|
用的 v5.3 版本的 mosdns ,配置很简洁,主要就是把多媒体站点根据 dns 分流到解锁机去,配置如下:
log:
level: info
file: ""
plugins:
- tag: "stream"
type: "domain_set"
args:
files:
- "./rules/category-entertainment.txt"
- "./rules/bilibili.txt"
- tag: "alice"
type: "forward"
args:
upstreams:
- addr: "154.12.177.22"
- tag: "cf"
type: "forward"
args:
upstreams:
- addr: "1.1.1.1" # 使用 cf dns 作为默认 dns
- tag: "main_sequence"
type: "sequence"
args:
- matches:
- qname $stream
exec: $alice
- exec: $cf # 不匹配的域名走默认 DNS
# UDP 服务器
- tag: "local_udp"
type: "udp_server"
args:
entry: main_sequence
listen: "127.0.0.1:5353"
# TCP 服务器
- tag: "local_tcp"
type: "tcp_server"
args:
entry: main_sequence
listen: "127.0.0.1:5353"
domain_set里的两份 txt 文件,我是通过 v4 版本的 mosdns 自带的 fshexdat 命令,将geosite.dat中的指定分类网站导出来的。我检查过,域名的语法符合 v5 版本的要求。
mosdns 监听本机的 5353 端口,我也通过systemd-resolved将 dns 地址设置为了本机的 5353 端口:
❯ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: uplink
Current DNS Server: 127.0.0.1#5353
DNS Servers 127.0.0.1#5353
Link 2 (enp0s3)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
按理来说,mosdns 正常启动后,应该可以正常解析本机发起的 dns 请求了。但是,无论我 dig 哪个域名,mosdns 的日志都无任何变化:
debian systemd[1]: Started mosdns.service - A DNS forwarder.
INFO starting service {"platform": "linux-systemd"}
INFO working directory changed {"path": "/etc/mosdns"}
INFO main config loaded {"file": "/etc/mosdns/config.yaml"}
INFO loading plugin {"tag": "stream", "type": "domain_set"}
INFO loading plugin {"tag": "alice", "type": "forward"}
INFO loading plugin {"tag": "cf", "type": "forward"}
INFO loading plugin {"tag": "main_sequence", "type": "sequence"}
INFO loading plugin {"tag": "local_udp", "type": "udp_server"}
INFO local_udp udp server started {"addr": "127.0.0.1:5353"}
INFO loading plugin {"tag": "local_tcp", "type": "tcp_server"}
INFO local_tcp tcp server started {"addr": "127.0.0.1:5353", "tls": false}
INFO all plugins are loaded
直接 dig 上游的 dns ,是通的:
❯ dig @154.12.177.22 -p 53 netflix.com
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> @154.12.177.22 -p 53 netflix.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20580
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;netflix.com. IN A
;; ANSWER SECTION:
netflix.com. 10 IN A 181.215.6.222
;; Query time: 64 msec
;; SERVER: 154.12.177.22#53(154.12.177.22) (UDP)
;; WHEN: Fri Dec 27 17:21:18 CST 2024
;; MSG SIZE rcvd: 45
直接 dig 本机的 5353 端口,也能通,但是没走 mosdns 分流,不知道从哪查到的地址。
❯ dig @127.0.0.1 -p 5353 netflix.com
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> @127.0.0.1 -p 5353 netflix.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29424
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1200
;; QUESTION SECTION:
;netflix.com. IN A
;; ANSWER SECTION:
netflix.com. 51 IN A 44.242.60.85
netflix.com. 51 IN A 44.234.232.238
netflix.com. 51 IN A 44.237.234.25
;; Query time: 76 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1) (UDP)
;; WHEN: Fri Dec 27 17:19:59 CST 2024
;; MSG SIZE rcvd: 121
我现在不知道怎么改了,mosdns 的日志除了启动看不到任何东西,感觉 dns 查询根本没进入 mosdns 处理。
| 
