diff --git a/tunnel/router/client.go b/tunnel/router/client.go
index 30874a7c0..7506e8ba8 100644
--- a/tunnel/router/client.go
+++ b/tunnel/router/client.go
@@ -131,45 +131,40 @@ type Client struct {
 }
 
 func (c *Client) Route(address *tunnel.Address) int {
-	policy := -1
-	var err error
-	if c.domainStrategy == IPOnDemand {
-		address, err = newIPAddress(address)
-		if err != nil {
-			return c.defaultPolicy
-		}
-	}
 	if address.AddressType == tunnel.DomainName {
-		for i := 0; i < 3; i++ {
-			if matchDomain(c.domains[i], address.DomainName) {
-				policy = i
-				break
+		if c.domainStrategy == IPOnDemand {
+			resolvedIP, err := newIPAddress(address)
+			if err == nil {
+				for i := Block; i <= Proxy; i++ {
+					if matchIP(c.cidrs[i], resolvedIP.IP) {
+						return i
+					}
+				}
 			}
 		}
-	} else {
-		for i := 0; i < 3; i++ {
-			if matchIP(c.cidrs[i], address.IP) {
-				policy = i
-				break
+		for i := Block; i <= Proxy; i++ {
+			if matchDomain(c.domains[i], address.DomainName) {
+				return i
 			}
 		}
-	}
-	if policy == -1 && c.domainStrategy == IPIfNonMatch {
-		address, err = newIPAddress(address)
-		if err != nil {
-			return c.defaultPolicy
+		if c.domainStrategy == IPIfNonMatch {
+			resolvedIP, err := newIPAddress(address)
+			if err == nil {
+				for i := Block; i <= Proxy; i++ {
+					if matchIP(c.cidrs[i], resolvedIP.IP) {
+						return i
+					}
+				}
+			}
 		}
-		for i := 0; i < 3; i++ {
+	} else {
+		for i := Block; i <= Proxy; i++ {
 			if matchIP(c.cidrs[i], address.IP) {
-				policy = i
-				break
+				return i
 			}
 		}
 	}
-	if policy == -1 {
-		policy = c.defaultPolicy
-	}
-	return policy
+	return c.defaultPolicy
 }
 
 func (c *Client) DialConn(address *tunnel.Address, overlay tunnel.Tunnel) (tunnel.Conn, error) {