runsmartdns.sh

#!/bin/sh

smartdns_Bin="/etc/storage/smartdns-mipsel"
smartdns_Conf="/etc/storage/smartdns_m.conf"
smartdns_port="6053"
smartdns_Bin_Name="smartdns-mipsel"

# iptables -t nat -L
# netstat -tulpn | grep LISTEN

updateconf() {
    # https://cdn.jsdelivr.net/gh/Apocalypsor/SmartDNS-GFWList/smartdns_gfw_domain.conf

    curl -s -k -f --connect-timeout 30 --retry 5 --retry-delay 5 https://cdn.jsdelivr.net/gh/Apocalypsor/SmartDNS-GFWList/smartdns_gfw_domain.conf >/tmp/smartdns_gfw_domain.conf

    if [ -s "/tmp/smartdns_gfw_domain.conf" ]; then
        logger -t "SmartDNS" "smartdns_gfw_domain.conf 下载成功"
    else
        logger -t "SmartDNS" "smartdns_gfw_domain.conf 下载失败"
    fi

    # https://anti-ad.net/anti-ad-for-smartdns.conf
    # https://cdn.jsdelivr.net/gh/privacy-protection-tools/dead-horse/anti-ad-white-for-smartdns.txt

    curl -s -k -f --connect-timeout 30 --retry 5 --retry-delay 5 https://anti-ad.net/anti-ad-for-smartdns.conf >/tmp/anti-ad-for-smartdns.conf

    if [ -s "/tmp/anti-ad-for-smartdns.conf" ]; then
        logger -t "SmartDNS" "anti-ad-for-smartdns.conf 下载成功"
    else
        logger -t "SmartDNS" "anti-ad-for-smartdns.conf 下载失败"
    fi

    # https://neodev.team/lite_smartdns.conf
    curl -s -k -f --connect-timeout 30 --retry 5 --retry-delay 5 https://neodev.team/lite_smartdns.conf >/tmp/lite_smartdns.conf

    if [ -s "/tmp/lite_smartdns.conf" ]; then
        logger -t "SmartDNS" "/tmp/lite_smartdns.conf 下载成功"
    else
        logger -t "SmartDNS" "/tmp/lite_smartdns.conf 下载失败"
    fi

}

set_iptable() {

    IPS="$(ifconfig | grep "inet addr" | grep -v ":127" | grep "Bcast" | awk '{print $2}' | awk -F : '{print $2}')"

    for IP in $IPS; do
        iptables -t nat -A PREROUTING -p tcp -d $IP --dport 53 -j REDIRECT --to-ports $smartdns_port >/dev/null 2>&1
        iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-ports $smartdns_port >/dev/null 2>&1
        logger -t "SmartDNS" "iptables $IP 53 to $smartdns_port"
    done
}

clear_iptable() {
    OLD_PORT="$smartdns_port"
    IPS="$(ifconfig | grep "inet addr" | grep -v ":127" | grep "Bcast" | awk '{print $2}' | awk -F : '{print $2}')"
    for IP in $IPS; do
        iptables -t nat -D PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-ports $OLD_PORT >/dev/null 2>&1
        iptables -t nat -D PREROUTING -p tcp -d $IP --dport 53 -j REDIRECT --to-ports $OLD_PORT >/dev/null 2>&1
        logger -t "SmartDNS" "UNSET iptables $IP 53 to $smartdns_port"
    done
}

start_smartdns() {

    updateconf

    killall "$smartdns_Bin_Name" &>/dev/null
    $smartdns_Bin -f -c $smartdns_Conf -x &
    sleep 10
    smartdns_process=$(pidof smartdns | awk '{ print $1 }')
    if [ "$smartdns_process"x = x ]; then
        logger -t "SmartDNS" "启动失败．．．"
        exit
    else
        logger -t "SmartDNS" "smartdns 进程已启动 PID:$smartdns_process"
        set_iptable
    fi
}

stop_smartdns() {
    killall "$smartdns_Bin_Name" &>/dev/null
    logger -t "SmartDNS" "killall  $smartdns_Bin_Name"
    clear_iptable
}

case $1 in
start)
    start_smartdns
    ;;
stop)
    stop_smartdns
    ;;
setiptable)
    set_iptable
    ;;
cleariptable)
    clear_iptable
    ;;
smartdns)
    $smartdns_Bin -f -c $smartdns_Conf -x
    ;;
updateconf)
    updateconf
    ;;
*)
    echo "start stop setiptable cleariptable smartdns updateconf "
    ;;
esac

smartdns_m.conf

server-name smartdns
resolv-hostname yes
# dns server run user
# user [username]
# example: run as nobody
#   user nobody

conf-file /tmp/smartdns_gfw_domain.conf
conf-file /tmp/anti-ad-for-smartdns.conf
conf-file /tmp/lite_smartdns.conf

bind :6053
bind-tcp :6053
# dns cache size
# cache-size [number]
#   0: for no cache
cache-size 16384

# enable persist cache when restart
cache-persist no

# cache persist file
# cache-file /tmp/smartdns.cache

# prefetch domain
# prefetch-domain [yes|no]
prefetch-domain yes

# cache serve expired
# serve-expired [yes|no]
serve-expired yes

# cache serve expired TTL
# serve-expired-ttl [num]
serve-expired-ttl 0

# reply TTL value to use when replying with expired data
# serve-expired-reply-ttl [num]
serve-expired-reply-ttl 30


# speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# example:
#   speed-check-mode ping,tcp:80,tcp:443
#   speed-check-mode tcp:443,ping
#   speed-check-mode none

# force AAAA query return SOA
# force-AAAA-SOA [yes|no]
force-AAAA-SOA yes

# force specific qtype return soa
# force-qtype-SOA [qtypeid |...]
# force-qtype-SOA 65 28

# Enable IPV4, IPV6 dual stack IP optimization selection strategy
# dualstack-ip-selection-threshold [num] (0~1000)
# dualstack-ip-allow-force-AAAA [yes|no]
# dualstack-ip-selection [yes|no]
dualstack-ip-selection no

# ttl for all resource record
# rr-ttl: ttl for all record
# rr-ttl-min: minimum ttl for resource record
# rr-ttl-max: maximum ttl for resource record
# rr-ttl-reply-max: maximum reply ttl for resource record
# example:
rr-ttl 300
rr-ttl-min 60
rr-ttl-max 86400
rr-ttl-reply-max 60

# Maximum number of IPs returned to the client|8|number of IPs, 1~16
# example:
max-reply-ip-num 2

# response mode
# Experimental feature
# response-mode [first-ping|fastest-ip|fastest-response]
response-mode first-ping

# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-size: size of each log file, support k,m,g
# log-num: number of logs

# log-level info
log-level debug

# log-file /var/log/smartdns/smartdns.log
# log-size 128k
# log-num 2


# 114.114.114.114 223.5.5.5 123.125.81.6 119.29.29.29 127.0.0.1
server 114.114.114.114 -blacklist-ip -group china
server 223.5.5.5 -blacklist-ip -group china
server 123.125.81.6 -blacklist-ip -group china
server 119.29.29.29 -blacklist-ip -group china
# server 127.0.0.1:53 -blacklist-ip -whitelist-ip -group china
# https://doh.pub/dns-query
# https://dns.alidns.com/dns-query
# https://doh.360.cn/dns-query
server-https https://doh.pub/dns-query -blacklist-ip -group china
server-https https://dns.alidns.com/dns-query -blacklist-ip -group china
server-https https://doh.360.cn/dns-query -blacklist-ip -group china

# 8.8.8.8 208.67.222.222 1.1.1.1
server 8.8.8.8 -blacklist-ip -group GFW -exclude-default-group
server 208.67.222.222 -blacklist-ip -whitelist-ip -group GFW -exclude-default-group
server 1.1.1.1 -blacklist-ip -group GFW -exclude-default-group
# https://dns.google/dns-query
# https://doh.opendns.com/dns-query
# https://cloudflare-dns.com/dns-query
server-https https://dns.google/dns-query -blacklist-ip -group GFW -exclude-default-group
server-https https://doh.opendns.com/dns-query -blacklist-ip -group GFW -exclude-default-group
server-https https://cloudflare-dns.com/dns-query -blacklist-ip -group GFW -exclude-default-group

smartinit.sh

#!/bin/sh

if [ -s "/etc/storage/smartdns_m.conf" ]; then
    logger -t "SmartDNS" "/etc/storage/smartdns_m.conf存在"
else
    cp -f /etc_ro/smartdns_m.conf /etc/storage/
    logger -t "SmartDNS" "cp -f /etc_ro/smartdns_m.conf /etc/storage/"
    chmod 777 /etc/storage/smartdns_m.conf
fi

if [ -s "/etc/storage/runsmartdns.sh" ]; then
    logger -t "SmartDNS" "/etc/storage/runsmartdns.sh存在"
else
    cp -f /etc_ro/runsmartdns.sh /etc/storage/
    logger -t "SmartDNS" "cp -f /etc_ro/runsmartdns.sh /etc/storage/"
    chmod 777 /etc/storage/runsmartdns.sh
    logger -t "SmartDNS" "需要修改runsmartdns.sh 中smartdns路径"

fi

/etc/storage/runsmartdns.sh start

fun() {
    #smartdns
    /etc/storage/smartinit.sh
    /etc/storage/runsmartdns.sh updateconf
    #/etc/storage/runsmartdns.sh smartdns
    #smartdns -f -c /etc/storage/smartdns_m.conf -x  2&>1 | logger -t "SmartDNS" &
    sh -c "smartdns -f -c /etc/storage/smartdns_m.conf -x" &
    #sleep 5
    #/etc/storage/runsmartdns.sh setiptable
    #smartdns -f -c /etc/storage/smartdns_m.conf -x  &
}