|
他的S.SR是黑名单模式吧, pdnsd到底要不要加上, 而且, 他的s.sr中的关于pdnsd的代码部分到底有没有问题? 据他说是参照明月的.
# $1: upstream DNS server
start_pdnsd()
{
local safe_dns="$1"
local dns_mode="$2"
local tcp_dns_list="208.67.222.222, 208.67.220.220" #alex:给pdnsd使用的可靠的国外dns服务器
case "$dns_mode" in
local) : ;;
tcp_gfwlist)
[ -n "$safe_dns" ] && tcp_dns_list="$safe_dns,$tcp_dns_list"
safe_dns="114.114.114.114"
;;
tcp_114)
safe_dns="114.114.114.114"
;;
tcp_proxy)
[ -n "$safe_dns" ] && tcp_dns_list="$safe_dns,$tcp_dns_list"
;;
esac
killall -9 pdnsd 2>/dev/null && sleep 1
mkdir -p /var/etc /var/pdnsd
cat > /var/etc/pdnsd.conf <<EOF #alex:pdnsd配置文件在此
global {
perm_cache=512; # dns缓存大小,单位KB,建议不要写的太大
cache_dir="/var/pdnsd"; # 缓存文件的位置
server_ip = 0.0.0.0; # pdnsd监听的网卡,0.0.0.0是全部网卡
server_port=$PDNSD_LOCAL_PORT; # pdnsd监听的端口,不要和别的服务冲突即可
status_ctl = on;
paranoid=on; # 二次请求模式,如果请求主DNS服务器返回的是垃圾地址,就向备用服务器请求
query_method=tcp_only; # 请求模式,推荐使用仅TCP模式,UDP模式一般需要二次请求
neg_domain_pol = off;
par_queries = 400; # 最多同时请求数
min_ttl = 1d; # DNS结果最短缓存时间
max_ttl = 1w; # DNS结果最长缓存时间
timeout = 10; # DNS请求超时时间,单位秒
}
server {
label = "routine"; # 这个随便写
ip = $safe_dns; # 这里为主要上级 dns 的 ip 地址,建议填写一个当地最快的DNS地址
timeout = 5; # DNS请求超时时间
reject = 74.125.127.102, # 以下是脏IP,也就是DNS污染一般会返回的结果,如果收到如下DNS结果会触发二次请求(TCP协议一般不会碰到脏IP)
74.125.155.102,
74.125.39.102,
74.125.39.113,
209.85.229.138,
128.121.126.139,
159.106.121.75,
169.132.13.103,
192.67.198.6,
202.106.1.2,
202.181.7.85,
203.161.230.171,
203.98.7.65,
207.12.88.98,
208.56.31.43,
209.145.54.50,
209.220.30.174,
209.36.73.33,
211.94.66.147,
213.169.251.35,
216.221.188.182,
216.234.179.13,
243.185.187.39,
37.61.54.158,
4.36.66.178,
46.82.174.68,
59.24.3.173,
64.33.88.161,
64.33.99.47,
64.66.163.251,
65.104.202.252,
65.160.219.113,
66.45.252.237,
69.55.52.253,
72.14.205.104,
72.14.205.99,
78.16.49.15,
8.7.198.45,
93.46.8.89,
37.61.54.158,
243.185.187.39,
190.93.247.4,
190.93.246.4,
190.93.245.4,
190.93.244.4,
65.49.2.178,
189.163.17.5,
23.89.5.60,
49.2.123.56,
54.76.135.1,
77.4.7.92,
118.5.49.6,
159.24.3.173,
188.5.4.96,
197.4.4.12,
220.250.64.24,
243.185.187.30,
249.129.46.48,
253.157.14.165;
reject_policy = fail;
exclude = ".google.com",
".cn", #排除国内DNS解析,如果正常翻,则可以在前面加#注释
".baidu.com", #排除国内DNS解析,如果正常翻,则可以在前面加#注释
".qq.com", #排除国内DNS解析,如果正常翻,则可以在前面加#注释
".gstatic.com",
".googleusercontent.com",
".googlepages.com",
".googlevideo.com",
".googlecode.com",
".googleapis.com",
".googlesource.com",
".googledrive.com",
".ggpht.com",
".youtube.com",
".youtu.be",
".ytimg.com",
".twitter.com",
".facebook.com",
".fastly.net",
".akamai.net",
".akamaiedge.net",
".akamaihd.net",
".edgesuite.net",
".edgekey.net";
}
server {
# 以下为备用DNS服务器的配置,也是二次请求服务器的配置
label = "special"; # 这个随便写
ip = $tcp_dns_list; # 这里为备用DNS服务器的 ip 地址
port = 5353; # 推荐使用53以外的端口(DNS服务器必须支持)
proxy_only = on;
timeout = 5;
}
EOF
#alex:写入配置文件结束符
/usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d
case "$vt_dns_mode" in
local) : ;;
tcp_gfwlist)
if iptables -t nat -N pdnsd_output; then
iptables -t nat -A pdnsd_output -p tcp -j REDIRECT --to $SS_REDIR_PORT
fi
iptables -t nat -I OUTPUT -p tcp --dport 53 -j pdnsd_output
;;
tcp_114)
if iptables -t nat -F pdnsd_output 2>/dev/null; then
while iptables -t nat -D OUTPUT -p tcp --dport 53 -j pdnsd_output 2>/dev/null; do :; done
iptables -t nat -X pdnsd_output
fi
;;
tcp_proxy)
if iptables -t nat -N pdnsd_output; then
iptables -t nat -A pdnsd_output -m set --match-set $vt_np_ipset dst -j RETURN
iptables -t nat -A pdnsd_output -p tcp -j REDIRECT --to $SS_REDIR_PORT
fi
iptables -t nat -I OUTPUT -p tcp --dport 53 -j pdnsd_output
;;
esac
}
stop_pdnsd()
{
if iptables -t nat -F pdnsd_output 2>/dev/null; then
while iptables -t nat -D OUTPUT -p tcp --dport 53 -j pdnsd_output 2>/dev/null; do :; done
iptables -t nat -X pdnsd_output
fi
[ -f /var/run/pdnsd.pid ] || {
killall -9 pdnsd 2>/dev/null #alex:防止意外终止独立pdnsd
rm -rf /var/pdnsd
rm -f /var/etc/pdnsd.conf
}
} |
|