固件
esir R22.1.1 SPP Winter[2022] https://www.youtube.com/c/eSirPlayGround
DNS链路
DNS解析请求首先从本机的53端口出发,dnsmasq->chinadns-ng->pdnsd。
其中,chinadns-ng分流国内外域名,国内的直接交给指定的国内DNS解析完毕,国外的交给上游的pdnsd。
pdnsd负责解析国外域名。
本机的DNS进程
有两个dnsmasq的进程,而且配置都一样,只是执行的用户不同,一个是dnsmasq,一个是root。重复了,没必要。
root@OpenWrt:~# ps | grep dns
3411 root 1332 S /tmp/etc/passwall/bin/pdnsd --daemon -c /tmp/etc/passwall/pdnsd/pdnsd.conf -d
3459 root 7600 S /tmp/etc/passwall/bin/chinadns-ng -v -b 0.0.0.0 -l 7914 -c 192.168.5.202,192.168.5.202 -m /tmp/etc/passwall/chinadns_chnlist -M -t 127.0.0.1#7913 -g /tmp/etc/passwall/chinadns_gfwlist -f
4475 dnsmasq 11484 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
4576 root 11472 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
7747 root 1104 R grep dns
dnsmasq
/usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
配置文件/var/etc/dnsmasq.conf.cfg01411c,跑在53端口。
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
filter-aaaa
port=53
domain=lan
local=/lan/
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases
dhcp-script=/usr/lib/dnsmasq/dhcp-script.sh
script-arp
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq
dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf
srv-host=_vlmcs._tcp,OpenWrt,1688,0,100
bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
no-dhcp-interface=br-lan
指定配置文件夹/tmp/dnsmasq.d,里面有好几个配置文件
root@OpenWrt:~# ls /tmp/dnsmasq.d
dnsmasq-passwall.conf dnsmasq-ssrplus.conf dnsmasq-ssrplus.d passwall
里面的dnsmasq-passwall.conf
指定了上游为7914端口
root@OpenWrt:/tmp/dnsmasq.d# cat dnsmasq-passwall.conf
conf-dir=/tmp/dnsmasq.d/passwall
server=127.0.0.1#7914
all-servers
no-poll
no-resolv
chinadns-ng
chinadns-ng跑在7914端口
/tmp/etc/passwall/bin/chinadns-ng -v -b 0.0.0.0 -l 7914 -c 192.168.5.202,192.168.5.202 -m /tmp/etc/passwall/chinadns_chnlist -M -t 127.0.0.1#7913 -g /tmp/etc/passwall/chinadns_gfwlist -f
参数详细:
$ chinadns-ng --help
usage: chinadns-ng <options...>. the existing options are as follows:
-b, --bind-addr <ip-address> listen address, default: 127.0.0.1
-l, --bind-port <port-number> listen port number, default: 65353
-c, --china-dns <ip[#port],...> china dns server, default: <114DNS>
-t, --trust-dns <ip[#port],...> trust dns server, default: <GoogleDNS>
-4, --ipset-name4 <ipv4-setname> ipset ipv4 set name, default: chnroute
-6, --ipset-name6 <ipv6-setname> ipset ipv6 set name, default: chnroute6
-g, --gfwlist-file <file-path> filepath of gfwlist, '-' indicate stdin
-m, --chnlist-file <file-path> filepath of chnlist, '-' indicate stdin
-o, --timeout-sec <query-timeout> timeout of the upstream dns, default: 5
-p, --repeat-times <repeat-times> it is only used for trustdns, default: 1
-M, --chnlist-first match chnlist first, default: <disabled>
-N, --no-ipv6 disable ipv6-address query (qtype: AAAA)
-f, --fair-mode enable `fair` mode, default: <fast-mode>
-r, --reuse-port enable SO_REUSEPORT, default: <disabled>
-n, --noip-as-chnip accept reply without ipaddr (A/AAAA query)
-v, --verbose print the verbose log, default: <disabled>
-V, --version print `chinadns-ng` version number and exit
-h, --help print `chinadns-ng` help information and exit
bug report: https://github.com/zfl9/chinadns-ng. email: zfl9.com@gmail.com (Otokaze)
-m /tmp/etc/passwall/chinadns_chnlist -M
筛选出国内域名,只用国内DNS解析。
-g /tmp/etc/passwall/chinadns_gfwlist
这里面的域名走国外DNS
-c 192.168.5.202,192.168.5.202
,指定国内DNS。由于我是ikuai+op,这两个是ikuai的DHCP指定的DNS,首选和备选我都写的是192.168.5.202这个DNS。
如果不是没有DHCP下发DNS,这里的国内DNS就是LAN口选择静态地址时,自定义的DNS服务器。
-t 127.0.0.1#7913
指定7913端口的pdnsd为上游,解析国外域名。
pdnsd配置文件
端口7913
global {
perm_cache = 2048;
cache_dir = "/tmp/etc/passwall/pdnsd";
run_as = "root";
server_ip = 127.0.0.1;
server_port = 7913;
status_ctl = on;
query_method = tcp_only;
min_ttl = 1h;
max_ttl = 1w;
timeout = 10;
par_queries = 2;
neg_domain_pol = on;
udpbufsize = 1024;
proc_limit = 2;
procq_limit = 8;
}
server {
label = "node-8.8.8.8_53";
ip = 8.8.8.8;
edns_query = on;
port = 53;
timeout = 4;
interval = 10m;
uptest = none;
purge_cache = off;
proxy_only = on;
caching = on;
reject = ::/0;
reject_policy = negate;
}
评论区