| #!/bin/bash | |
| china=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| apple=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| google=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| bogus=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| cat>Corefile<<EOF | |
| . { | |
| # uncomment below lines to enable ads plugin | |
| #ads { | |
| # default-lists | |
| # blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt | |
| # whitelist https://files.krnl.eu/whitelist.txt | |
| # log | |
| # auto-update-interval 24h | |
| # list-store ads-cache | |
| #} | |
| hosts { | |
| fallthrough | |
| } | |
| # choose your favourite DNS servers below | |
| forward . 127.0.0.1:5300 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303 127.0.0.1:5304 { | |
| except $china $apple $google cdn.jsdelivr.net dns.quad9.net cloudflare-dns.com dns.google | |
| } | |
| proxy . 192.168.1.1 | |
| bogus $bogus | |
| log | |
| cache | |
| # uncomment lines below to enable redis plugin | |
| #redisc { | |
| # endpoint 127.0.0.1:6379 | |
| #} | |
| health | |
| reload | |
| } | |
| .:5300 { | |
| bind 127.0.0.1 | |
| forward . 208.67.222.222:443 208.67.222.222:5353 208.67.220.220:443 208.67.220.220:5353 { | |
| force_tcp | |
| health_check 60s | |
| } | |
| cache | |
| } | |
| .:5301 { | |
| bind 127.0.0.1 | |
| forward . tls://9.9.9.9 tls://9.9.9.10 { | |
| tls_servername dns.quad9.net | |
| health_check 60s | |
| } | |
| cache | |
| } | |
| .:5302 { | |
| bind 127.0.0.1 | |
| forward . tls://1.1.1.1 tls://1.0.0.1 { | |
| tls_servername cloudflare-dns.com | |
| health_check 60s | |
| } | |
| cache | |
| } | |
| .:5303 { | |
| bind 127.0.0.1 | |
| forward . tls://8.8.8.8 tls://8.8.4.4 { | |
| tls_servername dns.google | |
| health_check 60s | |
| } | |
| cache | |
| } | |
| .:5304 { | |
| bind 127.0.0.1 | |
| forward . 4.2.2.1 4.2.2.2 { | |
| force_tcp | |
| health_check 60s | |
| } | |
| cache | |
| } | |
| EOF |
This comment has been minimized.
This comment has been minimized.
|
更好的办法了解一下:使用 CoreDNS 来应对 DNS 污染 |
This comment has been minimized.
This comment has been minimized.
|
@missdeer @yangchuansheng 都是配置文件提示 |
This comment has been minimized.
This comment has been minimized.
没发现什么大的区别 |
This comment has been minimized.
This comment has been minimized.
|
Hi @missdeer, when I run $ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect
It certainly a typo: diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo " except $china $apple $google cdn.jsdelivr.net" >> Corefile
echo " }" >> Corefile
echo " proxy . 192.168.1.1" >> Corefile
bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
-echo " bogus $bogus" >> $1
+echo " bogus $bogus" >> Corefile
echo " log" >> Corefile
echo " cache" >> Corefile
echo " redisc {" >> Corefile
Please try to fix this error. |
This comment has been minimized.
This comment has been minimized.
Thanks, fixed. |
This comment has been minimized.
This comment has been minimized.
|
问下 ipset 插件是怎么用的 |
This comment has been minimized.
This comment has been minimized.
会把所在区段里解析出来的ip全都加到插件指定名字的ipset里,比如: 这样会把所有cisco相关的域名解析出来的ip都加到 |
This comment has been minimized.
This comment has been minimized.
|
那还是dnsmasq 配置 ipset 方便一点
Fan Yang <notifications@github.com> 于2020年3月7日周六 上午8:55写道:
… 问下 ipset 插件是怎么用的
会把所在区段里解析出来的ip全都加到插件指定名字的ipset里,比如:
cisco.com, webexconnect.com, webex.com, wbx2.com, ciscospark.com {
forward . 192.168.1.1
ipset ciscolist
}
这样会把所有cisco相关的域名解析出来的ip都加到ciscolist这个ipset里,iptables里就可以单独设一个转发
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/5c7c82b5b67f8afb41cfd43d51b82c2d?email_source=notifications&email_token=ADUZNLXMB2HMMRIXM6I75FLRGGLRZA5CNFSM4KRX5BF2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAGDQQ2#gistcomment-3203341>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADUZNLUNHLOTUDOKECYCKDLRGGLRZANCNFSM4KRX5BFQ>
.
|
This comment has been minimized.
This comment has been minimized.
|
运行的时候,ad,bogus,都是Unknown directive, 是什么问题? |
This comment has been minimized.
This comment has been minimized.
大概是因为你用的不是我修改编译的CoreDNS版本 |
This comment has been minimized.
This comment has been minimized.
那个bogus作用是什么,我看那个bogus的ip库都有两年不更新了 |
This comment has been minimized.
This comment has been minimized.
bogus 可以看一下这个issue: felixonmars/dnsmasq-china-list#2 ,大体就是某些ISP提供的DNS server在解析没记录的域名时会返回bogus IP,从而引流到某些网页上,比如114啥的,有些人不喜欢看这个网页,直接报NXDOMAIN更好 没有 |
This comment has been minimized.
This comment has been minimized.
但我看你开始的那个区域没有加bind 127.0.0.1,不是应该加了更好? |
This comment has been minimized.
This comment has been minimized.
因为我是在路由器上用,所以要监听在0.0.0.0 |
This comment has been minimized.
This comment has been minimized.
按理说,只监听127.0.0.1的话,来自其他设备的访问应该是不通的吧? |
This comment has been minimized.
This comment has been minimized.
是的,所以我监听在0.0.0.0 |
This comment has been minimized.
This comment has been minimized.
加进ads插件后,日志显不不断的在重读文件,引起dns非常慢,这个怎么破?谢谢 |
This comment has been minimized.
This comment has been minimized.
貌似写死了1分钟更新一次,除非改代码。不过我这里倒没引起dns慢,你那也许是其他问题引起的慢。 |
This comment has been minimized.
This comment has been minimized.
我只要把ads去掉就正常了,所以不明白,程度配置基本上是按你的来的,加上ads不但不能去广告打开网页非常慢 |
This comment has been minimized.
This comment has been minimized.
你先确定下是不是DNS解析慢,Windows下 |
This comment has been minimized.
This comment has been minimized.
ns的结果正常,就是打开网页非常慢! |
This comment has been minimized.
This comment has been minimized.
|
PS C:\WINDOWS\system32> ipconfig /flushdns Windows IP 配置 已成功刷新 DNS 解析缓存。 非权威应答: PS C:\WINDOWS\system32> snakwu@hassio-server:~/go-workspace/src/coredns$ dig www.taobao.com ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> www.taobao.com ;; OPT PSEUDOSECTION: ;; ANSWER SECTION: ;; Query time: 0 msec |
This comment has been minimized.
This comment has been minimized.
|
|
This comment has been minimized.
This comment has been minimized.
估计是屏蔽了一些css,js的链接,导致整个网页都卡了 |
This comment has been minimized.
This comment has been minimized.
|
话说你怎么那么多block的解析请求 |
This comment has been minimized.
This comment has been minimized.
加的源和你的是一样的,只是我打开的网页比较多广告吧,网页卡这问题怎么破? |
This comment has been minimized.
This comment has been minimized.
我觉得你可以问一下源的作者 |
This comment has been minimized.
This comment has been minimized.
ok.thx! |
This comment has been minimized.
This comment has been minimized.
|
用coredns 每次解析都很慢,需要刷好几下,才能返回正确的dns解析,这个怎么破? |
This comment has been minimized.
This comment has been minimized.
|
这个 ipset 需要先创建吗? 还是说会自动创建? |
This comment has been minimized.
This comment has been minimized.
要事先手动创建。 |
This comment has been minimized.
This comment has been minimized.
|
coredns 把proxy插件给干掉了,增加进去编译不成功了,有替代的插件吗? |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
Notice: Strongly recommended to use web edition configuration generator https://coredns.minidump.info/
You can generate
Corefileby the command shown below:curl -sSL git.io/corefile | bashThen change
192.168.1.1inCorefileto your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.At last, run CoreDNS by the command shown below (maybe
sudois needed, or you can runsudo setcap cap_net_bind_service=+ep ./corednson Linux first):Important:
The generated Corefile ONLY works with my custom build of CoreDNS which includes more plugins. You can download the prebuilt binary from Appveyor service or use the link shown below for convenience: