linux部署mosdns教程
PVE LXC 安装
linux操作
apt update
apt upgrade -y
reboot53端口解绑
nano /etc/systemd/resolved.conf
DNSStubListener=no # 找到这句话, 去了# , yes 改到 no
sudo systemctl reload-or-restart systemd-resolved时间修改
# 修改时间
dpkg-reconfigure tzdata
# 改到 Asian/Shanghaimosdns 安装过程
# 核心下载
wget https://github.com/IrineSistiana/mosdns/releases/download/v5.3.1/mosdns-linux-amd64.zip
# 挂载运行目录
mkdir /etc/mosdns
# 安装解压软件
apt install unzip
# 解压至指定目录
unzip mosdns-linux-amd64.zip -d /etc/mosdns
# 进入运行文件夹
cd /etc/mosdns
# 赋予可执行权限
chmod +x mosdns
# 复制到存放自定义或第三方安装的可执行程序的文件夹
cp mosdns /usr/local/bin
# 返回根目录
# 进入启动目录
cd /etc/systemd/system/
# 创建启动服务
touch mosdns.service
# 编辑启动文件内容
nano mosdns.service
================================================================================
[Unit]
Description=mosdns daemon, DNS server.
After=network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/mosdns start -c /etc/mosdns/config.yaml -d /etc/mosdns
[Install]
WantedBy=multi-user.target
==============================================================================
# geoip_cn.txt中只有 V4 的地址, V6 的地址另外会提供, 并直接复制黏贴到geoip_cn 文件V4 下面就可以了
# 安装curl工具
apt install curl
# 下载相关规则文件
curl https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/direct-list.txt > /etc/mosdns/geosite_cn.txt
curl https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt > /etc/mosdns/geoip_cn.txt
curl https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/proxy-list.txt > /etc/mosdns/geosite_geolocation_noncn.txt
curl https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/gfw.txt > /etc/mosdns/gfw.txt
# 在/etc/mosdns/rule 下新建这些文件
# 一些必须添加的list, 会另外文件提供 ( 其中whitelist 和localptr 必须添加 , 直接黏贴复制到对用文件夹就可以了 ) , blocklist 是主路由为OPN 时必须添加的, 并且必须和OPN 中 系统:设置:常规中的域 保持一致。
# 在 fake 的结构里面, 在域名表 不全的前提下, 白名单就是 强制直连的real IP , 灰名单就是 走 fake 的名单, 这些是对于域名表的补充或者说是修正
# 创建相关规则库,whitelist为国内dns解析
# greylist.txt为远程dns解析
# ddns会增加ttl标记,快速完成ddns解析ip地址更换
mkdir /etc/mosdns/rule
cd /etc/mosdns/rule
touch whitelist.txt
touch blocklist.txt
touch greylist.txt
touch ddnslist.txt
touch hosts.txt
touch redirect.txt
touch adlist.txt
touch localptr.txt
# 开启并运行mosdns
systemctl enable mosdns --now
systemctl status mosdns 需增加内容
keyword:.localdomain在 localptr.txt 中增加一下内容,进行查询优化
# block all PTR requests
domain:in-addr.arpa
domain:ip6.arpa在 whitelist. txt 文件中,增加以下内容,进行查询优化
domain:push-apple.com.akadns.net
domain:push.apple.com
domain:iphone-ld.apple.com
domain:lcdn-locator.apple.com
domain:lcdn-registration.apple.com
domain:cn-ssl.ls.apple.com
domain:time.apple.com
domain:store.ui.com.cn
domain:amd.com
domain:msftncsi.com
domain:msftconnecttest.com
domain:office.com
domain:office365.com配置文件内容
以下为 O 大原教程提到内容,适用于双 adg 解析的方式,这样会添加对应的 ui,方便观察本地 dns 解析与远程 dns 解析
# MOSDNS 建立在PVE LXC 中 ,在 LXC 中分别填入 V4 和 V6 的固定IP ( 其中V6 的IP 以 dc00:: ) , 网关为SINGBOX 的 IP ( 其中SINGBOX V6 的地址 在OPN 路由通告设置完后 , SSH 打 ip a 找到inet6 地址就是了)
# 下面这两个IP 需要更换为自己的配置
- tag: forward_local
type: forward
args:
concurrent: 1
upstreams:
- addr: 10.0.0.203:6666 # 国内解析上游 , 可以是主路由 53 端口 , 可以是AD 的IP , 我这个是OPN 中的AD ,目标要求就是上游必须直连
enable_pipeline: false
insecure_skip_verify: false
idle_timeout: 30
enable_http3: false
- tag: forward_remote
type: forward
args:
concurrent: 1
upstreams:
- addr: 10.0.0.250:6666 # 国外解析fake上游 , 这个配合SINGBOX 配置文件的入站6666 端口 , singbox 配置文件另外文件说明
enable_pipeline: false
insecure_skip_verify: false
idle_timeout: 30
enable_http3: false以下为 mosdns 配置文件信息
============================================================================================
level: info
file: "/etc/mosdns/mosdns.log"
http: "0.0.0.0:8338"
include: []
plugins:
- tag: geosite_cn
type: domain_set
args:
files:
- "/etc/mosdns/geosite_cn.txt"
- tag: geoip_cn
type: ip_set
args:
files:
- "/etc/mosdns/geoip_cn.txt"
- tag: geosite_no_cn
type: domain_set
args:
files:
- "/etc/mosdns/geosite_geolocation_noncn.txt"
- tag: whitelist
type: domain_set
args:
files:
- "/etc/mosdns/rule/whitelist.txt"
- tag: blocklist
type: domain_set
args:
files:
- "/etc/mosdns/rule/blocklist.txt"
- tag: greylist
type: domain_set
args:
files:
- "/etc/mosdns/rule/greylist.txt"
- tag: ddnslist
type: domain_set
args:
files:
- "/etc/mosdns/rule/ddnslist.txt"
- tag: hosts
type: hosts
args:
files:
- "/etc/mosdns/rule/hosts.txt"
- tag: redirect
type: redirect
args:
files:
- "/etc/mosdns/rule/redirect.txt"
- tag: adlist
type: domain_set
args:
files:
- "/etc/mosdns/rule/adlist.txt"
- tag: local_ptr
type: domain_set
args:
files:
- "/etc/mosdns/rule/localptr.txt"
- tag: lazy_cache
type: cache
args:
size: 32768
lazy_cache_ttl: 86400
dump_file: /etc/mosdns/cache.dump
dump_interval: 3600
- tag: reject_3
type: sequence
args:
- exec: reject 3
- tag: reject_blocklist
type: sequence
args:
- exec: query_summary reject_blocklist
- exec: $reject_3
- tag: reject_adlist
type: sequence
args:
- exec: query_summary reject_adlist
- exec: $reject_3
- tag: reject_ptrlist
type: sequence
args:
- exec: query_summary reject_ptrlist
- exec: $reject_3
- tag: reject_qtype65
type: sequence
args:
- exec: query_summary reject_qtype65
- exec: $reject_3
- tag: forward_local
type: forward
args:
concurrent: 1
upstreams:
- addr: 10.0.0.203:6666
enable_pipeline: false
insecure_skip_verify: false
idle_timeout: 30
enable_http3: false
- tag: forward_remote
type: forward
args:
concurrent: 1
upstreams:
- addr: 10.0.0.250:6666
enable_pipeline: false
insecure_skip_verify: false
idle_timeout: 30
enable_http3: false
- tag: forward_cf
type: forward
args:
concurrent: 1
upstreams:
- addr: tls://1.1.1.1:853
enable_pipeline: true
insecure_skip_verify: false
idle_timeout: 30
enable_http3: false
- tag: modify_ttl
type: sequence
args:
- exec: ttl 0-0
- tag: modify_ddns_ttl
type: sequence
args:
- exec: ttl 5-5
- tag: local_sequence
type: sequence
args:
- exec: query_summary forward_local
- exec: $forward_local
- tag: remote_sequence
type: sequence
args:
- exec: query_summary forward_remote
- exec: $forward_remote
- tag: forward_cf_upstream
type: sequence
args:
- exec: query_summary forward_cf
- exec: $forward_cf
- tag: has_resp_sequence
type: sequence
args:
- matches: qname $ddnslist
exec: $modify_ddns_ttl
- matches: "!qname $ddnslist"
exec: $modify_ttl
- matches: has_resp
exec: accept
- tag: query_is_ddns_domain
type: sequence
args:
- matches: qname $ddnslist
exec: $local_sequence
- tag: query_is_local_domain
type: sequence
args:
- matches: qname $geosite_cn
exec: $local_sequence
- tag: query_is_no_local_domain
type: sequence
args:
- matches: qname $geosite_no_cn
exec: $remote_sequence
- tag: query_is_whitelist_domain
type: sequence
args:
- matches: qname $whitelist
exec: $local_sequence
- tag: query_is_greylist_domain
type: sequence
args:
- matches: qname $greylist
exec: $remote_sequence
- tag: query_is_reject_domain
type: sequence
args:
- matches: qname $blocklist
exec: $reject_blocklist
- matches: qname $adlist
exec: $reject_adlist
- matches:
- qtype 12
- qname $local_ptr
exec: $reject_ptrlist
- matches: qtype 65
exec: $reject_qtype65
- tag: fallback_sequence
type: sequence
args:
- exec: $forward_cf_upstream
- matches: "rcode 2"
exec: goto local_sequence
- matches: "resp_ip $geoip_cn"
exec: goto local_sequence
- matches: "!resp_ip $geoip_cn"
exec: goto remote_sequence
- tag: main_sequence
type: sequence
args:
- exec: metrics_collector metrics
- exec: $hosts
- exec: jump has_resp_sequence
- matches:
- "!qname $ddnslist"
- "!qname $blocklist"
- "!qname $adlist"
- "!qname $local_ptr"
exec: $lazy_cache
- exec: $redirect
- exec: jump has_resp_sequence
- exec: $query_is_ddns_domain
- exec: jump has_resp_sequence
- exec: $query_is_whitelist_domain
- exec: jump has_resp_sequence
- exec: $query_is_reject_domain
- exec: jump has_resp_sequence
- exec: $query_is_greylist_domain
- exec: jump has_resp_sequence
- exec: $query_is_local_domain
- exec: jump has_resp_sequence
- exec: $query_is_no_local_domain
- exec: jump has_resp_sequence
- exec: $fallback_sequence
- tag: udp_server
type: udp_server
args:
entry: main_sequence
listen: ":53"
- tag: tcp_server
type: tcp_server
args:
entry: main_sequence
listen: ":53"