Total Pageviews

Thursday, 3 March 2016

在 Mac上安装pdnsd 和 dnsmasq 加速 DNS 以及避免dns污染




最近干扰力度越来越大,原来使用的 hosts 也很快就会失效,同时因为 hosts 中的 ip 被封的原因,造成开启 ssh 后都无法通过 socks5 连接,所以最后还是决定使用 pdnsd 和 dnsmasq 得到正确的 ip 并加速 DNS 查询,至于连接,就交给 ssh 了。

如果 DNS 服务器的 ip 没有被封,可以通过 pdnsd 的 tcp 连接来得到正确的 ip,避免污染,但是对于国内的一些域名或者 CDN,使用远程查询效果并不好,所以配合 dnsmasq 的域名匹配功能来实现国内域名和部分 CDN 直接走国内的 DNS 查询,国外的域名走国外的 DNS 查询。

1. 安装 pdnsd

  1. 用 Homebrew 安装 pdnsd:

1
$ sudo brew install pdnsd
brew link --overwrite pdnsd
ln -s /usr/local/sbin/pdnsd /usr/local/bin/pdnsd (这样就可直接运行pdnsd了)

yudeMacBook-Air:~ brite$ pdnsd
Error: Could not open config file /usr/local/etc/pdnsd.conf: No such file or directory
yudeMacBook-Air:~ brite$

  1. 配置pdnsd:

1
$ cp /usr/local/etc/pdnsd.conf.sample /usr/local/etc/pdnsd.conf

我的 pdnsd 配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
global {
     # debug = on;          # /var/pdnsd/pdnsd.debug
     perm_cache=10240;       # 1MB cache
     cache_dir="/usr/local/var/cache/pdnsd";
     #run_as="nobody";
     paranoid=on;
     par_queries=5;
     server_port = 1053;
     server_ip = 127.0.0.1;
     status_ctl = on;
     query_method=tcp_only; # gfw don't pollute TCP query now
     min_ttl=2h;
     max_ttl=1w;
     timeout=6;
     # https://wiki.archlinux.org/index.php/Pdnsd#Performance_Settings_For_Home_Broadband_Users
     neg_rrs_pol=on;
}

/*
server {
     label="114 & V2EX DNS";
     ip=114.114.114.114,114.114.115.115;
     uptest=none;
     # root_server = on;
     proxy_only=on;
     purge_cache=off;
     exclude=".google.com",".gstatic.com",".googleusercontent.com",".googlesource.com",".ggpht.com",".appspot.com",".googlecode.com",".googleapis.com",".gmail.com",".google-analytics.com",".keyhole.com",".chromium.org",".googlesyndication.com",".googlelabs.com",".g.co",".goo.gl",".panoramio.com",".android.com",".youtube.com",".ytimg.com",".blogspot.com",".blogger.com",".twitter.com",".twimg.com",".t.co",".facebook.com",".facebook.net",".fbcdn.net",".fb.me",".tfbnw.net",".flickr.com",".yimg.com",".bit.ly",".bitly.com",".t66y.com",".wp.com",".torproject.org",".igfw.net",".openvpn.net",".dropbox.com",".wikipedia.org",".sourceforge.net",".sf.net",".droplr.com",".pastebin.com",".vimeo.com";
}
*/

server {
        label="V2EX & Google DNS";
        ip=199.91.73.222, 8.8.4.4, 8.8.8.8;
        # root_server = on;
        #uptest = ping;
        uptest = none;
        proxy_only=on;
        purge_cache=off;
}

source {
     owner=localhost;
#     serve_aliases=on;
     file="/etc/hosts";
}

rr {
     name=localhost;
     reverse=on;
     a=127.0.0.1;
     owner=localhost;
     soa=localhost,root.localhost,42,86400,900,86400,86400;
}

  1. 设置 pdnsd 自启动
将下面的文件保存到 /Library/LaunchDaemons/pdnsd.plist



1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>pdnsd</string>
  <key>OnDemand</key>
  <false/>
  <key>Program</key>
  <string>/usr/local/sbin/pdnsd</string>
  <key>ServiceDescription</key>
  <string>pdnsd - a proxy DNS server with permanent caching</string>
 </dict>
</plist>

设置文件权限



1
2
$ sudo chown root /Library/LaunchDaemons/pdnsd.plist
$ sudo chmod 644 /Library/LaunchDaemons/pdnsd.plist

启动 pdnsd 服务



1
$ sudo launchctl load /Library/LaunchDaemons/pdnsd.plist

2. 安装 dnsmasq

  1. 用 Homebrew 安装 dnsmasq



1
$ brew install dnsmasq

  1. 配置 dnsmasq



1
$ cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf

我的 dnsmasq 配置如下



1
2
3
4
5
6
7
8
9
10
listen-address=127.0.0.1
no-hosts
no-dhcp-interface=

cache-size=32768

server=127.0.0.1#1053

# Include all files in a directory which end in .conf
conf-dir=/usr/local/etc/dnsmasq.d

基于域名的泛解析配置放置在 /usr/local/etc/dnsmasq.d 中
  1. 设置 dnsmasq 自启动
复制启动配置到 /Library/LaunchDaemons



1
$ sudo cp -fv /usr/local/opt/dnsmasq/*.plist /Library/LaunchDaemons

设置文件权限



1
2
$ sudo chown root /Library/LaunchDaemons/pdnsd.plist
$ sudo chmod 644 /Library/LaunchDaemons/pdnsd.plist

启动 pdnsd 服务



1
$ sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

3. 配置系统 DNS

把Mac系统的DNS改为127.0.0.1。

#. dnsmasq 泛解析

DNSMASQ的泛解析规则如下



1
address=/baidu.com/1.1.1.1

这意味着,*.baidu.com/* 都将被引导至IP为1.1.1.1的 DNS 解析。

#. 用于国内的加速列表配置

在 GitHub 上找到了用于国内域名和 CDN 的加速配置,地址如下 dnsmasq-china-list
--------------------------------
brew install dnsmasq显示:
==> Downloading https://homebrew.bintray.com/bottles/dnsmasq-2.75.yosemite.bottl
######################################################################## 100.0%
==> Pouring dnsmasq-2.75.yosemite.bottle.tar.gz
==> Caveats
To configure dnsmasq, copy the example configuration to /usr/local/etc/dnsmasq.conf
and edit to taste.

  cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf

To have launchd start dnsmasq at startup:
  sudo cp -fv /usr/local/opt/dnsmasq/*.plist /Library/LaunchDaemons
  sudo chown root /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
Then to load dnsmasq now:
  sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
==> Summary
  /usr/local/Cellar/dnsmasq/2.75: 7 files, 512K

yudeMacBook-Air:~ brite$