之前一直有用nextdns 作为DoH,用于过滤广告、tracking和DNS 加密,在家里也是配合openclash 使用。使用mosdns 的主要原因是,它可以直接配置DoH 服务器的IP 地址,因为nextdns 被墙了,没办法直接使用。
安装
之前的ipk 版本都是手动安装,而这次看到一个luci-app-mosdns 可以直接一键安装,于是就把老版本的直接卸载掉重新安装。这次安装的版本是v4.5.3。
1
| sh -c "$(curl -ksS https://raw.githubusercontent.com/sbwml/luci-app-mosdns/master/install.sh)"
|
配置其实就很简单,把你远程DNS 配置上去就可以,本地DNS 也可以配置,也可以使用自定义配置的形式。另外就在openclash 上启用“自定义上游 DNS 服务器”选项打开,然后把服务地址配置成127.0.0.1:5335。
生成的配置大概像下面一样。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
| log:
level: info
file: "/tmp/mosdns.log"
include: []
data_providers:
- tag: geoip
file: "/usr/share/v2ray/geoip.dat"
auto_reload: true
- tag: geosite
file: "/usr/share/v2ray/geosite.dat"
auto_reload: true
- tag: whitelist
file: "/etc/mosdns/rule/whitelist.txt"
auto_reload: true
- tag: blocklist
file: "/etc/mosdns/rule/blocklist.txt"
auto_reload: true
- tag: hosts
file: "/etc/mosdns/rule/hosts.txt"
auto_reload: true
- tag: redirect
file: "/etc/mosdns/rule/redirect.txt"
auto_reload: true
plugins:
- tag: lazy_cache
type: cache
args:
size: 200000
lazy_cache_ttl: 259200
- tag: modify_ttl
type: ttl
args:
minimal_ttl: 0
maximum_ttl: 0
- tag: "forward_local"
type: fast_forward
args:
upstream:
- addr: 119.29.29.29
- addr: 114.114.114.114
- tag: "forward_remote"
type: fast_forward
args:
upstream:
- addr: tls://8.8.8.8
- addr: tls://1.1.1.1
- tag: query_is_whitelist_domain
type: query_matcher
args:
domain:
- "provider:whitelist"
- tag: query_is_blocklist_domain
type: query_matcher
args:
domain:
- "provider:blocklist"
- tag: query_is_hosts_domain
type: hosts
args:
hosts:
- "provider:hosts"
- tag: query_is_redirect_domain
type: redirect
args:
rule:
- "provider:redirect"
- tag: query_is_local_domain
type: query_matcher
args:
domain:
- "provider:geosite:cn"
- tag: query_is_non_local_domain
type: query_matcher
args:
domain:
- "provider:geosite:geolocation-!cn"
- tag: response_has_local_ip
type: response_matcher
args:
ip:
- "provider:geoip:cn"
- tag: query_is_ad_domain
type: query_matcher
args:
domain:
- "provider:geosite:category-ads-all"
- tag: match_qtype65
type: query_matcher
args:
qtype: [65]
- tag: "main_sequence"
type: "sequence"
args:
exec:
- _misc_optm
- query_is_hosts_domain
- query_is_redirect_domain
- if: query_is_whitelist_domain
exec:
- forward_local
- modify_ttl
- _return
- if: "query_is_blocklist_domain || query_is_ad_domain || match_qtype65"
exec:
- _new_nxdomain_response
- _return
- lazy_cache
- if: query_is_local_domain
exec:
- forward_local
- modify_ttl
- _return
- if: query_is_non_local_domain
exec:
- _prefer_ipv4
- forward_remote
- modify_ttl
- _return
- primary:
- forward_local
- if: "(! response_has_local_ip) && [_response_valid_answer]"
exec:
- _drop_response
secondary:
- _prefer_ipv4
- forward_remote
- modify_ttl
fast_fallback: 200
servers:
- exec: main_sequence
listeners:
- protocol: udp
addr: ":5335"
- protocol: tcp
addr: ":5335"
|
nextdns
因为DoH 被墙了,只能用IP,dig dns.nextdns.io,把解析到的ip 配置到mosdns 的hosts 插件中。
Reference
