generate Corefile which uses your ISP's DNS servers to resolve domain names in China and uses OpenDNS/Cloudflare/Google DNS servers to resolve domain names outside China for CoreDNS. You should change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.

gen_Corefile.sh

#!/bin/bash
china=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
apple=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
google=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
bogus=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
cat>Corefile<<EOF
. {
    ads {
        default-lists
        blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
        whitelist https://files.krnl.eu/whitelist.txt
        log
        auto-update-interval 24h
        list-store ads-cache
    }
    hosts {
        fallthrough
    }
    forward . 208.67.222.222:443 208.67.222.222:5353 208.67.220.220:443 208.67.220.220:5353 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303  {
    except $china $apple $google cdn.jsdelivr.net
    }
    proxy . 192.168.1.1
    bogus $bogus
    log
    cache
    redisc {
        endpoint 127.0.0.1:6379
    }
    health
    reload
}
.:5301 {
    bind 127.0.0.1
    forward . tls://9.9.9.9 tls://9.9.9.10 {
        tls_servername dns.quad9.net
    }
    cache
}
.:5302 {
    bind 127.0.0.1
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
    }
    cache
}
.:5303 {
    bind 127.0.0.1
    forward . tls://8.8.8.8 tls://8.8.4.4 {
        tls_servername dns.google
    }
    cache
}
EOF

You can generate Corefile by the command shown below:

curl -sSL git.io/corefile | bash

Then change 192.168.1.1 in Corefile to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.

At last, run CoreDNS by the command shown below (maybe sudo is needed, or you can run sudo setcap cap_net_bind_service=+ep ./coredns on Linux first):

coredns -conf Corefile

Important:

• Works with my custom build of CoreDNS, it includes more plugins.

更好的办法了解一下：使用 CoreDNS 来应对 DNS 污染

@missdeer @yangchuansheng 都是配置文件提示 Error during parsing: Unknown directive 'forward''

更好的办法了解一下：使用 CoreDNS 来应对 DNS 污染

没发现什么大的区别

Hi @missdeer, when I run curl -s -L git.io/corefile | bash:

$ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect

It certainly a typo:

diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
 echo "  }" >> Corefile
 echo "  proxy . 192.168.1.1" >> Corefile
 bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
-echo "  bogus $bogus" >> $1
+echo "  bogus $bogus" >> Corefile
 echo "  log" >> Corefile
 echo "  cache" >> Corefile
 echo "  redisc {" >> Corefile

Please try to fix this error.

Hi @missdeer, when I run curl -s -L git.io/corefile | bash:

$ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect

It certainly a typo:

diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
 echo "  }" >> Corefile
 echo "  proxy . 192.168.1.1" >> Corefile
 bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
-echo "  bogus $bogus" >> $1
+echo "  bogus $bogus" >> Corefile
 echo "  log" >> Corefile
 echo "  cache" >> Corefile
 echo "  redisc {" >> Corefile

Please try to fix this error.

Thanks, fixed.

问下 ipset 插件是怎么用的

问下 ipset 插件是怎么用的

会把所在区段里解析出来的ip全都加到插件指定名字的ipset里，比如：

cisco.com, webexconnect.com, webex.com, wbx2.com, ciscospark.com {
    forward . 192.168.1.1
    ipset ciscolist
}

这样会把所有cisco相关的域名解析出来的ip都加到ciscolist这个ipset里，iptables里就可以单独设一个转发

那还是dnsmasq 配置 ipset 方便一点 Fan Yang <notifications@github.com> 于2020年3月7日周六 上午8:55写道：

…

问下 ipset 插件是怎么用的 会把所在区段里解析出来的ip全都加到插件指定名字的ipset里，比如： cisco.com, webexconnect.com, webex.com, wbx2.com, ciscospark.com { forward . 192.168.1.1 ipset ciscolist } 这样会把所有cisco相关的域名解析出来的ip都加到ciscolist这个ipset里，iptables里就可以单独设一个转发 — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://gist.github.com/5c7c82b5b67f8afb41cfd43d51b82c2d?email_source=notifications&email_token=ADUZNLXMB2HMMRIXM6I75FLRGGLRZA5CNFSM4KRX5BF2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAGDQQ2#gistcomment-3203341>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADUZNLUNHLOTUDOKECYCKDLRGGLRZANCNFSM4KRX5BFQ> .

运行的时候，ad，bogus，都是Unknown directive， 是什么问题？
连个插件都装上去了，block，proxy。

运行的时候，ad，bogus，都是Unknown directive， 是什么问题？
连个插件都装上去了，block，proxy。

大概是因为你用的不是我修改编译的CoreDNS版本