最近干扰力度越来越大,原来使用的 hosts 也很快就会失效,同时因为 hosts 中的 ip 被封的原因,造成开启 ssh 后都无法通过 socks5 连接,所以最后还是决定使用 pdnsd 和 dnsmasq 得到正确的 ip 并加速 DNS 查询,至于连接,就交给 ssh 了。

如果 DNS 服务器的 ip 没有被封,可以通过 pdnsd 的 tcp 连接来得到正确的 ip,避免污染,但是对于国内的一些域名或者 CDN,使用远程查询效果并不好,所以配合 dnsmasq 的域名匹配功能来实现国内域名和部分 CDN 直接走国内的 DNS 查询,国外的域名走国外的 DNS 查询。

1. 安装 pdnsd

  1. 用 Homebrew 安装 pdnsd
1
$ sudo brew install pdnsd
  1. 设置 pdnsd 配置
1
$ cp /usr/local/etc/pdnsd.conf.sample /usr/local/etc/pdnsd.conf

我的 pdnsd 配置如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
global {
# debug = on; # /var/pdnsd/pdnsd.debug
perm_cache=10240; # 1MB cache
cache_dir="/usr/local/var/cache/pdnsd";
#run_as="nobody";
paranoid=on;
par_queries=5;
server_port = 1053;
server_ip = 127.0.0.1;
status_ctl = on;
query_method=tcp_only; # gfw don't pollute TCP query now
min_ttl=2h;
max_ttl=1w;
timeout=6;
# https://wiki.archlinux.org/index.php/Pdnsd#Performance_Settings_For_Home_Broadband_Users
neg_rrs_pol=on;
}
/*
server {
label="114 & V2EX DNS";
ip=114.114.114.114,114.114.115.115;
uptest=none;
# root_server = on;
proxy_only=on;
purge_cache=off;
exclude=".google.com",".gstatic.com",".googleusercontent.com",".googlesource.com",".ggpht.com",".appspot.com",".googlecode.com",".googleapis.com",".gmail.com",".google-analytics.com",".keyhole.com",".chromium.org",".googlesyndication.com",".googlelabs.com",".g.co",".goo.gl",".panoramio.com",".android.com",".youtube.com",".ytimg.com",".blogspot.com",".blogger.com",".twitter.com",".twimg.com",".t.co",".facebook.com",".facebook.net",".fbcdn.net",".fb.me",".tfbnw.net",".flickr.com",".yimg.com",".bit.ly",".bitly.com",".t66y.com",".wp.com",".torproject.org",".igfw.net",".openvpn.net",".dropbox.com",".wikipedia.org",".sourceforge.net",".sf.net",".droplr.com",".pastebin.com",".vimeo.com";
}
*/
server {
label="V2EX & Google DNS";
ip=199.91.73.222, 8.8.4.4, 8.8.8.8;
# root_server = on;
#uptest = ping;
uptest = none;
proxy_only=on;
purge_cache=off;
}
source {
owner=localhost;
# serve_aliases=on;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
  1. 设置 pdnsd 自启动

将下面的文件保存到 /Library/LaunchDaemons/pdnsd.plist

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>pdnsd</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/pdnsd</string>
<key>ServiceDescription</key>
<string>pdnsd - a proxy DNS server with permanent caching</string>
</dict>
</plist>

设置文件权限

1
2
$ sudo chown root /Library/LaunchDaemons/pdnsd.plist
$ sudo chmod 644 /Library/LaunchDaemons/pdnsd.plist

启动 pdnsd 服务

1
$ sudo launchctl load /Library/LaunchDaemons/pdnsd.plist

2. 安装 dnsmasq

  1. 用 Homebrew 安装 dnsmasq
1
$ brew install dnsmasq
  1. 配置 dnsmasq
1
$ cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf

我的 dnsmasq 配置如下

1
2
3
4
5
6
7
8
9
10
listen-address=127.0.0.1
no-hosts
no-dhcp-interface=
cache-size=32768
server=127.0.0.1#1053
# Include all files in a directory which end in .conf
conf-dir=/usr/local/etc/dnsmasq.d

基于域名的泛解析配置放置在 /usr/local/etc/dnsmasq.d

  1. 设置 dnsmasq 自启动

复制启动配置到 /Library/LaunchDaemons

1
$ sudo cp -fv /usr/local/opt/dnsmasq/*.plist /Library/LaunchDaemons

设置文件权限

1
2
$ sudo chown root /Library/LaunchDaemons/pdnsd.plist
$ sudo chmod 644 /Library/LaunchDaemons/pdnsd.plist

启动 pdnsd 服务

1
$ sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

3. 配置系统 DNS

把Mac系统的DNS改为127.0.0.1。

#. dnsmasq 泛解析

DNSMASQ的泛解析规则如下

1
address=/baidu.com/1.1.1.1

这意味着,*.baidu.com/* 都将被引导至IP为1.1.1.1的 DNS 解析。

#. 用于国内的加速列表配置

在 GitHub 上找到了用于国内域名和 CDN 的加速配置,地址如下 dnsmasq-china-list

#. 参考

OSX 上安装 pdnsd 加速
在Mac OS X上安装dnsmasq来支持hosts泛解析
openwrt 上通过 pdnsd 和 dnsmasq 解决 dns 污染