Last active
July 27, 2025 16:34
-
-
Save piyoki/dbe18d4e023f68a903ee6273cde71ba9 to your computer and use it in GitHub Desktop.
mosdns deployment
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/mosdns/config.json | |
| --- | |
| # log config | |
| log: | |
| level: info # ["debug", "info", "warn", and "error"], default is set to "info" | |
| file: "/var/log/mosdns.log" | |
| # data source config | |
| data_providers: | |
| - tag: cn | |
| file: "/etc/mosdns/cn.dat" | |
| auto_reload: false | |
| - tag: geoip | |
| file: "/etc/mosdns/geoip.dat" | |
| auto_reload: false | |
| - tag: geosite | |
| file: "/etc/mosdns/geosite.dat" | |
| auto_reload: false | |
| # api config | |
| api: | |
| http: ":8080" | |
| # server config | |
| servers: | |
| # main query sequence | |
| - exec: sequence_exec | |
| timeout: 5 | |
| listeners: | |
| # --- local port binding --- # | |
| # local ipv6 | |
| - protocol: udp | |
| addr: "[::1]:53" | |
| - protocol: tcp | |
| addr: "[::1]:53" | |
| # local ipv4 | |
| - protocol: udp | |
| addr: "127.0.0.1:53" | |
| - protocol: tcp | |
| addr: "127.0.0.1:53" | |
| # --- interface binding --- # | |
| # lag group | |
| - protocol: udp | |
| addr: "10.178.0.3:53" | |
| - protocol: tcp | |
| addr: "10.178.0.3:53" | |
| # vlan 17 | |
| - protocol: udp | |
| addr: "10.189.17.3:53" | |
| - protocol: tcp | |
| addr: "10.189.17.3:53" | |
| # plugin config | |
| plugins: | |
| # --- Excutable Plugins --- # | |
| # cache | |
| # - tag: "mem_cache" | |
| # type: "cache" | |
| # args: | |
| # size: 1024 # query max number | |
| # lazy_cache_ttl: 86400 # lazy cache ttl | |
| # lazy_cache_reply_ttl: 30 # timeout ttl | |
| # cache_everything: true | |
| - tag: "redis_cache" | |
| type: "cache" | |
| args: | |
| size: 1024 # query max number | |
| lazy_cache_ttl: 86400 # lazy cache ttl | |
| lazy_cache_reply_ttl: 30 # timeout ttl | |
| cache_everything: true | |
| # redis config | |
| redis: "redis://10.189.17.4:6379/1" | |
| redis_timeout: 50 | |
| # ttl | |
| - tag: "modify_ttl" | |
| type: "ttl" | |
| args: | |
| minimal_ttl: 300 | |
| maximum_ttl: 3600 | |
| # --- Domestic DNS --- # | |
| # alidns | |
| - tag: ali_doh_dot | |
| type: forward | |
| args: | |
| upstream: | |
| - addr: "https://dns.alidns.com/dns-query" # DoH server address | |
| ip_addr: # server ip addresses | |
| - "2400:3200:baba::1" | |
| - "223.5.5.5" | |
| - "2400:3200::1" | |
| - "223.6.6.6" | |
| trusted: true | |
| - addr: "tls://dns.alidns.com" # DoT server address | |
| ip_addr: # server ip addresses | |
| - "2400:3200:baba::1" | |
| - "223.5.5.5" | |
| - "2400:3200::1" | |
| - "223.6.6.6" | |
| trusted: true | |
| bootstrap: | |
| - "tls://1.1.1.1" | |
| - "https://223.5.5.5/dns-query" | |
| timeout: 5 # default timeout | |
| # --- Local DNS --- # | |
| - tag: localdns | |
| type: forward | |
| args: | |
| upstream: | |
| - addr: "178.0.50.6:53" | |
| # --- Remote DNS --- # | |
| # google dns | |
| - tag: google_doh | |
| type: forward | |
| args: | |
| upstream: | |
| - addr: "https://dns.google/dns-query" # DoH server address | |
| ip_addr: # server ip addresses | |
| - "2001:4860:4860::8844" | |
| - "8.8.4.4" | |
| - "2001:4860:4860::8888" | |
| - "8.8.8.8" | |
| trusted: true | |
| - tag: google_dot | |
| type: fast_forward | |
| args: | |
| upstream: | |
| - addr: "tls://dns.google" # DoT server address | |
| dial_addr: "8.8.4.4" | |
| trusted: true | |
| enable_pipeline: true | |
| - addr: "tls://dns.google" | |
| dial_addr: "2001:4860:4860::8888" | |
| trusted: true | |
| enable_pipeline: true | |
| - addr: "tls://dns.google" | |
| dial_addr: "8.8.8.8" | |
| trusted: true | |
| enable_pipeline: true | |
| # cloudflare | |
| - tag: cloudflare_doh | |
| type: forward | |
| args: | |
| upstream: | |
| - addr: "https://cloudflare-dns.com/dns-query" # DoH server address | |
| ip_addr: # server ip addresses | |
| - "2606:4700:4700::1001" | |
| - "1.0.0.1" | |
| - "2606:4700:4700::1111" | |
| - "1.1.1.1" | |
| trusted: true | |
| - tag: cloudflare_dot | |
| type: fast_forward | |
| args: | |
| upstream: | |
| - addr: "tls://1dot1dot1dot1.cloudflare-dns.com" # DoT server address | |
| dial_addr: "2606:4700:4700::1001" | |
| trusted: true | |
| enable_pipeline: true | |
| - addr: "tls://1dot1dot1dot1.cloudflare-dns.com" | |
| dial_addr: "1.0.0.1" | |
| trusted: true | |
| enable_pipeline: true | |
| - addr: "tls://1dot1dot1dot1.cloudflare-dns.com" | |
| dial_addr: "2606:4700:4700::1111" | |
| trusted: true | |
| enable_pipeline: true | |
| - addr: "tls://1dot1dot1dot1.cloudflare-dns.com" | |
| dial_addr: "1.0.0.1" | |
| trusted: true | |
| enable_pipeline: true | |
| # h3 parallel | |
| - tag: google_h3 | |
| type: "fast_forward" | |
| args: | |
| # upstream servers, at lease to configure one, send request in parallel to all servers | |
| upstream: | |
| - addr: "https://dns.google/dns-query" | |
| dial_addr: "2001:4860:4860::8844" | |
| trusted: true | |
| enable_http3: true | |
| - addr: "https://dns.google/dns-query" | |
| dial_addr: "8.8.4.4" | |
| trusted: true | |
| enable_http3: true | |
| - addr: "https://dns.google/dns-query" | |
| dial_addr: "2001:4860:4860::8888" | |
| trusted: true | |
| enable_http3: true | |
| - addr: "https://dns.google/dns-query" | |
| dial_addr: "8.8.8.8" | |
| trusted: true | |
| enable_http3: true | |
| - tag: cloudflare_h3 | |
| type: "fast_forward" | |
| args: | |
| upstream: | |
| - addr: "https://cloudflare-dns.com/dns-query" | |
| dial_addr: "2606:4700:4700::1001" | |
| trusted: true | |
| enable_http3: true | |
| - addr: "https://cloudflare-dns.com/dns-query" | |
| dial_addr: "1.0.0.1" | |
| trusted: true | |
| enable_http3: true | |
| - addr: "https://cloudflare-dns.com/dns-query" | |
| dial_addr: "2606:4700:4700::1111" | |
| trusted: true | |
| enable_http3: true | |
| - addr: "https://cloudflare-dns.com/dns-query" | |
| dial_addr: "1.1.1.1" | |
| trusted: true | |
| enable_http3: true | |
| # doq backup resolver | |
| - tag: adguard | |
| type: forward | |
| args: | |
| upstream: | |
| - addr: "quic://dns-unfiltered.adguard.com" # DoQ server | |
| ip_addr: # server addresses | |
| - "2a10:50c0::1:ff" | |
| - "94.140.14.140" | |
| - "2a10:50c0::2:ff" | |
| - "94.140.14.141" | |
| trusted: true | |
| # --- query matcher --- # | |
| # query - CN domains | |
| - tag: query_cn | |
| type: query_matcher | |
| args: | |
| domain: | |
| - "provider:geosite:cn" | |
| # query - GFW domains | |
| - tag: query_gfw | |
| type: query_matcher | |
| args: | |
| domain: | |
| - "provider:geosite:gfw" | |
| # query - non-CN domains | |
| - tag: query_notcn | |
| type: query_matcher | |
| args: | |
| domain: | |
| - "provider:geosite:geolocation-!cn" | |
| # query - ad | |
| - tag: query_ad | |
| type: query_matcher | |
| args: | |
| domain: | |
| - "provider:geosite:category-ads-all" | |
| # query - CN IP | |
| - tag: response_cnip | |
| type: response_matcher | |
| args: | |
| ip: | |
| - "provider:geoip:cn" | |
| # --- Sequence --- # | |
| # local sequence | |
| - tag: local | |
| type: sequence | |
| args: | |
| exec: | |
| # - primary: | |
| - parallel: | |
| - - ali_doh_dot | |
| # secondary: | |
| # - localdns | |
| # fast_fallback: 600 | |
| # always_standby: true | |
| # remote sequence | |
| - tag: remote | |
| type: sequence | |
| args: | |
| exec: | |
| # - primary: | |
| - parallel: | |
| - - google_doh | |
| - - cloudflare_doh | |
| - - google_dot | |
| - - cloudflare_dot | |
| - - adguard # secondary | |
| - - google_h3 | |
| - - cloudflare_h3 | |
| # secondary: | |
| # - adguard | |
| # fast_fallback: 600 | |
| # always_standby: true | |
| # main_sequence | |
| - tag: main_sequence | |
| type: sequence | |
| args: | |
| exec: | |
| # CN domains | |
| - if: "query_cn" | |
| exec: | |
| - _prefer_ipv4 # ipv4 as priority | |
| - _pad_query | |
| - local # local ip as result | |
| - if: "response_cnip" # cnip as result | |
| exec: | |
| - _return # end | |
| # non-CN domains | |
| - if: query_notcn | |
| exec: | |
| - _prefer_ipv4 # ipv4 as priority | |
| - _pad_query | |
| - remote # uncontaminated ip | |
| - if: "!response_cnip" # non-CN ip as result | |
| exec: | |
| - _return # end | |
| # other condition | |
| - primary: | |
| - _prefer_ipv4 | |
| - _pad_query | |
| - remote | |
| secondary: | |
| - _prefer_ipv4 | |
| - _pad_query | |
| - local | |
| fast_fallback: 400 | |
| always_standby: true | |
| # --- sequence execution --- # | |
| - tag: sequence_exec | |
| type: sequence | |
| args: | |
| exec: | |
| - _prefer_ipv4 | |
| - if: query_ad # ad | |
| exec: | |
| - _new_nxdomain_response # empty response | |
| - _return | |
| - redis_cache # cache | |
| - main_sequence # run main query sequence | |
| - modify_ttl |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| version: "3.4" | |
| services: | |
| redis: | |
| container_name: redis | |
| image: "redis:alpine" | |
| command: redis-server | |
| ports: | |
| - "6379:6379" | |
| volumes: | |
| - $PWD/redis-data:/var/lib/redis | |
| - $PWD/redis.conf:/usr/local/etc/redis/redis.conf | |
| environment: | |
| - REDIS_REPLICATION_MODE=master | |
| networks: | |
| node_net: | |
| ipv4_address: 172.28.1.4 | |
| restart: unless-stopped | |
| watchtower: | |
| container_name: watchtower | |
| image: containrrr/watchtower | |
| restart: always | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| command: ["--cleanup", "--interval", "3600", "--debug"] | |
| # networking for the Redis container | |
| networks: | |
| node_net: | |
| ipam: | |
| driver: default | |
| config: | |
| - subnet: 172.28.0.0/16 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment