人生在世，看得透，又看得远者prevail everywhere.

ppt.cc/fRZTnx ppt.cc/fSZ3cx ppt.cc/fLOuCx ppt.cc/fE9Nux ppt.cc/fL5Kyx ppt.cc/fVjECx ppt.cc/fIr1ax ppt.cc/fEnHsx ppt.cc/f71Yqx tecmint.com linuxcool.com linux.die.net linux.it.net.cn ostechnix.com unix.com ubuntugeek.com runoob.com man.linuxde.net bit.ly/2EzoUDo bit.ly/2v6jGJi bit.ly/2tW6eYT bit.ly/2X6vadl bit.ly/2viLpHU linuxprobe.com linuxtechi.com howtoforge.com linuxstory.org systutorials.com ghacks.net linuxopsys.com v.gd/2P9wTx v.gd/FtfpqE v.gd/eMfHsm v.gd/Ub7mqv v.gd/RReVk0

Sunday 14 July 2019

利用CleanDNS解决dns污染问题

Non-polluting DNS. Forward DNS requests with ECS (edns-client-subnet) support.

Install

Linux

git clone https://github.com/GangZhuo/CleanDNS.git

cd CleanDNS

make clean

make

OpenWRT

cd OpenWrt-SDK-***

git clone https://github.com/GangZhuo/CleanDNS.git package/CleanDNS

# Select Network/CleanDNS
make menuconfig

# Output file should be at OpenWrt-SDK-***/bin/packages//base/CleanDNS-*.ipk
make V=99 package/CleanDNS/openwrt/{clean,compile}

# Install on OpenWrt
opkg install CleanDNS_*.ipk

# Edit your config file '/etc/config/cleandns', then restart '/etc/init.d/cleandns restart'.
vim /etc/config/cleandns

# Start|Stop|Restart|Enable|Disable
/etc/init.d/cleandns [start|stop|restart|enable|disable]

Android (Termux)

git clone https://github.com/GangZhuo/CleanDNS.git

cd CleanDNS

make clean

make LDFLAGS=-llog

Windows

1) Download source code from https://github.com/GangZhuo/CleanDNS.

2) Open CleanDNS/windows/cleandns.sln with visual studio 2019, build project.

3) Copy build result (cleandns.exe) with CleanDNS/windows/install_service.bat,
   CleanDNS/windows/uninstall_service.bat and chnroute.txt to target directory
   (e.g. D:\CleanDNS\).

4) Right click D:\CleanDNS\install_service.bat, and click Run as administrator
   to install CleanDNS as service.

5) Edit your config file D:\CleanDNS\cleandns.config， which should be generate
   automatic after installed service.

6) Press WIN+R, type 'services.msc', and press ， Start/Restart CleanDNS on right panel.

7) Right click D:\CleanDNS\uninstall_service.bat, and click Run as administrator to uninstall.

Usage

$>cleandns.exe -h

CleanDNS 0.4.1

Usage:

cleandns [-c CHNROUTE_FILE] [-l CHINA_IP] [-f FOREIGN_IP]
         [-b BIND_ADDR] [-p BIND_PORT] [-s DNS] [-t TIMEOUT] [-m]
         [--config=CONFIG_PATH] [--daemon] [--pid=PID_FILE_PATH]
         [--log=LOG_FILE_PATH] [--log-level=LOG_LEVEL]
         [--proxy=PROXY_URL] [-v] [-V] [-h]

Forward DNS requests with ECS (edns-client-subnet) support.

Options:

  -l CHINA_IP           china ip address, e.g. 114.114.114.114/24.
  -f FOREIGN_IP         foreign ip address, e.g. 8.8.8.8/24.
  -c CHNROUTE_FILE      path to china route file, default: chnroute.txt.
  -b BIND_ADDR          address that listens, default: 0.0.0.0.
  -p BIND_PORT          port that listens, default: 5354.
  -s DNS                DNS server to use, default: 8.8.8.8:53,114.114.114.114:53.
                        tcp://IP[:PORT] means forward request to upstream by TCP protocol,
                        [udp://]IP[:PORT] means forward request to upstream by UDP protocol,
                        default forward by UDP protocol, and default port of upstream is 53.
  -m                    use DNS compression pointer mutation, only available on foreign dns server.
  -t TIMEOUT            timeout, default: 5.
  --daemon              daemonize.
  --pid=PID_FILE_PATH   pid file, default: /var/run/cleandns.pid, only available on daemonize.
  --log=LOG_FILE_PATH   write log to a file.
  --log-level=LOG_LEVEL log level, range: [0, 7], default: 5.
  --config=CONFIG_PATH  config file, find sample at https://github.com/GangZhuo/CleanDNS.
  --lazy                disable pollution detection.
  --proxy=PROXY_URL     proxy server, e.g. socks5://127.0.0.1:1080, only available on foreign dns server.
                        only support socks5 with no authentication.
  -v                    verbose logging.
  -h                    show this help message and exit.
  -V                    print version and exit.

Example

cleandns -m -s 8.8.8.8 -l 202.108.22.5/24 -vvv

or

cleandns -m -s 8.8.8.8 -l 202.108.22.5/24 -f 172.217.24.4/24 -vvv

Remove -l and -f to disable "edns-client-subnet".

Test if it works:

$ dig @127.0.0.1 -p 5354 www.youtube.com
; <<>> DiG 9.11.1 <<>> www.youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 14225="" id:="" noerror="" opcode:="" query="" span="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: xxx.xxx.xxx.0/24/0
;; QUESTION SECTION:
;www.youtube.com.  IN A

;; ANSWER SECTION:
www.youtube.com. 86315 IN CNAME youtube-ui.l.google.com.
youtube-ui.l.google.com. 815 IN CNAME youtube-ui-china.l.google.com.
youtube-ui-china.l.google.com. 95 IN A 74.125.203.102
youtube-ui-china.l.google.com. 95 IN A 74.125.203.100
youtube-ui-china.l.google.com. 95 IN A 74.125.203.139
youtube-ui-china.l.google.com. 95 IN A 74.125.203.113
youtube-ui-china.l.google.com. 95 IN A 74.125.203.138
youtube-ui-china.l.google.com. 95 IN A 74.125.203.101

;; Query time: 177 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 23 07:07:51 2017
;; MSG SIZE  rcvd: 443

Update chnroute

See About chnroute on ChinaDNS.

References

from https://github.com/GangZhuo/CleanDNS

----

我的补充说明：

在mac上。

git clone https://github.com/GangZhuo/CleanDNS CleanDNS-by-GangZhuo

cd CleanDNS-by-GangZhuo

make

(在当前目录下，就会生成可执行文件cleandns)

./cleandns -h

sudo ./cleandns -b 0.0.0.0 -p 53 -s 8.8.4.4:53 --proxy=socks5://127.0.0.1:1080

看到这行命令了吗？cleandns支持设置socks5 proxy.我们可以运行ss,来做这个socks5 proxy。

不要关闭此terminal.

实际例子：

sudo wg-quick up wg0

sudo networksetup -setdnsservers "Wi-Fi" 127.0.0.1

cd ~/CleanDNS-by-GangZhuo && sudo ./cleandns -b 0.0.0.0 -p 53 -s 8.8.4.4:53 --proxy=socks5://127.0.0.1:1080