Dns interception under TUN mode

[VendettaReborn]

Status quo: When tun mode is turned on, dns request won't be handled by clash-rs's dns client, but handled by os's default approach. So it causes a leak.

There are basically two ways to solve this problem:

1. modify system's dns settings. If clash-rs is launched by clients like clash-nyanpasu, it should modify system's dns settings. If we launch clash-rs in terminal, then we have to do it by ourselves.
2. dns hijack. similar to clash.meta, when receiving a udp packet, we can check it's addr and port, if it matches our config(like "0.0.0.0:53"), then we relay the udp packet.

Both plans have their AD & DIS, but i prefer the second approach, since it's compatible to clash.meta's tun config, and it leaves less job to users, and it's easy to implement.

That's everything I know about this problem, feel free to leave a comment.

[ibigbug]

That's a good point. We can do option two when clash dns and hijack are enabled.

Any thoughts on the case when users have internal domain for their home for example. Should we support those cases too

[Itsusinn]

DNS hijack is complex.
It works like clash's system tun mode.(Currently we are ipstack)

[ibigbug]

after thinking about this and #590 I think it's not so much value to put tun DNS hijacking in place - there's always apps that use their own DoH/DoH or tcp DNS which we can't do nothing.

instead we probably implement a LRU on the enhanced resolver that maps the host <-> IP so any clients go through clash dns can benefit the hostname match