Fix weird things with DNS in China.
If you want to fix other weird things as well, you might also want to use ShadowVPN.
If you want to fix other weird things as well, you might also want to use ShadowVPN.
Install
-
Linux / Unix
Download a release.
./configure && make src/chinadns -m -c chnroute.txt
-
OpenWRT
- Download precompiled for OpenWRT trunk and CPU: ar71xx, brcm63xx, brcm47xx, ramips_24kec. Open an issue if you think your CPU is a popular one but not listed here.
-
If you use other CPU or other OpenWRT versions, build yourself:
cd into SDK root, then
pushd package git clone https://github.com/clowwindy/ChinaDNS.git popd make menuconfig # select Network/ChinaDNS make -j make V=99 package/ChinaDNS/openwrt/compile
-
Tomoto
- Download Tomato toolchain, build by yourself.
- Uncompress the downloaded file to
~/
. -
Copy the
brcm
directory under~/WRT54GL-US_v4.30.11_11/tools/
to/opt
, then
export PATH=/opt/brcm/hndtools-mipsel-uclibc/bin/:/opt/brcm/hndtools-mipsel-linux/bin/:$PATH git clone https://github.com/clowwindy/ChinaDNS.git cd ChinaDNS ./autogen.sh && ./configure --host=mipsel-linux --enable-static && make
-
Windows
Download Python exe version.
Usage
- Linux / Unix
Recommand using with option "-m" (DNS pointer mutation method)
Run
sudo chinadns -m -c chnroute.txt
on your local machine. ChinaDNS creates a UDP DNS Server at0.0.0.0:53
. -
OpenWRT
(Optional) We strongly recommend you to set ChinaDNS as a upstream DNS server for dnsmasq instead of using ChinaDNS directly:opkg install ChinaDNS_1.x.x_ar71xx.ipk /etc/init.d/chinadns start
- Run
/etc/init.d/chinadns stop
- Remove the 2 lines containing
iptables
in/etc/init.d/chinadns
. -
Update
/etc/dnsmasq.conf
to use only 127.0.0.1#5353:
no-resolv server=127.0.0.1#5353
- Restart chinadns and dnsmasq
- Run
$ dig @192.168.1.1 www.youtube.com -p5353
; <<>> DiG 9.8.3-P1 <<>> @127.0.0.1 www.google.com -p5353
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16179
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 215 IN A 173.194.127.50
www.google.com. 215 IN A 173.194.127.49
www.google.com. 215 IN A 173.194.127.48
www.google.com. 215 IN A 173.194.127.52
www.google.com. 215 IN A 173.194.127.51
;; Query time: 197 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Thu Jan 1 02:37:16 2015
;; MSG SIZE rcvd: 112
Currently ChinaDNS only supports UDP. Builtin OpenWRT init script works with
dnsmasq, which handles TCP. If you use it directly without dnsmasq, you need to
add a redirect rule for TCP:iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
Advanced
usage: chinadns [-h] [-l IPLIST_FILE] [-b BIND_ADDR] [-p BIND_PORT]
[-c CHNROUTE_FILE] [-s DNS] [-v]
Forward DNS requests.
-h, --help show this help message and exit
-l IPLIST_FILE path to ip blacklist file
-c CHNROUTE_FILE path to china route file
if not specified, CHNRoute will be turned off
-d enable bi-directional CHNRoute filter
-y delay time for suspects, default: 0.3
-b BIND_ADDR address that listens, default: 127.0.0.1
-p BIND_PORT port that listens, default: 53
-s DNS DNS servers to use, default:
114.114.114.114,208.67.222.222:443,8.8.8.8
-m Using DNS compression pointer mutation
(backlist and delaying would be disabled)
-v verbose logging
About chnroute
You can generate latest chnroute.txt using this command:curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt
from https://github.com/clowwindy/ChinaDNS
下载地址:http://sourceforge.net/projects/chinadns/
------------------------
我的补充说明:
在mac机器上.
git clone https://github.com/shadowsocks/ChinaDNS
cd
ChinaDNS
./autogen.sh
./configure
make
(make后,会在~/
ChinaDNS/src/里面生成可执行文件chinadns)
cd
src
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.222.222:443 或
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.222.222:5353
或
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.220.220:443
或
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.220.220:5353
或
sudo ./chinadns -b 0.0.0.0 -p 53
-s my-vps-ip:53538
(本条命令可改为sudo ALL_PROXY=socks5://localhost:1080 ./chinadns -b 0.0.0.0 -p 53
-s 8.8.8.8:53 )
实际使用例子:
sudo wg-quick up wg0
sudo networksetup -setdnsservers "Wi-Fi" 127.0.0.1
cd ~/ChinaDNS/src
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.222.222:443 或
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.222.222:5353
或
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.220.220:443
或
sudo ./chinadns -b 0.0.0.0 -p 53
-s 208.67.220.220:5353
或
sudo ./chinadns -b 0.0.0.0 -p 53
-s my-vps-ip:53538
突破口就在于:服务器上的DNS的端口不一定只能用53.
幸运的是,GFW 确实只会检测53
端口的 DNS 数据包,而且 OpenDNS server 除了53
,还提供了443
和5353
端口的 DNS 服务.
(为什么使用 ChinaDNS 而不是直接使用 OpenDNS
- 我们必须使用非
53
端口去查询国外 DNS 才能得到没有被 GFW 篡改的正确解析结果,ChinaDNS 可以自定义使用的DNS 的端口,而 Windows 系统的 DNS 设置定死了使用53
端口
- 如果通过 OpenDNS 去解析国内网站,那么很可能会得到一个海外 IP(很多大公司都会配备有海外服务器供海外华人使用,例如京东啦淘宝啦B站啦),这样会导致访问国内网站访问速度很慢
而 ChinaDNS 可以根据 chnrouter 来判断,如果从国内 DNS 里解析到国内 IP 的话就使用,对于国外网站会过滤掉从国内 DNS 解析得到的被污染的结果,十分完美的解决了这个问题.)
- 建议使用chrome翻墙。我设置chinadns后,居然用ff翻墙失败,用chrome就没有问题。
--------------------------------------------------------------------
go re-implementation of ChinaDNS.
cd $GOPATH
go get -u -v github.com/YueHonghui/chinadns
可执行文件chinadns就会出现在$GOBIN/里面。
chinadns -h
会显示:
Usage of chinadns:
-V print version and exit
-b string
address that listens (default "0.0.0.0")
-c string
path to china route file (default "./chinaroute.txt")
-d off enable bi-directional CHNRoute filter
-l string
path to ip blacklist file
-logpath string
logpath (default "/var/log/chaindns")
-m use DNS compression pointer mutation
-p int
port that listens (default 53)
-s string
DNS servers to use (default "223.6.6.6,8.8.4.4")
-v verbose logging
-y float
delay time for suspects (default 0.3)
项目地址:https://github.com/YueHonghui/chinadns
--------
一个专注于高性能的DNS分流器。开箱即用。支持按IP与域名分流,按CNAME分流,ECS扩展,分流更准。
支持IPv6,DoH。支持Openwrt等平台。
mos-chinadns
功能、教程以及手册,详见:wiki。
部分设计参考:
依赖
资源
- 大陆域名表
chn_domain.list
数据来自: dnsmasq-china-list: LICENSE
- 大陆IP表
chn.list
数据来自: APNIC
https://github.com/freeasbird/mos-chinadns