荒岛
overture是一个用Go开发的DNS服务器,我个人觉得这是个神器,配置简单,使用方便。就是比较小众,用的人不多。。
以下部署步骤请在国内服务器或者本地进行。我这边就在本地的PVE开了一台Debian9部署。
首先在这里下载最新版本的压缩包:
https://github.com/shawn1m/overture/releases
用ROOT权限登录进去安装一些需要用到的工具:
apt -y install dnsutils lrzsz unzip supervisor
新建目录然后用rz命令把下载好的压缩包传到Debian内:
mkdir -p /opt/overture && cd /opt/overture && rz
解压/重命名:
unzip overture-linux-amd64.zip cp overture-linux-amd64 overture
下载GFWLIST/CHNROUTER列表:
wget https://cokebar.github.io/gfwlist2dnsmasq/gfwlist_domain.txt wget https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt
编辑OVERTURE的配置文件:
nano /opt/overture/config.json
下面是我的配置:
{
"BindAddress": ":53",
"DebugHTTPAddress": "127.0.0.1:5555",
"PrimaryDNS": [
{
"Name": "DNSPod",
"Address": "119.29.29.29:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
},
{
"Name": "AliDNS",
"Address": "223.5.5.5:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
}
],
"AlternativeDNS": [
{
"Name": "CloudFlareDNS",
"Address": "one.one.one.one:853",
"Protocol": "tcp-tls",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
},
{
"Name": "GoogleDNS",
"Address": "dns.google:853",
"Protocol": "tcp-tls",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "disable",
"ExternalIP": "",
"NoCookie": true
}
}
],
"OnlyPrimaryDNS": false,
"IPv6UseAlternativeDNS": false,
"WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
"IPNetworkFile": {
"Primary": "./china_ip_list.txt",
"Alternative": ""
},
"DomainFile": {
"Primary": "",
"Alternative": "./gfwlist_domain.txt",
"Matcher": "regex-list"
},
"HostsFile": "./hosts_sample",
"MinimumTTL": 0,
"DomainTTLFile" : "./domain_ttl_sample",
"CacheSize" : 0,
"RejectQType": [255]
}
新建supervisor配置文件:
nano /etc/supervisor/conf.d/overture.conf
写入如下配置:
[program:overture] priority=1 directory=/opt/overture command=/opt/overture/overture -c /opt/overture/config.json autostart=true autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/overture.log
更新supervisor配置,然后查看overture的运行状态:
supervisorctl update supervisorctl status overture
是RUNNING状态就OK了,接下来使用dig命令进行测试,正好就拿我这个破博客测试吧,我这个域名就是被污染的,如果能够解析出正确的IP那么就说明overture工作是正常的:
dig @127.0.0.1 lala.im
OK没问题:
那么现在局域网内的其他机器修改DNS地址为这台Debian的IP即可享用无污染DNS服务了:
实力划水
这篇写得也不错https://jasper-1024.github.io/jasper/d510a085/
蛮有兴趣的,奈何平时走动频繁,局域网本地配置需求不大,只能走公有云。然而国内服务器上是不允许自建DNS服务的,我怕……
倘若找海外机或是HK的,这个不是DoH或是DoT,我担心会不会出现本地运营商DNS抢答的情况。(倘若会,那么如此一来不就白忙活了,233O:-)
不要怂就是干,找个小商家买台小鸡鸡,自己低调用就是了。我折腾这个是打算配合SS做透明代理用的,奈何这两天实在没精力折腾就鸽了。。
8说了,配置文件写清楚了,DNS默认常规UDP53端口,我凉了,带哥的好东西我用不到了,
国内的DNS肯定是用常规的UDP53,国外是CF和Google的DoT啊。。
又学习了。谢谢
这个DNS对服务器带宽有要求吗,我想部署在腾讯云hk
没有要求,就自己用的话,查询几个DNS请求也用不到多少流量。
使用了你的config.json 文件,运行软件的时候,报错 “Failed to parse config file: json: cannot unmarshal string into Go struct field Config.HostsFile of type struct { HostsFile string; Finder string } ”
使用overture官方的config.json 则没有这个问题。不知道问题出在哪。
没遇到过,既然官方的没问题,你对照着自己改改就好了。
在树莓派上部署后解析失败,log里有如下错误:
WARN[2020-05-16 12:31:12] dns server address tcp-tls://dns.google:853 is invalid
WARN[2020-05-16 12:31:12] createTlsConn failed: dns up server address is invalid
WARN[2020-05-16 12:31:12] dns server address tcp-tls://one.one.one.one:853 is invalid
WARN[2020-05-16 12:31:12] createTlsConn failed: dns up server address is invalid
难道是linux-arm版本不支持DNS over TLS?
注:CloudflareDNS切换成DNS over HTTPS就可以了