Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
generate Corefile which uses your ISP's DNS servers to resolve domain names in China and uses OpenDNS/Cloudflare/Google DNS servers to resolve domain names outside China for CoreDNS. You should change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.
#!/bin/bash
china=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
apple=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
google=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
bogus=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
cat>Corefile<<EOF
. {
ads {
default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 24h
list-store ads-cache
}
hosts {
fallthrough
}
forward . 208.67.222.222:443 208.67.222.222:5353 208.67.220.220:443 208.67.220.220:5353 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303 {
except $china $apple $google cdn.jsdelivr.net
}
proxy . 192.168.1.1
bogus $bogus
log
cache
redisc {
endpoint 127.0.0.1:6379
}
health
reload
}
.:5301 {
bind 127.0.0.1
forward . tls://9.9.9.9 tls://9.9.9.10 {
tls_servername dns.quad9.net
}
cache
}
.:5302 {
bind 127.0.0.1
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername cloudflare-dns.com
}
cache
}
.:5303 {
bind 127.0.0.1
forward . tls://8.8.8.8 tls://8.8.4.4 {
tls_servername dns.google
}
cache
}
EOF
@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Jan 15, 2019

You can generate Corefile by the command shown below:

curl -sSL git.io/corefile | bash

Then change 192.168.1.1 in Corefile to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.

At last, run CoreDNS by the command shown below (maybe sudo is needed, or you can run sudo setcap cap_net_bind_service=+ep ./coredns on Linux first):

coredns -conf Corefile

Important:

@yangchuansheng

This comment has been minimized.

Copy link

yangchuansheng commented Mar 6, 2019

更好的办法了解一下:使用 CoreDNS 来应对 DNS 污染

@daiooo

This comment has been minimized.

Copy link

daiooo commented Mar 18, 2019

@missdeer @yangchuansheng 都是配置文件提示 Error during parsing: Unknown directive 'forward''

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 22, 2019

更好的办法了解一下:使用 CoreDNS 来应对 DNS 污染

没发现什么大的区别

@leiless

This comment has been minimized.

Copy link

leiless commented Feb 8, 2020

Hi @missdeer, when I run curl -s -L git.io/corefile | bash:

$ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect

It certainly a typo:

diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
 echo "  }" >> Corefile
 echo "  proxy . 192.168.1.1" >> Corefile
 bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
-echo "  bogus $bogus" >> $1
+echo "  bogus $bogus" >> Corefile
 echo "  log" >> Corefile
 echo "  cache" >> Corefile
 echo "  redisc {" >> Corefile

Please try to fix this error.

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Feb 9, 2020

Hi @missdeer, when I run curl -s -L git.io/corefile | bash:

$ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect

It certainly a typo:

diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
 echo "  }" >> Corefile
 echo "  proxy . 192.168.1.1" >> Corefile
 bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
-echo "  bogus $bogus" >> $1
+echo "  bogus $bogus" >> Corefile
 echo "  log" >> Corefile
 echo "  cache" >> Corefile
 echo "  redisc {" >> Corefile

Please try to fix this error.

Thanks, fixed.

@yangchuansheng

This comment has been minimized.

Copy link

yangchuansheng commented Mar 6, 2020

问下 ipset 插件是怎么用的

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 7, 2020

问下 ipset 插件是怎么用的

会把所在区段里解析出来的ip全都加到插件指定名字的ipset里,比如:

cisco.com, webexconnect.com, webex.com, wbx2.com, ciscospark.com {
    forward . 192.168.1.1
    ipset ciscolist
}

这样会把所有cisco相关的域名解析出来的ip都加到ciscolist这个ipset里,iptables里就可以单独设一个转发

@yangchuansheng

This comment has been minimized.

Copy link

yangchuansheng commented Mar 7, 2020

@Bowser1704

This comment has been minimized.

Copy link

Bowser1704 commented Mar 22, 2020

运行的时候,ad,bogus,都是Unknown directive, 是什么问题?
连个插件都装上去了,block,proxy。

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 23, 2020

运行的时候,ad,bogus,都是Unknown directive, 是什么问题?
连个插件都装上去了,block,proxy。

大概是因为你用的不是我修改编译的CoreDNS版本

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.