mosdns-v5 config template

readme.md

mosdns-v5 config

Project structure

./
|-- cache.dump
|-- config.yml
|-- custom
|-- domains
|-- downloads
`-- ips

4 directories, 2 files

Appendix

• Auto generate geoip.txt, geosites.txt (since *.dat are deprecated in v5) - https://github.com/techprober/v2dat

• CI (automate *.txt export) - https://github.com/techprober/v2ray-rules-dat/blob/master/.github/workflows/run.yml

• Available Rules - https://github.com/techprober/v2ray-rules-dat/releases

• Know DNS Servers - https://jike.xyz/tools/dns.html#%E7%9B%B8%E5%85%B3%E7%9F%A5%E8%AF%86

auto-artifact-export.yml

---
- name: Update dat files
  hosts: all
  become: yes

  vars:
    - base_path: /etc/mosdns
    - restart_daemon: yes
    - daemon_service_name: mosdns
    - clean_up_after: yes

  tasks:
    - name: Check prerequisites
      block:
        - name: Gather package facts
          ansible.bultin.package_facts:
            manager: apt

        - name: Install jq if jq is absent
          ansible.builtin.apt:
            name: jq
            state: present
          when: '"jq" not in ansible_facts.packages'

        - name: Install unzip if unzip is absent
          apt:
            name: unzip
            state: present
          when: '"unzip" not in ansible_facts.packages'

        - name: Create project directories if not exist
          ansible.builtin.file:
            path: "{{ item }}"
            state: directory
            mode: 0755
          loop:
            - "{{ base_path }}/ips"
            - "{{ base_path }}/domains"
            - "{{ base_path }}/custom"
            - "{{ base_path }}/downloads"

        - name: Create cache file if not exist
          ansible.builtin.file:
            path: "{{ base_path }}/cache.dump"
            state: file
            mode: 0755

    - name: Get latest release tag
      shell: 'curl https://api.github.com/repos/techprober/v2ray-rules-dat/releases/latest --silent |  jq -r ".tag_name"'
      register: latest_release

    - name: Print result
      ansible.builtin.debug:
        msg: |
          "release_url: https://github.com/techprober/v2ray-rules-dat/releases/tag/{{ latest_release.stdout }}"

    - name: Download dat files with the latest release
      ansible.builtin.get_url:
        url: "https://github.com/techprober/v2ray-rules-dat/releases/download/{{ latest_release.stdout }}/{{ item }}.zip"
        dest: "{{ base_path }}/downloads/{{ item }}-{{ latest_release.stdout }}.zip"
      loop:
        -  "geosite"
        -  "geoip"
      register: download
    
    - name: Unzip artifacts
      block:
        - name: Unzip geosite rules
          shell: |
            unzip -o {{ base_path }}/downloads/geosite-{{ latest_release.stdout }}.zip -d {{ base_path }}/domains
            unzip -o {{ base_path }}/downloads/geoip-{{ latest_release.stdout }}.zip -d {{ base_path }}/ips
    
    - name: Restart daemon service
      ansible.builtin.service:
        name: "{{ daemon_service_name }}"
        state: restarted
      when:
        - restart_daemon
        - download is changed

    - name: Remove raw artifacts
      ansible.builtin.file:
        state: absent
        path: "{{ item }}"
      loop:
        - "{{ base_path }}/downloads/geosite-{{ latest_release.stdout }}.zip"
        - "{{ base_path }}/downloads/geoip-{{ latest_release.stdout }}.zip"
      when:
        - clean_up_after
        - download is changed

mosdns-v5-config.yml

---
# /etc/mosdns/config.yaml

## -- Log Config -- ##
log:
  level: debug # ["debug", "info", "warn", and "error"], default is set to "info"
  # file: "/var/log/mosdns.log"

## -- API Config -- ##
api:
  http: "0.0.0.0:8080"

## -- Plugins Config -- ##
plugins:
  ## --- Cache --- ##
  - tag: custom_cache
    type: cache
    args:
      size: 10240
      lazy_cache_ttl: 0 # ttl set to 86400 (1 day) or to 0 (off)
      dump_file: ./cache.dump # persist cache to a local file, loaded when service starts
      dump_interval: 120 # autosave interval (s)

  ## --- Upstream Servers --- ##
  - tag: upstreams
    type: forward
    args:
      upstreams:
        ## --- Domestic DNS Servers --- ##
        - tag: ali_dot
          addr: tls://dns.alidns.com
          dial_addr: "223.5.5.5"
          enable_pipeline: true
          idle_timeout: 10
          insecure_skip_verify: true
        # - tag: ali_doh
        #   addr: https://dns.alidns.com/dns-query
        #   dial_addr: "223.5.5.5"
        #   enable_pipeline: true
        #   enable_pipeline: true
        #   idle_timeout: 30
        #   insecure_skip_verify: true

        ##  --- Remote DNS Servers --- ##
        - tag: google_dot
          addr: tls://dns.google
          dial_addr: "8.8.8.8"
          enable_pipeline: true
          idle_timeout: 10
          insecure_skip_verify: true
        # - tag: google_doh
        #   addr: https://dns.google/dns-query
        #   dial_addr: "8.8.8.8"
        #   enable_pipeline: true
        #   idle_timeout: 30
        #   insecure_skip_verify: true

        - tag: cloudflare_dot
          addr: tls://1dot1dot1dot1.cloudflare-dns.com
          dial_addr: "1.1.1.1"
          enable_pipeline: true
          idle_timeout: 10
          insecure_skip_verify: true
        # - tag: cloudflare_doh
        #   addr: https://cloudflare-dns.com/dns-query
        #   dial_addr: "1.1.1.1"
        #   enable_pipeline: true
        #   idle_timeout: 30
        #   insecure_skip_verify: true

  ## -- TTL Sequence -- ##
  - tag: "ttl_seq"
    type: sequence
    args:
      - exec: ttl 600-3600
      - exec: accept

  ## --- Domestic Sequence --- ##
  - tag: domestic_seq
    type: sequence
    args:
      - exec: $upstreams ali_dot
      # - exec: goto ttl_seq

  ## --- Remote Sequence --- ##
  - tag: remote_seq
    type: sequence
    args:
      - exec: $upstreams google_dot
      # - exec: goto ttl_seq

  ## --- CN-IP Sequence --- ##
  # if response does NOT has CN IP, drop it
  - tag: cn_ip
    type: sequence
    args:
      - exec: $upstreams ali_dot
      - matches: "!resp_ip &ips/cn.txt"
        exec: drop_resp
      # - exec: goto ttl_seq

  ## --- Fallback --- ##
  # (ip split) if response has CN ip, accept it; otherwise, drop --> forward it to remote upstream servers
  - tag: fallback_ip
    type: fallback
    args:
      primary: cn_ip # empty response
      secondary: remote_seq
      threshold: 500 # no response timeout, default value is 500ms
      always_standby: true

  ## --- Main Sequence --- ##
  - tag: main
    type: sequence
    args:
      - exec: query_summary entry
      # - exec: metrics_controller metrics # prometheus & grafana usage
      - exec: prefer_ipv4 # prefer ipv4 for remote

      - matches: qtype 12
        exec: reject 3
      - matches: qtype 65
        exec: reject 3

      - matches:
          - qname &./domains/category-ads-all.txt # ads
          - qname &./domains/reject.txt
        exec: reject 0

      - exec: $custom_cache # enable cache
      - matches: has_resp
        exec: accept # end if reponse found in cache

      # - matches:
      #     - qname &./custom/remote.txt # custom remote domains
      #   exec: goto remote_seq

      - matches:
          - qname &./domains/direct.txt # cn domains
          - qname &./domains/cn.txt 
        exec: goto domestic_seq

      - matches:
          - qname &./domains/geolocation-!cn.txt # non-cn domains
          - qname &./domains/gfw.txt
          - qname &./domains/google-scholar.txt
          - qname &./domains/category-scholar-!cn.txt
          - qname &./domains/icloud.txt
          - qname &./domains/apple-cn.txt
          - qname &./domains/twitter.txt
          - qname &./domains/telegram.txt
          - qname &./domains/google.txt
        exec: goto remote_seq

      - exec: $fallback_ip # use ip to split the rest domains

  ## --- Server Configuration --- ##
  - tag: server
    type: udp_server
    args:
      entry: main
      listen: :53