Code Monkey home page Code Monkey logo

Comments (25)

infinet avatar infinet commented on July 22, 2024

这些设置都是从上游dnsmasq继承的,没有改动。cache那块源码历史悠久,没细看过,不过实际使用数万都没问题。

from dnsmasq.

LazyZhu avatar LazyZhu commented on July 22, 2024

@dsyo2008
修改此处:
https://github.com/infinet/dnsmasq/blob/fastlookup/src/config.h#L30

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

@LazyZhu @infinet
有没有类似chinadns智能判定污染域名的功能?

from dnsmasq.

LazyZhu avatar LazyZhu commented on July 22, 2024

chinadns不能智能判定污染域名,下面这个可以:
https://github.com/XiaoxiaoPu/sans

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

@LazyZhu @xiaoxiaopu 速度有影响吗?

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

@LazyZhu 他使用SOA和A记录判断污染,但这样会不会产生误杀

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

我觉得嘛,防污染,关键是可能污染的域名都走VPN。

from dnsmasq.

puxxustc avatar puxxustc commented on July 22, 2024

@infinet 你要有一个污染的域名的列表,这个列表可能很大,加载这么大一个列表需要不少内存,而且你需要的只是一部分。

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

比如家里的网络出口用dnsmasq就可以达到完全修改dns纪录的效果,这种污染无法判断,dnssec似乎是为这种情况设计的,不过我没细看过。

作为个人,常去的网站就那么多,让它们都走VPN,以后发现新污染再添加。如果是公司,要么都走VPN,要么干脆加强管理,就开通google,stackoverflow之类,有多少人上youtube和各种社交新闻网站是工作需要?

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

@infinet 把它用在路由端上可以减少日常规则维护,并且主动判断污染,少去很多故障

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

最近一段时间国内网络越来越没节操了,已经不屑于DNS污染,直接重定向所有DNS查询到它们的服务器,智能判断之类不知道还有没有用。

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

@infinet 怎么算是智能?

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

@qiuzi 不知道@$#~, 楼上不是介绍https://github.com/XiaoxiaoPu/sans 可以智能判断么,不过我没细看。

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

是可以 但貌似不再维护了 现在都运行报错

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

@infinet 要不你接手试试

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

我对dnsmasq结合ipset很满意,另外现在的网络环境下我怀疑智能判断这条路已经堵死了。

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

怎么说?

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

我这里所有DNS查询都被重定向了,可以想像有关人员稍微用点心就能完美地伪造DNS纪录。听说DNSSEC可以防伪,不过没空细看。

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

DNSSEC 不行 重定向也不会有影响啊 sans 你试过了?

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

没试过。如果要查询的域名被污染了,那么对应的IP多半也被block了,或者很快就要被block,这个时侯应该马上转投dnsmasq+ipset,你会发现原来世界还是美好的...

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

主要问题是怎么获得正确的ip才是关键

from dnsmasq.

infinet avatar infinet commented on July 22, 2024

当然是通过正确的DNS服务器,但DNS查询都被重定向了,如何绕过,对多数github用户不是问题吧。

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

DNS请求可以通过socks5出去 借助ss

from dnsmasq.

qiuzi avatar qiuzi commented on July 22, 2024

刚刚试了下sana 既然能启动了 万幸啊

from dnsmasq.

mS0gxokXEsg5ysJ7J79kzWiqO1fHgFA6ZR8eEls avatar mS0gxokXEsg5ysJ7J79kzWiqO1fHgFA6ZR8eEls commented on July 22, 2024

可以部署Dnsmasq + DoH (DNS over HTTPS)

#如5353端口被avahi-daemon占用,则强制停用
systemctl disable avahi-daemon.socket avahi-daemon.service
systemctl mask avahi-daemon.socket avahi-daemon.service
systemctl stop avahi-daemon.socket avahi-daemon.service

https://developers.cloudflare.com/argo-tunnel/downloads/下载 Binary: 对应压缩包,
解压至/usr/local/bin/

#--address 0.0.0.0表示所有网络,--address 127.0.0.1表示只有本机会让WIFI客户端无法上网
#开机自动启动:在 nano /etc/rc.local 最后 exit 0 上一行添加以下内容并保存
nohup cloudflared --autoupdate-freq 12h proxy-dns --address 0.0.0.0 --port 5353 &
#nohup开头和&结尾,表示关闭终端也能强制在后台运行

#安装国内IP库
wget https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/install.sh
手动编辑镜像来源,以root身份运行: sudo ./install.sh

编辑/etc/dnsmasq.conf
no-hosts
no-resolv
server=127.0.0.1#5353
conf-dir=/etc/dnsmasq.d/
log-queries
log-facility=/root/dns.log

service networking restart && >/root/dns.log && service dnsmasq restart

netstat -tunlp | grep 5353

from dnsmasq.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.