├── .gitignore ├── Makefile ├── README.md ├── etc ├── README.md ├── dnsmasq.conf └── dnsmasq.d │ ├── address-custom.conf │ ├── ignore-address.conf │ └── server-custom.conf ├── files ├── dhcp.conf ├── dnsmasq.conf ├── dnsmasq.hotplug └── dnsmasq.init └── patches ├── 100-fix-dhcp-no-address-warning.patch ├── 110-ipset-remove-old-kernel-support.patch └── 210-dnssec-improve-timestamp-heuristic.patch /.gitignore: -------------------------------------------------------------------------------- 1 | dist/* 2 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2006-2015 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_NAME:=dnsmasq 11 | PKG_VERSION:=2.73rc7 12 | PKG_RELEASE:=1 13 | 14 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz 15 | PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates 16 | PKG_MD5SUM:=526f7d51b71e07e6e431f5ea48f4b5be 17 | 18 | PKG_LICENSE:=GPL-2.0 19 | PKG_LICENSE_FILES:=COPYING 20 | 21 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) 22 | 23 | PKG_INSTALL:=1 24 | PKG_BUILD_PARALLEL:=1 25 | PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ 26 | CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ 27 | CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \ 28 | CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset 29 | 30 | include $(INCLUDE_DIR)/package.mk 31 | 32 | define Package/dnsmasq/Default 33 | SECTION:=net 34 | CATEGORY:=Base system 35 | TITLE:=DNS and DHCP server 36 | URL:=http://www.thekelleys.org.uk/dnsmasq/ 37 | endef 38 | 39 | define Package/dnsmasq 40 | $(call Package/dnsmasq/Default) 41 | VARIANT:=nodhcpv6 42 | endef 43 | 44 | define Package/dnsmasq-dhcpv6 45 | $(call Package/dnsmasq/Default) 46 | TITLE += (with DHCPv6 support) 47 | DEPENDS:=@IPV6 +kmod-ipv6 48 | VARIANT:=dhcpv6 49 | endef 50 | 51 | define Package/dnsmasq-full 52 | $(call Package/dnsmasq/Default) 53 | TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default) 54 | DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \ 55 | +PACKAGE_dnsmasq_full_dhcpv6:kmod-ipv6 \ 56 | +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset 57 | VARIANT:=full 58 | endef 59 | 60 | define Package/dnsmasq/description 61 | It is intended to provide coupled DNS and DHCP service to a LAN. 62 | endef 63 | 64 | define Package/dnsmasq-dhcpv6/description 65 | $(call Package/dnsmasq/description) 66 | 67 | This is a variant with DHCPv6 support 68 | endef 69 | 70 | define Package/dnsmasq-full/description 71 | $(call Package/dnsmasq/description) 72 | 73 | This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and 74 | IPset support enabled by default. 75 | endef 76 | 77 | define Package/dnsmasq/conffiles 78 | /etc/config/dhcp 79 | /etc/dnsmasq.conf 80 | endef 81 | 82 | define Package/dnsmasq-full/config 83 | if PACKAGE_dnsmasq-full 84 | config PACKAGE_dnsmasq_full_dhcpv6 85 | bool "Build with DHCPv6 support." 86 | depends on IPV6 87 | default y 88 | config PACKAGE_dnsmasq_full_dnssec 89 | bool "Build with DNSSEC support." 90 | default y 91 | config PACKAGE_dnsmasq_full_auth 92 | bool "Build with the facility to act as an authoritative DNS server." 93 | default y 94 | config PACKAGE_dnsmasq_full_ipset 95 | bool "Build with IPset support." 96 | default y 97 | endif 98 | endef 99 | 100 | Package/dnsmasq-dhcpv6/conffiles = $(Package/dnsmasq/conffiles) 101 | Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) 102 | 103 | TARGET_CFLAGS += -ffunction-sections -fdata-sections 104 | TARGET_LDFLAGS += -Wl,--gc-sections 105 | 106 | COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) 107 | 108 | ifeq ($(BUILD_VARIANT),nodhcpv6) 109 | COPTS += -DNO_DHCP6 110 | endif 111 | 112 | ifeq ($(BUILD_VARIANT),full) 113 | COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \ 114 | $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \ 115 | $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \ 116 | $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) 117 | COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) 118 | else 119 | COPTS += -DNO_AUTH -DNO_IPSET 120 | endif 121 | 122 | MAKE_FLAGS := \ 123 | $(TARGET_CONFIGURE_OPTS) \ 124 | CFLAGS="$(TARGET_CFLAGS)" \ 125 | LDFLAGS="$(TARGET_LDFLAGS)" \ 126 | COPTS="$(COPTS)" \ 127 | PREFIX="/usr" 128 | 129 | define Package/dnsmasq/install 130 | $(INSTALL_DIR) $(1)/usr/sbin 131 | $(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnsmasq $(1)/usr/sbin/ 132 | $(INSTALL_DIR) $(1)/etc/config 133 | $(INSTALL_DATA) ./files/dhcp.conf $(1)/etc/config/dhcp 134 | $(INSTALL_DATA) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf 135 | $(INSTALL_DIR) $(1)/etc/init.d 136 | $(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq 137 | $(INSTALL_DIR) $(1)/etc/hotplug.d/iface 138 | $(INSTALL_DATA) ./files/dnsmasq.hotplug $(1)/etc/hotplug.d/iface/25-dnsmasq 139 | endef 140 | 141 | Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install) 142 | 143 | define Package/dnsmasq-full/install 144 | $(call Package/dnsmasq/install,$(1)) 145 | ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),) 146 | $(INSTALL_DIR) $(1)/usr/share/dnsmasq 147 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq 148 | endif 149 | endef 150 | 151 | $(eval $(call BuildPackage,dnsmasq)) 152 | $(eval $(call BuildPackage,dnsmasq-dhcpv6)) 153 | $(eval $(call BuildPackage,dnsmasq-full)) 154 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Dnsmasq for OpenWrt 2 | === 3 | 4 | 简介 5 | --- 6 | 7 | 本项目是 [Dnsmasq][1] 在 OpenWrt 上的移植与功能增强 8 | 当前版本: 2.72-4 9 | [预编译 IPK 下载][3] 10 | 11 | 特性 12 | --- 13 | 14 | - 添加 `--ignore-address` 选项, 忽略指定的 IP, 防止 DNS劫持 15 | - 添加 `--min-cache-ttl` 选项, 可设置 DNS缓存最小有效期 16 | 17 | 编译 18 | --- 19 | 20 | - 从 OpenWrt 的 [SDK][S] 编译 21 | 22 | ```bash 23 | # 以 ar71xx 平台为例 24 | tar xjf OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2.tar.bz2 25 | cd OpenWrt-SDK-ar71xx-* 26 | # 下载 Patch & Makefile 27 | git clone https://github.com/aa65535/openwrt-dnsmasq.git package/dnsmasq 28 | # 选择要编译的包 Base system -> dnsmasq 29 | make menuconfig 30 | # 开始编译 31 | make package/dnsmasq/compile V=99 32 | ``` 33 | 34 | - 其他平台将 Patch 应用到 dnsmasq 源码后编译 35 | 36 | ```bash 37 | # 下载代码 38 | wget http://thekelleys.org.uk/dnsmasq/dnsmasq-2.72.tar.gz 39 | git clone https://github.com/aa65535/openwrt-dnsmasq.git 40 | # 打 Patch 41 | tar xzf dnsmasq-2.72.tar.gz 42 | cd dnsmasq* 43 | patch -p1 < ../openwrt-dnsmasq/patches/111-feature-enhancement.patch 44 | # 开始编译 45 | make 46 | ``` 47 | 48 | 配置 49 | --- 50 | 51 | - [默认配置文件][4] 52 | 53 | - [与 ss-tunnel 搭配][8] 54 | 55 | ---------- 56 | 57 | Name | Description 58 | -------------------------|----------------------------------- 59 | [openwrt-chinadns][5] | ChinaDNS-C for OpenWrt 60 | [openwrt-shadowsocks][7] | Shadowsocks-libev for OpenWrt 61 | [openwrt-redsocks2][R] | RedSocks2 for OpenWrt 62 | [openwrt-shadowvpn][6] | ShadowVPN for OpenWrt 63 | [openwrt-dist-luci][L] | LuCI Applications for OpenWrt-dist 64 | 65 | 66 | [1]: http://www.thekelleys.org.uk/dnsmasq/doc.html 67 | [3]: https://sourceforge.net/projects/openwrt-dist/files/dnsmasq/ 68 | [4]: https://github.com/aa65535/openwrt-dnsmasq/blob/master/files/dnsmasq.conf 69 | [5]: https://github.com/aa65535/openwrt-chinadns 70 | [6]: https://github.com/aa65535/openwrt-shadowvpn 71 | [7]: https://github.com/shadowsocks/openwrt-shadowsocks 72 | [8]: https://github.com/aa65535/openwrt-dnsmasq/tree/master/etc 73 | [R]: https://github.com/aa65535/openwrt-redsocks2 74 | [S]: http://wiki.openwrt.org/doc/howto/obtain.firmware.sdk 75 | [L]: https://github.com/aa65535/openwrt-dist-luci 76 | -------------------------------------------------------------------------------- /etc/README.md: -------------------------------------------------------------------------------- 1 | Dnsmasq Config 2 | === 3 | 4 | 此配置需要搭配 `ss-tunnel` 使用 5 | dnsmasq 会自动载入 `/etc/dnsmasq.d` 中的配置文件 6 | 7 | 文件名 | 简介 8 | ----------------------|------------------------------- 9 | `address-custom.conf` | 自定义域名 IP, 目前只有广告屏蔽列表 10 | `server-custom.conf` | DNS查询使用 `ss-tunnel` 的域名, 目前只有被污染域名 11 | `ignore-address.conf` | GFW 返回的污染 IP 地址, 已经失效 12 | -------------------------------------------------------------------------------- /etc/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | no-poll 2 | no-resolv 3 | all-servers 4 | cache-size=5000 5 | min-cache-ttl=1800 6 | server=127.0.0.1#5300 7 | server=114.114.114.114 8 | conf-dir=/etc/dnsmasq.d 9 | -------------------------------------------------------------------------------- /etc/dnsmasq.d/address-custom.conf: -------------------------------------------------------------------------------- 1 | ## Custom address ## 2 | # Block 3 | address=/.103092804.com/0.0.0.0 4 | address=/.114so.cn/0.0.0.0 5 | address=/.23blogs.com/0.0.0.0 6 | address=/.24quan.com/0.0.0.0 7 | address=/adm.265g.com/0.0.0.0 8 | address=/.2mdn.net/0.0.0.0 9 | address=/.360safego.com/0.0.0.0 10 | address=/.51.la/0.0.0.0 11 | address=/.acs.56.com/0.0.0.0 12 | address=/.agent.56.com/0.0.0.0 13 | address=/.stat.56.com/0.0.0.0 14 | address=/.corp.56.com/0.0.0.0 15 | address=/.union.56.com/0.0.0.0 16 | address=/.uvimage.56.com/0.0.0.0 17 | address=/v16.56.com/0.0.0.0 18 | address=/.shrek.6.cn/0.0.0.0 19 | address=/.simba.6.cn/0.0.0.0 20 | address=/.union.6.cn/0.0.0.0 21 | address=/.pole.6rooms.com/0.0.0.0 22 | address=/.ad.71i.de/0.0.0.0 23 | address=/.777wyx.com/0.0.0.0 24 | address=/.9158918.com/0.0.0.0 25 | address=/.a-ads.com/0.0.0.0 26 | address=/ads.ahds.ac.uk/0.0.0.0 27 | address=/ad.accessmediaproductions.com/0.0.0.0 28 | address=/.ad.net/0.0.0.0 29 | address=/.ad001.ru/0.0.0.0 30 | address=/.ad20.net/0.0.0.0 31 | address=/.ad2games.com/0.0.0.0 32 | address=/.ad3.eu/0.0.0.0 33 | address=/.ad-411.com/0.0.0.0 34 | address=/.ad4game.com/0.0.0.0 35 | address=/.ad4partners.com/0.0.0.0 36 | address=/.ad6media.fr/0.0.0.0 37 | address=/.adaos-ads.net/0.0.0.0 38 | address=/.ads.adap.tv/0.0.0.0 39 | address=/.adapd.com/0.0.0.0 40 | address=/.ad-balancer.net/0.0.0.0 41 | address=/.ad-clicks.com/0.0.0.0 42 | address=/.ad-delivery.net/0.0.0.0 43 | address=/.ad-feeds.com/0.0.0.0 44 | address=/.ad-flow.com/0.0.0.0 45 | address=/.ad-gbn.com/0.0.0.0 46 | address=/.ad-indicator.com/0.0.0.0 47 | address=/.ad.adlantis.jp/0.0.0.0 48 | address=/.adman.gr/0.0.0.0 49 | address=/.adman.se/0.0.0.0 50 | address=/.admanage.com/0.0.0.0 51 | address=/.admedia.com/0.0.0.0 52 | address=/.admedias.net/0.0.0.0 53 | address=/.admez.com/0.0.0.0 54 | address=/.admob.com/0.0.0.0 55 | address=/.ad.adorika.com/0.0.0.0 56 | address=/.ad-plus.cn/0.0.0.0 57 | address=/.adpolestar.net/0.0.0.0 58 | address=/.ads01.com/0.0.0.0 59 | address=/.ads2ads.net/0.0.0.0 60 | address=/.ads2srv.com/0.0.0.0 61 | address=/.ads4cheap.com/0.0.0.0 62 | address=/.ads80.com/0.0.0.0 63 | address=/.adserve.com/0.0.0.0 64 | address=/.ad-serverparc.nl/0.0.0.0 65 | address=/.adsmogo.com/0.0.0.0 66 | address=/.ad-sponsor.com/0.0.0.0 67 | address=/.ads-rolandgarros.com/0.0.0.0 68 | address=/.ad-srv.net/0.0.0.0 69 | address=/.ads-stats.com/0.0.0.0 70 | address=/.adsunion.com/0.0.0.0 71 | address=/.ad-u.com/0.0.0.0 72 | address=/.adultswim.com/0.0.0.0 73 | address=/.ad-vice.biz/0.0.0.0 74 | address=/.adview.cn/0.0.0.0 75 | address=/.adwo.com/0.0.0.0 76 | address=/.adwo.com/0.0.0.0 77 | address=/.afy11.net/0.0.0.0 78 | address=/.agilemedia.jp/0.0.0.0 79 | address=/.airad.com/0.0.0.0 80 | address=/.airpush.com/0.0.0.0 81 | address=/acookie.alibaba.com/0.0.0.0 82 | address=/cmweb.ilike.alibaba.com/0.0.0.0 83 | address=/dmtracking.alibaba.com/0.0.0.0 84 | address=/dmtracking2.alibaba.com/0.0.0.0 85 | address=/p3p.alibaba.com/0.0.0.0 86 | address=/p4psearch.china.alibaba.com/0.0.0.0 87 | address=/survey.china.alibaba.com/0.0.0.0 88 | address=/crmweb-vodka.b2b.alibaba-inc.com/0.0.0.0 89 | address=/a.alimama.cn/0.0.0.0 90 | address=/acookie.alimama.com/0.0.0.0 91 | address=/bm.alimama.cn/0.0.0.0 92 | address=/bmvip.alimama.cn/0.0.0.0 93 | address=/cb.alimama.cn/0.0.0.0 94 | address=/.allyes.cn/0.0.0.0 95 | address=/.appliedsemantics.com/0.0.0.0 96 | address=/ad.aquamediadirect.com/0.0.0.0 97 | address=/n339.asp-cc.com/0.0.0.0 98 | address=/.atpanel.com/0.0.0.0 99 | address=/ads.avazu.net/0.0.0.0 100 | address=/ad.axyzconductor.jp/0.0.0.0 101 | address=/ads.b10f.jp/0.0.0.0 102 | address=/a.baidu.com/0.0.0.0 103 | address=/adm.baidu.com/0.0.0.0 104 | address=/baidutv.baidu.com/0.0.0.0 105 | address=/banlv.baidu.com/0.0.0.0 106 | address=/bar.baidu.com/0.0.0.0 107 | address=/c.baidu.com/0.0.0.0 108 | address=/cb.baidu.com/0.0.0.0 109 | address=/cbjs.baidu.com/0.0.0.0 110 | address=/cjhq.baidu.com/0.0.0.0 111 | address=/cpro.baidu.com/0.0.0.0 112 | address=/drmcmm.baidu.com/0.0.0.0 113 | address=/dzl.baidu.com/0.0.0.0 114 | address=/e.baidu.com/0.0.0.0 115 | address=/eiv.baidu.com/0.0.0.0 116 | address=/gimg.baidu.com/0.0.0.0 117 | address=/guanjia.baidu.com/0.0.0.0 118 | address=/hc.baidu.com/0.0.0.0 119 | address=/hm.baidu.com/0.0.0.0 120 | address=/iebar.baidu.com/0.0.0.0 121 | address=/ikcode.baidu.com/0.0.0.0 122 | address=/ma.baidu.com/0.0.0.0 123 | address=/neirong.baidu.com/0.0.0.0 124 | address=/nsclick.baidu.com/0.0.0.0 125 | address=/pos.baidu.com/0.0.0.0 126 | address=/s.baidu.com/0.0.0.0 127 | address=/sobar.baidu.com/0.0.0.0 128 | address=/sobartop.baidu.com/0.0.0.0 129 | address=/spcode.baidu.com/0.0.0.0 130 | address=/tk.baidu.com/0.0.0.0 131 | address=/tkweb.baidu.com/0.0.0.0 132 | address=/tongji.baidu.com/0.0.0.0 133 | address=/toolbar.baidu.com/0.0.0.0 134 | address=/tracker.baidu.com/0.0.0.0 135 | address=/ucstat.baidu.com/0.0.0.0 136 | address=/ulic.baidu.com/0.0.0.0 137 | address=/union.baidu.com/0.0.0.0 138 | address=/unstat.baidu.com/0.0.0.0 139 | address=/utility.baidu.com/0.0.0.0 140 | address=/utk.baidu.com/0.0.0.0 141 | address=/wangmeng.baidu.com/0.0.0.0 142 | address=/wm.baidu.com/0.0.0.0 143 | address=/cpro.baidustatic.com/0.0.0.0 144 | address=/ubmcmm.baidustatic.com/0.0.0.0 145 | address=/ads.belointeractive.com/0.0.0.0 146 | address=/ads.bizx.info/0.0.0.0 147 | address=/gomallg.blogbus.com/0.0.0.0 148 | address=/ad.brainer.jp/0.0.0.0 149 | address=/ads.bridgetrack.com/0.0.0.0 150 | address=/.btsmth.com/0.0.0.0 151 | address=/.btsmth.org/0.0.0.0 152 | address=/.buming.net/0.0.0.0 153 | address=/.casee.cn/0.0.0.0 154 | address=/.cc-dt.com/0.0.0.0 155 | address=/a.cctv.com/0.0.0.0 156 | address=/ad.cctv.com/0.0.0.0 157 | address=/ad.cibleclick.com/0.0.0.0 158 | address=/ads.cnn.com/0.0.0.0 159 | address=/a.cntv.cn/0.0.0.0 160 | address=/d.cntv.cn/0.0.0.0 161 | address=/w.cnzz.com/0.0.0.0 162 | address=/.ad-server.co.za/0.0.0.0 163 | address=/ad.imad.co.kr/0.0.0.0 164 | address=/ad.impressbm.co.jp/0.0.0.0 165 | address=/ad.livere.co.kr/0.0.0.0 166 | address=/ad.watch.impress.co.jp/0.0.0.0 167 | address=/ads.metropolis.co.jp/0.0.0.0 168 | address=/dcads.sina.com.cn/0.0.0.0 169 | address=/1.allyes.com.cn/0.0.0.0 170 | address=/.wooboo.com.cn/0.0.0.0 171 | address=/ads.contentabc.com/0.0.0.0 172 | address=/ad.cooks.com/0.0.0.0 173 | address=/ads.cvut.cz/0.0.0.0 174 | address=/.dartsearch.net/0.0.0.0 175 | address=/.destinationurl.com/0.0.0.0 176 | address=/ad.directmirror.com/0.0.0.0 177 | address=/.domob.cn/0.0.0.0 178 | address=/.doubleclick.net/0.0.0.0 179 | address=/.doubleclick.com/0.0.0.0 180 | address=/ad.download.net/0.0.0.0 181 | address=/ad.duga.jp/0.0.0.0 182 | address=/.generals.ea.com/0.0.0.0 183 | address=/adguanggao.eee114.com/0.0.0.0 184 | address=/ad.e-kolay.net/0.0.0.0 185 | address=/ads.e-planning.net/0.0.0.0 186 | address=/ads.us.e-planning.net/0.0.0.0 187 | address=/ad.eporner.com/0.0.0.0 188 | address=/ads.expedia.com/0.0.0.0 189 | address=/ad.favod.net/0.0.0.0 190 | address=/adb.fling.com/0.0.0.0 191 | address=/ad.floq.jp/0.0.0.0 192 | address=/ad.flux.com/0.0.0.0 193 | address=/ad.fnnews.com/0.0.0.0 194 | address=/ad.fo.net/0.0.0.0 195 | address=/ads.forbes.com/0.0.0.0 196 | address=/ad.fout.jp/0.0.0.0 197 | address=/ads.fox.com/0.0.0.0 198 | address=/ads.foxnews.com/0.0.0.0 199 | address=/ads.fuckingmachines.com/0.0.0.0 200 | address=/adm.funshion.com/0.0.0.0 201 | address=/adm.fwmrm.net/0.0.0.0 202 | address=/ads.gamelink.com/0.0.0.0 203 | address=/ad.ghfusion.com/0.0.0.0 204 | address=/ads.globo.com/0.0.0.0 205 | address=/ads.golfweek.com/0.0.0.0 206 | address=/adservices.google.com/0.0.0.0 207 | address=/adwords.google.com/0.0.0.0 208 | address=/adwords.google.sk/0.0.0.0 209 | address=/afd.l.google.com/0.0.0.0 210 | address=/pagead-dclk.l.google.com/0.0.0.0 211 | address=/pagead-tpc.l.google.com/0.0.0.0 212 | address=/pagead.google.com/0.0.0.0 213 | address=/pagead.l.google.com/0.0.0.0 214 | address=/partnerad.l.google.com/0.0.0.0 215 | address=/toolbar.google.com/0.0.0.0 216 | address=/video-stats.video.google.com/0.0.0.0 217 | address=/.googleadservices.com/0.0.0.0 218 | address=/.googleadsserving.cn/0.0.0.0 219 | address=/.google-analytics.com/0.0.0.0 220 | address=/.googleanalytlcs.com/0.0.0.0 221 | address=/.googleanalytlcs.net/0.0.0.0 222 | address=/nv-gboy.googlecode.com/0.0.0.0 223 | address=/.googlesyndication.com/0.0.0.0 224 | address=/.googletagservices.com/0.0.0.0 225 | address=/.hitslink.com/0.0.0.0 226 | address=/loc1.hitsprocessor.com/0.0.0.0 227 | address=/.ibang360.com/0.0.0.0 228 | address=/ad.icasthq.com/0.0.0.0 229 | address=/ads.id-t.com/0.0.0.0 230 | address=/ad.iloveinterracial.com/0.0.0.0 231 | address=/.in250.com/0.0.0.0 232 | address=/ads.indeed.com/0.0.0.0 233 | address=/ad.indomp3z.us/0.0.0.0 234 | address=/ads.intergi.com/0.0.0.0 235 | address=/ad.jamba.net/0.0.0.0 236 | address=/ad.jamster.com/0.0.0.0 237 | address=/ads.jetpackdigital.com/0.0.0.0 238 | address=/.jiathis.com/0.0.0.0 239 | address=/ads.jlisting.jp/0.0.0.0 240 | address=/ad.jokeroo.com/0.0.0.0 241 | address=/86get.joy.cn/0.0.0.0 242 | address=/86log.joy.cn/0.0.0.0 243 | address=/ad.kau.li/0.0.0.0 244 | address=/analytics.ku6.com/0.0.0.0 245 | address=/pq.stat.ku6.com/0.0.0.0 246 | address=/st.vq.ku6.cn/0.0.0.0 247 | address=/.888.ku6.com/0.0.0.0 248 | address=/static.ku6.com/0.0.0.0 249 | address=/.stat.ku6.com/0.0.0.0 250 | address=/gug.ku6cdn.com/0.0.0.0 251 | address=/ad3.l3go.com/0.0.0.0 252 | address=/ad.land.to/0.0.0.0 253 | address=/ad.leadbolt.net/0.0.0.0 254 | address=/pro.letv.com/0.0.0.0 255 | address=/ad.lijit.com/0.0.0.0 256 | address=/ad.linkstorms.com/0.0.0.0 257 | address=/rad.live.com/0.0.0.0 258 | address=/ad4.liverail.com/0.0.0.0 259 | address=/admeta.vo.llnwd.net/0.0.0.0 260 | address=/ads.lmmob.com/0.0.0.0 261 | address=/ad.lyricswire.com/0.0.0.0 262 | address=/ads.lzjl.com/0.0.0.0 263 | address=/appsrv1.madserving.cn/0.0.0.0 264 | address=/ad.mainichi.jp/0.0.0.0 265 | address=/ad.maist.jp/0.0.0.0 266 | address=/ad.mangareader.net/0.0.0.0 267 | address=/ads.mefeedia.com/0.0.0.0 268 | address=/86file.megajoy.com/0.0.0.0 269 | address=/ads.meropar.jp/0.0.0.0 270 | address=/ads.mixi.jp/0.0.0.0 271 | address=/hz.mmstat.com/0.0.0.0 272 | address=/p3p.mmstat.com/0.0.0.0 273 | address=/admatch-syndication.mochila.com/0.0.0.0 274 | address=/ads.morningstar.com/0.0.0.0 275 | address=/ads1.msads.net/0.0.0.0 276 | address=/rad.msn.com/0.0.0.0 277 | address=/ads1.msn.com/0.0.0.0 278 | address=/ads1.msn.com/0.0.0.0 279 | address=/ads.mycricket.com/0.0.0.0 280 | address=/ads.mp.mydas.mobi/0.0.0.0 281 | address=/ad.mygamesol.com/0.0.0.0 282 | address=/ad.ne.com/0.0.0.0 283 | address=/ad.searchina.ne.jp/0.0.0.0 284 | address=/doubleclick.ne.jp/0.0.0.0 285 | address=/ad.dic.nicovideo.jp/0.0.0.0 286 | address=/ad.nicovideo.jp/0.0.0.0 287 | address=/ads.nicovideo.jp/0.0.0.0 288 | address=/ad1.nownews.com/0.0.0.0 289 | address=/ads.nyootv.com/0.0.0.0 290 | address=/apps5.oingo.com/0.0.0.0 291 | address=/ads.ookla.com/0.0.0.0 292 | address=/casting.openv.com/0.0.0.0 293 | address=/m.openv.tv/0.0.0.0 294 | address=/uniclick.openv.com/0.0.0.0 295 | address=/ad.oret.jp/0.0.0.0 296 | address=/ad.ourgame.com/0.0.0.0 297 | address=/ad.pandora.tv/0.0.0.0 298 | address=/adver.pengyou.com/0.0.0.0 299 | address=/ads.peteava.ro/0.0.0.0 300 | address=/ad.pickple.net/0.0.0.0 301 | address=/ads.pof.com/0.0.0.0 302 | address=/ads.pointroll.com/0.0.0.0 303 | address=/ads.postimees.ee/0.0.0.0 304 | address=/pp2.pptv.com/0.0.0.0 305 | address=/ad.premiumonlinemedia.com/0.0.0.0 306 | address=/ad.proxy.sh/0.0.0.0 307 | address=/afp.qiyi.com/0.0.0.0 308 | address=/afp.qiyi.com/0.0.0.0 309 | address=/p.qiyou.com/0.0.0.0 310 | address=/ad.qq.com/0.0.0.0 311 | address=/adping.qq.com/0.0.0.0 312 | address=/adsclick.qq.com/0.0.0.0 313 | address=/adsfile.qq.com/0.0.0.0 314 | address=/adsgroup.qq.com/0.0.0.0 315 | address=/adshmct.qq.com/0.0.0.0 316 | address=/adshmmsg.qq.com/0.0.0.0 317 | address=/adslvfile.qq.com/0.0.0.0 318 | address=/adslvseed.qq.com/0.0.0.0 319 | address=/adsqqclick.qq.com/0.0.0.0 320 | address=/adsrich.qq.com/0.0.0.0 321 | address=/adstextview.qq.com/0.0.0.0 322 | address=/adsview.qq.com/0.0.0.0 323 | address=/adsview2.qq.com/0.0.0.0 324 | address=/chong.qq.com/0.0.0.0 325 | address=/.l.qq.com/0.0.0.0 326 | address=/fodder.qq.com/0.0.0.0 327 | address=/fodder.tc.qq.com/0.0.0.0 328 | address=/fw.qq.com/0.0.0.0 329 | address=/httpring.qq.com/0.0.0.0 330 | address=/jingjia.qq.com/0.0.0.0 331 | address=/oimsgad.qq.com/0.0.0.0 332 | address=/pagespeed.report.qq.com/0.0.0.0 333 | address=/pingfore.qq.com/0.0.0.0 334 | address=/qqlogo.qq.com/0.0.0.0 335 | address=/qring-tms.qq.com/0.0.0.0 336 | address=/qss-client.qq.com/0.0.0.0 337 | address=/rh.qq.com/0.0.0.0 338 | address=/rich.qq.com/0.0.0.0 339 | address=/rs1.qq.com/0.0.0.0 340 | address=/rs2.qq.com/0.0.0.0 341 | address=/scdown.qq.com/0.0.0.0 342 | address=/show-msgch.qq.com/0.0.0.0 343 | address=/tajs.qq.com/0.0.0.0 344 | address=/tcss.qq.com/0.0.0.0 345 | address=/trace.qq.com/0.0.0.0 346 | address=/f.qstatic.com/0.0.0.0 347 | address=/ad.qwapi.com/0.0.0.0 348 | address=/ad.qyer.com/0.0.0.0 349 | address=/ad.rambler.ru/0.0.0.0 350 | address=/ad.realmcdn.net/0.0.0.0 351 | address=/ad.response.jp/0.0.0.0 352 | address=/mcfg.sandai.net/0.0.0.0 353 | address=/biz5.sandai.net/0.0.0.0 354 | address=/mpv.sandai.net/0.0.0.0 355 | address=/ads.scott-sports.com/0.0.0.0 356 | address=/ads.scottusa.com/0.0.0.0 357 | address=/ad.search.ch/0.0.0.0 358 | address=/ad.sensismediasmart.com/0.0.0.0 359 | address=/ads.seriouswheels.com/0.0.0.0 360 | address=/ads.sexier.com/0.0.0.0 361 | address=/ad.sharethis.com/0.0.0.0 362 | address=/adm.shinobi.jp/0.0.0.0 363 | address=/doubleclick.shockwave.com/0.0.0.0 364 | address=/ad.slutload.com/0.0.0.0 365 | address=/ad.smartclip.net/0.0.0.0 366 | address=/ads.smowtion.com/0.0.0.0 367 | address=/ads.socialtheater.com/0.0.0.0 368 | address=/images.sohu.com/0.0.0.0 369 | address=/ads.songs.pk/0.0.0.0 370 | address=/dr.soso.com/0.0.0.0 371 | address=/jzclick.soso.com/0.0.0.0 372 | address=/pingfore.soso.com/0.0.0.0 373 | address=/toolbar.soso.com/0.0.0.0 374 | address=/v3.toolbar.soso.com/0.0.0.0 375 | address=/ad.spielothek.so/0.0.0.0 376 | address=/ads.spilgames.com/0.0.0.0 377 | address=/ad.sponsoreo.com/0.0.0.0 378 | address=/ads.stoiximan.gr/0.0.0.0 379 | address=/ads.sumotorrent.com/0.0.0.0 380 | address=/.tao123.com/0.0.0.0 381 | address=/mpp.taobao.com/0.0.0.0 382 | address=/s8.taobao.com/0.0.0.0 383 | address=/ads.tbs.com/0.0.0.0 384 | address=/.tdimg.com/0.0.0.0 385 | address=/action.tenpay.com/0.0.0.0 386 | address=/ads.telecinco.es/0.0.0.0 387 | address=/ad.thisav.com/0.0.0.0 388 | address=/s.tkurl.com/0.0.0.0 389 | address=/ads.tracfonewireless.com/0.0.0.0 390 | address=/ads.trackitdown.net/0.0.0.0 391 | address=/ad.traffmonster.info/0.0.0.0 392 | address=/ads.trutv.com/0.0.0.0 393 | address=/adextensioncontrol.tudou.com/0.0.0.0 394 | address=/iwstat.tudou.com/0.0.0.0 395 | address=/nstat.tudou.com/0.0.0.0 396 | address=/stats.tudou.com/0.0.0.0 397 | address=/adplay.tudou.com/0.0.0.0 398 | address=/adcontrol.tudou.com/0.0.0.0 399 | address=/stat.tudou.com/0.0.0.0 400 | address=/ad.turn.com/0.0.0.0 401 | address=/ads.pandora.tv.net/0.0.0.0 402 | address=/ads.ultimatesurrender.com/0.0.0.0 403 | address=/ads.undertone.com/0.0.0.0 404 | address=/service.urchin.com/0.0.0.0 405 | address=/ad.userporn.com/0.0.0.0 406 | address=/img.uu1001.cn/0.0.0.0 407 | address=/.agent.v-56.com/0.0.0.0 408 | address=/ad.jp.ap.valu.com/0.0.0.0 409 | address=/ad.valuecalling.com/0.0.0.0 410 | address=/ads.hosting.vcmedia.vn/0.0.0.0 411 | address=/ad.vidaroo.com/0.0.0.0 412 | address=/ad.vippers.jp/0.0.0.0 413 | address=/cn.ad.adon.vpon.com/0.0.0.0 414 | address=/cn.img.adon.vpon.com/0.0.0.0 415 | address=/.vrbrothers.com/0.0.0.0 416 | address=/ads.waps.cn/0.0.0.0 417 | address=/ads.wapx.cn/0.0.0.0 418 | address=/www3.webhostingtalk.com/0.0.0.0 419 | address=/ad.where.com/0.0.0.0 420 | address=/ad.wiredvision.jp/0.0.0.0 421 | address=/d.wiyun.com/0.0.0.0 422 | address=/ads.worldstarhiphop.com/0.0.0.0 423 | address=/ad.wsod.com/0.0.0.0 424 | address=/admedia.wsod.com/0.0.0.0 425 | address=/adm.xmfish.com/0.0.0.0 426 | address=/advstat.xunlei.com/0.0.0.0 427 | address=/ads.xxxbunker.com/0.0.0.0 428 | address=/admd.yam.com/0.0.0.0 429 | address=/ads.yimg.com/0.0.0.0 430 | address=/.yiqifa.com/0.0.0.0 431 | address=/.atm.youku.com/0.0.0.0 432 | address=/.lstat.youku.com/0.0.0.0 433 | address=/.stat.youku.com/0.0.0.0 434 | address=/.gw.youmi.net/0.0.0.0 435 | address=/.static.youmi.net/0.0.0.0 436 | address=/.gw.youmi.net/0.0.0.0 437 | address=/.youtube-nocookie.com/0.0.0.0 438 | address=/ad.zaman.com/0.0.0.0 439 | address=/ad.zanox.com/0.0.0.0 440 | address=/ad2.zophar.net/0.0.0.0 441 | address=/.zx525.com/0.0.0.0 442 | address=/ads.zynga.com/0.0.0.0 443 | address=/.haody66.com/0.0.0.0 444 | -------------------------------------------------------------------------------- /etc/dnsmasq.d/ignore-address.conf: -------------------------------------------------------------------------------- 1 | ## ignore address ## 2 | ignore-address=2.1.1.2 3 | ignore-address=4.193.80.0 4 | ignore-address=4.36.66.178 5 | ignore-address=8.105.84.0 6 | ignore-address=8.7.198.45 7 | ignore-address=12.87.133.0 8 | ignore-address=14.102.249.18 9 | ignore-address=16.63.155.0 10 | ignore-address=20.139.56.0 11 | ignore-address=23.89.5.60 12 | ignore-address=24.51.184.0 13 | ignore-address=28.121.126.139 14 | ignore-address=28.13.216.0 15 | ignore-address=37.61.54.158 16 | ignore-address=46.20.126.252 17 | ignore-address=46.38.24.209 18 | ignore-address=46.82.174.68 19 | ignore-address=49.2.123.56 20 | ignore-address=54.76.135.1 21 | ignore-address=59.24.3.173 22 | ignore-address=61.54.28.6 23 | ignore-address=64.33.88.161 24 | ignore-address=64.33.99.47 25 | ignore-address=64.66.163.251 26 | ignore-address=65.104.202.252 27 | ignore-address=65.160.219.113 28 | ignore-address=66.206.11.194 29 | ignore-address=66.45.252.237 30 | ignore-address=72.14.205.104 31 | ignore-address=72.14.205.99 32 | ignore-address=74.117.57.138 33 | ignore-address=74.125.127.102 34 | ignore-address=74.125.155.102 35 | ignore-address=74.125.39.102 36 | ignore-address=74.125.39.113 37 | ignore-address=77.4.7.92 38 | ignore-address=78.16.49.15 39 | ignore-address=89.31.55.106 40 | ignore-address=93.46.8.89 41 | ignore-address=113.11.194.190 42 | ignore-address=118.5.49.6 43 | ignore-address=122.218.101.190 44 | ignore-address=123.126.249.238 45 | ignore-address=123.50.49.171 46 | ignore-address=125.230.148.48 47 | ignore-address=127.0.0.2 48 | ignore-address=128.121.126.139 49 | ignore-address=159.106.121.75 50 | ignore-address=169.132.13.103 51 | ignore-address=173.201.216.6 52 | ignore-address=188.5.4.96 53 | ignore-address=189.163.17.5 54 | ignore-address=192.67.198.6 55 | ignore-address=197.4.4.12 56 | ignore-address=202.106.1.2 57 | ignore-address=202.181.7.85 58 | ignore-address=203.161.230.171 59 | ignore-address=203.199.57.81 60 | ignore-address=203.98.7.65 61 | ignore-address=207.12.88.98 62 | ignore-address=208.109.138.55 63 | ignore-address=208.56.31.43 64 | ignore-address=209.145.54.50 65 | ignore-address=209.220.30.174 66 | ignore-address=209.36.73.33 67 | ignore-address=209.85.229.138 68 | ignore-address=211.5.133.18 69 | ignore-address=211.8.69.27 70 | ignore-address=211.94.66.147 71 | ignore-address=213.169.251.35 72 | ignore-address=213.186.33.5 73 | ignore-address=216.139.213.144 74 | ignore-address=216.221.188.182 75 | ignore-address=216.234.179.13 76 | ignore-address=221.8.69.27 77 | ignore-address=243.185.187.30 78 | ignore-address=243.185.187.39 79 | ignore-address=249.129.46.48 80 | ignore-address=253.157.14.165 81 | -------------------------------------------------------------------------------- /etc/dnsmasq.d/server-custom.conf: -------------------------------------------------------------------------------- 1 | ## DNS pollution list ## 2 | server=/.12vpn.com/127.0.0.1#5300 3 | server=/.1984bbs.com/127.0.0.1#5300 4 | server=/.1984bbs.org/127.0.0.1#5300 5 | server=/.64tianwang.com/127.0.0.1#5300 6 | server=/.6park.com/127.0.0.1#5300 7 | server=/.aboluowang.com/127.0.0.1#5300 8 | server=/.allinfa.com/127.0.0.1#5300 9 | server=/.apigee.com/127.0.0.1#5300 10 | server=/.appspot.com/127.0.0.1#5300 11 | server=/.babynet.com.hk/127.0.0.1#5300 12 | server=/.backchina.com/127.0.0.1#5300 13 | server=/.bannedbook.org/127.0.0.1#5300 14 | server=/.bayvoice.net/127.0.0.1#5300 15 | server=/.berlintwitterwall.com/127.0.0.1#5300 16 | server=/.bignews.org/127.0.0.1#5300 17 | server=/.bjzc.org/127.0.0.1#5300 18 | server=/.blockcn.com/127.0.0.1#5300 19 | server=/.blogger.com/127.0.0.1#5300 20 | server=/.bloomberg.cn/127.0.0.1#5300 21 | server=/.bloomberg.com/127.0.0.1#5300 22 | server=/.boxun.com/127.0.0.1#5300 23 | server=/.broadbook.com/127.0.0.1#5300 24 | server=/.cactusvpn.com/127.0.0.1#5300 25 | server=/.caochangqing.com/127.0.0.1#5300 26 | server=/.cdjp.org/127.0.0.1#5300 27 | server=/.cdp1998.org/127.0.0.1#5300 28 | server=/.cdpweb.org/127.0.0.1#5300 29 | server=/.cfhks.org.hk/127.0.0.1#5300 30 | server=/.chinaaffairs.org/127.0.0.1#5300 31 | server=/.chinadigitaltimes.net/127.0.0.1#5300 32 | server=/.chinayouth.org.hk/127.0.0.1#5300 33 | server=/.chinese-memorial.org/127.0.0.1#5300 34 | server=/.chinesepen.org/127.0.0.1#5300 35 | server=/.crd-net.org/127.0.0.1#5300 36 | server=/.creaders.net/127.0.0.1#5300 37 | server=/.cyberghost.natado.com/127.0.0.1#5300 38 | server=/.dabr.mobi/127.0.0.1#5300 39 | server=/.dalianmeng.org/127.0.0.1#5300 40 | server=/.disp.cc/127.0.0.1#5300 41 | server=/.dongtaiwang.com/127.0.0.1#5300 42 | server=/.dropbox.com/127.0.0.1#5300 43 | server=/.echofon.com/127.0.0.1#5300 44 | server=/.embr.in/127.0.0.1#5300 45 | server=/.epochtimes.co.il/127.0.0.1#5300 46 | server=/.epochtimes.co.kr/127.0.0.1#5300 47 | server=/.epochtimes.com/127.0.0.1#5300 48 | server=/.epochtimes.de/127.0.0.1#5300 49 | server=/.epochtimes.jp/127.0.0.1#5300 50 | server=/.epochtimes.ru/127.0.0.1#5300 51 | server=/.facebook.com/127.0.0.1#5300 52 | server=/.falundafamuseum.org/127.0.0.1#5300 53 | server=/.fangongheike.com/127.0.0.1#5300 54 | server=/.fawanghuihui.org/127.0.0.1#5300 55 | server=/.fgmtv.net/127.0.0.1#5300 56 | server=/.fgmtv.org/127.0.0.1#5300 57 | server=/.focusvpn.com/127.0.0.1#5300 58 | server=/.free-ssh.com/127.0.0.1#5300 59 | server=/.freeopenvpn.com/127.0.0.1#5300 60 | server=/.gardennetworks.com/127.0.0.1#5300 61 | server=/.gdzf.org/127.0.0.1#5300 62 | server=/.getlantern.org/127.0.0.1#5300 63 | server=/.ggssl.com/127.0.0.1#5300 64 | server=/.github.com/127.0.0.1#5300 65 | server=/.gongm.in/127.0.0.1#5300 66 | server=/.gongminliliang.com/127.0.0.1#5300 67 | server=/.googlevideo.com/127.0.0.1#5300 68 | server=/.grandtrial.org/127.0.0.1#5300 69 | server=/.gravatar.com/127.0.0.1#5300 70 | server=/.greenvpn.net/127.0.0.1#5300 71 | server=/.guancha.org/127.0.0.1#5300 72 | server=/.hidden-advent.org/127.0.0.1#5300 73 | server=/.hidemyass.com/127.0.0.1#5300 74 | server=/.hnjhj.com/127.0.0.1#5300 75 | server=/.holyspiritspeaks.org/127.0.0.1#5300 76 | server=/.hootsuite.com/127.0.0.1#5300 77 | server=/.hrw.org/127.0.0.1#5300 78 | server=/.hua-yue.net/127.0.0.1#5300 79 | server=/.kanzhongguo.com/127.0.0.1#5300 80 | server=/.letscorp.net/127.0.0.1#5300 81 | server=/.linkideo.com/127.0.0.1#5300 82 | server=/.lvhai.org/127.0.0.1#5300 83 | server=/.macrovpn.com/127.0.0.1#5300 84 | server=/.mcfog.com/127.0.0.1#5300 85 | server=/.mhradio.org/127.0.0.1#5300 86 | server=/.minghui-a.org/127.0.0.1#5300 87 | server=/.minghui.org/127.0.0.1#5300 88 | server=/.mirrorbooks.com/127.0.0.1#5300 89 | server=/.myfreshnet.com/127.0.0.1#5300 90 | server=/.nanyang.com/127.0.0.1#5300 91 | server=/.nlfreevpn.com/127.0.0.1#5300 92 | server=/.ntdtv.ca/127.0.0.1#5300 93 | server=/.observechina.net/127.0.0.1#5300 94 | server=/.okayfreedom.com/127.0.0.1#5300 95 | server=/.omnitalk.com/127.0.0.1#5300 96 | server=/.open.com.hk/127.0.0.1#5300 97 | server=/.openvpn.net/127.0.0.1#5300 98 | server=/.orientaldaily.com.my/127.0.0.1#5300 99 | server=/.orzdream.com/127.0.0.1#5300 100 | server=/.owind.com/127.0.0.1#5300 101 | server=/.paperb.us/127.0.0.1#5300 102 | server=/.peacehall.com/127.0.0.1#5300 103 | server=/.percy.in/127.0.0.1#5300 104 | server=/.perfectvpn.net/127.0.0.1#5300 105 | server=/.privatetunnel.com/127.0.0.1#5300 106 | server=/.proxlet.com/127.0.0.1#5300 107 | server=/.proxy.org/127.0.0.1#5300 108 | server=/.psiphon.civisec.org/127.0.0.1#5300 109 | server=/.pubu.com.tw/127.0.0.1#5300 110 | server=/.puffinbrowser.com/127.0.0.1#5300 111 | server=/.qxbbs.org/127.0.0.1#5300 112 | server=/.ranyunfei.com/127.0.0.1#5300 113 | server=/.renminbao.com/127.0.0.1#5300 114 | server=/.savetibet.org/127.0.0.1#5300 115 | server=/.scmp.com/127.0.0.1#5300 116 | server=/.secretchina.com/127.0.0.1#5300 117 | server=/.securitykiss.com/127.0.0.1#5300 118 | server=/.shenzhoufilm.com/127.0.0.1#5300 119 | server=/.softether.co.jp/127.0.0.1#5300 120 | server=/.soundofhope.org/127.0.0.1#5300 121 | server=/.sthoo.com/127.0.0.1#5300 122 | server=/.taiwantp.net/127.0.0.1#5300 123 | server=/.tenacy.com/127.0.0.1#5300 124 | server=/.thepiratebay.org/127.0.0.1#5300 125 | server=/.tibet.net/127.0.0.1#5300 126 | server=/.tibet.org.tw/127.0.0.1#5300 127 | server=/.tibetanyouthcongress.org/127.0.0.1#5300 128 | server=/.tibetonline.com/127.0.0.1#5300 129 | server=/.torproject.org/127.0.0.1#5300 130 | server=/.tsunagarumon.com/127.0.0.1#5300 131 | server=/.twimbow.com/127.0.0.1#5300 132 | server=/.twitpic.com/127.0.0.1#5300 133 | server=/.twitter.com/127.0.0.1#5300 134 | server=/.twittercounter.com/127.0.0.1#5300 135 | server=/.twtrland.com/127.0.0.1#5300 136 | server=/.ultravpn.fr/127.0.0.1#5300 137 | server=/.ultraxs.com/127.0.0.1#5300 138 | server=/.upholdjustice.org/127.0.0.1#5300 139 | server=/.uyghuramerican.org/127.0.0.1#5300 140 | server=/.vft.com.tw/127.0.0.1#5300 141 | server=/.vpnfire.com/127.0.0.1#5300 142 | server=/.wangjinbo.org/127.0.0.1#5300 143 | server=/.washeng.net/127.0.0.1#5300 144 | server=/.wezhiyong.org/127.0.0.1#5300 145 | server=/.wsj.com/127.0.0.1#5300 146 | server=/.wujie.net/127.0.0.1#5300 147 | server=/.wujieliulan.com/127.0.0.1#5300 148 | server=/.xinsheng.net/127.0.0.1#5300 149 | server=/.xizang-zhiye.org/127.0.0.1#5300 150 | server=/.xpdo.net/127.0.0.1#5300 151 | server=/.yegle.net/127.0.0.1#5300 152 | server=/.youmaker.com/127.0.0.1#5300 153 | server=/.your-freedom.net/127.0.0.1#5300 154 | server=/.youtube.com/127.0.0.1#5300 155 | server=/.yuanming.net/127.0.0.1#5300 156 | server=/.yyii.org/127.0.0.1#5300 157 | server=/.zacebook.com/127.0.0.1#5300 158 | server=/.zhenlibu.info/127.0.0.1#5300 159 | server=/.zhuichaguoji.org/127.0.0.1#5300 160 | server=/.zmw.cn/127.0.0.1#5300 161 | -------------------------------------------------------------------------------- /files/dhcp.conf: -------------------------------------------------------------------------------- 1 | config dnsmasq 2 | option domainneeded 1 3 | option boguspriv 1 4 | option filterwin2k 0 # enable for dial on demand 5 | option localise_queries 1 6 | option rebind_protection 1 # disable if upstream must serve RFC1918 addresses 7 | option rebind_localhost 1 # enable for RBL checking and similar services 8 | #list rebind_domain example.lan # whitelist RFC1918 responses for domains 9 | option local '/lan/' 10 | option domain 'lan' 11 | option expandhosts 1 12 | option nonegcache 0 13 | option authoritative 1 14 | option readethers 1 15 | option leasefile '/tmp/dhcp.leases' 16 | option resolvfile '/tmp/resolv.conf.auto' 17 | #list server '/mycompany.local/1.2.3.4' 18 | #option nonwildcard 1 19 | #list interface br-lan 20 | #list notinterface lo 21 | #list bogusnxdomain '64.94.110.11' 22 | option localservice 1 # disable to allow DNS requests from non-loclal subnets 23 | 24 | config dhcp lan 25 | option interface lan 26 | option start 100 27 | option limit 150 28 | option leasetime 12h 29 | 30 | config dhcp wan 31 | option interface wan 32 | option ignore 1 33 | -------------------------------------------------------------------------------- /files/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | # Configuration file for dnsmasq. 2 | # 3 | # Setting this flag forces dnsmasq to send all queries to 4 | # all available servers. The reply from the server which 5 | # answers first will be returned to the original requester. 6 | all-servers 7 | # Set a minimum TTL value for entries in the cache. 8 | # For example min-cache-ttl=300 (ie: 5 minutes). 9 | min-cache-ttl=600 10 | # Set the size of dnsmasq's cache. 11 | # The default is 150 names, 12 | # Setting the cache size to zero disables caching. 13 | cache-size=1500 14 | # Specify ip address of upstream servers directly. 15 | #server=8.8.8.8 16 | server=8.8.4.4 17 | server=114.114.114.114 18 | # Dnsmasq will ignore DNS replies with these ip. 19 | ignore-address=2.1.1.2 20 | ignore-address=4.193.80.0 21 | ignore-address=4.36.66.178 22 | ignore-address=8.105.84.0 23 | ignore-address=8.7.198.45 24 | ignore-address=12.87.133.0 25 | ignore-address=14.102.249.18 26 | ignore-address=16.63.155.0 27 | ignore-address=20.139.56.0 28 | ignore-address=23.89.5.60 29 | ignore-address=24.51.184.0 30 | ignore-address=28.121.126.139 31 | ignore-address=28.13.216.0 32 | ignore-address=37.61.54.158 33 | ignore-address=46.20.126.252 34 | ignore-address=46.38.24.209 35 | ignore-address=46.82.174.68 36 | ignore-address=49.2.123.56 37 | ignore-address=54.76.135.1 38 | ignore-address=59.24.3.173 39 | ignore-address=61.54.28.6 40 | ignore-address=64.33.88.161 41 | ignore-address=64.33.99.47 42 | ignore-address=64.66.163.251 43 | ignore-address=65.104.202.252 44 | ignore-address=65.160.219.113 45 | ignore-address=66.206.11.194 46 | ignore-address=66.45.252.237 47 | ignore-address=72.14.205.104 48 | ignore-address=72.14.205.99 49 | ignore-address=74.117.57.138 50 | ignore-address=74.125.127.102 51 | ignore-address=74.125.155.102 52 | ignore-address=74.125.39.102 53 | ignore-address=74.125.39.113 54 | ignore-address=77.4.7.92 55 | ignore-address=78.16.49.15 56 | ignore-address=89.31.55.106 57 | ignore-address=93.46.8.89 58 | ignore-address=113.11.194.190 59 | ignore-address=118.5.49.6 60 | ignore-address=122.218.101.190 61 | ignore-address=123.126.249.238 62 | ignore-address=123.50.49.171 63 | ignore-address=125.230.148.48 64 | ignore-address=127.0.0.2 65 | ignore-address=128.121.126.139 66 | ignore-address=159.106.121.75 67 | ignore-address=169.132.13.103 68 | ignore-address=173.201.216.6 69 | ignore-address=188.5.4.96 70 | ignore-address=189.163.17.5 71 | ignore-address=192.67.198.6 72 | ignore-address=197.4.4.12 73 | ignore-address=202.106.1.2 74 | ignore-address=202.181.7.85 75 | ignore-address=203.161.230.171 76 | ignore-address=203.199.57.81 77 | ignore-address=203.98.7.65 78 | ignore-address=207.12.88.98 79 | ignore-address=208.109.138.55 80 | ignore-address=208.56.31.43 81 | ignore-address=209.145.54.50 82 | ignore-address=209.220.30.174 83 | ignore-address=209.36.73.33 84 | ignore-address=209.85.229.138 85 | ignore-address=211.5.133.18 86 | ignore-address=211.8.69.27 87 | ignore-address=211.94.66.147 88 | ignore-address=213.169.251.35 89 | ignore-address=213.186.33.5 90 | ignore-address=216.139.213.144 91 | ignore-address=216.221.188.182 92 | ignore-address=216.234.179.13 93 | ignore-address=221.8.69.27 94 | ignore-address=243.185.187.30 95 | ignore-address=243.185.187.39 96 | ignore-address=249.129.46.48 97 | ignore-address=253.157.14.165 98 | -------------------------------------------------------------------------------- /files/dnsmasq.hotplug: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | [ "$ACTION" = ifup ] || exit 0 4 | 5 | /etc/init.d/dnsmasq enabled && /etc/init.d/dnsmasq start 6 | -------------------------------------------------------------------------------- /files/dnsmasq.init: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # Copyright (C) 2007-2012 OpenWrt.org 3 | 4 | START=60 5 | 6 | USE_PROCD=1 7 | PROG=/usr/sbin/dnsmasq 8 | 9 | DNS_SERVERS="" 10 | DOMAIN="" 11 | 12 | ADD_LOCAL_DOMAIN=1 13 | ADD_LOCAL_HOSTNAME=1 14 | 15 | CONFIGFILE="/var/etc/dnsmasq.conf" 16 | HOSTFILE="/tmp/hosts/dhcp" 17 | TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf" 18 | TIMESTAMPFILE="/etc/dnsmasq.time" 19 | 20 | xappend() { 21 | local value="$1" 22 | 23 | echo "${value#--}" >> $CONFIGFILE 24 | } 25 | 26 | dhcp_calc() { 27 | local ip="$1" 28 | local res=0 29 | 30 | while [ -n "$ip" ]; do 31 | part="${ip%%.*}" 32 | res="$(($res * 256))" 33 | res="$(($res + $part))" 34 | [ "${ip%.*}" != "$ip" ] && ip="${ip#*.}" || ip= 35 | done 36 | echo "$res" 37 | } 38 | 39 | dhcp_check() { 40 | local ifname="$1" 41 | local stamp="/var/run/dnsmasq.$ifname.dhcp" 42 | local rv=0 43 | 44 | [ -s "$stamp" ] && return $(cat "$stamp") 45 | 46 | udhcpc -n -q -s /bin/true -t 1 -i "$ifname" >&- && rv=1 || rv=0 47 | 48 | [ $rv -eq 1 ] && \ 49 | logger -t dnsmasq \ 50 | "found already running DHCP-server on interface '$ifname'" \ 51 | "refusing to start, use 'option force 1' to override" 52 | 53 | echo $rv > "$stamp" 54 | return $rv 55 | } 56 | 57 | log_once() { 58 | pidof dnsmasq >/dev/null || \ 59 | logger -t dnsmasq "$@" 60 | } 61 | 62 | append_bool() { 63 | local section="$1" 64 | local option="$2" 65 | local value="$3" 66 | local _loctmp 67 | config_get_bool _loctmp "$section" "$option" 0 68 | [ $_loctmp -gt 0 ] && xappend "$value" 69 | } 70 | 71 | append_parm() { 72 | local section="$1" 73 | local option="$2" 74 | local switch="$3" 75 | local _loctmp 76 | config_get _loctmp "$section" "$option" 77 | [ -z "$_loctmp" ] && return 0 78 | xappend "$switch=$_loctmp" 79 | } 80 | 81 | append_server() { 82 | xappend "--server=$1" 83 | } 84 | 85 | append_address() { 86 | xappend "--address=$1" 87 | } 88 | 89 | append_ipset() { 90 | xappend "--ipset=$1" 91 | } 92 | 93 | append_interface() { 94 | local ifname=$(uci_get_state network "$1" ifname "$1") 95 | xappend "--interface=$ifname" 96 | } 97 | 98 | append_notinterface() { 99 | local ifname=$(uci_get_state network "$1" ifname "$1") 100 | xappend "--except-interface=$ifname" 101 | } 102 | 103 | append_addnhosts() { 104 | xappend "--addn-hosts=$1" 105 | } 106 | 107 | append_bogusnxdomain() { 108 | xappend "--bogus-nxdomain=$1" 109 | } 110 | 111 | append_pxe_service() { 112 | xappend "--pxe-service=$1" 113 | } 114 | 115 | dnsmasq() { 116 | local cfg="$1" 117 | append_bool "$cfg" authoritative "--dhcp-authoritative" 118 | append_bool "$cfg" nodaemon "--no-daemon" 119 | append_bool "$cfg" domainneeded "--domain-needed" 120 | append_bool "$cfg" filterwin2k "--filterwin2k" 121 | append_bool "$cfg" nohosts "--no-hosts" 122 | append_bool "$cfg" nonegcache "--no-negcache" 123 | append_bool "$cfg" strictorder "--strict-order" 124 | append_bool "$cfg" logqueries "--log-queries" 125 | append_bool "$cfg" noresolv "--no-resolv" 126 | append_bool "$cfg" localise_queries "--localise-queries" 127 | append_bool "$cfg" readethers "--read-ethers" 128 | append_bool "$cfg" dbus "--enable-dbus" 129 | append_bool "$cfg" boguspriv "--bogus-priv" 130 | append_bool "$cfg" expandhosts "--expand-hosts" 131 | append_bool "$cfg" enable_tftp "--enable-tftp" 132 | append_bool "$cfg" tftp_no_fail "--tftp-no-fail" 133 | append_bool "$cfg" nonwildcard "--bind-interfaces" 134 | append_bool "$cfg" fqdn "--dhcp-fqdn" 135 | append_bool "$cfg" proxydnssec "--proxy-dnssec" 136 | append_bool "$cfg" localservice "--local-service" 137 | append_bool "$cfg" quietdhcp "--quiet-dhcp" 138 | 139 | append_parm "$cfg" dhcpscript "--dhcp-script" 140 | append_parm "$cfg" cachesize "--cache-size" 141 | append_parm "$cfg" dnsforwardmax "--dns-forward-max" 142 | append_parm "$cfg" port "--port" 143 | append_parm "$cfg" ednspacket_max "--edns-packet-max" 144 | append_parm "$cfg" dhcpleasemax "--dhcp-lease-max" 145 | append_parm "$cfg" "queryport" "--query-port" 146 | append_parm "$cfg" "domain" "--domain" 147 | append_parm "$cfg" "local" "--server" 148 | config_list_foreach "$cfg" "server" append_server 149 | config_list_foreach "$cfg" "address" append_address 150 | config_list_foreach "$cfg" "ipset" append_ipset 151 | config_list_foreach "$cfg" "interface" append_interface 152 | config_list_foreach "$cfg" "notinterface" append_notinterface 153 | config_list_foreach "$cfg" "addnhosts" append_addnhosts 154 | config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain 155 | append_parm "$cfg" "leasefile" "--dhcp-leasefile" 156 | append_parm "$cfg" "resolvfile" "--resolv-file" 157 | append_parm "$cfg" "serversfile" "--servers-file" 158 | append_parm "$cfg" "tftp_root" "--tftp-root" 159 | append_parm "$cfg" "dhcp_boot" "--dhcp-boot" 160 | append_parm "$cfg" "local_ttl" "--local-ttl" 161 | append_parm "$cfg" "pxe_prompt" "--pxe-prompt" 162 | config_list_foreach "$cfg" "pxe_service" append_pxe_service 163 | config_get DOMAIN "$cfg" domain 164 | 165 | config_get_bool ADD_LOCAL_DOMAIN "$cfg" add_local_domain 1 166 | config_get_bool ADD_LOCAL_HOSTNAME "$cfg" add_local_hostname 1 167 | 168 | config_get_bool readethers "$cfg" readethers 169 | [ "$readethers" = "1" -a \! -e "/etc/ethers" ] && touch /etc/ethers 170 | 171 | config_get leasefile $cfg leasefile 172 | [ -n "$leasefile" -a \! -e "$leasefile" ] && touch "$leasefile" 173 | config_get_bool cachelocal "$cfg" cachelocal 1 174 | 175 | config_get hostsfile "$cfg" dhcphostsfile 176 | [ -e "$hostsfile" ] && xappend "--dhcp-hostsfile=$hostsfile" 177 | 178 | mkdir -p /tmp/hosts /tmp/dnsmasq.d 179 | xappend "--addn-hosts=/tmp/hosts" 180 | xappend "--conf-dir=/tmp/dnsmasq.d" 181 | 182 | local rebind 183 | config_get_bool rebind "$cfg" rebind_protection 1 184 | [ $rebind -gt 0 ] && { 185 | log_once \ 186 | "DNS rebinding protection is active," \ 187 | "will discard upstream RFC1918 responses!" 188 | xappend "--stop-dns-rebind" 189 | 190 | local rebind_localhost 191 | config_get_bool rebind_localhost "$cfg" rebind_localhost 0 192 | [ $rebind_localhost -gt 0 ] && { 193 | log_once "Allowing 127.0.0.0/8 responses" 194 | xappend "--rebind-localhost-ok" 195 | } 196 | 197 | append_rebind_domain() { 198 | log_once "Allowing RFC1918 responses for domain $1" 199 | xappend "--rebind-domain-ok=$1" 200 | } 201 | 202 | config_list_foreach "$cfg" rebind_domain append_rebind_domain 203 | } 204 | 205 | config_get_bool dnssec "$cfg" dnssec 0 206 | [ "$dnssec" -gt 0 ] && { 207 | xappend "--conf-file=$TRUSTANCHORSFILE" 208 | xappend "--dnssec" 209 | xappend "--dnssec-timestamp=$TIMESTAMPFILE" 210 | append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" 211 | } 212 | 213 | dhcp_option_add "$cfg" "" 0 214 | 215 | xappend "--dhcp-broadcast=tag:needs-broadcast" 216 | 217 | echo >> $CONFIGFILE 218 | } 219 | 220 | dhcp_subscrid_add() { 221 | local cfg="$1" 222 | 223 | config_get networkid "$cfg" networkid 224 | [ -n "$networkid" ] || return 0 225 | 226 | config_get subscriberid "$cfg" subscriberid 227 | [ -n "$subscriberid" ] || return 0 228 | 229 | xappend "--dhcp-subscrid=$networkid,$subscriberid" 230 | 231 | config_get_bool force "$cfg" force 0 232 | 233 | dhcp_option_add "$cfg" "$networkid" "$force" 234 | } 235 | 236 | dhcp_remoteid_add() { 237 | local cfg="$1" 238 | 239 | config_get networkid "$cfg" networkid 240 | [ -n "$networkid" ] || return 0 241 | 242 | config_get remoteid "$cfg" remoteid 243 | [ -n "$remoteid" ] || return 0 244 | 245 | xappend "--dhcp-remoteid=$networkid,$remoteid" 246 | 247 | config_get_bool force "$cfg" force 0 248 | 249 | dhcp_option_add "$cfg" "$networkid" "$force" 250 | } 251 | 252 | dhcp_circuitid_add() { 253 | local cfg="$1" 254 | 255 | config_get networkid "$cfg" networkid 256 | [ -n "$networkid" ] || return 0 257 | 258 | config_get circuitid "$cfg" circuitid 259 | [ -n "$circuitid" ] || return 0 260 | 261 | xappend "--dhcp-circuitid=$networkid,$circuitid" 262 | 263 | config_get_bool force "$cfg" force 0 264 | 265 | dhcp_option_add "$cfg" "$networkid" "$force" 266 | } 267 | 268 | dhcp_userclass_add() { 269 | local cfg="$1" 270 | 271 | config_get networkid "$cfg" networkid 272 | [ -n "$networkid" ] || return 0 273 | 274 | config_get userclass "$cfg" userclass 275 | [ -n "$userclass" ] || return 0 276 | 277 | xappend "--dhcp-userclass=$networkid,$userclass" 278 | 279 | config_get_bool force "$cfg" force 0 280 | 281 | dhcp_option_add "$cfg" "$networkid" "$force" 282 | } 283 | 284 | dhcp_vendorclass_add() { 285 | local cfg="$1" 286 | 287 | config_get networkid "$cfg" networkid 288 | [ -n "$networkid" ] || return 0 289 | 290 | config_get vendorclass "$cfg" vendorclass 291 | [ -n "$vendorclass" ] || return 0 292 | 293 | xappend "--dhcp-vendorclass=$networkid,$vendorclass" 294 | 295 | config_get_bool force "$cfg" force 0 296 | 297 | dhcp_option_add "$cfg" "$networkid" "$force" 298 | } 299 | 300 | dhcp_host_add() { 301 | local cfg="$1" 302 | 303 | config_get_bool force "$cfg" force 0 304 | 305 | config_get networkid "$cfg" networkid 306 | [ -n "$networkid" ] && dhcp_option_add "$cfg" "$networkid" "$force" 307 | 308 | config_get name "$cfg" name 309 | config_get ip "$cfg" ip 310 | [ -n "$ip" -o -n "$name" ] || return 0 311 | 312 | config_get_bool dns "$cfg" dns 0 313 | [ "$dns" = "1" -a -n "$ip" -a -n "$name" ] && { 314 | echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE 315 | } 316 | 317 | config_get mac "$cfg" mac 318 | if [ -n "$mac" ]; then 319 | # --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap 320 | macs="" 321 | for m in $mac; do append macs "$m" ","; done 322 | else 323 | # --dhcp-host=lap,192.168.0.199 324 | [ -n "$name" ] || return 0 325 | macs="$name" 326 | name="" 327 | fi 328 | 329 | config_get tag "$cfg" tag 330 | 331 | config_get_bool broadcast "$cfg" broadcast 0 332 | [ "$broadcast" = "0" ] && broadcast= 333 | 334 | xappend "--dhcp-host=$macs${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip}${name:+,$name}" 335 | } 336 | 337 | dhcp_tag_add() { 338 | local cfg="$1" 339 | 340 | tag="$cfg" 341 | 342 | [ -n "$tag" ] || return 0 343 | 344 | config_get_bool force "$cfg" force 0 345 | [ "$force" = "0" ] && force= 346 | 347 | config_get option "$cfg" dhcp_option 348 | for o in $option; do 349 | xappend "--dhcp-option${force:+-force}=tag:$tag,$o" 350 | done 351 | } 352 | 353 | dhcp_mac_add() { 354 | local cfg="$1" 355 | 356 | config_get networkid "$cfg" networkid 357 | [ -n "$networkid" ] || return 0 358 | 359 | config_get mac "$cfg" mac 360 | [ -n "$mac" ] || return 0 361 | 362 | xappend "--dhcp-mac=$networkid,$mac" 363 | 364 | dhcp_option_add "$cfg" "$networkid" 365 | } 366 | 367 | dhcp_boot_add() { 368 | local cfg="$1" 369 | 370 | config_get networkid "$cfg" networkid 371 | 372 | config_get filename "$cfg" filename 373 | [ -n "$filename" ] || return 0 374 | 375 | config_get servername "$cfg" servername 376 | config_get serveraddress "$cfg" serveraddress 377 | 378 | [ -n "$serveraddress" -a ! -n "$servername" ] && return 0 379 | 380 | xappend "--dhcp-boot=${networkid:+net:$networkid,}${filename}${servername:+,$servername}${serveraddress:+,$serveraddress}" 381 | 382 | config_get_bool force "$cfg" force 0 383 | 384 | dhcp_option_add "$cfg" "$networkid" "$force" 385 | } 386 | 387 | 388 | dhcp_add() { 389 | local cfg="$1" 390 | config_get net "$cfg" interface 391 | [ -n "$net" ] || return 0 392 | 393 | config_get dhcpv4 "$cfg" dhcpv4 394 | [ "$dhcpv4" != "disabled" ] || return 0 395 | 396 | config_get networkid "$cfg" networkid 397 | [ -n "$networkid" ] || networkid="$net" 398 | 399 | network_get_subnet subnet "$net" || return 0 400 | network_get_device ifname "$net" || return 0 401 | network_get_protocol proto "$net" || return 0 402 | 403 | [ "$cachelocal" = "0" ] && network_get_dnsserver dnsserver "$net" && { 404 | DNS_SERVERS="$DNS_SERVERS $dnsserver" 405 | } 406 | 407 | append_bool "$cfg" ignore "--no-dhcp-interface=$ifname" && return 0 408 | 409 | # Do not support non-static interfaces for now 410 | [ static = "$proto" ] || return 0 411 | 412 | # Override interface netmask with dhcp config if applicable 413 | config_get netmask "$cfg" netmask "${subnet##*/}" 414 | 415 | #check for an already active dhcp server on the interface, unless 'force' is set 416 | config_get_bool force "$cfg" force 0 417 | [ $force -gt 0 ] || dhcp_check "$ifname" || return 0 418 | 419 | config_get start "$cfg" start 420 | config_get limit "$cfg" limit 421 | config_get leasetime "$cfg" leasetime 422 | config_get options "$cfg" options 423 | config_get_bool dynamicdhcp "$cfg" dynamicdhcp 1 424 | 425 | leasetime="${leasetime:-12h}" 426 | start="$(dhcp_calc "${start:-100}")" 427 | limit="${limit:-150}" 428 | [ "$limit" -gt 0 ] && limit=$((limit-1)) 429 | eval "$(ipcalc.sh "${subnet%%/*}" $netmask $start $limit)" 430 | if [ "$dynamicdhcp" = "0" ]; then END="static"; fi 431 | xappend "--dhcp-range=$networkid,$START,$END,$NETMASK,$leasetime${options:+ $options}" 432 | 433 | dhcp_option_add "$cfg" "$networkid" 434 | } 435 | 436 | dhcp_option_add() { 437 | local cfg="$1" 438 | local networkid="$2" 439 | local force="$3" 440 | 441 | [ "$force" = "0" ] && force= 442 | 443 | config_get dhcp_option "$cfg" dhcp_option 444 | for o in $dhcp_option; do 445 | xappend "--dhcp-option${force:+-force}=${networkid:+$networkid,}$o" 446 | done 447 | 448 | } 449 | 450 | dhcp_domain_add() { 451 | local cfg="$1" 452 | local ip name names record 453 | 454 | config_get names "$cfg" name "$2" 455 | [ -n "$names" ] || return 0 456 | 457 | config_get ip "$cfg" ip "$3" 458 | [ -n "$ip" ] || return 0 459 | 460 | for name in $names; do 461 | record="${record:+$record }$name" 462 | done 463 | 464 | echo "$ip $record" >> $HOSTFILE 465 | } 466 | 467 | dhcp_srv_add() { 468 | local cfg="$1" 469 | 470 | config_get srv "$cfg" srv 471 | [ -n "$srv" ] || return 0 472 | 473 | config_get target "$cfg" target 474 | [ -n "$target" ] || return 0 475 | 476 | config_get port "$cfg" port 477 | [ -n "$port" ] || return 0 478 | 479 | config_get class "$cfg" class 480 | config_get weight "$cfg" weight 481 | 482 | local service="$srv,$target,$port${class:+,$class${weight:+,$weight}}" 483 | 484 | xappend "--srv-host=$service" 485 | } 486 | 487 | dhcp_mx_add() { 488 | local cfg="$1" 489 | local domain relay pref 490 | 491 | config_get domain "$cfg" domain 492 | [ -n "$domain" ] || return 0 493 | 494 | config_get relay "$cfg" relay 495 | [ -n "$relay" ] || return 0 496 | 497 | config_get pref "$cfg" pref 0 498 | 499 | local service="$domain,$relay,$pref" 500 | 501 | xappend "--mx-host=$service" 502 | } 503 | 504 | dhcp_cname_add() { 505 | local cfg="$1" 506 | local cname target 507 | 508 | config_get cname "$cfg" cname 509 | [ -n "$cname" ] || return 0 510 | 511 | config_get target "$cfg" target 512 | [ -n "$target" ] || return 0 513 | 514 | xappend "--cname=${cname},${target}" 515 | } 516 | 517 | dhcp_hostrecord_add() { 518 | local cfg="$1" 519 | local names addresses record val 520 | 521 | config_get names "$cfg" name "$2" 522 | if [ -z "$names" ]; then 523 | return 0 524 | fi 525 | 526 | config_get addresses "$cfg" ip "$3" 527 | if [ -z "$addresses" ]; then 528 | return 0 529 | fi 530 | 531 | for val in $names $addresses; do 532 | record="${record:+$record,}$val" 533 | done 534 | 535 | xappend "--host-record=$record" 536 | } 537 | 538 | service_triggers() 539 | { 540 | procd_add_reload_trigger "dhcp" 541 | } 542 | 543 | boot() { 544 | # Will be launched through hotplug 545 | return 0 546 | } 547 | 548 | start_service() { 549 | include /lib/functions 550 | 551 | config_load dhcp 552 | 553 | procd_open_instance 554 | procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq.pid 555 | procd_set_param file $CONFIGFILE 556 | procd_set_param respawn 557 | 558 | procd_add_jail dnsmasq ubus log 559 | procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers 560 | procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases $TIMESTAMPFILE 561 | 562 | procd_close_instance 563 | 564 | # before we can call xappend 565 | mkdir -p /var/run/dnsmasq/ 566 | mkdir -p $(dirname $CONFIGFILE) 567 | mkdir -p /var/lib/misc 568 | touch /tmp/dhcp.leases 569 | 570 | if [ ! -f "$TIMESTAMPFILE" ]; then 571 | touch "$TIMESTAMPFILE" 572 | chown nobody.nogroup "$TIMESTAMPFILE" 573 | fi 574 | 575 | echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE 576 | echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE 577 | 578 | # if we did this last, we could override auto-generated config 579 | [ -f /etc/dnsmasq.conf ] && { 580 | xappend "--conf-file=/etc/dnsmasq.conf" 581 | } 582 | 583 | args="" 584 | config_foreach dnsmasq dnsmasq 585 | config_foreach dhcp_host_add host 586 | echo >> $CONFIGFILE 587 | config_foreach dhcp_boot_add boot 588 | config_foreach dhcp_mac_add mac 589 | config_foreach dhcp_tag_add tag 590 | config_foreach dhcp_vendorclass_add vendorclass 591 | config_foreach dhcp_userclass_add userclass 592 | config_foreach dhcp_circuitid_add circuitid 593 | config_foreach dhcp_remoteid_add remoteid 594 | config_foreach dhcp_subscrid_add subscrid 595 | config_foreach dhcp_domain_add domain 596 | config_foreach dhcp_hostrecord_add hostrecord 597 | 598 | # add own hostname 599 | local lanaddr 600 | [ $ADD_LOCAL_HOSTNAME -eq 1 ] && network_get_ipaddr lanaddr "lan" && { 601 | local hostname="$(uci_get system @system[0] hostname OpenWrt)" 602 | dhcp_domain_add "" "$hostname" "$lanaddr" 603 | } 604 | 605 | echo >> $CONFIGFILE 606 | config_foreach dhcp_srv_add srvhost 607 | config_foreach dhcp_mx_add mxhost 608 | echo >> $CONFIGFILE 609 | 610 | config_get odhcpd_is_active odhcpd maindhcp 611 | if [ "$odhcpd_is_active" != "1" ]; then 612 | config_foreach dhcp_add dhcp 613 | fi 614 | 615 | echo >> $CONFIGFILE 616 | config_foreach dhcp_cname_add cname 617 | echo >> $CONFIGFILE 618 | 619 | rm -f /tmp/resolv.conf 620 | [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && { 621 | echo "search $DOMAIN" >> /tmp/resolv.conf 622 | } 623 | DNS_SERVERS="$DNS_SERVERS 127.0.0.1" 624 | for DNS_SERVER in $DNS_SERVERS ; do 625 | echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf 626 | done 627 | } 628 | 629 | reload_service() { 630 | rc_procd start_service "$@" 631 | return 0 632 | } 633 | 634 | stop_service() { 635 | [ -f /tmp/resolv.conf ] && { 636 | rm -f /tmp/resolv.conf 637 | ln -s /tmp/resolv.conf.auto /tmp/resolv.conf 638 | } 639 | rm -f /var/run/dnsmasq.*.dhcp 640 | } 641 | -------------------------------------------------------------------------------- /patches/100-fix-dhcp-no-address-warning.patch: -------------------------------------------------------------------------------- 1 | --- a/src/dhcp.c 2 | +++ b/src/dhcp.c 3 | @@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) 4 | struct iovec iov; 5 | ssize_t sz; 6 | int iface_index = 0, unicast_dest = 0, is_inform = 0; 7 | - struct in_addr iface_addr; 8 | + struct in_addr iface_addr, *addrp = NULL; 9 | struct iface_param parm; 10 | #ifdef HAVE_LINUX_NETWORK 11 | struct arpreq arp_req; 12 | @@ -272,11 +272,9 @@ void dhcp_packet(time_t now, int pxe_fd) 13 | { 14 | ifr.ifr_addr.sa_family = AF_INET; 15 | if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) 16 | - iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; 17 | - else 18 | { 19 | - my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); 20 | - return; 21 | + addrp = &iface_addr; 22 | + iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; 23 | } 24 | 25 | for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) 26 | @@ -295,7 +293,7 @@ void dhcp_packet(time_t now, int pxe_fd) 27 | parm.relay_local.s_addr = 0; 28 | parm.ind = iface_index; 29 | 30 | - if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) 31 | + if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) 32 | { 33 | /* If we failed to match the primary address of the interface, see if we've got a --listen-address 34 | for a secondary */ 35 | @@ -315,6 +313,12 @@ void dhcp_packet(time_t now, int pxe_fd) 36 | complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); 37 | } 38 | 39 | + if (!addrp) 40 | + { 41 | + my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); 42 | + return; 43 | + } 44 | + 45 | if (!iface_enumerate(AF_INET, &parm, complete_context)) 46 | return; 47 | 48 | -------------------------------------------------------------------------------- /patches/110-ipset-remove-old-kernel-support.patch: -------------------------------------------------------------------------------- 1 | --- a/src/ipset.c 2 | +++ b/src/ipset.c 3 | @@ -22,7 +22,6 @@ 4 | #include 5 | #include 6 | #include 7 | -#include 8 | #include 9 | #include 10 | #include 11 | @@ -72,7 +71,7 @@ struct my_nfgenmsg { 12 | 13 | #define NL_ALIGN(len) (((len)+3) & ~(3)) 14 | static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; 15 | -static int ipset_sock, old_kernel; 16 | +static int ipset_sock; 17 | static char *buffer; 18 | 19 | static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) 20 | @@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg 21 | 22 | void ipset_init(void) 23 | { 24 | - struct utsname utsname; 25 | - int version; 26 | - char *split; 27 | - 28 | - if (uname(&utsname) < 0) 29 | - die(_("failed to find kernel version: %s"), NULL, EC_MISC); 30 | - 31 | - split = strtok(utsname.release, "."); 32 | - version = (split ? atoi(split) : 0); 33 | - split = strtok(NULL, "."); 34 | - version = version * 256 + (split ? atoi(split) : 0); 35 | - split = strtok(NULL, "."); 36 | - version = version * 256 + (split ? atoi(split) : 0); 37 | - old_kernel = (version < KERNEL_VERSION(2,6,32)); 38 | - 39 | - if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) 40 | - return; 41 | - 42 | - if (!old_kernel && 43 | + if ( 44 | (buffer = safe_malloc(BUFF_SZ)) && 45 | (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && 46 | (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) 47 | @@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * 48 | } 49 | 50 | 51 | -static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) 52 | -{ 53 | - socklen_t size; 54 | - struct ip_set_req_adt_get { 55 | - unsigned op; 56 | - unsigned version; 57 | - union { 58 | - char name[IPSET_MAXNAMELEN]; 59 | - uint16_t index; 60 | - } set; 61 | - char typename[IPSET_MAXNAMELEN]; 62 | - } req_adt_get; 63 | - struct ip_set_req_adt { 64 | - unsigned op; 65 | - uint16_t index; 66 | - uint32_t ip; 67 | - } req_adt; 68 | - 69 | - if (strlen(setname) >= sizeof(req_adt_get.set.name)) 70 | - { 71 | - errno = ENAMETOOLONG; 72 | - return -1; 73 | - } 74 | - 75 | - req_adt_get.op = 0x10; 76 | - req_adt_get.version = 3; 77 | - strcpy(req_adt_get.set.name, setname); 78 | - size = sizeof(req_adt_get); 79 | - if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) 80 | - return -1; 81 | - req_adt.op = remove ? 0x102 : 0x101; 82 | - req_adt.index = req_adt_get.set.index; 83 | - req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); 84 | - if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) 85 | - return -1; 86 | - 87 | - return 0; 88 | -} 89 | - 90 | - 91 | - 92 | int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) 93 | { 94 | int af = AF_INET; 95 | 96 | #ifdef HAVE_IPV6 97 | if (flags & F_IPV6) 98 | - { 99 | af = AF_INET6; 100 | - /* old method only supports IPv4 */ 101 | - if (old_kernel) 102 | - return -1; 103 | - } 104 | #endif 105 | 106 | - return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); 107 | + return new_add_to_ipset(setname, ipaddr, af, remove); 108 | } 109 | 110 | #endif 111 | -------------------------------------------------------------------------------- /patches/210-dnssec-improve-timestamp-heuristic.patch: -------------------------------------------------------------------------------- 1 | From 79e60e145f8a595bca5a784c00b437216d51de68 Mon Sep 17 00:00:00 2001 2 | From: Steven Barth 3 | Date: Mon, 13 Apr 2015 09:45:20 +0200 4 | Subject: [PATCH] dnssec: improve timestamp heuristic 5 | 6 | Signed-off-by: Steven Barth 7 | --- 8 | src/dnssec.c | 15 +++++++++++---- 9 | 1 file changed, 11 insertions(+), 4 deletions(-) 10 | 11 | --- a/src/dnssec.c 12 | +++ b/src/dnssec.c 13 | @@ -432,17 +432,24 @@ static int back_to_the_future; 14 | int setup_timestamp(void) 15 | { 16 | struct stat statbuf; 17 | - 18 | + time_t now; 19 | + time_t base = 1420070400; /* 1-1-2015 */ 20 | + 21 | back_to_the_future = 0; 22 | 23 | if (!daemon->timestamp_file) 24 | return 0; 25 | - 26 | + 27 | + now = time(NULL); 28 | + 29 | + if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0) 30 | + base = statbuf.st_mtime; 31 | + 32 | if (stat(daemon->timestamp_file, &statbuf) != -1) 33 | { 34 | timestamp_time = statbuf.st_mtime; 35 | check_and_exit: 36 | - if (difftime(timestamp_time, time(0)) <= 0) 37 | + if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) 38 | { 39 | /* time already OK, update timestamp, and do key checking from the start. */ 40 | if (utime(daemon->timestamp_file, NULL) == -1) 41 | @@ -463,7 +470,7 @@ int setup_timestamp(void) 42 | 43 | close(fd); 44 | 45 | - timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */ 46 | + timestamp_time = timbuf.actime = timbuf.modtime = base; 47 | if (utime(daemon->timestamp_file, &timbuf) == 0) 48 | goto check_and_exit; 49 | } 50 | --------------------------------------------------------------------------------