pymumu / smartdns

A local DNS server to obtain the fastest website IP for the best Internet experience, support DoT, DoH. 一个本地DNS服务器,获取最快的网站IP,获得最佳上网体验,支持DoH,DoT。
https://pymumu.github.io/smartdns/
GNU General Public License v3.0
8.4k stars 1.08k forks source link

推荐适用于中国大陆的openwrt通用配置规则,各位大佬帮忙看看是否有优化空间 #1503

Open allen-wong opened 1 year ago

allen-wong commented 1 year ago
/etc/config/smartdns
option server_flags '-group domestic-ipv4-doh -force-aaaa-soa' # 第一服务不自动请求默认组
option seconddns_enabled '1'
option seconddns_server_group 'overseas-ipv4-doh'
option seconddns_no_dualstack_selection '1'
option seconddns_no_speed_check '1'
option seconddns_force_aaaa_soa '1'
# udp协议,仅留作备用。 start
config server
        option enabled '0'
        option name '114DNS'
        option ip '114.114.114.114'
        option type 'udp'
        option server_group 'domestic-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'BaiduDNS'
        option ip '180.76.76.76'
        option type 'udp'
        option server_group 'domestic-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'sDNS'
        option ip '1.2.4.8'
        option type 'udp'
        option server_group 'domestic-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'
# udp协议,仅留作备用。 end

# udp协议,仅作为bootstrap-dns。 start
config server
        option enabled '1'
        option name 'OneDNS'
        option ip '117.50.10.10'
        option type 'udp'
        option server_group 'onedns-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '1'
        option name 'AliDNS'
        option ip '223.5.5.5'
        option type 'udp'
        option server_group 'alidns-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '1'
        option name 'DNSPod'
        option ip '119.29.29.29'
        option type 'udp'
        option server_group 'dnspod-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '1'
        option name '360DNS'
        option ip '101.198.198.198'
        option type 'udp'
        option server_group '360dns-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'
# udp协议,仅作为bootstrap-dns。 end

# tls协议,仅作为备用。 start
config server
        option enabled '0'
        option name 'OneDNS'
        option ip 'dot-pure.onedns.net'
        option type 'tls'
        option server_group 'domestic-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dot-pure.onedns.net'
        option host_name 'dot-pure.onedns.net'

config server
        option enabled '0'
        option name 'AliDNS'
        option ip 'dns.alidns.com'
        option type 'tls'
        option server_group 'domestic-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dns.alidns.com'
        option host_name 'dns.alidns.com'

config server
        option enabled '0'
        option name 'DNSPod'
        option ip 'dot.pub'
        option type 'tls'
        option server_group 'domestic-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dot.pub'
        option host_name 'dot.pub'

config server
        option enabled '0'
        option name '360DNS'
        option ip 'dot.360.cn'
        option type 'tls'
        option server_group 'domestic-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dot.360.cn'
        option host_name 'dot.360.cn'
# tls协议,仅作为备用。 end

# https协议,作为上游DNS。start
config server
        option enabled '1'
        option name 'OneDNS'
        option ip 'https://doh-pure.onedns.net/dns-query'
        option type 'https'
        option server_group 'domestic-ipv4-doh'
        option exclude_default_group '1'
        option tls_host_verify 'doh-pure.onedns.net'
        option host_name 'doh-pure.onedns.net'
        option http_host 'doh-pure.onedns.net'

config server
        option enabled '1'
        option name 'AliDNS'
        option ip 'https://dns.alidns.com/dns-query'
        option type 'https'
        option server_group 'domestic-ipv4-doh'
        option exclude_default_group '1'
        option tls_host_verify 'dns.alidns.com'
        option host_name 'dns.alidns.com'
        option http_host 'dns.alidns.com'

config server
        option enabled '1'
        option name 'DNSPod'
        option ip 'https://doh.pub/dns-query'
        option type 'https'
        option server_group 'domestic-ipv4-doh'
        option exclude_default_group '1'
        option tls_host_verify '*.doh.pub'
        option host_name 'doh.pub'
        option http_host 'doh.pub'

config server
        option enabled '1'
        option name '360DNS'
        option ip 'https://doh.360.cn/dns-query'
        option type 'https'
        option server_group 'domestic-ipv4-doh'
        option exclude_default_group '1'
        option tls_host_verify 'doh.360.cn'
        option host_name 'doh.360.cn'
        option http_host 'doh.360.cn'
# https协议,作为上游DNS。end

# udp协议,仅作为bootstrap-dns。 start
config server
        option enabled '1'
        option name 'GoogleDNS'
        option ip '8.8.8.8'
        option type 'udp'
        option server_group 'google-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '1'
        option name 'CloudFlareDNS'
        option ip '1.1.1.1'
        option type 'udp'
        option server_group 'cloudflare-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '1'
        option name 'Quad9'
        option ip '9.9.9.9'
        option type 'udp'
        option server_group 'quad9-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '1'
        option name 'OpenDNS'
        option ip '208.67.222.222'
        option type 'udp'
        option server_group 'opendns-ipv4-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'
# udp协议,仅作为bootstrap-dns。 end

# tls协议,仅作为备用。 start
config server
        option enabled '0'
        option name 'GoogleDNS'
        option ip 'dns.google'
        option type 'tls'
        option server_group 'overseas-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dns.google'
        option host_name 'dns.google'

config server
        option enabled '0'
        option name 'CloudFlareDNS'
        option ip 'cloudflare-dns.com'
        option type 'tls'
        option server_group 'overseas-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'cloudflare-dns.com'
        option host_name 'cloudflare-dns.com'

config server
        option enabled '0'
        option name 'Quad9'
        option ip 'dns.quad9.net'
        option type 'tls'
        option server_group 'overseas-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dns.quad9.net'
        option host_name 'dns.quad9.net'

config server
        option enabled '0'
        option name 'OpenDNS'
        option ip 'dns.opendns.com'
        option type 'tls'
        option server_group 'overseas-ipv4-dot'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dns.opendns.com'
        option host_name 'dns.opendns.com'
# tls协议,仅作为备用。 end

# https协议,作为第二服务的上游DNS。 start
config server
        option enabled '1'
        option name 'GoogleDNS'
        option ip 'https://dns.google/dns-query'
        option type 'https'
        option server_group 'overseas-ipv4-doh'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dns.google'
        option host_name 'dns.google'
        option http_host 'dns.google'

config server
        option enabled '1'
        option name 'CloudFlareDNS'
        option ip 'https://cloudflare-dns.com/dns-query'
        option type 'https'
        option server_group 'overseas-ipv4-doh'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'cloudflare-dns.com'
        option host_name 'cloudflare-dns.com'
        option http_host 'cloudflare-dns.com'

config server
        option enabled '1'
        option name 'Quad9'
        option ip 'https://dns.quad9.net/dns-query'
        option type 'https'
        option server_group 'overseas-ipv4-doh'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'dns.quad9.net'
        option host_name 'dns.quad9.net'
        option http_host 'dns.quad9.net'

config server
        option enabled '1'
        option name 'OpenDNS'
        option ip 'https://dns.opendns.com/dns-query'
        option type 'https'
        option server_group 'overseas-ipv4-doh'
        option blacklist_ip '0'
        option exclude_default_group '1'
        option no_check_certificate '0'
        option tls_host_verify 'doh.opendns.com'
        option host_name 'dns.opendns.com'
        option http_host 'dns.opendns.com'
# https协议,作为第二服务的上游DNS。 end

# udp协议,仅作为备用。 start
config server
        option enabled '0'
        option name 'BaiDuDNS'
        option ip '2400:da00::6666'
        option type 'udp'
        option server_group 'domestic-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'OneDNS'
        option ip '2400:7fc0:849e:200::8'
        option type 'udp'
        option server_group 'onedns-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'AliDNS'
        option ip '2400:3200::1'
        option type 'udp'
        option server_group 'alidns-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'DNSPod'
        option ip '2402:4e00::'
        option type 'udp'
        option server_group 'dnspod-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'GoogleDNS'
        option ip '2001:4860:4860::8888'
        option type 'udp'
        option server_group 'google-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'CloudFlareDNS'
        option ip '2606:4700:4700::1111'
        option type 'udp'
        option server_group 'cloudflare-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'Quad9'
        option ip '2620:fe::9'
        option type 'udp'
        option server_group 'quad9-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'

config server
        option enabled '0'
        option name 'OpenDNS'
        option ip '2620:0:ccc::2'
        option type 'udp'
        option server_group 'opendns-ipv6-udp'
        option blacklist_ip '0'
        option exclude_default_group '1'
# udp协议,仅作为备用。 end
/etc/smartdns/address.conf
nameserver /dns.alidns.com/alidns-ipv4-udp

nameserver /dot-pure.onedns.net/onedns-ipv4-udp
nameserver /dot.pub/dnspod-ipv4-udp
nameserver /dot.360.cn/360dns-ipv4-udp

nameserver /doh-pure.onedns.net/onedns-ipv4-udp
nameserver /doh.pub/dnspod-ipv4-udp
nameserver /doh.360.cn/360dns-ipv4-udp

nameserver /dns.google/google-ipv4-udp
nameserver /cloudflare-dns.com/cloudflare-ipv4-udp
nameserver /dns.quad9.net/quad9-ipv4-udp
nameserver /dns.opendns.com/opendns-ipv4-udp
nameserver /dns.alidns.com/alidns-ipv6-udp       

nameserver /dot-pure.onedns.net/onedns-ipv6-udp  
nameserver /dot.pub/dnspod-ipv6-udp              

nameserver /doh-pure.onedns.net/onedns-ipv6-udp  
nameserver /doh.pub/dnspod-ipv6-udp              

nameserver /dns.google/google-ipv6-udp           
nameserver /cloudflare-dns.com/cloudflare-ipv6-udp
nameserver /dns.quad9.net/quad9-ipv6-udp          
nameserver /dns.opendns.com/opendns-ipv6-udp
zxlhhyccc commented 1 year ago

作为备用是什么意思?应该是bootstrap-dns?另外,使用此配置会导致部分网站无法打开!

allen-wong commented 1 year ago

作为备用是什么意思?应该是bootstrap-dns?另外,使用此配置会导致部分网站无法打开!

配置包含了udp、tls和https三种协议,其中仅启用了https,另两种在https故障的情况下启用并通过更新group参数完成6053->dns group->bootstrap dns的链路映射。 另外address.conf配置默认走的是IPv4,如果启用了IPv6记得确认三级链路的group参数一致。 如果还有问题,你可以附上你的配置帮助我排查故障。期待你的反馈

zxlhhyccc commented 1 year ago

作为备用是什么意思?应该是bootstrap-dns?另外,使用此配置会导致部分网站无法打开!

配置包含了udp、tls和https三种协议,其中仅启用了https,另两种在https故障的情况下启用并通过更新group参数完成6053->dns group->bootstrap dns的链路映射。 另外address.conf配置默认走的是IPv4,如果启用了IPv6记得确认三级链路的group参数一致。 如果还有问题,你可以附上你的配置帮助我排查故障。期待你的反馈

我测试仅启用了IP4,未启用IPV6。。。 看这个配置,国内和国外组均设置了排除组,如果均配置了排除组,貌似会出现一些解析问题,建议国内组作为排除组,国外组作为默认组为好。。。 另外,address.conf配置应该需要UDP之类的作为bootstrap去做对应的映射吧?

allen-wong commented 1 year ago

作为备用是什么意思?应该是bootstrap-dns?另外,使用此配置会导致部分网站无法打开!

配置了udp、tls和https透明协议,其中仅启用了https,另外两种在https故障的情况下启用并通过更新组参数完成6053->dns group->bootstrap dns的通道映射。 .conf配置默认走的是IPv4,如果启用了IPv6请注意确认三级队列的组参数一致。如果还有问题,您可以附上您的配置帮助我排查故障。期待您的反馈

我测试只启用了IP4,未启用IPV6。。。 看这个配置,国内和国外组均设置了备用组,如果均配置了备用组,显然会出现一些解析问题,国内建议组作为备用组,国外组作为默认组就好了。。。 另外,address.conf配置应该需要UDP之类的作为引导程序来计算对应的映射吧?

根据我观察到的测试日志,任何非默认组被请求解析的同时,默认组也会一并被请求。为了防止“域内外”层面的DNS泄露,这里采取了最保守的“强制域内仅解析域内,域外同理”的策略。缺点是如果不及时更新规则,会导致两三个小时就会出现无法访问的问题(例如passwall for openwrt仅支持一天更新一次,而chnroute规则的更新更会频繁)。

国外组作为默认组这个想法非常棒,我受到了启发,准备抽时间测试一下。

下面的示例就是指定udp作为https dns地址的bootstrap-dns地址

nameserver /dns.alidns.com/alidns-ipv4-udp