Dial Fields
Fork additions
Changes in sing-box 1.13.0
disable_tcp_keep_alive tcp_keep_alive tcp_keep_alive_interval bind_address_no_port
Changes in sing-box 1.12.0
Changes in sing-box 1.11.0
network_strategy
fallback_delay
network_type
fallback_network_type
Structure
{
"detour": "",
"bind_interface": "",
"inet4_bind_address": "",
"inet6_bind_address": "",
"bind_address_no_port": false,
"routing_mark": 0,
"reuse_addr": false,
"netns": "",
"connect_timeout": "",
"tcp_fast_open": false,
"tcp_multi_path": false,
"disable_tcp_keep_alive": false,
"tcp_keep_alive": "",
"tcp_keep_alive_interval": "",
"udp_fragment": false,
"domain_resolver": "", // or {}
"network_strategy": "",
"network_type": [],
"fallback_network_type": [],
"fallback_delay": "",
"prefer_domain": true,
// Deprecated
"domain_strategy": ""
}
You can ignore the JSON Array [] tag when the content is only one item
Fields
detour
The tag of the upstream outbound.
If enabled, all other fields will be ignored.
bind_interface
The network interface to bind to.
inet4_bind_address
The IPv4 address to bind to.
inet6_bind_address
The IPv6 address to bind to.
bind_address_no_port
Since sing-box 1.13.0
Only supported on Linux.
Do not reserve a port when binding to a source address.
This allows reusing the same source port for multiple connections if the full 4-tuple (source IP, source port, destination IP, destination port) remains unique.
routing_mark
Only supported on Linux.
Set netfilter routing mark.
Integers (e.g. 1234) and string hexadecimals (e.g. "0x1234") are supported.
reuse_addr
Reuse listener address.
netns
Since sing-box 1.12.0
Only supported on Linux.
Set network namespace, name or path.
connect_timeout
Connect timeout, in golang's Duration format.
A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
tcp_fast_open
Enable TCP Fast Open.
tcp_multi_path
Go 1.21 required.
Enable TCP Multi Path.
disable_tcp_keep_alive
Since sing-box 1.13.0
Disable TCP keep alive.
tcp_keep_alive
Since sing-box 1.13.0
Default value changed from 10m to 5m.
TCP keep alive initial period.
5m will be used by default.
tcp_keep_alive_interval
Since sing-box 1.13.0
TCP keep alive interval.
75s will be used by default.
udp_fragment
Enable UDP fragmentation.
domain_resolver
outbound DNS rule items are deprecated and will be removed in sing-box 1.14.0, so this item will be required for outbound/endpoints using domain name in server address since sing-box 1.14.0.
domain_resolver or route.default_domain_resolver is optional when only one DNS server is configured.
Set domain resolver to use for resolving domain names.
This option uses the same format as the route DNS rule action without the action field.
Setting this option directly to a string is equivalent to setting server of this options.
| Outbound/Endpoints | Effected domains |
|---|---|
direct |
Domain in request |
| others | Domain in server address |
network_strategy
Since sing-box 1.11.0
Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.
Strategy for selecting network interfaces.
Available values:
default(default): Connect to default network or networks specified innetwork_typesequentially.hybrid: Connect to all networks or networks specified innetwork_typeconcurrently.fallback: Connect to default network or preferred networks specified innetwork_typeconcurrently, and try fallback networks when unavailable or timeout.
For fallback, when preferred interfaces fails or times out, it will enter a 15s fast fallback state (Connect to all preferred and fallback networks concurrently), and exit immediately if preferred networks recover.
Conflicts with bind_interface, inet4_bind_address and inet6_bind_address.
network_type
Since sing-box 1.11.0
Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.
Network types to use when using default or hybrid network strategy or
preferred network types to use when using fallback network strategy.
Available values: wifi, cellular, ethernet, other.
Device's default network is used by default.
fallback_network_type
Since sing-box 1.11.0
Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.
Fallback network types when preferred networks are unavailable or timeout when using fallback network strategy.
All other networks expect preferred are used by default.
fallback_delay
Since sing-box 1.11.0
Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.
The length of time to wait before spawning a RFC 6555 Fast Fallback connection.
For domain_strategy, is the amount of time to wait for connection to succeed before assuming
that IPv4/IPv6 is misconfigured and falling back to other type of addresses.
For network_strategy, is the amount of time to wait for connection to succeed before falling
back to other interfaces.
Only take effect when domain_strategy or network_strategy is set.
300ms is used by default.
prefer_domain
When enabled, overrides the connection's IP destination with the sniffed domain name before connecting to the outbound.
For proxy outbounds (vmess, trojan, vless, etc.), the domain name is forwarded to the remote server, enabling remote DNS resolution. For direct/WireGuard outbounds, it is resolved locally.
Group outbounds
prefer_domain also works on group outbounds (selector, urltest, loadbalance). When enabled on a group outbound,
the override applies before dispatching to the selected child outbound. See the group outbound documentation for details.
If no prior sniff rule action was executed for the connection, a best-effort sniff (TLS SNI / HTTP Host for TCP, QUIC for UDP) is automatically attempted at the outbound level.
Two forms are accepted:
- Boolean:
true— always apply the override when a domain is available. - Object
{"mark": "0x1"}— apply the override only when the connection's route mark matches. Accepts the same format as themarkrule condition (integer, hex, or bitmask).
The override only applies when: 1. The connection destination is currently an IP address (not already a domain), and 2. A domain name was successfully sniffed from the connection data.
Default metadata mark
Since v1.13.0.7, sing-box sets a default metadata mark of 0x80 (bit 7) on every
connection that enters the router without a pre-set mark. This enables an opt-out
pattern for prefer_domain:
- Use
prefer_domain: {"mark": "0x80/0x80"}to apply prefer_domain by default (active on all connections, since all have bit 7 set unless explicitly cleared). - Add a
route-optionsrule with"set_mark": 0to opt specific connections out — clearing bit 7 causes0x00 & 0x80 != 0x80, so prefer_domain is skipped.
This is more flexible than prefer_domain: true, which has no opt-out mechanism.
Example — always prefer domain:
Example — prefer domain by default, opt out for LAN ranges (using default mark 0x80):
{
"outbounds": [
{
"type": "vmess",
"tag": "proxy",
"prefer_domain": {"mark": "0x80/0x80"}
},
{
"type": "direct",
"tag": "direct"
}
],
"route": {
"rules": [
{
"ip_cidr": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
"action": "route-options",
"set_mark": 0
},
{
"ip_cidr": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
"action": "route",
"outbound": "direct"
},
{
"action": "route",
"outbound": "proxy"
}
]
}
}
Example — only prefer domain when route mark 0x1 is set:
{
"outbounds": [
{
"type": "vmess",
"tag": "proxy",
"prefer_domain": {"mark": "0x1"}
}
],
"route": {
"rules": [
{
"protocol": "tls",
"action": "route-options",
"set_mark": "0x1"
},
{
"mark": "0x1",
"action": "route",
"outbound": "proxy"
}
]
}
}
domain_strategy
Deprecated in sing-box 1.12.0
domain_strategy is deprecated and will be removed in sing-box 1.14.0, check Migration.
Available values: prefer_ipv4, prefer_ipv6, ipv4_only, ipv6_only.
If set, the requested domain name will be resolved to IP before connect.
| Outbound | Effected domains | Fallback Value |
|---|---|---|
direct |
Domain in request | Take inbound.domain_strategy if not set |
| others | Domain in server address | / |