diff --git a/infra/conf/v4/dns_proxy.go b/infra/conf/v4/dns_proxy.go
index 74a01c67a..437636c41 100644
--- a/infra/conf/v4/dns_proxy.go
+++ b/infra/conf/v4/dns_proxy.go
@@ -9,9 +9,10 @@ import (
 )
 
 type DNSOutboundConfig struct {
-	Network cfgcommon.Network  `json:"network"`
-	Address *cfgcommon.Address `json:"address"`
-	Port    uint16             `json:"port"`
+	Network   cfgcommon.Network  `json:"network"`
+	Address   *cfgcommon.Address `json:"address"`
+	Port      uint16             `json:"port"`
+	UserLevel uint32             `json:"userLevel"`
 }
 
 func (c *DNSOutboundConfig) Build() (proto.Message, error) {
@@ -20,6 +21,7 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {
 			Network: c.Network.Build(),
 			Port:    uint32(c.Port),
 		},
+		UserLevel: c.UserLevel,
 	}
 	if c.Address != nil {
 		config.Server.Address = c.Address.Build()
diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go
index 1739a5303..baf8f0443 100644
--- a/proxy/dns/config.pb.go
+++ b/proxy/dns/config.pb.go
@@ -29,7 +29,8 @@ type Config struct {
 
 	// Server is the DNS server address. If specified, this address overrides the
 	// original one.
-	Server *net.Endpoint `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"`
+	Server    *net.Endpoint `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"`
+	UserLevel uint32        `protobuf:"varint,2,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"`
 }
 
 func (x *Config) Reset() {
@@ -71,6 +72,13 @@ func (x *Config) GetServer() *net.Endpoint {
 	return nil
 }
 
+func (x *Config) GetUserLevel() uint32 {
+	if x != nil {
+		return x.UserLevel
+	}
+	return 0
+}
+
 type SimplifiedConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -118,21 +126,23 @@ var file_proxy_dns_config_proto_rawDesc = []byte{
 	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x6e, 0x65, 0x74, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69,
 	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x63, 0x6f,
 	0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x65, 0x78, 0x74, 0x2f, 0x65, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x41,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x60,
 	0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x37, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76,
 	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79,
 	0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e, 0x65, 0x74,
 	0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x22, 0x2b, 0x0a, 0x10, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x69, 0x66, 0x69, 0x65, 0x64, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a, 0x17, 0x82, 0xb5, 0x18, 0x0a, 0x0a, 0x08, 0x6f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x82, 0xb5, 0x18, 0x05, 0x12, 0x03, 0x64, 0x6e, 0x73, 0x42, 0x5d,
-	0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x28, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x32, 0x66, 0x6c, 0x79, 0x2f, 0x76,
-	0x32, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x34, 0x2f, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x2f, 0x64, 0x6e, 0x73, 0xaa, 0x02, 0x14, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43,
-	0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x44, 0x6e, 0x73, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x65, 0x76, 0x65, 0x6c,
+	0x22, 0x2b, 0x0a, 0x10, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x69, 0x66, 0x69, 0x65, 0x64, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x3a, 0x17, 0x82, 0xb5, 0x18, 0x0a, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x82, 0xb5, 0x18, 0x05, 0x12, 0x03, 0x64, 0x6e, 0x73, 0x42, 0x5d, 0x0a,
+	0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x28, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x32, 0x66, 0x6c, 0x79, 0x2f, 0x76, 0x32,
+	0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x34, 0x2f, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x2f, 0x64, 0x6e, 0x73, 0xaa, 0x02, 0x14, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43, 0x6f,
+	0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x44, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proxy/dns/config.proto b/proxy/dns/config.proto
index 216815984..00304a37e 100644
--- a/proxy/dns/config.proto
+++ b/proxy/dns/config.proto
@@ -13,6 +13,7 @@ message Config {
   // Server is the DNS server address. If specified, this address overrides the
   // original one.
   v2ray.core.common.net.Endpoint server = 1;
+  uint32 user_level = 2;
 }
 
 message SimplifiedConfig {
diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go
index dc29393e1..64016ba88 100644
--- a/proxy/dns/dns.go
+++ b/proxy/dns/dns.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"io"
 	"sync"
+	"time"
 
 	"golang.org/x/net/dns/dnsmessage"
 
@@ -13,8 +14,10 @@ import (
 	"github.com/v2fly/v2ray-core/v4/common/net"
 	dns_proto "github.com/v2fly/v2ray-core/v4/common/protocol/dns"
 	"github.com/v2fly/v2ray-core/v4/common/session"
+	"github.com/v2fly/v2ray-core/v4/common/signal"
 	"github.com/v2fly/v2ray-core/v4/common/task"
 	"github.com/v2fly/v2ray-core/v4/features/dns"
+	"github.com/v2fly/v2ray-core/v4/features/policy"
 	"github.com/v2fly/v2ray-core/v4/transport"
 	"github.com/v2fly/v2ray-core/v4/transport/internet"
 )
@@ -22,8 +25,8 @@ import (
 func init() {
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		h := new(Handler)
-		if err := core.RequireFeatures(ctx, func(dnsClient dns.Client) error {
-			return h.Init(config.(*Config), dnsClient)
+		if err := core.RequireFeatures(ctx, func(dnsClient dns.Client, policyManager policy.Manager) error {
+			return h.Init(config.(*Config), dnsClient, policyManager)
 		}); err != nil {
 			return nil, err
 		}
@@ -48,10 +51,12 @@ type Handler struct {
 	ipv6Lookup      dns.IPv6Lookup
 	ownLinkVerifier ownLinkVerifier
 	server          net.Destination
+	timeout         time.Duration
 }
 
-func (h *Handler) Init(config *Config, dnsClient dns.Client) error {
+func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager policy.Manager) error {
 	h.client = dnsClient
+	h.timeout = policyManager.ForLevel(config.UserLevel).Timeouts.ConnectionIdle
 
 	if ipv4lookup, ok := dnsClient.(dns.IPv4Lookup); ok {
 		h.ipv4Lookup = ipv4lookup
@@ -164,6 +169,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 		}
 	}
 
+	ctx, cancel := context.WithCancel(ctx)
+	timer := signal.CancelAfterInactivity(ctx, cancel, h.timeout)
+
 	request := func() error {
 		defer conn.Close()
 
@@ -177,6 +185,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 				return err
 			}
 
+			timer.Update()
+
 			if !h.isOwnLink(ctx) {
 				isIPQuery, domain, id, qType := parseIPQuery(b.Bytes())
 				if isIPQuery {
@@ -202,6 +212,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 				return err
 			}
 
+			timer.Update()
+
 			if err := writer.WriteMessage(b); err != nil {
 				return err
 			}