/gen_Corefile.sh
Last active Apr 18, 2020
| #!/bin/bash | |
| china=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| apple=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| google=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| bogus=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| cat>Corefile<<EOF | |
| . { | |
| ads { | |
| default-lists | |
| blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt | |
| whitelist https://files.krnl.eu/whitelist.txt | |
| log | |
| auto-update-interval 24h | |
| list-store ads-cache | |
| } | |
| hosts { | |
| fallthrough | |
| } | |
| forward . 208.67.222.222:443 208.67.222.222:5353 208.67.220.220:443 208.67.220.220:5353 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303 { | |
| except $china $apple $google cdn.jsdelivr.net | |
| } | |
| proxy . 192.168.1.1 | |
| bogus $bogus | |
| log | |
| cache | |
| redisc { | |
| endpoint 127.0.0.1:6379 | |
| } | |
| health | |
| reload | |
| } | |
| .:5301 { | |
| bind 127.0.0.1 | |
| forward . tls://9.9.9.9 tls://9.9.9.10 { | |
| tls_servername dns.quad9.net | |
| } | |
| cache | |
| } | |
| .:5302 { | |
| bind 127.0.0.1 | |
| forward . tls://1.1.1.1 tls://1.0.0.1 { | |
| tls_servername cloudflare-dns.com | |
| } | |
| cache | |
| } | |
| .:5303 { | |
| bind 127.0.0.1 | |
| forward . tls://8.8.8.8 tls://8.8.4.4 { | |
| tls_servername dns.google | |
| } | |
| cache | |
| } | |
| EOF |
This comment has been minimized.
This comment has been minimized.
yangchuansheng
commented
Mar 6, 2019
|
更好的办法了解一下:使用 CoreDNS 来应对 DNS 污染 |
This comment has been minimized.
This comment has been minimized.
daiooo
commented
Mar 18, 2019
|
@missdeer @yangchuansheng 都是配置文件提示 |
This comment has been minimized.
This comment has been minimized.
没发现什么大的区别 |
This comment has been minimized.
This comment has been minimized.
leiless
commented
Feb 8, 2020
|
Hi @missdeer, when I run $ curl -s -L git.io/corefile | bash
bash: line 20: $1: ambiguous redirect
It certainly a typo: diff --git a/corefile.sh b/corefile.sh
index cdb651c..32634ce 100755
--- a/corefile.sh
+++ b/corefile.sh
@@ -17,7 +17,7 @@ echo " except $china $apple $google cdn.jsdelivr.net" >> Corefile
echo " }" >> Corefile
echo " proxy . 192.168.1.1" >> Corefile
bogus=`curl -L https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf -s | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -`
-echo " bogus $bogus" >> $1
+echo " bogus $bogus" >> Corefile
echo " log" >> Corefile
echo " cache" >> Corefile
echo " redisc {" >> Corefile
Please try to fix this error. |
This comment has been minimized.
This comment has been minimized.
Thanks, fixed. |
This comment has been minimized.
This comment has been minimized.
yangchuansheng
commented
Mar 6, 2020
|
问下 ipset 插件是怎么用的 |
This comment has been minimized.
This comment has been minimized.
会把所在区段里解析出来的ip全都加到插件指定名字的ipset里,比如: 这样会把所有cisco相关的域名解析出来的ip都加到 |
This comment has been minimized.
This comment has been minimized.
yangchuansheng
commented
Mar 7, 2020
|
那还是dnsmasq 配置 ipset 方便一点
Fan Yang <notifications@github.com> 于2020年3月7日周六 上午8:55写道:
… 问下 ipset 插件是怎么用的
会把所在区段里解析出来的ip全都加到插件指定名字的ipset里,比如:
cisco.com, webexconnect.com, webex.com, wbx2.com, ciscospark.com {
forward . 192.168.1.1
ipset ciscolist
}
这样会把所有cisco相关的域名解析出来的ip都加到ciscolist这个ipset里,iptables里就可以单独设一个转发
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/5c7c82b5b67f8afb41cfd43d51b82c2d?email_source=notifications&email_token=ADUZNLXMB2HMMRIXM6I75FLRGGLRZA5CNFSM4KRX5BF2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAGDQQ2#gistcomment-3203341>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADUZNLUNHLOTUDOKECYCKDLRGGLRZANCNFSM4KRX5BFQ>
.
|
This comment has been minimized.
This comment has been minimized.
Bowser1704
commented
Mar 22, 2020
|
运行的时候,ad,bogus,都是Unknown directive, 是什么问题? |
This comment has been minimized.
This comment has been minimized.
大概是因为你用的不是我修改编译的CoreDNS版本 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Mar 31, 2020
那个bogus作用是什么,我看那个bogus的ip库都有两年不更新了 |
This comment has been minimized.
This comment has been minimized.
bogus 可以看一下这个issue: felixonmars/dnsmasq-china-list#2 ,大体就是某些ISP提供的DNS server在解析没记录的域名时会返回bogus IP,从而引流到某些网页上,比如114啥的,有些人不喜欢看这个网页,直接报NXDOMAIN更好 没有 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Mar 31, 2020
但我看你开始的那个区域没有加bind 127.0.0.1,不是应该加了更好? |
This comment has been minimized.
This comment has been minimized.
因为我是在路由器上用,所以要监听在0.0.0.0 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Mar 31, 2020
•
按理说,只监听127.0.0.1的话,来自其他设备的访问应该是不通的吧? |
This comment has been minimized.
This comment has been minimized.
是的,所以我监听在0.0.0.0 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
加进ads插件后,日志显不不断的在重读文件,引起dns非常慢,这个怎么破?谢谢 |
This comment has been minimized.
This comment has been minimized.
貌似写死了1分钟更新一次,除非改代码。不过我这里倒没引起dns慢,你那也许是其他问题引起的慢。 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
我只要把ads去掉就正常了,所以不明白,程度配置基本上是按你的来的,加上ads不但不能去广告打开网页非常慢 |
This comment has been minimized.
This comment has been minimized.
你先确定下是不是DNS解析慢,Windows下 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
ns的结果正常,就是打开网页非常慢! |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
|
PS C:\WINDOWS\system32> ipconfig /flushdns Windows IP 配置 已成功刷新 DNS 解析缓存。 非权威应答: PS C:\WINDOWS\system32> snakwu@hassio-server:~/go-workspace/src/coredns$ dig www.taobao.com ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> www.taobao.com ;; OPT PSEUDOSECTION: ;; ANSWER SECTION: ;; Query time: 0 msec |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
|
|
This comment has been minimized.
This comment has been minimized.
估计是屏蔽了一些css,js的链接,导致整个网页都卡了 |
This comment has been minimized.
This comment has been minimized.
|
话说你怎么那么多block的解析请求 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
加的源和你的是一样的,只是我打开的网页比较多广告吧,网页卡这问题怎么破? |
This comment has been minimized.
This comment has been minimized.
我觉得你可以问一下源的作者 |
This comment has been minimized.
This comment has been minimized.
snakwu
commented
Apr 18, 2020
ok.thx! |
This comment has been minimized.
missdeer commentedJan 15, 2019
•
edited
You can generate
Corefileby the command shown below:curl -sSL git.io/corefile | bashThen change
192.168.1.1inCorefileto your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly.At last, run CoreDNS by the command shown below (maybe
sudois needed, or you can runsudo setcap cap_net_bind_service=+ep ./corednson Linux first):Important:
The generated Corefile ONLY works with my custom build of CoreDNS which includes more plugins. You can download the prebuilt binary from Appveyor service or use the link shown below for convenience: