Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
generate Corefile which uses your ISP's DNS servers to resolve domain names in China and uses OpenDNS/Cloudflare/Google DNS servers to resolve domain names outside China for CoreDNS. You should change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.
#!/bin/bash
china=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
apple=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
google=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
bogus=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
cat>Corefile<<EOF
. {
ads {
default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 24h
list-store ads-cache
}
hosts {
fallthrough
}
forward . 208.67.222.222:443 208.67.222.222:5353 208.67.220.220:443 208.67.220.220:5353 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303 {
except $china $apple $google cdn.jsdelivr.net
}
proxy . 192.168.1.1
bogus $bogus
log
cache
redisc {
endpoint 127.0.0.1:6379
}
health
reload
}
.:5301 {
bind 127.0.0.1
forward . tls://9.9.9.9 tls://9.9.9.10 {
tls_servername dns.quad9.net
}
cache
}
.:5302 {
bind 127.0.0.1
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername cloudflare-dns.com
}
cache
}
.:5303 {
bind 127.0.0.1
forward . tls://8.8.8.8 tls://8.8.4.4 {
tls_servername dns.google
}
cache
}
EOF
@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Jan 15, 2019

You can generate Corefile by the command shown below:

curl -sSL git.io/corefile | bash

Then change 192.168.1.1 in Corefile to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.

At last, run CoreDNS by the command shown below (maybe sudo is needed, or you can run sudo setcap cap_net_bind_service=+ep ./coredns on Linux first):

coredns -conf Corefile

Important:

The generated Corefile ONLY works with my custom build of CoreDNS which includes more plugins. You can download the prebuilt binary from Appveyor service or use the link shown below for convenience:

OS Arch Option Link
Windows x86_64 https://coredns.minidump.info/dl/coredns-windows-amd64.zip
Windows x86 https://coredns.minidump.info/dl/coredns-windows-386.zip
macOS x86_64 https://coredns.minidump.info/dl/coredns-darwin-amd64.zip
Linux x86 https://coredns.minidump.info/dl/coredns-linux-386.zip
Linux x86_64 https://coredns.minidump.info/dl/coredns-linux-amd64.zip
Linux arm 5 https://coredns.minidump.info/dl/coredns-linux-armv5.zip
Linux arm 6 https://coredns.minidump.info/dl/coredns-linux-armv6.zip
Linux arm 7 https://coredns.minidump.info/dl/coredns-linux-armv7.zip
Linux arm64 https://coredns.minidump.info/dl/coredns-linux-arm64.zip
Linux ppc64 https://coredns.minidump.info/dl/coredns-linux-ppc64.zip
Linux ppc64le https://coredns.minidump.info/dl/coredns-linux-ppc64le.zip
Linux mips64 hardfloat https://coredns.minidump.info/dl/coredns-linux-mips64-hardfloat.zip
Linux mips64 softfloat https://coredns.minidump.info/dl/coredns-linux-mips64-softfloat.zip
Linux mips64le hardfloat https://coredns.minidump.info/dl/coredns-linux-mips64le-hardfloat.zip
Linux mips64le softfloat https://coredns.minidump.info/dl/coredns-linux-mips64le-softfloat.zip
Linux mips hardfloat https://coredns.minidump.info/dl/coredns-linux-mips-hardfloat.zip
Linux mips softfloat https://coredns.minidump.info/dl/coredns-linux-mips-softfloat.zip
Linux mipsle hardfloat https://coredns.minidump.info/dl/coredns-linux-mipsle-hardfloat.zip
Linux mipsle softfloat https://coredns.minidump.info/dl/coredns-linux-mipsle-softfloat.zip
Linux s390x https://coredns.minidump.info/dl/coredns-linux-s390x.zip
FreeBSD x86_64 https://coredns.minidump.info/dl/coredns-freebsd-amd64.zip
FreeBSD x86 https://coredns.minidump.info/dl/coredns-freebsd-386.zip
FreeBSD arm https://coredns.minidump.info/dl/coredns-freebsd-arm.zip
NetBSD x86_64 https://coredns.minidump.info/dl/coredns-netbsd-amd64.zip
NetBSD x86 https://coredns.minidump.info/dl/coredns-netbsd-386.zip
NetBSD arm https://coredns.minidump.info/dl/coredns-netbsd-arm.zip
OpenBSD x86_64 https://coredns.minidump.info/dl/coredns-openbsd-amd64.zip
OpenBSD x86 https://coredns.minidump.info/dl/coredns-openbsd-386.zip
DragonflyBSD x86_64 https://coredns.minidump.info/dl/coredns-dragonfly-amd64.zip
Solaris x86_64 https://coredns.minidump.info/dl/coredns-solaris-amd64.zip
Android x86_64 https://coredns.minidump.info/dl/coredns-android-amd64.zip
Android x86 https://coredns.minidump.info/dl/coredns-android-386.zip
Android arm https://coredns.minidump.info/dl/coredns-android-arm.zip
Android arm64 https://coredns.minidump.info/dl/coredns-android-aarch64.zip
@yangchuansheng

This comment has been minimized.

Copy link

yangchuansheng commented Mar 6, 2019

更好的办法了解一下:使用 CoreDNS 来应对 DNS 污染

@daiooo

This comment has been minimized.

Copy link

daiooo commented Mar 18, 2019

@missdeer @yangchuansheng 都是配置文件提示 Error during parsing: Unknown directive 'forward''

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 22, 2019

更好的办法了解一下:使用 CoreDNS 来应对 DNS 污染

没发现什么大的区别

@leiless

This comment has been minimized.

Copy link

leiless commented Feb 8, 2020

Hi @missdeer, when I run curl -s -L git.io/corefile | bash:

$ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect

It certainly a typo:

diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
 echo "  }" >> Corefile
 echo "  proxy . 192.168.1.1" >> Corefile
 bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
-echo "  bogus $bogus" >> $1
+echo "  bogus $bogus" >> Corefile
 echo "  log" >> Corefile
 echo "  cache" >> Corefile
 echo "  redisc {" >> Corefile

Please try to fix this error.

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Feb 9, 2020

Hi @missdeer, when I run curl -s -L git.io/corefile | bash:

$ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect

It certainly a typo:

diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
 echo "  }" >> Corefile
 echo "  proxy . 192.168.1.1" >> Corefile
 bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
-echo "  bogus $bogus" >> $1
+echo "  bogus $bogus" >> Corefile
 echo "  log" >> Corefile
 echo "  cache" >> Corefile
 echo "  redisc {" >> Corefile

Please try to fix this error.

Thanks, fixed.

@yangchuansheng

This comment has been minimized.

Copy link

yangchuansheng commented Mar 6, 2020

问下 ipset 插件是怎么用的

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 7, 2020

问下 ipset 插件是怎么用的

会把所在区段里解析出来的ip全都加到插件指定名字的ipset里,比如:

cisco.com, webexconnect.com, webex.com, wbx2.com, ciscospark.com {
    forward . 192.168.1.1
    ipset ciscolist
}

这样会把所有cisco相关的域名解析出来的ip都加到ciscolist这个ipset里,iptables里就可以单独设一个转发

@yangchuansheng

This comment has been minimized.

Copy link

yangchuansheng commented Mar 7, 2020

@Bowser1704

This comment has been minimized.

Copy link

Bowser1704 commented Mar 22, 2020

运行的时候,ad,bogus,都是Unknown directive, 是什么问题?
连个插件都装上去了,block,proxy。

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 23, 2020

运行的时候,ad,bogus,都是Unknown directive, 是什么问题?
连个插件都装上去了,block,proxy。

大概是因为你用的不是我修改编译的CoreDNS版本

@snakwu

This comment has been minimized.

Copy link

snakwu commented Mar 31, 2020

运行的时候,ad,bogus,都是Unknown directive, 是什么问题?
连个插件都装上去了,block,proxy。

大概是因为你用的不是我修改编译的CoreDNS版本

那个bogus作用是什么,我看那个bogus的ip库都有两年不更新了
另个,bind 127.0.0.1这个是什么意思?起什么效果的?
谢谢。。。

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 31, 2020

那个bogus作用是什么,我看那个bogus的ip库都有两年不更新了
另个,bind 127.0.0.1这个是什么意思?起什么效果的?
谢谢。。。

bogus 可以看一下这个issue: felixonmars/dnsmasq-china-list#2 ,大体就是某些ISP提供的DNS server在解析没记录的域名时会返回bogus IP,从而引流到某些网页上,比如114啥的,有些人不喜欢看这个网页,直接报NXDOMAIN更好

没有bind 127.0.0.1就会监听在0.0.0.0上,有则监听在127.0.0.1上

@snakwu

This comment has been minimized.

Copy link

snakwu commented Mar 31, 2020

那个bogus作用是什么,我看那个bogus的ip库都有两年不更新了
另个,bind 127.0.0.1这个是什么意思?起什么效果的?
谢谢。。。

bogus 可以看一下这个issue: felixonmars/dnsmasq-china-list#2 ,大体就是某些ISP提供的DNS server在解析没记录的域名时会返回bogus IP,从而引流到某些网页上,比如114啥的,有些人不喜欢看这个网页,直接报NXDOMAIN更好

没有bind 127.0.0.1就会监听在0.0.0.0上,有则监听在127.0.0.1上

但我看你开始的那个区域没有加bind 127.0.0.1,不是应该加了更好?

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Mar 31, 2020

没有bind 127.0.0.1就会监听在0.0.0.0上,有则监听在127.0.0.1上

但我看你开始的那个区域没有加bind 127.0.0.1,不是应该加了更好?

因为我是在路由器上用,所以要监听在0.0.0.0

@snakwu

This comment has been minimized.

Copy link

snakwu commented Mar 31, 2020

没有bind 127.0.0.1就会监听在0.0.0.0上,有则监听在127.0.0.1上

但我看你开始的那个区域没有加bind 127.0.0.1,不是应该加了更好?

因为我是在路由器上用,所以要监听在0.0.0.0

按理说,只监听127.0.0.1的话,来自其他设备的访问应该是不通的吧?

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Apr 1, 2020

按理说,只监听127.0.0.1的话,来自其他设备的访问应该是不通的吧?

是的,所以我监听在0.0.0.0

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

按理说,只监听127.0.0.1的话,来自其他设备的访问应该是不通的吧?

是的,所以我监听在0.0.0.0

加进ads插件后,日志显不不断的在重读文件,引起dns非常慢,这个怎么破?谢谢
Apr 18 08:30:21 dns_server rc.local[1012]: [INFO] plugin/ads: Updating lists from Local files...
Apr 18 08:30:21 dns_server rc.local[1012]: [INFO] plugin/ads: [File Update] Loaded 0 entries into Blacklist and 1 entries into whitelist
Apr 18 08:31:21 dns_server rc.local[1012]: [INFO] plugin/ads: Updating lists from Local files...
Apr 18 08:31:21 dns_server rc.local[1012]: [INFO] plugin/ads: [File Update] Loaded 0 entries into Blacklist and 1 entries into whitelist

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Apr 18, 2020

加进ads插件后,日志显不不断的在重读文件,引起dns非常慢,这个怎么破?谢谢
Apr 18 08:30:21 dns_server rc.local[1012]: [INFO] plugin/ads: Updating lists from Local files...
Apr 18 08:30:21 dns_server rc.local[1012]: [INFO] plugin/ads: [File Update] Loaded 0 entries into Blacklist and 1 entries into whitelist
Apr 18 08:31:21 dns_server rc.local[1012]: [INFO] plugin/ads: Updating lists from Local files...
Apr 18 08:31:21 dns_server rc.local[1012]: [INFO] plugin/ads: [File Update] Loaded 0 entries into Blacklist and 1 entries into whitelist

貌似写死了1分钟更新一次,除非改代码。不过我这里倒没引起dns慢,你那也许是其他问题引起的慢。

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

加进ads插件后,日志显不不断的在重读文件,引起dns非常慢,这个怎么破?谢谢
Apr 18 08:30:21 dns_server rc.local[1012]: [INFO] plugin/ads: Updating lists from Local files...
Apr 18 08:30:21 dns_server rc.local[1012]: [INFO] plugin/ads: [File Update] Loaded 0 entries into Blacklist and 1 entries into whitelist
Apr 18 08:31:21 dns_server rc.local[1012]: [INFO] plugin/ads: Updating lists from Local files...
Apr 18 08:31:21 dns_server rc.local[1012]: [INFO] plugin/ads: [File Update] Loaded 0 entries into Blacklist and 1 entries into whitelist

貌似写死了1分钟更新一次,除非改代码。不过我这里倒没引起dns慢,你那也许是其他问题引起的慢。

我只要把ads去掉就正常了,所以不明白,程度配置基本上是按你的来的,加上ads不但不能去广告打开网页非常慢

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Apr 18, 2020

貌似写死了1分钟更新一次,除非改代码。不过我这里倒没引起dns慢,你那也许是其他问题引起的慢。

我只要把ads去掉就正常了,所以不明白,程度配置基本上是按你的来的,加上ads不但不能去广告打开网页非常慢

你先确定下是不是DNS解析慢,Windows下nslookup www.taobao.com,其他平台dig www.taobao.com看看延迟

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

貌似写死了1分钟更新一次,除非改代码。不过我这里倒没引起dns慢,你那也许是其他问题引起的慢。

我只要把ads去掉就正常了,所以不明白,程度配置基本上是按你的来的,加上ads不但不能去广告打开网页非常慢

你先确定下是不是DNS解析慢,Windows下nslookup www.taobao.com,其他平台dig www.taobao.com看看延迟

ns的结果正常,就是打开网页非常慢!

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

PS C:\WINDOWS\system32> ipconfig /flushdns

Windows IP 配置

已成功刷新 DNS 解析缓存。
PS C:\WINDOWS\system32> nslookup www.taobao.com
服务器: SnakWu-OpenWrt.lan
Address: fd00💯100::1

非权威应答:
名称: www.taobao.com.danuoyi.tbcache.com
Addresses: 240e:ff:d800:500:3::3fa
240e:ff:d800:500:3::3f9
113.96.109.101
113.96.109.100
Aliases: www.taobao.com

PS C:\WINDOWS\system32>

snakwu@hassio-server:~/go-workspace/src/coredns$ dig www.taobao.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> www.taobao.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63926
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.taobao.com. IN A

;; ANSWER SECTION:
www.taobao.com. 562 IN CNAME www.taobao.com.danuoyi.tbcache.com.
www.taobao.com.danuoyi.tbcache.com. 554 IN A 113.96.109.101
www.taobao.com.danuoyi.tbcache.com. 554 IN A 113.96.109.100

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Apr 18 10:26:23 CST 2020
;; MSG SIZE rcvd: 120

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

image
看日志很正常,就是为什么打开网页这么慢!

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Apr 18, 2020

ns的结果正常,就是打开网页非常慢!

估计是屏蔽了一些css,js的链接,导致整个网页都卡了

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Apr 18, 2020

话说你怎么那么多block的解析请求

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

话说你怎么那么多block的解析请求

加的源和你的是一样的,只是我打开的网页比较多广告吧,网页卡这问题怎么破?

@missdeer

This comment has been minimized.

Copy link
Owner Author

missdeer commented Apr 18, 2020

加的源和你的是一样的,只是我打开的网页比较多广告吧,网页卡这问题怎么破?

我觉得你可以问一下源的作者

@snakwu

This comment has been minimized.

Copy link

snakwu commented Apr 18, 2020

加的源和你的是一样的,只是我打开的网页比较多广告吧,网页卡这问题怎么破?

我觉得你可以问一下源的作者

ok.thx!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.