en/docs/configuration.md
index fec8052e09..4c0a7f00b9 100644
--- a/en/docs/configuration.md
+++ b/en/docs/configuration.md
@@ -41,14 +41,15 @@ hide:
|conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
|server|Upstream UDP DNS server|None|Repeatable
`[ip][:port]\|URL`: Server IP, port optional OR URL.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group.
`[-set-mark mark]`: set mark on packets
`[-proxy name]`: set proxy server
`[-bootstrap-dns]`: set as bootstrap dns server
[-subnet]:set per server edns-client-subnet | server 8.8.8.8:53 -blacklist-ip
server tls://8.8.8.8
|server-tcp|Upstream TCP DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark mark]`: set mark on packets
`[-proxy name]`: set proxy server
`[-bootstrap-dns]`: set as bootstrap dns server
[-subnet]:set per server edns-client-subnet | server-tcp 8.8.8.8:53
-|server-tls|Upstream TLS DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash
`[-host-name]`:TLS Server name. `-` to disable SNI name.
`[-tls-host-verify]`: TLS cert hostname to verify.
`-no-check-certificate:`: No check certificate.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark mark]`: set mark on packets
`[-proxy name]`: set proxy server
`[-bootstrap-dns]`: set as bootstrap dns server
[-subnet]:set per server edns-client-subnet | server-tls 8.8.8.8:853
-|server-https|Upstream HTTPS DNS server|None|Repeatable
`https://[host][:port]/path`: Server IP, port optional.
`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash
`[-host-name]`:TLS Server name
`[-http-host]`: http header host.
`[-tls-host-verify]`: TLS cert hostname to verify.
`-no-check-certificate:`: No check certificate.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark mark]`: set mark on packets
`[-proxy name]`: set proxy server
`[-bootstrap-dns]`: set as bootstrap dns server
[-subnet]:set per server edns-client-subnet | server-https
+|server-tls|Upstream TLS DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash
`[-host-name]`:TLS Server name. `-` to disable SNI name.
[-host-ip]: host ip address.
`[-tls-host-verify]`: TLS cert hostname to verify.
`-no-check-certificate:`: No check certificate.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark mark]`: set mark on packets
`[-proxy name]`: set proxy server
`[-bootstrap-dns]`: set as bootstrap dns server
[-subnet]:set per server edns-client-subnet | server-tls 8.8.8.8:853
+|server-https|Upstream HTTPS DNS server|None|Repeatable
`https://[host][:port]/path`: Server IP, port optional.
`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash
`[-host-name]`:TLS Server name
`[-http-host]`: http header host.
[-host-ip]: host ip address.
`[-tls-host-verify]`: TLS cert hostname to verify.
`-no-check-certificate:`: No check certificate.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark mark]`: set mark on packets
`[-proxy name]`: set proxy server
`[-bootstrap-dns]`: set as bootstrap dns server
[-subnet]:set per server edns-client-subnet | server-https
|proxy-server| proxy server | None | Repeatable.
`proxy-server URL`
[URL]: `[socks5\|http]://[username:password@]host:port`
[-name]: proxy server name. |proxy-server socks5://user:pass@1.2.3.4:1080 -name proxy|
|speed-check-mode|Speed mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80,tcp:443
|response-mode|First query response mode|first-ping|Mode: [first-ping\|fastest-ip\|fastest-response]
[first-ping]: The fastest dns + ping response mode, DNS query delay + ping delay is the shortest;
[fastest-ip]: The fastest IP address mode, return the fastest ip address, may take some time to test speed.
[fastest-response]: The fastest response DNS result mode, the DNS query waiting time is the shortest. | response-mode first-ping |
|expand-ptr-from-address| Whether to expand the address record corresponding to PTR record | no | [yes\|no] | expand-ptr-from-address yes |
-|address|Domain IP address|None|address /domain/[ip1[,ip2,...]\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
address /www.example.com/::1
address /example.com/1.2.3.4,5.6.7.8
+|address|Domain IP address|None|address /[*\|-]domain/[ip1[,ip2,...]\|-\|-4\|-6\|#\|#4\|#6]
`-` for ignore
`#` for return SOA
`4` for IPV4
`6` for IPV6
`*` at the beginning means wildcard
`-` means the main domain name at the beginning
`*` and `-` can only be at the beginning of the domain name, other positions will not take effect.| address /www.example.com/1.2.3.4
address /www.example.com/::1
address /example.com/1.2.3.4,5.6.7.8
address /\*-a.example.com/
address /\*.example.com/
address /-.example.com/
|cname|set cname to domain| None | cname /domain/target
- for ignore
set cname to domain. | cname /www.example.com/cdn.example.com |
+|ddns-domain|Specifies the DDNS domain name |None|ddns-domain domainin.com, used to resolve the specified domain name to the IP address of the host where smartdns resides. | ddns-domain example.com
|dns64|dns64 translation | None | dns64 ip-prefix/mask
ipv6 prefix and mask. | dns64 64:ff9b::/96 |
|edns-client-subnet| DNS ECS | None |edns-client-subnet ip-prefix/mask
set EDNS client subnet | ip-prefix/mask 1.2.3.4/23 |
|nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office