跳到主要内容

DNS Awesome

推荐 DNS 配置
  • 选择支持分流的 DNS 服务、支持 DoH/DoT 解析的服务
    • AdGuard、PiHole
  • 默认走国内 DNS
    • 因为国内很多服务 CDN 依赖 DNS 解析,使用国外 DNS 可能导致 CDN 出问题,访问非常慢或打不开
    • 国内 DNS 更快
  • 选择会被污染的域名走 DoH/DoT 解析
    • DoH 和 DoT 不会被污染
    • 即便是用国外的 DNS over TCP/UDP 也是会被污染的,协议层不安全
curl 'https://dns.google/resolve?name=wener.me&type=A'

Server

Block

curl https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts -so ad-wars.txt
# 拆分为 1000 列表方便 cloudflare 导入
grep '127.0.0.1' ad-wars.txt | grep -v '#' | awk '{print $2}' | sort -u | split -l 1000 -d --additional-suffix '.csv' - ad-wars-

Protocol

nmaeabbr.schema
DNS-over-UDP/53Do53
DNS-over-TCP/53Do53/TCPtcp://
DNSCryptsdns://
DNS-over-TLSDoTtls://
DNS-over-HTTPSDoHhttps://
DNS-over-TOR
Oblivious DNS-over-HTTPSODoH
DNS-over-QUICquic://:763
# Resolve
# dig - bind-utils
dig wener.me @114.114.114.114
dig wener.me @114.114.114.114 +tcp
# DoH
# knot-dnsutils
kdig -d @8.8.8.8 +tls-ca +tls-host=dns.google.com wener.me
# 直接请求 DoH
curl -H 'accept: application/dns-json' 'https://dns.cloudflare.com/dns-query?name=wener.me&type=A' | jq .
# curl 使用 DoT 解析
curl --doh-url https://dns.cloudflare.com/dns-query https://wener.me

mDNS

  • hashicorp/mdns
    • MIT, Golang
    • Simple mDNS client/server library
  • pion/mdns
    • MIT, Go
    • Pure Go implementation of Multicast DNS

Forwarder/Proxy

Misc

GFW

Well Known Domains

domainfor
https://pki.googGoogle Trust Services

Public DNS

-PrimarySecondaryIPv6 PrimaryIPv6 SecondaryDoHDoT
Alibaba223.5.5.5223.6.6.62400:3200::12400:3200:baba::1https://dns.alidns.com/dns-querytls://dns.alidns.com
南京信风114.114.114.114114.114.115.115
南京信风 Safe114.114.114.119114.114.115.119
南京信风 Family114.114.114.110114.114.115.110
DNSPod119.29.29.29
中国电信218.102.23.228218.108.23.1
中国互联网络信息中心1.2.4.8
香港206.80.96.10206.80.96.9
香港203.80.96.10203.80.96.9
香港61.10.0.13061.10.1.130
台湾中华168.95.1.1168.95.192.1,168.95.1.2
Baidu180.76.76.76
网通106.185.46.149
联通121.40.240.227
电信139.196.12.167
国外
韩国长安大学168.126.63.1168.126.63.2
韩国168.126.63.15168.126.63.16
韩国112.106.53.22112.105.54.34,112.106.23.34
Google8.8.8.88.8.4.42001:4860:4860::88882001:4860:4860::8844https://dns.google/dns-querytls://dns.google
美国赛门铁克诺顿198.153.194.1198.153.192.1
OpenDNS208.67.222.222208.67.220.220
美国 Psychz208.87.241.170
美国64.81.45.2
?23.41.21.10623.45.157.25
Pacific SuperNet202.14.67.4202.238.95.26
Pacific SuperNet202.238.95.24202.14.67.14
日本 MINET203.112.2.4203.112.2.5
203.112.2.4203.112.2.5
202.45.84.58202.45.84.59
202.67.240.221202.67.240.220
202.69.209.5202.69.209.133
202.81.252.1202.81.252.2
202.98.198.167202.98.192.67
123.125.81.6123.206.21.48
4.4.4.4
101.226.4.6
210.2.4.8
Cloudflare1.1.1.11.0.0.12606:4700:4700::11112606:4700:4700::1001https://dns.cloudflare.com/dns-querytls://1dot1dot1dot1.cloudflare-dns.com
Cloudflare Security1.1.1.21.0.0.22606:4700:4700::11122606:4700:4700::1002https://security.cloudflare-dns.com/dns-querytls://security.cloudflare-dns.com
Cloudflare Family1.1.1.31.0.0.32606:4700:4700::11132606:4700:4700::1003https://family.cloudflare-dns.com/dns-querytls://family.cloudflare-dns.com
  • Safe - block phishing, malcious and other unsafe websites
  • Family - block adult websites and inappropriate contents
  • Cloudflare Security - Malware blocking

污染封禁域名列表

不要走国内解析

# for dnsmasq
curl -L https://raw.githubusercontent.com/wenerme/wener/master/notes/service/dns/gfwlist.txt \
  | sed -E 's#.+#address=/&/172.32.1.1#'

#
curl -L https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt | base64 -d > gfwlist.txt

# address=/docker.io/$SNI
curl -sfL 'https://github.com/wenerme/wener/raw/master/notes/service/dns/gfwlist.dev.txt' | sed -e 's#.*#address=/\0/$SNI#'

grep -E '^([|]{2}|[.])' gfwlist.txt | grep -v '/' | grep -v '[*]' | wc -l | sed 's/^[|.]*//' | sort -u

Bypass

netflix.com
netflix.net
chat.openai.com
bard.google.com

CDN

  • ghcr.io -> pkg-containers.githubusercontent.com

reverse

  • 112.46.2.37
    • pcs.baidu.com
    • 百度网盘
  • public-dns-a.baidu.com