Centos 7搭建dnscrypt-proxy+Dnsmasq 屏蔽广告防止污染
先来安装 DNSCrypt-Proxy, 官方提供了详细的安装指南, 下面我讲的将以腾讯云 Centos7.4 系统为例.
安装依赖:
wget -N --no-check-certificate https://github.com/jedisct1/libsodium/releases/download/1.0.16/libsodium-1.0.16.tar.gz tar xf libsodium-1.0.16.tar.gz && cd libsodium-1.0.16 ./configure && make -j2 && make install echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf ldconfig cd
wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.17/dnscrypt-proxy-linux_x86_64-2.0.17.tar.gz tar xf dnscrypt-proxy-linux_x86_64-2.0.17.tar.gz cd linux-x86_64 && mv example-dnscrypt-proxy.toml dnscrypt-proxy.toml vi dnscrypt-proxy.toml
修改以下选项
server_names = ['adguard-dns','dnscrypt.eu-dk','dnscrypt.me','DOH-blahdns','quad9-ip4-filter-pri','scaleway-fr', 'google', 'yandex', 'cloudflare'] listen_addresses = ['0.0.0.0:5353'] lb_strategy = 'ph' fallback_resolver = '101.6.6.6:53' ignore_system_dns = true
#因为腾讯云,阿里云没有 ipv6, 所以我们的监听地址也必须只留下 ipv4
fallback_resolver后备解析器,这里用的是清华的DNS101.6.6.6
编辑完以后开始安装 systemd-service 并启动:
sudo ./dnscrypt-proxy -service install sudo ./dnscrypt-proxy -service start
sudo systemctl status dnscrypt-proxy
确认运行正常后即可开始测试可用性
安装工具包
yum install bind-utils -y
查询设置是否生效
nslookup google.com 127.0.0.1 -port=5353
接着安装dnsmasq
yum -y install epel-release yum -y install dnsmasq
删除原有文档换成如下
rm -rf /etc/dnsmasq.conf vi /etc/dnsmasq.conf port=53 no-resolv no-poll no-hosts listen-address=0.0.0.0 listen-address=172.30.0.6 interface=eth0 server=127.0.0.1#5353 clear-on-reload cache-size=4096 conf-dir=/etc/dnsmasq.d
#eth0和172.30.0.6都可以用ifconfig来查看
加入 dnsmasq-china-list,实现dnsmasq智能分流
下载附件将附件内容放入/etc/dnsmasq.d
重启Dnsmasq
sudo systemctl restart dnsmasq
放行防火墙
firewall-cmd --zone=public --add-port=53/tcp --permanent firewall-cmd --zone=public --add-port=53/udp --permanent firewall-cmd --reload
查看解析成功没
nslookup google.com 127.0.0.1
有回显就OK
最后于 2019-4-14
被admin编辑
,原因: