SmartDNS是一个运行在本地的DNS服务器,SmartDNS接受本地客户端的DNS查询请求,从多个上游DNS服务器获取DNS查询结果,并将访问速度最快的结果返回给客户端,提高网络访问速度。 同时支持指定特定域名IP地址,并高性匹配,达到过滤广告的效果。
与dnsmasq的all-servers不同,smartdns返回的是访问速度最快的解析结果。 (详细差异请看FAQ)
支持树莓派,openwrt,华硕路由器,windows等设备。
因为作者用的是Arch系统, 直接用如下命令安装
yay -S smartdns
或者直接使用docker
docker pull ghostry/smartdns
docker container stop gsmartdns
docker container rm gsmartdns
docker run -d -p 53:53/udp –restart=always –name gsmartdns ghostry/smartdns
查看一下53号端口是否已经被占用,比如说dnsmasq,如果有就先kill掉相关进程
sudo lsof -i:53
配置文件
sudo vim /etc/smartdns/smartdns.conf
# dns server name, defaut is host name # server-name, # example: # server-name smartdns # # Include another configuration options # conf-file [file] # conf-file blacklist-ip.conf # dns server bind ip and port, default dns server port is 53, support binding multi ip and port # bind udp server # bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection] # bind tcp server # bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection] # option: # -group: set domain request to use the appropriate server group. # -no-rule-addr: skip address rule. # -no-rule-nameserver: skip nameserver rule. # -no-rule-ipset: skip ipset rule. # -no-speed-check: do not check speed. # -no-cache: skip cache. # -no-rule-soa: Skip address SOA(#) rules. # -no-dualstack-selection: Disable dualstack ip selection. # example: # IPV4: # bind :53 # bind :6053 -group office -no-speed-check # IPV6: # bind [::]:53 # bind-tcp [::]:53 bind :53 # tcp connection idle timeout # tcp-idle-time [second] # dns cache size # cache-size [number] # 0: for no cache cache-size 1024 # prefetch domain # prefetch-domain [yes|no] # prefetch-domain yes # List of hosts that supply bogus NX domain results # bogus-nxdomain [ip/subnet] # List of IPs that will be filtered when nameserver is configured -blacklist-ip parameter # blacklist-ip [ip/subnet] blacklist-ip 4.36.66.178 blacklist-ip 8.7.198.45 blacklist-ip 37.61.54.158 blacklist-ip 46.82.174.68 blacklist-ip 59.24.3.173 blacklist-ip 64.33.88.161 blacklist-ip 64.33.99.47 blacklist-ip 64.66.163.251 blacklist-ip 65.104.202.252 blacklist-ip 65.160.219.113 blacklist-ip 66.45.252.237 blacklist-ip 72.14.205.99 blacklist-ip 72.14.205.104 blacklist-ip 78.16.49.15 blacklist-ip 93.46.8.89 blacklist-ip 128.121.126.139 blacklist-ip 159.106.121.75 blacklist-ip 169.132.13.103 blacklist-ip 192.67.198.6 blacklist-ip 202.106.1.2 blacklist-ip 202.181.7.85 blacklist-ip 203.98.7.65 blacklist-ip 203.161.230.171 blacklist-ip 207.12.88.98 blacklist-ip 208.56.31.43 blacklist-ip 209.36.73.33 blacklist-ip 209.145.54.50 blacklist-ip 209.220.30.174 blacklist-ip 211.94.66.147 blacklist-ip 213.169.251.35 blacklist-ip 216.221.188.182 blacklist-ip 216.234.179.13 blacklist-ip 243.185.187.39 # List of IPs that will be accepted when nameserver is configured -whitelist-ip parameter # whitelist-ip [ip/subnet] # List of IPs that will be ignored # ignore-ip [ip/subnet] # speed check mode # speed-check-mode [ping|tcp:port|none|,] # example: # speed-check-mode ping,tcp:80 # speed-check-mode tcp:443,ping # speed-check-mode none # force AAAA query return SOA # force-AAAA-SOA [yes|no] # Enable IPV4, IPV6 dual stack IP optimization selection strategy # dualstack-ip-selection-threshold [num] (0~1000) # dualstack-ip-selection [yes|no] # dualstack-ip-selection yes # edns client subnet # edns-client-subnet [ip/subnet] # edns-client-subnet 192.168.1.1/24 # edns-client-subnet [8::8]/56 # ttl for all resource record # rr-ttl: ttl for all record # rr-ttl-min: minimum ttl for resource record # rr-ttl-max: maximum ttl for resource record # example: # rr-ttl 300 # rr-ttl-min 60 # rr-ttl-max 86400 rr-ttl-min 600 rr-ttl-max 3600 # set log level # log-level: [level], level=fatal, error, warn, notice, info, debug # log-file: file path of log file. # log-size: size of each log file, support k,m,g # log-num: number of logs log-level warn # log-file /var/log/smartdns.log # log-size 128k # log-num 2 # dns audit # audit-enable [yes|no]: enable or disable audit. # audit-enable yes # audit-SOA [yes|no]: enable or disalbe log soa result. # audit-size size of each audit file, support k,m,g # audit-file /var/log/smartdns-audit.log # audit-size 128k # audit-num 2 # remote udp dns server list # server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group] # default port is 53 # -blacklist-ip: filter result with blacklist ip # -whitelist-ip: filter result whth whitelist ip, result in whitelist-ip will be accepted. # -check-edns: result must exist edns RR, or discard result. # -group [group]: set server to group, use with nameserver /domain/group. # -exclude-default-group: exclude this server from default group. # server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2 server 223.5.5.5:53 -blacklist-ip server 119.29.29.29:53 -blacklist-ip server 114.114.114.114:53 -blacklist-ip server 1.1.1.1 -check-edns server 1.0.0.1 -check-edns server 8.8.8.8 -check-edns server 8.8.4.4 -check-edns server 208.67.222.222 -check-edns # remote tcp dns server list # server-tcp [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-group [group] ...] [-exclude-default-group] # default port is 53 # server-tcp 8.8.8.8 server-tcp 8.8.4.4:53 server-tcp 208.67.222.222:443 # remote tls dns server list # server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group] # -spki-pin: TLS spki pin to verify. # -tls-host-check: cert hostname to verify. # -hostname: TLS sni hostname. # Get SPKI with this command: # echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 # default port is 853 # server-tls 8.8.8.8 # server-tls 1.0.0.1 server-tls 8.8.8.8:853 server-tls 8.8.4.4:853 server-tls 1.1.1.1:853 server-tls 1.0.0.1:853 # remote https dns server list # server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group] # -spki-pin: TLS spki pin to verify. # -tls-host-check: cert hostname to verify. # -hostname: TLS sni hostname. # -http-host: http host. # default port is 443 # server-https https://cloudflare-dns.com/dns-query server-https https://cloudflare-dns.com/dns-query server-https https://dns.google/dns-query # specific nameserver to domain # nameserver /domain/[group|-] # nameserver /www.example.com/office, Set the domain name to use the appropriate server group. # nameserver /www.example.com/-, ignore this domain # specific address to domain # address /domain/[ip|-|-4|-6|#|#4|#6] # address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client # address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all # address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all # enable ipset timeout by ttl feature # ipset-timeout [yes] # specific ipset to domain # ipset /domain/[ipset|-] # ipset /www.example.com/block, set ipset with ipset name of block # ipset /www.example.com/-, ignore this domain 接着启动服务
sudo systemctl enable smartdns
sudo systemctl start smartdns
修改文件,将域名服务器指定为当前的smartdns
sudo vim /etc/resolv.conf
第一行加上
nameserver 127.0.0.1
现在应该配置好了。使用命令
nslookup -querytype=ptr smartdns
输出结果是
Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: smartdns name = xxxx. Authoritative answers can be found from: 这就说明已经配置好了,配置完以后微信公众号的网页终于可以正常解析了。各种网页都感觉快乐不少(也可能是心理作用。
docker版的安装完以后,容器一直处于重启状态,可能是自带的配置文件有毛病,自行修改配置文件以后应该就可以了。
原文链接:https://blog.csdn.net/suninsky_plate/article/details/107130250
原创文章,作者:优速盾-小U,如若转载,请注明出处:https://www.cdnb.net/bbs/archives/22275
