├── README.md ├── dat_exec.yaml ├── dns.yaml └── config_custom.yaml /README.md: -------------------------------------------------------------------------------- 1 | # 自用MosDNS配置 2 | 3 | - 支持ECS 4 | - 支持GEOIP 5 | - 支持GEOSITE 6 | - 支持自定义灰名单及白名单 7 | - 支持广告过滤 8 | - 支持数据导入Grafana 9 | - 本层级DNS处理无泄漏 10 | 11 | # 使用方法 12 | 13 | 配置文件共计**3**个,分别为`config_custom.yaml`, `dns.yaml`, `dat_exec.yaml` 。 14 | 15 | 各部分作用如下: 16 | 17 | - `config_custom.yaml`: 主配置文件,负责DNS序列定义以及DNS序列执行。需要依赖`dns.yaml`和`dat_exec.yaml`运行。 18 | - `dns.yaml`: dns定义配置文件,负责配置公共DNS服务器及远端解析DNS地址及端口。 19 | - `dat_exec.yaml`: 规则配置文件,负责定义各规则tag及规则来源文件。 20 | 21 | 下载或克隆三个yaml文件,OpenWRT放到`/etc/mosdns`文件夹内。如果是luci-app-mosdns,需要选择使用自定义配置文件。其他系统可以通过`-c` 参数指定配置文件为`config_custom.yaml` 。 22 | 23 | 默认GeoSite和GeoIP的存放位置为`/var/mosdns/` ,请确保文件夹下含有`geoip_cn.txt`、`geosite_category-ads-all.txt`、`geosite_geolocation-!cn.txt`、`geosite_gfw.txt`、`geosite_cn.txt`以及`geoip_private.txt` ,OpenWRT用户可以通过luci-app-mosdns的GeoData Export功能自动下载解码生成。 24 | 同时,在/etc/mosdns/下需要建立rule文件夹,并新建whitelist.txt和greylist.txt文件,用于自定义白名单和污染域名名单。DDNS类域名可放到白名单中。 25 | 26 | # DNS处理流程: 27 | 28 | ![image](https://github.com/user-attachments/assets/8b56d92c-c5ec-48dc-8b41-650324f46fad) 29 | 30 | 31 | 根据 [Jasper-1024/mosdns_docker](https://github.com/Jasper-1024/mosdns_docker/tree/master/mosdns_v5) 进行二次修改,在此基础上增加GFW域名远程解析规则,修改并发请求DNS连接数 32 | 33 | 教程及DNS处理队列详解:[自用MosDNS规则分享](https://deeprouter.org/article/mosdns-config-with-no-leak) 34 | -------------------------------------------------------------------------------- /dat_exec.yaml: -------------------------------------------------------------------------------- 1 | plugins: 2 | ################## 数据源 ################ 3 | - tag: geoip_private # 私网 ip 4 | type: ip_set 5 | args: 6 | files: 7 | - "/var/mosdns/geoip_private.txt" 8 | - tag: geoip_cn # cn ip 9 | type: ip_set 10 | args: 11 | files: 12 | - "/var/mosdns/geoip_cn.txt" 13 | 14 | - tag: geosite_cn # cn 域名 15 | type: domain_set 16 | args: 17 | files: 18 | - "/var/mosdns/geosite_cn.txt" 19 | - "/etc/mosdns/rule/whitelist.txt" 20 | - tag: geosite_gfw # gfw 域名 21 | type: domain_set 22 | args: 23 | files: 24 | - "/var/mosdns/geosite_gfw.txt" 25 | - "/etc/mosdns/rule/greylist.txt" 26 | - tag: geosite_location-!cn # 非 cn 域名 27 | type: domain_set 28 | args: 29 | files: 30 | - "/var/mosdns/geosite_geolocation-!cn.txt" 31 | - tag: geosite_ads-all # 广告域名 32 | type: domain_set 33 | args: 34 | files: 35 | - "/var/mosdns/geosite_category-ads-all.txt" 36 | 37 | ################# 可执行插件 ################ 38 | 39 | # 缓存 lan 40 | - tag: cache_lan 41 | type: cache 42 | args: 43 | size: 8192 44 | lazy_cache_ttl: 86400 45 | # 缓存 wan 46 | - tag: cache_wan 47 | type: cache 48 | args: 49 | size: 131072 50 | lazy_cache_ttl: 86400 51 | 52 | # # exec 53 | # - tag: ecs_cn # 附加 ecs-cn 信息 54 | # type: sequence 55 | # args: 56 | # - exec: ecs 202.120.2.100 57 | 58 | # no ecs 59 | # - tag: no_ecs # no ecs 信息 60 | # type: sequence 61 | # args: 62 | # - exec: ecs 63 | 64 | # no ecs 65 | - tag: no_ecs 66 | type: "ecs_handler" 67 | args: 68 | forward: false # 是否转发来自下游的 ecs 69 | preset: "" # 发送预设 ecs 70 | send: false # 是否发送 ecs 71 | mask4: 24 72 | mask6: 48 73 | 74 | # 附加 ecs cn 信息 75 | - tag: ecs_cn 76 | type: "ecs_handler" 77 | args: 78 | forward: false # 是否转发来自下游的 ecs 79 | preset: 114.217.98.237 # 发送预设 ecs 80 | send: false # 是否发送 ecs 81 | mask4: 24 # ipv4 掩码。默认 24 82 | mask6: 48 # ipv6 掩码。默认 48 83 | 84 | # 调整 ttl 85 | - tag: ttl_1m 86 | type: sequence 87 | args: 88 | - exec: ttl 60 89 | - tag: ttl_5m 90 | type: sequence 91 | args: 92 | - exec: ttl 300 93 | - tag: ttl_1h 94 | type: sequence 95 | args: 96 | - exec: ttl 3600 97 | -------------------------------------------------------------------------------- /dns.yaml: -------------------------------------------------------------------------------- 1 | plugins: 2 | ################ DNS ################# 3 | # google doh dot h3 4 | - tag: google 5 | type: forward 6 | args: 7 | concurrent: 3 8 | upstreams: 9 | - addr: "https://dns.google/dns-query" 10 | dial_addr: "2001:4860:4860::6464" 11 | - addr: "https://dns.google/dns-query" 12 | dial_addr: "2001:4860:4860::0064" 13 | - addr: "https://dns.google/dns-query" 14 | dial_addr: "2001:4860:4860::8844" 15 | - addr: "https://dns.google/dns-query" 16 | dial_addr: "2001:4860:4860::8888" 17 | - addr: "https://dns.google/dns-query" 18 | dial_addr: "8.8.4.4" 19 | - addr: "https://dns.google/dns-query" 20 | dial_addr: "8.8.8.8" 21 | 22 | - addr: "tls://dns.google" 23 | dial_addr: "8.8.4.4" 24 | enable_pipeline: true # TCP/DoT 启用 RFC 7766 新的 query pipelining 连接复用模式 25 | - addr: "tls://dns.google" 26 | dial_addr: "2001:4860:4860::8888" 27 | enable_pipeline: true 28 | - addr: "tls://dns.google" 29 | dial_addr: "8.8.8.8" 30 | enable_pipeline: true 31 | # h3 32 | - addr: "https://dns.google/dns-query" 33 | dial_addr: "2001:4860:4860::8844" 34 | enable_http3: true 35 | - addr: "https://dns.google/dns-query" 36 | dial_addr: "8.8.4.4" 37 | enable_http3: true 38 | - addr: "https://dns.google/dns-query" 39 | dial_addr: "2001:4860:4860::8888" 40 | enable_http3: true 41 | - addr: "https://dns.google/dns-query" 42 | dial_addr: "8.8.8.8" 43 | enable_http3: true 44 | 45 | # cloudflare doh dot h3 46 | - tag: cloudflare 47 | type: forward 48 | args: 49 | concurrent: 3 50 | upstreams: 51 | - addr: "https://1.1.1.1/dns-query" 52 | dial_addr: "1.1.1.1" 53 | 54 | 55 | - addr: "tls://1.1.1.1" 56 | dial_addr: "1.1.1.1" 57 | enable_pipeline: true # TCP/DoT 启用 RFC 7766 新的 query pipelining 连接复用模式 58 | - addr: "tls://1.1.1.1" 59 | dial_addr: "1.1.1.1" 60 | enable_pipeline: true 61 | 62 | - tag: nextdns 63 | type: forward 64 | args: 65 | concurrent: 2 66 | upstreams: 67 | - addr: "https://dns.nextdns.io" 68 | dial_addr: "45.90.28.186" 69 | enable_http3: true 70 | - addr: "https://dns.nextdns.io" 71 | dial_addr: "2a07:a8c0::ae:d5cb" 72 | enable_http3: true 73 | 74 | - addr: "tls://dns.nextdns.io" 75 | enable_pipeline: true 76 | dial_addr: "45.90.28.186" 77 | 78 | - tag: quad9 79 | type: forward 80 | args: 81 | concurrent: 2 82 | upstreams: 83 | - addr: "https://dns11.quad9.net/dns-query" 84 | dial_addr: "9.9.9.11" 85 | - addr: "https://dns11.quad9.net/dns-query" 86 | dial_addr: "2620:fe::11" 87 | 88 | - addr: "tls://dns11.quad9.net" 89 | dial_addr: "9.9.9.11" 90 | enable_pipeline: true 91 | - addr: "tls://dns11.quad9.net" 92 | dial_addr: "2620:fe::11" 93 | enable_pipeline: true 94 | 95 | - tag: forward_remote 96 | type: forward 97 | args: 98 | concurrent: 1 99 | upstreams: 100 | - addr: 127.0.0.1:7874 101 | # ali doh dot h3 102 | - tag: ali 103 | type: forward 104 | args: 105 | concurrent: 3 106 | upstreams: 107 | - addr: "https://dns.alidns.com/dns-query" 108 | dial_addr: "223.6.6.6" 109 | 110 | - addr: "tls://dns.alidns.com" 111 | dial_addr: "2400:3200:baba::1" 112 | enable_pipeline: true 113 | - addr: "tls://dns.alidns.com" 114 | dial_addr: "223.5.5.5" 115 | enable_pipeline: true 116 | 117 | - addr: "https://dns.alidns.com/dns-query" 118 | dial_addr: "223.5.5.5" 119 | enable_http3: true 120 | - addr: "https://dns.alidns.com/dns-query" 121 | dial_addr: "2400:3200::1" 122 | enable_http3: true 123 | 124 | # dnspod doh dot 125 | - tag: dnspod 126 | type: forward 127 | args: 128 | concurrent: 3 129 | upstreams: 130 | - addr: "https://doh.pub/dns-query" 131 | dial_addr: "1.12.12.12" 132 | - addr: "https://doh.pub/dns-query" 133 | dial_addr: "120.53.53.53" 134 | 135 | - addr: "tls://dot.pub" 136 | dial_addr: "1.12.12.12" 137 | enable_pipeline: true 138 | - addr: "tls://dot.pub" 139 | dial_addr: "120.53.53.53" 140 | enable_pipeline: true 141 | 142 | # local dns 143 | - tag: local 144 | type: forward 145 | args: 146 | concurrent: 1 147 | upstreams: 148 | - addr: "udp://127.0.0.1:53" 149 | 150 | # server 失败 151 | - tag: reject_2 152 | type: sequence 153 | args: 154 | - exec: reject 2 155 | 156 | # 拒绝响应 157 | - tag: reject_3 158 | type: sequence 159 | args: 160 | - exec: reject 3 161 | 162 | # 不支持的操作 163 | - tag: reject_5 164 | type: sequence 165 | args: 166 | - exec: reject 5 167 | -------------------------------------------------------------------------------- /config_custom.yaml: -------------------------------------------------------------------------------- 1 | log: 2 | level: debug 3 | file: "/var/log/mosdns.log" 4 | 5 | api: 6 | http: "0.0.0.0:8338" # api 监听地址 7 | 8 | include: 9 | - "/etc/mosdns/dat_exec.yaml" 10 | - "/etc/mosdns/dns.yaml" 11 | 12 | plugins: 13 | - tag: reject_null_domain 14 | type: sequence 15 | args: 16 | - exec: query_summary reject_null_domain 17 | - exec: $reject_3 18 | 19 | - tag: reject_qtype65 20 | type: sequence 21 | args: 22 | - exec: query_summary reject_qtype65 23 | - exec: $reject_3 24 | 25 | - tag: reject_ad 26 | type: sequence 27 | args: 28 | - exec: query_summary reject_adlist 29 | - exec: $reject_3 30 | 31 | ################ 序列 ################# 32 | - tag: dns_nocn 33 | type: "fallback" 34 | args: 35 | primary: quad9 # 主dns 36 | secondary: nextdns # 备用dns 37 | threshold: 700 # 无响应切换 毫秒 38 | always_standby: true # 副可执行插件始终待命 39 | 40 | # dns-cn 序列 41 | - tag: dns_cn 42 | type: "fallback" 43 | args: 44 | primary: ali # 主dns 45 | secondary: dnspod # 备用dns 46 | threshold: 500 47 | always_standby: true # 副可执行插件始终待命 48 | 49 | - tag: dns_nocn_seq 50 | type: sequence 51 | args: 52 | - exec: query_summary dns_nocn 53 | - exec: $dns_nocn 54 | 55 | - tag: dns_cn_seq 56 | type: sequence 57 | args: 58 | - exec: query_summary dns_cn 59 | - exec: $dns_cn 60 | 61 | - tag: local_seq 62 | type: sequence 63 | args: 64 | - exec: query_summary local 65 | - exec: $local 66 | 67 | - tag: fallback_seq # 其他特殊情况统一使用 dns_cn 处理 68 | type: sequence 69 | args: 70 | - exec: query_summary fallback 71 | - exec: $dns_cn 72 | 73 | - tag: other_seq # 其他特殊情况统一使用 dns_cn 处理 74 | type: sequence 75 | args: 76 | - exec: query_summary other 77 | - exec: $dns_cn 78 | 79 | # query cn 域名 80 | - tag: query_cn 81 | type: sequence 82 | args: 83 | - exec: $ecs_cn 84 | - exec: $dns_cn_seq 85 | - matches: "!resp_ip $geoip_cn" # 响应非 cn ip 86 | exec: drop_resp # 丢弃 87 | 88 | # query nocn 域名 89 | - tag: query_nocn 90 | type: sequence 91 | args: 92 | - exec: $no_ecs 93 | - exec: prefer_ipv4 94 | - exec: $dns_nocn_seq 95 | - matches: "resp_ip $geoip_cn" # 响应为 cn ip 96 | exec: drop_resp # 丢弃 97 | 98 | - tag: query_gfw 99 | type: sequence 100 | args: 101 | - exec: $forward_remote 102 | 103 | # query fallback 104 | - tag: query_fallback 105 | type: sequence 106 | args: 107 | # - exec: $ecs-cn 108 | - exec: prefer_ipv4 109 | - exec: $fallback_seq 110 | 111 | # query lan 112 | - tag: query_lan 113 | type: sequence 114 | args: 115 | - exec: $cache_lan 116 | - matches: has_resp # 命中了 lan cache 117 | exec: return 118 | # - exec: $no_ecs 119 | - exec: $local_seq 120 | 121 | # 其他所有情况 122 | - tag: query_other 123 | type: sequence 124 | args: 125 | # - exec: $no_ecs 126 | - exec: $other_seq 127 | 128 | - tag: pre_handle 129 | type: sequence 130 | args: 131 | - exec: $ttl_1h # ttl 1h 132 | - exec: accept # 接受响应,终止流程 133 | 134 | - tag: main_handle 135 | type: sequence 136 | args: 137 | - exec: $ttl_5m # ttl 5min 138 | - exec: accept # 接受响应,终止流程 139 | 140 | # pre_sequence 结果处理 141 | - tag: has_resp_pre 142 | type: sequence 143 | args: 144 | - matches: has_resp # 如果 pre 序列已有响应 145 | exec: goto pre_handle 146 | 147 | # main_sequence 结果处理 148 | - tag: has_resp_main 149 | type: sequence 150 | args: 151 | - matches: has_resp 152 | exec: goto main_handle 153 | 154 | # pre_sequence 155 | - tag: pre_sequence 156 | type: sequence 157 | args: 158 | - matches: qtype 65 # TYPE 65 类型|DNS服务器状态 159 | exec: $reject_qtype65 160 | - matches: "qname keyword::" # 无效域名 161 | exec: $reject_null_domain 162 | - matches: qtype 12 # TYPE 12 类型|反查域名 PTR 记录 163 | exec: $query_other 164 | - matches: qtype 255 # TYPE 255 类型|DNS服务器拓展支持 165 | exec: $query_other 166 | - matches: ptr_ip $geoip_private # private ip 167 | exec: $query_lan 168 | - exec: jump has_resp_pre 169 | 170 | # main_sequence 171 | - tag: main_sequence 172 | type: sequence 173 | args: 174 | - matches: qname $geosite_ads-all # ad 域名 175 | exec: $reject_ad 176 | - exec: $cache_wan # cache wan 177 | - exec: jump has_resp_main 178 | - matches: qname $geosite_cn # cn 域名 179 | exec: $query_cn 180 | - exec: jump has_resp_main 181 | # 检查是否符合GFW域名规则 182 | - matches: qname $geosite_gfw 183 | exec: $query_gfw 184 | - exec: jump has_resp_main 185 | - matches: qname $geosite_location-!cn # 非 cn 域名 186 | exec: $query_nocn 187 | - exec: jump has_resp_main 188 | # 其他 189 | - exec: $no_ecs 190 | - exec: $query_fallback 191 | - exec: jump has_resp_main 192 | 193 | - tag: sequence 194 | type: sequence 195 | args: 196 | - exec: metrics_collector metrics 197 | - exec: $pre_sequence # 预处理 198 | - exec: $main_sequence # 主执行序列 199 | 200 | # 在同一端口启动 udp 和 tcp 服务器。 201 | - type: udp_server 202 | args: 203 | entry: sequence 204 | listen: :5333 205 | - type: tcp_server 206 | args: 207 | entry: sequence 208 | listen: :5333 209 | --------------------------------------------------------------------------------