search

sbwml / luci-app-mosdns

一个 DNS 转发器 - OpenWrt 🎁 MosDNS v5 is Ready! 🎉
https://github.com/IrineSistiana/mosdns
1.1k stars 214 forks source link

Passwall, MosDNS配合奈法DNS解锁的问题 #159

Closed ibinlike closed 10 months ago

ibinlike commented 10 months ago

刚刚升级到最新版本的Passwall以及mosdns 插件, 版本号5.3.0.

我的应用场景是, Passwall要分流奈法, 上级DNS为MosDNS。

MosDNS的配制如下:

log:
  level: info
  file: "/tmp/mosdns.log"

include: []

plugins:
  - tag: geosite_cn
    type: domain_set
    args:
      files:
        - "/var/mosdns/geosite_cn.txt"
        - "/var/mosdns/geosite_google-cn.txt"

  - tag: geoip_cn
    type: ip_set
    args:
      files:
        - "/var/mosdns/geoip_cn.txt"

  - tag: geosite_no_cn
    type: domain_set
    args:
      files:
        - "/var/mosdns/geosite_geolocation-!cn.txt"

  - tag: nf_ds
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/nf_ds.txt"

  - tag: whitelist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/whitelist.txt"

  - tag: blocklist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/blocklist.txt"

  - tag: greylist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/greylist.txt"

  - tag: ddnslist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/ddnslist.txt"

  - tag: hosts
    type: hosts
    args:
      files:
        - "/etc/mosdns/rule/hosts.txt"

  - tag: redirect
    type: redirect
    args:
      files:
        - "/etc/mosdns/rule/redirect.txt"

  - tag: local_ptr
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/local-ptr.txt"

  - tag: lazy_cache
    type: cache
    args:
      size: 8000
      lazy_cache_ttl: 86400

  - tag: forward_local
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: "udp://223.5.5.5"
        - addr: "udp://119.29.29.29"

  - tag: forward_remote
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: "tcp://8.8.8.8"
          enable_pipeline: false
          max_conns: 2
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false

  - tag: forward_nf_ds
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: "x.x.x.x"

  - tag: modify_ttl
    type: sequence 
    args:
      - exec: ttl 0-0

  - tag: modify_ddns_ttl
    type: sequence
    args:
      - exec: ttl 5-5

  - tag: local_sequence
    type: sequence
    args:
      - exec: $forward_local

  - tag: remote_sequence
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: $forward_remote

  - tag: remote_sequence_nf
    type: sequence
    args:
      - exec: $forward_nf_ds

  - tag: has_resp_sequence
    type: sequence
    args:
      - matches: qname $ddnslist
        exec: $modify_ddns_ttl
      - matches: "!qname $ddnslist"
        exec: $modify_ttl
      - matches: has_resp
        exec: accept

  - tag: query_is_local_ip
    type: sequence
    args:
      - exec: $local_sequence
      - matches: "!resp_ip $geoip_cn"
        exec: drop_resp

  - tag: query_is_remote
    type: sequence
    args:
      - exec: $remote_sequence

  - tag: fallback
    type: fallback
    args:
      primary: query_is_local_ip
      secondary: query_is_remote
      threshold: 500
      always_standby: true

  - tag: query_is_nf_ds
    type: sequence
    args:
      - matches: qname $nf_ds
        exec: $remote_sequence_nf

  - tag: query_is_ddns_domain
    type: sequence
    args:
      - matches: qname $ddnslist
        exec: $local_sequence

  - tag: query_is_local_domain
    type: sequence
    args:
      - matches: qname $geosite_cn
        exec: $local_sequence

  - tag: query_is_no_local_domain
    type: sequence
    args:
      - matches: qname $geosite_no_cn
        exec: $remote_sequence

  - tag: query_is_whitelist_domain
    type: sequence
    args:
      - matches: qname $whitelist
        exec: $local_sequence

  - tag: query_is_greylist_domain
    type: sequence
    args:
      - matches: qname $greylist
        exec: $remote_sequence

  - tag: query_is_reject_domain
    type: sequence
    args:
      - matches: qname $blocklist
        exec: reject 3
      - matches:
        - qtype 12
        - qname $local_ptr
        exec: reject 3
      - matches: qtype 65
        exec: reject 3

  - tag: main_sequence
    type: sequence
    args:
      - exec: $hosts
      - exec: jump has_resp_sequence
      - matches:
        - "!qname $ddnslist"
        - "!qname $blocklist"
        - "!qname $local_ptr"
        exec: $lazy_cache
      - exec: $redirect
      - exec: jump has_resp_sequence
      - exec: $query_is_nf_ds
      - exec: jump has_resp_sequence
      - exec: $query_is_ddns_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_whitelist_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_reject_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_greylist_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_local_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_no_local_domain
      - exec: jump has_resp_sequence
      - exec: $fallback

  - tag: udp_server
    type: udp_server
    args:
      entry: main_sequence
      listen: 127.0.0.1:5335

  - tag: tcp_server
    type: tcp_server
    args:
      entry: main_sequence
      listen: 127.0.0.1:5335

奈飞的线路是一个hysteria2的节点, 在节点上hysteria2服务器端的配置:

resolver:
  type: udp
  tcp:
    addr: x.x.x.x:53
    timeout: 4s
  udp:
    addr: x.x.x.x:53
    timeout: 4s

quic:
  initStreamReceiveWindow: 16777216
  maxStreamReceiveWindow: 16777216
  initConnReceiveWindow: 33554432
  maxConnReceiveWindow: 33554432

auth:
  type: password
  password: xxxxxxxxxxxxxxxxxxxxxx

masquerade:
  type: proxy
  proxy:
    url: https://maimai.sega.jp
    rewriteHost: true

其中x.x.x.x是奈飞DNS解锁服务器的地址。

现在这样配制以后, 发现能正常访问奈法, 但是不是DNS服务解锁区域的内容(比如DNS解锁区域是新加坡, 但是访问奈法网站仍然是它全球网站, 不是新加坡的奈飞, 而且只能看自制内容。

所以不知道是哪个部分出了问题, 还请大家帮忙看看

sbwml commented 10 months ago

规则配置问题,建议到 mosdns 官方仓库讨论区。https://github.com/IrineSistiana/mosdns/discussions

ZacharyRen77 commented 8 months ago

请问你解决这个问题了吗