![]()
简介
我第一次碰到dns污染,或者说深入研究这个东西是因为我的bboysoul.com域名被污染了,至于为什么被污染,就是因为写了一些不该写的东西,那时候还以为是阿里的dns的服务器问题,后来发现并不是这样,相比于封禁ip,dns污染更变态
操作
国内的公共dns比如阿里云,114不管是dot doh都是有污染的,所以这些只能去解析国内的服务,对于国外的服务,我自己自建了一个doh服务器,之后内网使用的是smartdns,如果碰到国外的一些域名,就直接使用国外的doh服务器去解析,国内的依然使用114,阿里云来增加解析速度,国外的doh服务器使用的是blocky,说实在blocky真的很好,就是不支持域名分流,就是不同的域名使用不同的dns服务器去查询。
所以正常来说,现在的dns查询是这样的
国内域名 -> smartdns -> 国内公共dns
国外域名 -> smartdns -> 国外dotdns或者自建的blockydns服务器
国外的doh服务器配置
使用的是blocky,下面是配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| upstream:
default:
- https://dns.google/dns-query
- https://cloudflare-dns.com/dns-query
- https://mozilla.cloudflare-dns.com/dns-query
- https://doh.xfinity.com/dns-query
- https://doh.opendns.com/dns-query
- https://dns-nyc.aaflalo.me/dns-query
- https://sg.adhole.org/dns-query
- https://dns.dnshome.de/dns-query
httpsPort: 587
httpsCertFile: ./cert/dns.pem
httpsKeyFile: ./cert/dns.key
port: 523
logLevel: info
logFormat: json
logTimestamp: true
caching:
minTime: 1000
maxTime: 1200
prefetching: true
maxItemsCount: 0
prometheus:
enable: true
path: /metrics
queryLog:
dir: ./logs
perClient: true
logRetentionDays: 0
disableIPv6: true
|
国内smartdns的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
| bind :53
cache-size 409600
cache-persist yes
cache-file /data/smartdns/smartdns.cache
log-level info
log-file /data/smartdns/log/smartdns.log
log-size 100M
log-num 100
audit-enable no
audit-file /data/smartdns/audit/audit.log
audit-size 100M
audit-num 100
speed-check-mode ping,tcp:80
rr-ttl-min 120
serve-expired yes
prefetch-domain yes
force-AAAA-SOA yes
server 8.8.8.8
server 1.1.1.1
server 114.114.114.114
server 223.5.5.5
server 119.29.29.29
server 223.6.6.6
server 180.76.76.76
server 114.114.115.115
server 117.50.11.11
server 52.80.66.66
server 117.50.10.10
server 52.80.52.52
server 117.50.60.30
server 52.80.60.30
server 8.8.4.4
server 1.0.0.1
server 208.67.222.222
server 208.67.222.220
server 208.67.220.222
server 208.67.220.220
server 199.85.126.10
server 199.85.127.10
server 84.200.69.80
server 84.200.70.40
server 8.26.56.26
server 8.20.247.20
server 64.6.64.6
server 64.6.65.6
server 192.95.54.3
server 192.95.54.1
server 81.218.119.11
server 209.88.198.133
server 1.2.4.8
server 210.2.4.8
server-tls 8.8.8.8:853
server-tls 8.8.4.4:853
server-https https://dns.examlple.cn:587/dns-query -group gfw
nameserver /feedly.com/gfw
nameserver /wikipedia.org/gfw
nameserver /youtube.com/gfw
nameserver /twitter.com/gfw
nameserver /facebook.com/gfw
nameserver /instagram.com/gfw
nameserver /google.com/gfw
nameserver /yahoo.com/gfw
nameserver /reddit.com/gfw
nameserver /netflix.com/gfw
nameserver /blogspot.com/gfw
nameserver /twitch.tv/gfw
nameserver /pinterest.com/gfw
nameserver /amazon.co.jp/gfw
nameserver /google.co.jp/gfw
nameserver /spotify.com/gfw
nameserver /medium.com/gfw
nameserver /telegram.org/gfw
nameserver /slack.com/gfw
nameserver /line.me/gfw
nameserver /mega.nz/gfw
nameserver /duckduckgo.com/gfw
nameserver /store.steampowered.com/gfw
nameserver /nintendo.com/gfw
nameserver /wikileaks.org/gfw
nameserver /telegra.ph/gfw
|
因为smartdns有缓存和预取的功能,所以现在家中的网速是嗖嗖嗖
欢迎关注我的博客www.bboy.app
Have Fun
