Skip to content

Instantly share code, notes, and snippets.

@wujcheng

wujcheng/Ubuntu_Dnsmasq_pdnsd实现无快速污染DNS解析.md

Forked from vialib/Ubuntu_Dnsmasq_pdnsd实现无快速污染DNS解析.md
Created August 18, 2018 09:39
Show Gist options
  • Save wujcheng/df3b1dcca42769f3187c564d0585018f to your computer and use it in GitHub Desktop.
Save wujcheng/df3b1dcca42769f3187c564d0585018f to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu Dnsmasq + pdnsd 实现无快速污染DNS解析
Raw
Ubuntu_Dnsmasq_pdnsd实现无快速污染DNS解析.md

安装软件

安装 dnsmasq

sudo apt install dnsmasq

安装 pdnsd

sudo apt install pdnsd

如果找不到软件包是由于pdnsd已经停止维护,较新版本 Ubuntu 需要从这里下载deb包 http://archive.ubuntu.com/ubuntu/pool/universe/p/pdnsd

dpkg -i xxx.deb

关闭 systemctl-resolv

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

启用 Pdnsd

测试 非中国大陆 dns服务器

dig google.com @8.8.8.8 +tcp

若显示:

;; ANSWER SECTION:
google.com.		200	IN	A	216.58.200.46 #可以是其它ip

;; Query time: 78 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)

则 pdnsd 解析正常

否则需要在 /etc/pdnsd.conf 中换成其它dns服务器

删除 pdnsd 配置文件

sudo rm /etc/pdnsd.conf

修改 pdnsd 配置文件

sudo vim /etc/pdnsd.conf

重启 pdnsd 并查看状态

sudo service pdnsd restart

sudo service pdnsd status

如果显示 Active: active (running) 就表示正在运行

修改/etc/resolv.conf 指定dns

sudo vim /etc/resolv.conf

仅保留 nameserver 127.0.0.53

dig google.com

若显示:

;; ANSWER SECTION:
google.com.		900	IN	A	216.58.200.46 #可以是其它ip

;; Query time: 56 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)

则 pdnsd 解析正常

启用 Dnsmasq

删除 dnsmasq 配置文件

sudo rm /etc/dnsmasq.conf

修改 dnsmasq 配置文件

sudo vim /etc/dnsmasq.conf

重启 dnsmasq 并查看状态

sudo service dnsmasq restart

sudo service dnsmasq status

如果显示 Active: active (running) 就表示正在运行

修改/etc/resolv.conf 指定dns

sudo vim /etc/resolv.conf

仅保留 ·nameserver 127.0.0.1·

dig google.com

若显示:

;; ANSWER SECTION:
google.com.		900	IN	A	216.58.200.46 #可以是其它ip

;; Query time: 72 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

则 dnsmasq 解析正常

使用 dnsmasq-china-list 解析 NameServer 在中国大陆的域名

git clone https://github.com/felixonmars/dnsmasq-china-list.git
cd dnsmasq-china-list
./install.sh

锁定 /etc/resolv.conf ,防止被还原

sudo rm /etc/resolv.conf

sudo vim /etc/resolv.conf

写入 nameserver 127.0.0.1

sudo chattr +i /etc/resolv.conf

重启 dnsmasq

sudo service dnsmasq restart

Raw
x attach_1: pdnsd.conf
// Read the pdnsd.conf(5) manpage for an explanation of the options.
/* Note: this file is overriden by automatic config files when
/etc/default/pdnsd AUTO_MODE is set and that
/usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
*/
global {
perm_cache = 2048;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = 127.0.0.53;
server_port = 53;
status_ctl = on;
paranoid = on;
query_method=tcp_only; // pdnsd must be compiled with tcp
// query support for this to work.
min_ttl=15m; // Retain cached entries at least 15 minutes.
max_ttl=1w; // One week.
timeout=5; // Global timeout option (10 seconds).
// Don't enable if you don't recurse yourself, can lead to problems
// delegation_only="com","net";
}
/* with status_ctl=on and resolvconf installed, this will work out from the box
this is the recommended setup for mobile machines */
server {
label = "googledns";
ip = 8.8.8.8, 8.8.4.4;
timeout = 5;
interval = 30;
uptest = ping;
ping_timeout = 10;
purge_cache = off;
// reject=
// 1.1.1.1,
// 2.2.2.2;
// reject poison dns address
reject_policy = fail;
exclude = .localdomain;
// DONT FORGET TO ADD DOT ON HEAD
preset = off;
}
source {
owner=localhost;
// serve_aliases=on;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
Raw
x attach_2: dnsmasq.conf
# 本地监听地址
`listen-address=127.0.0.1`
# 上游dns服务器
`server=127.0.0.53`
# 附加配置文件夹
`conf-dir=/etc/dnsmasq.d`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment