-
-
Save leiless/5fbdeafb69d56fe737ba639ded9ac124 to your computer and use it in GitHub Desktop.
| # XXX: Deprecated, see below for updates | |
| # https://coredns.io/plugins/cache/ | |
| (global_cache) { | |
| cache { | |
| # [5, 60] | |
| success 65536 3600 300 | |
| # [1, 10] | |
| denial 8192 600 60 | |
| prefetch 1 60m 10% | |
| } | |
| } | |
| . { | |
| debug | |
| log . {combined} | |
| loop | |
| reload 2s | |
| errors | |
| hosts { | |
| fallthrough | |
| } | |
| import global_cache | |
| dnsredir accelerated-domains.china.conf google.china.conf apple.china.conf { | |
| expire 15s | |
| max_fails 3 | |
| health_check 3s | |
| policy round_robin | |
| path_reload 2s | |
| to 114.114.114.114 223.5.5.5 119.29.29.29 | |
| } | |
| dnsredir . { | |
| expire 60s | |
| max_fails 5 | |
| health_check 5s | |
| policy random | |
| spray | |
| to tls://8.8.8.8@8888.google tls://8.8.4.4@dns.google | |
| to tls://1.1.1.1 tls://1.0.0.1 | |
| to tls://9.9.9.9@quad9.net | |
| # Global TLS server name | |
| tls_servername one.one.one.one | |
| } | |
| } | |
accelerated-domains.china.conf
https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
https://git.io/jkgU
https://t.cn/A6ZEFCiH
https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf
https://t.cn/A6zY4e4i
apple.china.conf
https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf
https://git.io/JvMYS
https://t.cn/A6w0aG0o
https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf
https://t.cn/A6zYb6sL
https://url.cn/ra9opwNM
google.china.conf
https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf
https://git.io/JvMY9
https://t.cn/A6w0acY9
https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf
https://t.cn/A6zYbWEM
Added Sep 10, 2020
https://code.aliyun.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf
https://t.cn/A64KOBu7
https://code.aliyun.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf
https://t.cn/A64KOdwR
https://code.aliyun.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf
https://t.cn/A64KOduM
Repo: https://code.aliyun.com/felixonmars/dnsmasq-china-list/tree/master
https://gitee.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf
https://t.cn/A64KuoZS
https://gitee.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf
https://t.cn/A64KuoZa
see: 新浪短网址生成器(t.cn)
Sample Corefile with URLs as FROM... (Recommended for daily use) DEPRECATED
(global_cache) {
cache {
success 65536 1800
denial 1024 300
prefetch 1 60m 10%
}
}
. {
debug
log . {combined}
reload 2s
errors
hosts {
fallthrough
}
import global_cache
# accelerated, apple, google
dnsredir https://t.cn/A6zY4e4i https://t.cn/A6zYb6sL https://t.cn/A6zYbWEM {
expire 15s
max_fails 3
health_check 3s
policy round_robin
url_reload 10m
to 114.114.114.114 223.5.5.5 udp://119.29.29.29
}
dnsredir . {
expire 60s
max_fails 5
health_check 5s
policy random
spray
to tls://8.8.8.8@dns.google
to tls://1.1.1.1@one.one.one.one
to tls://9.9.9.9@quad9.net
}
}
🚀 Encrypt all your DNS queries by using DNS-over-HTTPS
Updated Jun 19, 2021.
# Sample Corefile for leiless/dnsredir plugin
# Checkout https://git.io/JJZ3N
# https://coredns.io/plugins/cache/
(global_cache) {
cache {
# success CAPACITY [TTL] [MINTTL]
success 65536 1800 300
# denial CAPACITY [TTL] [MINTTL]
denial 1024 300 10
# prefetch AMOUNT [[DURATION] [PERCENTAGE%]]
prefetch 1 30m 10%
}
}
. {
#debug
#loop
log . {combined}
reload 2s
errors
hosts {
fallthrough
}
import global_cache
# accelerated, apple, google
dnsredir https://t.cn/A6zY4e4i https://t.cn/A6zYb6sL https://t.cn/A6zYbWEM {
health_check 5s
policy round_robin
to ietf-doh://223.5.5.5/dns-query ietf-doh://223.6.6.6/dns-query
to doh://doh.pub/dns-query
bootstrap 114.114.114.114 223.5.5.5 223.6.6.6
no_ipv6
}
dnsredir . {
expire 30s
max_fails 5
health_check 10s
policy random
spray
# List of DoH: https://github.com/curl/curl/wiki/DNS-over-HTTPS
to doh://cloudflare-dns.com/dns-query
to json-doh://dns.google/resolve
to ietf-doh://dns.google/dns-query
bootstrap 114.114.114.114 223.5.5.5 223.6.6.6
no_ipv6
}
}
Your DNS queries are encrypted doesn't mean anything to your privacy safety, it only eliminated the possibility of MITM attack.
If privacy safety is a concern, please use privacy-safe DNS servers all the way down.
Note that all China mainland DNS servers are privacy unsafe(due to the regulations), in which case you may setup a private DNS server by your own.
SEE ALSO
https://github.com/curl/curl/wiki/DNS-over-HTTPS
https://github.com/missdeer/coredns_custom_build
https://coredns.minidump.info/
使用Prometheus观察CoreDNS运行状况
https://github.com/xiaodongus/encrypted-dns
DNSPod 的 DoT 和 DoH 对外公测了
https://github.com/curl/curl/wiki/DNS-over-HTTPS
https://gist.github.com/leiless/fe05aefcb08dc066cd7881933f02b9c0
简单好用,谢谢
According to 防火墙屏蔽了多个 DoH 服务器, many popular DoH/DoT servers got SNI blocked in mainland China.
Please consider using other(especially minor) DoH servers listed in:
- https://github.com/curl/curl/wiki/DNS-over-HTTPS
- https://kb.adguard.com/en/general/dns-providers
- List of direct IPv4/IPv6 DoH
Or, you can forward all DoH/DoT traffic to your proxy.
see also:
https://github.com/leiless/dnsredir
https://github.com/felixonmars/dnsmasq-china-list
XXX:
The
accelerated-domains.china.conf,google.china.conf apple.china.conf,apple.china.confshould be placed in the same directory wherecoredns_dnsredirlocated at.Sample directory hierarchy: