Skip to main content

DNS Awesome

推荐 DNS 配置
  • 选择支持分流的 DNS 服务、支持 DoH/DoT 解析的服务
    • AdGuard、PiHole
  • 默认走国内 DNS
    • 因为国内很多服务 CDN 依赖 DNS 解析,使用国外 DNS 可能导致 CDN 出问题,访问非常慢或打不开
    • 国内 DNS 更快
  • 选择会被污染的域名走 DoH/DoT 解析
    • DoH 和 DoT 不会被污染
    • 即便是用国外的 DNS over TCP/UDP 也是会被污染的,协议层不安全
curl 'https://dns.google/resolve?name=wener.me&type=A'

Server

Block

curl https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts -so ad-wars.txt
# 拆分为 1000 列表方便 cloudflare 导入
grep '127.0.0.1' ad-wars.txt | grep -v '#' | awk '{print $2}' | sort -u | split -l 1000 -d --additional-suffix '.csv' - ad-wars-

Protocol

nmaeabbr.schema
DNS-over-UDP/53Do53
DNS-over-TCP/53Do53/TCPtcp://
DNSCryptsdns://
DNS-over-TLSDoTtls://
DNS-over-HTTPSDoHhttps://
DNS-over-TOR
Oblivious DNS-over-HTTPSODoH
DNS-over-QUICquic://:763
# Resolve
# dig - bind-utils
dig wener.me @114.114.114.114
dig wener.me @114.114.114.114 +tcp
# DoH
# knot-dnsutils
kdig -d @8.8.8.8 +tls-ca +tls-host=dns.google.com wener.me
# 直接请求 DoH
curl -H 'accept: application/dns-json' 'https://dns.cloudflare.com/dns-query?name=wener.me&type=A' | jq .
# curl 使用 DoT 解析
curl --doh-url https://dns.cloudflare.com/dns-query https://wener.me

mDNS

  • hashicorp/mdns
    • MIT, Golang
    • Simple mDNS client/server library
  • pion/mdns
    • MIT, Go
    • Pure Go implementation of Multicast DNS

Forwarder/Proxy

Misc

GFW

Well Known Domains

domainfor
https://pki.googGoogle Trust Services

Public DNS

-PrimarySecondaryIPv6 PrimaryIPv6 SecondaryDoHDoT
Alibaba223.5.5.5223.6.6.62400:3200::12400:3200:baba::1https://dns.alidns.com/dns-querytls://dns.alidns.com
南京信风114.114.114.114114.114.115.115
南京信风 Safe114.114.114.119114.114.115.119
南京信风 Family114.114.114.110114.114.115.110
DNSPod119.29.29.29
中国电信218.102.23.228218.108.23.1
中国互联网络信息中心1.2.4.8
香港206.80.96.10206.80.96.9
香港203.80.96.10203.80.96.9
香港61.10.0.13061.10.1.130
台湾中华168.95.1.1168.95.192.1,168.95.1.2
Baidu180.76.76.76
网通106.185.46.149
联通121.40.240.227
电信139.196.12.167
国外
韩国长安大学168.126.63.1168.126.63.2
韩国168.126.63.15168.126.63.16
韩国112.106.53.22112.105.54.34,112.106.23.34
Google8.8.8.88.8.4.42001:4860:4860::88882001:4860:4860::8844https://dns.google/dns-querytls://dns.google
美国赛门铁克诺顿198.153.194.1198.153.192.1
OpenDNS208.67.222.222208.67.220.220
美国 Psychz208.87.241.170
美国64.81.45.2
?23.41.21.10623.45.157.25
Pacific SuperNet202.14.67.4202.238.95.26
Pacific SuperNet202.238.95.24202.14.67.14
日本 MINET203.112.2.4203.112.2.5
^203.112.2.4203.112.2.5
^202.45.84.58202.45.84.59
^202.67.240.221202.67.240.220
^202.69.209.5202.69.209.133
^202.81.252.1202.81.252.2
^202.98.198.167202.98.192.67
^123.125.81.6123.206.21.48
^4.4.4.4
^101.226.4.6
^210.2.4.8
Cloudflare1.1.1.11.0.0.12606:4700:4700::11112606:4700:4700::1001https://dns.cloudflare.com/dns-querytls://1dot1dot1dot1.cloudflare-dns.com
Cloudflare Security1.1.1.21.0.0.22606:4700:4700::11122606:4700:4700::1002https://security.cloudflare-dns.com/dns-querytls://security.cloudflare-dns.com
Cloudflare Family1.1.1.31.0.0.32606:4700:4700::11132606:4700:4700::1003https://family.cloudflare-dns.com/dns-querytls://family.cloudflare-dns.com
  • Safe - block phishing, malcious and other unsafe websites
  • Family - block adult websites and inappropriate contents
  • Cloudflare Security - Malware blocking

污染封禁域名列表

不要走国内解析

ai.com
akamai.net
bing.com
cloudflare.com
docker.io
dribbble.com
facebook.com
gitbook.com
gitbook.io
github.com
github.io
githubassets.com
githubusercontent.com
gmail.com
goog
google
google.com
googleapis.com
googlevideo.com
hbo.com
imdb.com
instagram.com
intellij.net
jetbrains.com
jp
jsdelivr.net
k3s.io
linode.com
medium.com
mega.nz
msecnd.net
netflix.com
nintendo.com
nintendo.net
nordvpn.com
openai.com
pornhub.com
pximg.net
quay.io
quora.com
rarbg.to
rarbgprx.org
redd.it
reddit.com
reddit.com
slack.com
spotify.com
svc.ms
t.co
telegram.org
thepiratebay.org
twimg.com
twitter.com
uk
v2ex.com
whatsapp.com
wikileaks.org
wikipedia.org
wikiquote.org
wsj.com
xvideos.com
youtube.com
# for dnsmasq
curl -L https://raw.githubusercontent.com/wenerme/wener/master/notes/service/dns/gfwlist.txt \
| sed -E 's#.+#address=/&/172.32.1.1#'

#
curl -L https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt | base64 -d > gfwlist.txt

grep -E '^([|]{2}|[.])' gfwlist.txt | grep -v '/' | grep -v '[*]' | wc -l | sed 's/^[|.]*//' | sort -u

Bypass

netflix.com
netflix.net
chat.openai.com
bard.google.com