你向浏览器里输入了一串网址后,浏览器并不能马上找到这个网站。它会先把网址发送给 DNS服务器,DNS服务器再向其它服务器一层层查询,直到根服务器,查出网站的IP地址,浏览器才能进行连接。
因此,每次你打开一个新的网站,这个过程都要重复一次,速度比较慢。而且,天朝电信的 DNS还会劫持你到114导航之类的地方。
所以,我们可以在自己电脑上搭建一个DNS服务器,用来加速浏览,并有抗解析干扰等附加效果。
在Linux和Mac下,Pdnsd就是一个这样的小软件。它通过向其它DNS服务器以TCP或UDP形式发出请求,查询到域名对应的IP,并进行缓存,以便达到加速目的。
1.安装
如果是Linux,以Ubuntu为例:
sudo apt-get install pdnsd
sudo gedit /etc/pdnsd.conf如果是Mac,需要先安装Homebrew:
ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"
brew install pdnsd
sudo nano /Library/LaunchDaemons/pdnsd.plist写入如下内容:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>pdnsd</string>
<key>Program</key>
<string>/usr/local/sbin/pdnsd</string>
<key>RunAtLoad</key>
<true/>
<key>ServiceDescription</key>
<string>pdnsd dns caching daemon</string>
</dict>
</plist>sudo nano /usr/local/etc/pdnsd.conf操作完成后,应该打开了Pdnsd的配置文件,我们要进行修改。
2.开始配置DNS服务器。
首先把整个配置文件清空,当然有可能本来就是空的。然后我们要先进行基本设置。
global {
perm_cache=16384;
cache_dir="/var/pdnsd";
run_as="nobody";
server_ip=127.0.0.1;
status_ctl=on;
paranoid=off;
# 优先TCP方式查询抗干扰
query_method=tcp_udp;
min_ttl=600;
timeout=10;
}在国内查询某些网站的IP地址时,会受到某些故障服务器的干扰,返回的IP地址会不对,导致打不开这个网站。但是这是对于基于UDP 53端口的DNS来说的,如果改用TCP查询,就不会受到干扰。而Win、Mac、Linux默认使用UDP 53端口查询。利用Pdnsd,可以把TCP的DNS转换到UDP来使用。
min_ttl是域名解析的最短生效时间,单位是秒。比如这个设置成600,那么你在第一次请求一个网站的IP之后600秒(10分钟)内,Pdnsd可以起到缓存效果。一般这个设置不宜过小也不宜过大,设置在600-3600之间较合理。
然后,我们就可以开始设置上级DNS服务器了。
国内最干净安全的DNS服务器应该是114DNS,它在各个省份都有节点,速度很快。因此我们可以先配置一个来使用。
server{
# 优先走国内的114DNS解析
label="114 DNS";
ip=114.114.114.114;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}网民们发现那些故障服务器返回的IP有一个规律,就是属于上面那张表之中,而那些IP不指向任何已知网站,不会干扰正常访问。
114DNS由于同样受到干扰,因此从上游服务器查询时也会返回错误IP,我们予以过滤即可。
另一个著名的DNS是谷歌提供的,优点是十分干净,TCP下不会受到任何干扰。但是为什么我们不直接用谷歌DNS呢?
这是由于大型网站一般采用CDN,如果直接用谷歌DNS,部分网站会把你带到外国节点去,速度很慢。所以能用国内114DNS解析的就解析掉,受到故障影响再去谷歌DNS。
配置如下:
server {
# Google DNS 基于TCP解析
label="Google DNS";
ip=8.8.8.8,8.8.4.4;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}但是我们无法确定故障今后会不会波及谷歌DNS,因此还是予以过滤。对于接下来的DNS同理。
下一个著名的是V2EX DNS,如果你把google.com敲成google.cmo,它能自动帮你纠正,或者直接把你带到谷歌进行搜索。由于它支持非标准端口,所以一般也不会受到故障影响。
server {
# V2EX DNS 进行域名拼写纠正
label="V2EX DNS";
ip=199.91.73.222,178.79.131.110;
port=3389;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}然后是OpenDNS,通过5353端口,也不会受到影响。
server {
# OpenDNS 走5353端口反干扰
label="OpenDNS";
ip=208.67.222.222,208.67.220.220;
port=5353;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39,
# 拒绝OpenDNS域名导航
208.69.32.0/24,208.69.34.0/24,208.67.219.0/24,208.67.217.0/24,
208.67.216.0/24,67.215.82.0/24,67.215.65.0/24;
edns_query=on;
reject_policy=fail;
}NameCoin大家听说过没?这是和BitCoin差不多的东西,大家可以自己搜索。使用NameCoin 可以注册.BIT域名,但是由于属于私下组织的域名,DNS根服务器不认可,不给你解析。因此,有些网友就自己搭建了BIT域名的根服务器。
但是由于BIT域名不多(几乎没人用),这个属于可选项目,不对其它域名产生任何影响。另外,如果要添加,这个就要直接放在第一块global的下面,放在别的地方是不行的。
server {
# BIT域名专用服务器
label="Bit DNS";
ip=192.249.59.89,192.184.89.74,64.31.48.60,192.3.27.117;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
reject_policy=fail;
policy=excluded;
include=".bit";
}但是如果以上服务器全挂掉了,我们就干脆自己去查询根服务器吧。
server {
# 实在不行就走根服务器查询
label="Root DNS Servers";
root_server=discover;
randomize_servers=on;
ip=198.41.0.4,192.228.79.201,192.33.4.12,199.7.91.13,192.203.230.10,
192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,
193.0.14.129,199.7.83.42,202.12.27.33;
# 检测到欺骗就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}然后再加一段本地解析,诸如localhost之类的:
source {
owner=localhost;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}这样,我们的配置就完成了,然后重启电脑,把电脑的DNS设置改成127.0.0.1就可以了。
附完整配置文件:(赠送HiNet备用解析)
global {
perm_cache=16384;
cache_dir="/var/pdnsd";
run_as="nobody";
server_ip=127.0.0.1;
status_ctl=on;
paranoid=off;
# 优先TCP方式查询抗干扰
query_method=tcp_udp;
min_ttl=600;
timeout=10;
}
server {
# BIT域名专用服务器
label="Bit DNS";
ip=192.249.59.89,192.184.89.74,64.31.48.60,192.3.27.117;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
reject_policy=fail;
policy=excluded;
include=".bit";
}
server{
# 优先走国内的114DNS解析
label="114 DNS";
ip=114.114.114.114;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}
server {
# Google DNS 基于TCP解析
label="Google DNS";
ip=8.8.8.8,8.8.4.4;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}
server {
# OpenDNS 走5353端口反干扰
label="OpenDNS";
ip=208.67.222.222,208.67.220.220;
port=5353;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39,
# 拒绝OpenDNS域名导航
208.69.32.0/24,208.69.34.0/24,208.67.219.0/24,208.67.217.0/24,
208.67.216.0/24,67.215.82.0/24,67.215.65.0/24;
edns_query=on;
reject_policy=fail;
}
server {
# V2EX DNS 进行域名拼写纠正
label="V2EX DNS";
ip=199.91.73.222,178.79.131.110;
port=3389;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}
server {
# 台湾HiNet DNS备用
label="HiNet DNS";
ip=168.95.1.1,168.95.192.1,168.95.192.2;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}
server {
# 实在不行就走根服务器查询
label="Root DNS Servers";
root_server=discover;
randomize_servers=on;
ip=198.41.0.4,192.228.79.201,192.33.4.12,199.7.91.13,192.203.230.10,
192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,
193.0.14.129,199.7.83.42,202.12.27.33;
# 检测到干扰就跳过
reject=4.36.66.178,8.7.198.45,37.61.54.158,46.82.174.68,59.24.3.173,
64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,
66.45.252.237,72.14.205.99,72.14.205.104,78.16.49.15,93.46.8.89,
128.121.126.139,159.106.121.75,169.132.13.103,192.67.198.6,202.106.1.2,
202.181.7.85,203.98.7.65,203.161.230.171,207.12.88.98,208.56.31.43,
209.36.73.33,209.145.54.50,209.220.30.174,211.94.66.147,213.169.251.35,
216.221.188.182,216.234.179.13,243.185.187.39;
edns_query=on;
reject_policy=fail;
}
source {
owner=localhost;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}