Comments (1)
Moexin
commented on August 9, 2024
用if嵌套总算能实现需求了,但是总觉得不够优雅,而且不知道if插入的地方对不对,希望有大佬完善一下,谢谢!
log:
file: "/tmp/moedns.log"
level: warn
data_providers:
- tag: chinalist
file: ./rules/china_domain_list.txt
auto_reload: true
- tag: gfwlist
file: ./rules/gfw_domain_list.txt
auto_reload: true
- tag: cdncn
file: ./rules/cdn_domain_list.txt
auto_reload: true
- tag: chinaip
file: ./rules/china_ip_list.txt
auto_reload: true
- tag: gfwip
file: ./rules/gfw_ip_list.txt
auto_reload: true
- tag: cfip
file: ./rules/cf_ip_list.txt
auto_reload: true
- tag: adlist
file: ./rules/ad_domain_list.txt
auto_reload: true
- tag: ecscn
file: ./ecs_cn_domain.txt
auto_reload: true
- tag: ecsnoncn
file: ./ecs_noncn_domain.txt
auto_reload: true
- tag: hosts
file: ./hosts.txt
auto_reload: true
plugins:
# 缓存的插件
# [lan|wan]
- tag: cache_lan
type: cache
args:
size: 8192
#redis: "redis://127.0.0.1:6379/0"
lazy_cache_ttl: 86400
cache_everything: true
lazy_cache_reply_ttl: 1
- tag: cache_wan
type: cache
args:
size: 131072
compress_resp: true
#redis: "redis://127.0.0.1:6379/0"
lazy_cache_ttl: 86400
cache_everything: true
lazy_cache_reply_ttl: 5
# Hosts的插件
- tag: hosts
type: hosts
args:
hosts:
- "provider:hosts"
# 获取ECS的插件
- tag: ecs_auto
type: ecs
args:
auto: true
force_overwrite: false
# 指定ECS的插件
- tag: ecs_global
type: ecs
args:
auto: false
ipv4: "168.95.1.0"
ipv6: "2001:b000:168::"
force_overwrite: false
# 匹配ECS的插件
- tag: ecs_is_lan
type: query_matcher
args:
ecs:
- "0.0.0.0/8"
- "10.0.0.0/8"
- "100.64.0.0/10"
- "127.0.0.0/8"
- "169.254.0.0/16"
- "172.16.0.0/12"
- "192.0.0.0/24"
- "192.0.2.0/24"
- "198.18.0.0/15"
- "192.88.99.0/24"
- "192.168.0.0/16"
- "198.51.100.0/24"
- "203.0.113.0/24"
- "224.0.0.0/3"
- "::1/128"
- "fc00::/7"
- "fe80::/10"
- tag: ecs_is_cn
type: query_matcher
args:
ecs:
- "provider:chinaip"
# 调整TTL的插件
# [1m|5m|1h]
- tag: ttl_1m
type: ttl
args:
minimal_ttl: 60
maximum_ttl: 3600
- tag: ttl_5m
type: ttl
args:
minimal_ttl: 300
maximum_ttl: 86400
- tag: ttl_1h
type: ttl
args:
minimal_ttl: 3600
maximum_ttl: 86400
# 匹配TYPE12类型请求的插件
- tag: qtype12
type: query_matcher
args:
qtype: [12]
# 匹配TYPE65类型请求的插件
- tag: qtype65
type: query_matcher
args:
qtype: [65]
# 匹配TYPE255类型请求的插件
- tag: qtype255
type: query_matcher
args:
qtype: [255]
# 匹配RCODE2的插件
- tag: response_server_failed
type: response_matcher
args:
rcode: [2]
# 屏蔽请求的插件
- tag: black_hole
type: blackhole
args:
rcode: 0
ipv4: "0.0.0.0"
ipv6: "::"
# 匹配无效域名的插件
- tag: query_is_non_domain
type: query_matcher
args:
domain:
- "keyword::"
# 匹配本地域名的插件
- tag: query_is_local_domain
type: query_matcher
args:
domain:
- "provider:chinalist"
# 匹配污染域名的插件
- tag: query_is_non_local_domain
type: query_matcher
args:
domain:
- "provider:gfwlist"
# 匹配CDN域名的插件
- tag: query_is_cdn_cn_domain
type: query_matcher
args:
domain:
- "provider:cdncn"
# 匹配广告域名的插件
- tag: query_is_ad_domain
type: query_matcher
args:
domain:
- "provider:adlist"
# 匹配强制本地解析域名的插件
- tag: query_is_cn_domain
type: query_matcher
args:
domain:
- "provider:ecscn"
# 匹配强制非本地解析域名的插件
- tag: query_is_noncn_domain
type: query_matcher
args:
domain:
- "provider:ecsnoncn"
# 匹配本地IP的插件
- tag: response_has_local_ip
type: response_matcher
args:
ip:
- "provider:chinaip"
# 匹配污染IP的插件
- tag: response_has_gfw_ip
type: response_matcher
args:
ip:
- "provider:gfwip"
# 匹配CFIP的插件
- tag: response_has_cf_ip
type: response_matcher
args:
ip:
- "provider:cfip"
# 指定CFIP的插件
- tag: blackhole_setcfip
type: blackhole
args:
ipv4: "162.159.39.121"
# 转发至本地服务器的插件
- tag: forward_local
type: fast_forward
args:
upstream:
- addr: "218.104.111.114"
- addr: "218.104.111.122"
# 转发至远程服务器的插件
- tag: forward_remote
type: fast_forward
args:
upstream:
- addr: "https://1.1.1.1/dns-query"
- addr: "https://8.8.8.8/dns-query"
- addr: "https://208.67.222.222/dns-query"
# 转发至分流服务器的插件
- tag: forward_easymosdns
type: fast_forward
args:
upstream:
- addr: "https://doh.apad.pro/dns-query"
bootstrap: "119.29.29.29"
# 主要的运行逻辑插件
# sequence 插件中调用的插件 tag 必须在 sequence 前定义
# 否则 sequence 找不到对应插件
- tag: main_sequence
type: sequence
args:
exec:
# 域名映射IP
- hosts
# 屏蔽TYPE65与无效类型请求
- if: "[qtype65] || (query_is_non_domain)"
exec:
- _new_nxdomain_response
- _return
# 优化PRT与ANY类型请求
- if: "[qtype12] || [qtype255]"
exec:
- _no_ecs
- forward_local
- ttl_1h
- _return
# 缓存ECS
- ecs_auto
- _edns0_filter_ecs_only
- if: ecs_is_lan
exec:
- cache_lan
- _no_ecs
else_exec:
- cache_wan
# 强制用本地服务器解析
- if: query_is_cn_domain
exec:
- forward_local
- ttl_5m
# 匹配CFIP替换指定CFIP
- if: response_has_cf_ip
exec:
- blackhole_setcfip
- _return
# 强制用非本地服务器解析
- if: query_is_noncn_domain
exec:
# 优先返回ipv4结果
- _prefer_ipv4
- ecs_global
- primary:
# 默认用分流服务器
- forward_easymosdns
secondary:
# 超时用远程服务器
- forward_remote
fast_fallback: 2500
always_standby: false
- ttl_5m
# 匹配CFIP替换指定CFIP
- if: response_has_cf_ip
exec:
- blackhole_setcfip
- _return
# 屏蔽广告域名
- if: query_is_ad_domain
exec:
- black_hole
- ttl_1h
- _return
# 已知的本地域名或CDN域名用本地服务器解析
- if: "(query_is_local_domain) || (query_is_cdn_cn_domain)"
exec:
- primary:
# 默认用本地服务器
- forward_local
- ttl_1m
secondary:
# 超时用分流服务器
- forward_easymosdns
- ttl_5m
fast_fallback: 25
always_standby: false
# 匹配CFIP替换指定CFIP
- if: response_has_cf_ip
exec:
- blackhole_setcfip
# 预防已知的本地域名临时污染
- if: "(! response_has_gfw_ip)"
exec:
- _return
# 已知的污染域名用分流服务器或远程服务器解析
- if: query_is_non_local_domain
exec:
# 优先返回ipv4结果
- _prefer_ipv4
- ecs_global
- primary:
# 默认用分流服务器
- forward_easymosdns
secondary:
# 超时用远程服务器
- forward_remote
fast_fallback: 2500
always_standby: false
- ttl_5m
# 匹配CFIP替换指定CFIP
- if: response_has_cf_ip
exec:
- blackhole_setcfip
- _return
# 剩下的未知域名用IP分流
# 优先返回ipv4结果
- _prefer_ipv4
- primary:
# 默认用分流服务器
- forward_easymosdns
- if: response_server_failed
exec:
- forward_local
- _return
- ecs_global
- if: "(! ecs_is_cn) && (! response_has_local_ip) && [_response_valid_answer]"
exec:
- forward_easymosdns
secondary:
# 超时用本地分流器
- forward_remote
- if: response_has_local_ip
exec:
- forward_local
- _return
- ecs_global
- if: "(! ecs_is_cn) && [_response_valid_answer]"
exec:
- forward_remote
fast_fallback: 2500
always_standby: false
- ttl_5m
# 匹配CFIP替换指定CFIP
- if: response_has_cf_ip
exec:
- blackhole_setcfip
servers:
- exec: main_sequence
timeout: 6
listeners:
- protocol: udp
addr: "0.0.0.0:53"
#- protocol: tcp
# addr: "0.0.0.0:53"
#- protocol: http
# addr: "127.0.0.1:9053"
# url_path: "/dns-query"
# get_user_ip_from_header: "X-Forwarded-For"
#- protocol: tls
# addr: "0.0.0.0:853"
# cert: "/etc/mosdns/yourdomain.cert" # TLS 所需证书文件。
# key: "/etc/mosdns/yourdomain.key" # TLS 所需密钥文件。
#api:
# http: "127.0.0.1:9080"
from easymosdns.
Related Issues (20)
- 能否增加远程上游Cloudflare DNS HOT 2
- 关于ecs的问题 HOT 5
- 使用geosite.dat和geoip.dat替换项目rule规则 HOT 1
- 关于china_ip_list.txt的问题 HOT 1
- 有个别站打不开 HOT 5
- 能否提供docker版本? HOT 4
- 本地转发器 HOT 1
- mosdns v5貌似配置文件不兼容 HOT 4
- esc-off关闭 HOT 2
- 使用3.0版还是看见dns泄露 HOT 2
- gfw_ip_list.txt 包含一些没有被墙的 IP HOT 1
- 强制域名附带指定ECS解析,具体是怎么指定的 HOT 1
- 大佬,这个 easymosdns 如果建立在国外的 vps 上,会出现国内网站 cdn 飞国外的问题吗 HOT 1
- 能否给个一键部署到replit上面的方案呢
- 能不能给个直接使用ip的doh地址 ,不是那种使用域名的 HOT 1
- Termux on Myanmar Language HOT 1
- 分流思路很不错,请问有没有适配V5版的配置文件 HOT 2
- 如何把DDNS动态域名不缓存,请指教 HOT 1
- 希望支持arm系列的docker谢谢 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easymosdns.