mokeyish / smartdns-rs

A cross platform local DNS server (Dnsmasq like) written in rust to obtain the fastest website IP for the best Internet experience, supports DoT, DoQ, DoH, DoH3.
GNU General Public License v3.0
556 stars 38 forks source link

hosts-file没有生效吗?hosts-file C:/Windows/System32/drivers/etc/hosts #233

Closed masx200 closed 6 months ago

masx200 commented 8 months ago
 nslookup github.com
服务器:  desktop-5rh4po7
Address:  ::1

非权威应答:
DNS request timed out.
    timeout was 2 seconds.
名称:    github.com
Address:  192.30.255.113
hosts-file C:/Windows/System32/drivers/etc/hosts

# dns server name, default is host name
# server-name, 
# example:
#   server-name smartdns
#
server 100.100.100.100
# whether resolv local hostname to ip address
# resolv-hostname yes
server 1.1.1.1
server 2606:4700:4700::1111
server-tls  one.one.one.one
# dns server run user
# user [username]
# example: run as nobody
#   user nobody
#

# Include another configuration options
# conf-file [file]
# conf-file blacklist-ip.conf

# dns server bind ip and port, default dns server port is 53, support binding multi ip and port
# bind udp server
#   bind [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# bind tcp server
#   bind-tcp [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# bind tls server
#   bind-tls [IP]:[port][@device] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
#   bind-cert-key-file [path to file]
#      tls private key file
#   bind-cert-file [path to file]
#      tls cert file
#   bind-cert-key-pass [password]
#      tls private key password
# option:
#   -group: set domain request to use the appropriate server group.
#   -no-rule-addr: skip address rule.
#   -no-rule-nameserver: skip nameserver rule.
#   -no-rule-ipset: skip ipset rule or nftset rule.
#   -no-speed-check: do not check speed.
#   -no-cache: skip cache.
#   -no-rule-soa: Skip address SOA(#) rules.
#   -no-dualstack-selection: Disable dualstack ip selection.
#   -force-aaaa-soa: force AAAA query return SOA.
#   -set-mark: set mark on packets.
# example: 
#  IPV4: 
#    bind :53
#    bind :53@eth0
#    bind :6053 -group office -no-speed-check
#  IPV6:
#    bind [::]:53
#    bind [::]:53@eth0
#    bind-tcp [::]:53
bind [::]:53
bind :53
# tcp connection idle timeout
# tcp-idle-time [second]

# dns cache size
# cache-size [number]
#   0: for no cache
cache-size 32768

# enable persist cache when restart
cache-persist yes

cache persist file
cache-file ./smartdns/smartdns.cache

# prefetch domain
# prefetch-domain [yes|no]
# prefetch-domain yes

# cache serve expired 
# serve-expired [yes|no]
serve-expired yes

# cache serve expired TTL
# serve-expired-ttl [num]
serve-expired-ttl 600
cache-checkpoint-time 86400
# reply TTL value to use when replying with expired data
# serve-expired-reply-ttl [num]
# serve-expired-reply-ttl 30

# List of hosts that supply bogus NX domain results 
# bogus-nxdomain [ip/subnet]

# List of IPs that will be filtered when nameserver is configured -blacklist-ip parameter
# blacklist-ip [ip/subnet]

# List of IPs that will be accepted when nameserver is configured -whitelist-ip parameter
# whitelist-ip [ip/subnet]

# List of IPs that will be ignored
# ignore-ip [ip/subnet]

# speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# example:
speed-check-mode ping,tcp:80,tcp:443
#   speed-check-mode tcp:443,ping
#   speed-check-mode none

# force AAAA query return SOA
# force-AAAA-SOA [yes|no]

# force specific qtype return soa
# force-qtype-SOA [qtypeid |...]
# force-qtype-SOA 65 28
force-qtype-SOA 65

# Enable IPV4, IPV6 dual stack IP optimization selection strategy
# dualstack-ip-selection-threshold [num] (0~1000)
# dualstack-ip-allow-force-AAAA [yes|no]
# dualstack-ip-selection [yes|no]
# dualstack-ip-selection no

# edns client subnet
# edns-client-subnet [ip/subnet]
# edns-client-subnet 192.168.1.1/24
# edns-client-subnet 8::8/56

# ttl for all resource record
# rr-ttl: ttl for all record
# rr-ttl-min: minimum ttl for resource record
# rr-ttl-max: maximum ttl for resource record
# rr-ttl-reply-max: maximum reply ttl for resource record
# example:
#rr-ttl 600
rr-ttl-min 600
# rr-ttl-max 86400
# rr-ttl-reply-max 60
prefetch-domain yes
# Maximum number of IPs returned to the client|8|number of IPs, 1~16
# example:
# max-reply-ip-num 1

# response mode
# Experimental feature
# response-mode [first-ping|fastest-ip|fastest-response]

# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-console [yes|no]: output log to console.
# log-size: size of each log file, support k,m,g
# log-num: number of logs, 0 means disable log
log-level info

log-file ./log/smartdns/smartdns.log
# log-size 128k
# log-num 2
# log-file-mode [mode]: file mode of log file.

# dns audit
# audit-enable [yes|no]: enable or disable audit.
# audit-enable yes
# audit-SOA [yes|no]: enable or disable log soa result.
# audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log
# audit-console [yes|no]: output audit log to console.
# audit-file-mode [mode]: file mode of audit file.
# audit-size 128k
# audit-num 2

# Support reading dnsmasq dhcp file to resolve local hostname
# dnsmasq-lease-file /var/lib/misc/dnsmasq.leases

# certificate file
# ca-file [file]
# ca-file /etc/ssl/certs/ca-certificates.crt

# certificate path
# ca-path [path]
# ca-path /etc/ss/certs

# remote udp dns server list
# server [IP]:[PORT]|URL [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
# default port is 53
#   -blacklist-ip: filter result with blacklist ip
#   -whitelist-ip: filter result with whitelist ip,  result in whitelist-ip will be accepted.
#   -check-edns: result must exist edns RR, or discard result.
#   -group [group]: set server to group, use with nameserver /domain/group.
#   -exclude-default-group: exclude this server from default group.
#   -proxy [proxy-name]: use proxy to connect to server.
#   -bootstrap-dns: set as bootstrap dns server.
# server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2
#server tls://dns.google:853 
#server-https https://dns.google/dns-query

# remote tcp dns server list
# server-tcp [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-group [group] ...] [-exclude-default-group]
# default port is 53
#server-tcp 8.8.8.8

# remote tls dns server list
# server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
#   -spki-pin: TLS spki pin to verify.
#   -tls-host-verify: cert hostname to verify.
#   -host-name: TLS sni hostname.
#   -no-check-certificate: no check certificate.
#   -proxy [proxy-name]: use proxy to connect to server.
#   -bootstrap-dns: set as bootstrap dns server.
# Get SPKI with this command:
#    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# default port is 853
#server-tls 8.8.8.8
server-tls 1.0.0.1

# remote https dns server list
# server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
#   -spki-pin: TLS spki pin to verify.
#   -tls-host-verify: cert hostname to verify.
#   -host-name: TLS sni hostname.
#   -http-host: http host.
#   -no-check-certificate: no check certificate.
#   -proxy [proxy-name]: use proxy to connect to server.
#   -bootstrap-dns: set as bootstrap dns server.
# default port is 443
server-https https://cloudflare-dns.com/dns-query
#server-https https://doh.sb/dns-query
#server-https https://doh.opendns.com/dns-query
#server-https https://dns.quad9.net/dns-query
server-https https://doh.360.cn/dns-query
#server-https https://dns.twnic.tw/dns-query
# socks5 and http proxy list
# proxy-server URL -name [proxy name]
#   URL: socks5://[username:password@]host:port
#        http://[username:password@]host:port
#   -name: proxy name, use with server -proxy [proxy-name]
# example:
#   proxy-server socks5://user:pass@1.2.3.4:1080 -name proxy
#   proxy-server http://user:pass@1.2.3.4:3128 -name proxy

# specific nameserver to domain
# nameserver /domain/[group|-]
# nameserver /www.example.com/office, Set the domain name to use the appropriate server group.
# nameserver /www.example.com/-, ignore this domain

# specific address to domain
# address /domain/[ip|-|-4|-6|#|#4|#6]
# address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client
# address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all
# address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all

# specific cname to domain
# cname /domain/target

# enalbe DNS64 feature
# dns64 [ip/subnet]
# dns64 64:ff9b::/96

# enable ipset timeout by ttl feature
# ipset-timeout [yes]

# specific ipset to domain
# ipset /domain/[ipset|-]
# ipset /www.example.com/block, set ipset with ipset name of block 
# ipset /www.example.com/-, ignore this domain

# add to ipset when ping is unreachable
# ipset-no-speed ipsetname
# ipset-no-speed pass

# enable nftset timeout by ttl feature
# nftset-timeout [yes|no]
# nftset-timeout yes

# add to nftset when ping is unreachable
# nftset-no-speed [#4:ip#table#set,#6:ipv6#table#setv6]
# nftset-no-speed #4:ip#table#set

# enable nftset debug, check nftset setting result, output log when error.
# nftset-debug [yes|no]
# nftset-debug yes

# specific nftset to domain
# nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6]
# nftset /www.example.com/ip#table#set, equivalent to 'nft add element ip table set { ... }'
# nftset /www.example.com/-, ignore this domain
# nftset /www.example.com/#6:-, ignore ipv6

# set domain rules
# domain-rules /domain/ [-speed-check-mode [...]]
# rules:
#   [-c] -speed-check-mode [mode]: speed check mode
#                             speed-check-mode [ping|tcp:port|none|,]
#   [-a] -address [address|-]: same as address option
#   [-n] -nameserver [group|-]: same as nameserver option
#   [-p] -ipset [ipset|-]: same as ipset option
#   [-t] -nftset [nftset|-]: same as nftset option
#   [-d] -dualstack-ip-selection [yes|no]: same as dualstack-ip-selection option
#   -no-serve-expired: ignore expired domain
#   -delete: delete domain rule

# collection of domains 
# the domain-set can be used with /domain/ for address, nameserver, ipset, etc.
# domain-set -name [set-name] -type list -file [/path/to/file]
#   [-n] -name [set name]: domain set name
#   [-t] -type [list]: domain set type, list only now
#   [-f] -file [path/to/set]: file path of domain set
# 
# example:
# domain-set -name domain-list -type list -file /etc/smartdns/domain-list.conf
# address /domain-set:domain-list/1.2.3.4
# nameserver /domain-set:domain-list/server-group
# ipset /domain-set:domain-list/ipset
# domain-rules /domain-set:domain-list/ -speed-check-mode ping
# 在本地 53 端口监听
bind 127.0.0.1:53  

# 配置 bootstrap-dns,如不配置则调用系统的,建议配置,这样就加密了。
server-https https://223.5.5.5/dns-query  -bootstrap-dns #-exclude-default-group

# 配置默认上游服务器
server-https https://dns.alidns.com/dns-query
server-https https://doh.pub/dns-query

# 配置公司(家里)上游服务器
#server 192.168.1.1 -exclude-default-group -group office

# 以 ofc 结尾的域名转发至 office 分组进行解析
#nameserver /ofc/office

# 设置域名的静态 IP
#address /test.example.com/1.2.3.5

# 屏蔽域名(广告屏蔽)
#address /ads.example.com/#

# 以下特性在[C 语言版 SmartDNS](https://github.com/pymumu/smartdns) 尚未支持,仅适用于SmartDNS-rs
# 使用 DoH3
#server-h3 223.5.5.5

# 使用 DoQ
#server-quic 223.5.5.5
dualstack-ip-selection yes
bind-tcp [::]:53
bind-tcp :53
#server 202.96.128.166
server 223.5.5.5
server 223.6.6.6
server 119.29.29.29
#server 8.8.4.4 #-group whatsappdns -exclude-default-group
#server-tcp 8.8.4.4
server 2400:3200::1
server  2400:3200:baba::1
#server 180.76.76.76
#server 2400:da00::6666
#server 114.114.115.115
#server 114.114.114.114
fd7a:115c:a1e0::413b:6812 openwrt-1.manx-sun.ts.net
fd7a:115c:a1e0::1932:2949 openwrt-2.manx-sun.ts.net
# 地址可能会变动,请务必关注GitHub、Gitlab获取最新消息
# 也可以关注公众号:湖中剑,保证不迷路
# GitHub Host Start

185.199.108.154              github.githubassets.com
140.82.113.21                central.github.com
185.199.111.133              desktop.githubusercontent.com
185.199.111.153              assets-cdn.github.com
185.199.108.133              camo.githubusercontent.com
185.199.108.133              github.map.fastly.net
151.101.1.194                github.global.ssl.fastly.net
140.82.113.4                 gist.github.com
185.199.110.153              github.io
140.82.112.4                 github.com
140.82.112.6                 api.github.com
185.199.108.133              raw.githubusercontent.com
185.199.111.133              user-images.githubusercontent.com
185.199.110.133              favicons.githubusercontent.com
185.199.108.133              avatars5.githubusercontent.com
185.199.109.133              avatars4.githubusercontent.com
185.199.110.133              avatars3.githubusercontent.com
185.199.108.133              avatars2.githubusercontent.com
185.199.111.133              avatars1.githubusercontent.com
185.199.108.133              avatars0.githubusercontent.com
185.199.108.133              avatars.githubusercontent.com
140.82.113.10                codeload.github.com
52.217.234.81                github-cloud.s3.amazonaws.com
16.182.70.233                github-com.s3.amazonaws.com
52.217.91.92                 github-production-release-asset-2e65be.s3.amazonaws.com
52.217.134.17                github-production-user-asset-6210df.s3.amazonaws.com
52.216.166.3                 github-production-repository-file-5c1aeb.s3.amazonaws.com
185.199.109.153              githubstatus.com
140.82.112.18                github.community
185.199.111.133              media.githubusercontent.com
185.199.111.133              objects.githubusercontent.com
185.199.108.133              raw.github.com
20.221.80.166                copilot-proxy.githubusercontent.com

# Please Star : https://github.com/ineo6/hosts
# Mirror Repo : https://gitlab.com/ineo6/hosts

# Update at: 2024-01-17 12:13:19

# GitHub Host End
mokeyish commented 6 months ago

已经支持,加上

resolv-hostname yes