内部分流dns,内部缓存dns,分流加速域名
系统:debian本地root服务器(已经选择ssh服务器)
软件:dnsproxy
请确保您的本地服务器具有必要的最低要求golang
sudo apt update sudo apt install git nano source <(curl -L尽量有权限去安装,路径选择/root/go就好了
dnsproxy安装和使用:
以普通身份安装( cpu型号amd64)
项目地址 https://github.com/adguardTeam/dnsproxy
cd /root git clone cd dnsproxy go build -mod=vendordns分流文件安装和使用(返回本地home):
复制以下配置 nano update-dns.sh
nano /root/update-dns.sh rm /root/domain_full.txt wget -O /root/domain_full.txt systemctl daemon-reload && systemctl restart dnsproxy-dns复制以下配置开机启动 systemctl
cd /etc/systemd/system/ sudo nano dnsproxy-dns.service [Unit] Description=dnsproxy-dns Service After=network.target nss-lookup.target [Service] Type=simple User=root NoNewPrivileges=true ExecStart=/root/dnsproxy/./dnsproxy -u /root/domain_full.txt -l 0.0.0.0 -p 53 -p 54 --all-servers --edns --cache --cache-optimistic Restart=on-failure [Install] WantedBy=multi-user.target systemctl enable dnsproxy-dns使用cron定时更新dns分流文件:
复制以下配置
crontab -e * 12 * * * bash /root/update-dns.sh # 中午12点定时更新dns分流文件运行文件并启动软件
先下载dns分流文件
systemctl start dnsproxy-dns bash update-dns.sh问题1
UDP Receive Buffer Size的问题,需要修改/etc/sysctl.conf
nano /etc/sysctl.conf net.ipv4.tcp_retries2 = 8 net.ipv4.tcp_slow_start_after_idle = 0 fs.file-max = fs.inotify.max_user_instances = 8192 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_tw_reuse = 1 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 32768 net.core.netdev_max_backlog = 32768 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_max_orphans = 32768 net.ipv4.ip_forward = 1 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_fin_timeout = 10 net.core.rmem_max =问题2
pam-unix的问题,需要修改/etc/pam.d/common-session-noninteractive
nano /etc/pam.d/common-session-noninteractive #完整的配置文件 # # /etc/pam.d/common-session-noninteractive - session-related modules # common to all non-interactive services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of all non-interactive sessions. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules.See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) session[default=1]pam_permit.so # heres the fallback if no module succeeds sessionrequisitepam_deny.so # prime the stack with a positive return value if there isnt one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around sessionrequiredpam_permit.so # and here are more per-package modules (the "Additional" block) session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid sessionrequiredpam_unix.so # end of pam-auth-update config全部配置完重启服务器看看是否生效
reboot第一次查询可能会很慢,但是随后的查询
(以及对同一TLD下的其他域的查询)也应该会很快。测试其是否正常运行!
dnsproxy:
dig bing.com @127.0.0.1 -p 53参考文章:
https://languor.us/cron-pam-unix-cron-session-session-opened-closed-user-root-uid0
https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size#non-bsd