generate Corefile which uses your ISP's DNS servers to resolve domain names in China and uses OpenDNS/Cloudflare/Google DNS servers to resolve domain names outside China for CoreDNS. You should change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.

gen_Corefile.sh

#!/bin/bash
echo ". {" > Corefile
echo "  ads {" >> Corefile
echo "      strict-default-lists" >> Corefile
echo "      log" >> Corefile
echo "      auto-update-interval 24h" >> Corefile
echo "      list-store ads-cache" >> Corefile
echo "  }" >> Corefile
echo "  hosts {" >> Corefile
echo "      fallthrough" >> Corefile
echo "  }" >> Corefile
echo "  forward . 208.67.222.222:443 208.67.222.222:5353 208.67.220.220:443 208.67.220.220:5353 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303  {" >> Corefile
china=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf -s | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
apple=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf -s | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
google=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf -s | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
echo "  except $china $apple $google cdn.jsdelivr.net" >> Corefile
echo "  }" >> Corefile
echo "  proxy . 192.168.1.1" >> Corefile
bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
echo "  bogus $bogus" >> $1
echo "  log" >> Corefile
echo "  cache" >> Corefile
echo "  redisc {" >> Corefile
echo "      endpoint 127.0.0.1:6379" >> Corefile
echo "  }" >> Corefile
echo "  health" >> Corefile
echo "  reload" >> Corefile
echo "}" >> Corefile
echo ".:5301 {" >> Corefile
echo "   forward . tls://9.9.9.9 tls://9.9.9.10 {" >> Corefile
echo "       tls_servername dns.quad9.net" >> Corefile
echo "   }" >> Corefile
echo "   cache" >> Corefile
echo "}" >> Corefile
echo ".:5302 {" >> Corefile
echo "    forward . tls://1.1.1.1 tls://1.0.0.1 {" >> Corefile
echo "        tls_servername cloudflare-dns.com" >> Corefile
echo "    }" >> Corefile
echo "    cache" >> Corefile
echo "}" >> Corefile
echo ".:5303 {" >> Corefile
echo "    forward . tls://8.8.8.8 tls://8.8.4.4 {" >> Corefile
echo "        tls_servername dns.google" >> Corefile
echo "    }" >> Corefile
echo "    cache" >> Corefile
echo "}" >> Corefile

You can generate Corefile by the command shown below:

curl -s -L git.io/corefile | bash

Then change 192.168.1.1 in Corefile to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.

At last, run CoreDNS by the command shown below (maybe sudo is needed):

coredns -conf Corefile

Note:

• Works with my custom build of CoreDNS, it includes more plugins.

更好的办法了解一下：使用 CoreDNS 来应对 DNS 污染

@missdeer @yangchuansheng 都是配置文件提示 Error during parsing: Unknown directive 'forward''

更好的办法了解一下：使用 CoreDNS 来应对 DNS 污染

没发现什么大的区别