Linux中使用DOH代理
Linux中使用DOH代理
Fork了仓库作为快照。这个仓库不定时与上游同步,如需使用最新版,转到源仓库即可。
DNS-over-HTTPS
如何安装:
- 安装Go、Make。
- 克隆仓库。
- 构建并安装(root)。
- 修改配置文件。
- 启动与测试。
- 卸载与清理。
- Docker方案。
以Arch Linux为例,安装DOH。可以通过以下方式:
1
2
3
4
5
6
7
8
|
sudo pacman -S make go vim # 安装安装需要使用到的工具。go为环境,make为构建工具,vim用于修改配置文件。
mkdir ~/example_install
cd ~/example_install
git clone https://github.com/cutecwc/dns-over-https.git # 克隆目标仓库
cd dns-over-https # 进入目标文件夹
sudo make install # 开始安装
sudo systemctl enable doh-client.service --now # 启动并设置开机自启
sudo vim /etc/dns-over-https/doh-client.conf # 修改配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# /etc/dns-over-https/doh-client.conf 示例配置,修改upstream并修改weight以使用你选择的DOH服务器。
listen = [
"127.0.0.1:53",
"[::1]:53",
]
[upstream]
upstream_selector = "random"
# ===========================================================
# 在这里修改自己需要的DOH服务器
# url为DOH地址
# weight为权重,如果只有一个,可以删掉weight
# ===========================================================
# DNSPod Public DNS(https://www.dnspod.cn/Products/Public.DNS)
[[upstream.upstream_ietf]]
url = "https://doh.pub/dns-query"
weight = 50
# Ali DNS
[[upstream.upstream_ietf]]
url = "https://dns.alidns.com/dns-query"
weight = 50
# ===========================================================
# ===========================================================
[others]
bootstrap = [
"223.5.5.5:53",
"119.29.29:53",
]
passthrough = [
"captive.apple.com",
"connectivitycheck.gstatic.com",
"detectportal.firefox.com",
"msftconnecttest.com",
"nmcheck.gnome.org",
"pool.ntp.org",
"time.apple.com",
"time.asia.apple.com",
"time.euro.apple.com",
"time.nist.gov",
"time.windows.com",
]
timeout = 30
no_cookies = true
no_ecs = false
no_ipv6 = false
no_user_agent = false
verbose = false
insecure_tls_skip_verify = false
|
1
2
3
4
5
6
7
8
|
:wq 回车
sudo systemctl restart doh-client.service
sudo vim /etc/resolv.conf
# ------------------------->
# /etc/resolv.conf 示例方案(照抄)
nameserver ::1
nameserver 127.0.0.1
# -------------------------<
|
可能遇到的问题:
对于DNS,一般由/etc/resolv.conf来确定的。在Arch Linux安装流程中引入了networkmanager和dhcpcd来共同管理此文件(重启覆盖)。
由于这两个包的存在,所有对该文件的修改都是临时的,一旦重启,resolv.conf的内容就会被还原。因此提供的方法一是通过修改访问控制权限来达成永久生效的目的的。修改为只读并非一种解决问题的优雅方式,通过查阅资料,本文提供了第二种方式来永久化DNS设置。
1
2
|
# 方法一
sudo chattr +i /etc/resolv.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# 如果觉得上面的方式不够优雅,可以使用下面的方式。当然,二选一即可。
# sudo pacman -S iwd (前提)
# sudo systemctl enable iwd.service (前提)
vim /etc/iwd/main.conf
# ------------------------->
# /etc/iwd/main.conf 示例配置
[General]
EnableNetworkConfiguration=true
NameResolvingService=systemd
# -------------------------<
# sudo pacman -S networkmanager (前提)
# sudo systemctl enable NetworkManager (前提)
systemctl enable systemctl-resolved.service --now
sudo vim /etc/NetworkManager/NetworkManager.conf
# ------------------------->
# /etc/NetworkManager/NetworkManager.conf 示例配置
# dns=systemd-resolved
[device]
wifi.backend=iwd
# -------------------------<
sudo vim /etc/NetworkManager/conf.d/dns.conf
# ------------------------->
# /etc/NetworkManager/conf.d/dns.conf 示例配置
[main]
dns=none
# -------------------------<
sudo vim /etc/NetworkManager/conf.d/dns-servers.conf
# ------------------------->
# /etc/NetworkManager/conf.d/dns-servers.conf 示例配置
dns:[global-dns-domain-*] servers=::1,127.0.0.1
# -------------------------<
sudo systemctl reload NetworkManager
|
验证可用性:
Couldflared
如何安装:
- 克隆仓库
- 手动安装
- 修改配置
- 启动并设置开机自启
- 验证可行性
下载 cloudflared:
1
|
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
|
使二进制文件可执行并移至合适的目录:
1
2
|
chmod +x cloudflared-linux-amd64
sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared
|
创建 cloudflared 的配置目录:
1
|
sudo mkdir /etc/cloudflared
|
创建配置文件:
1
|
sudo nano /etc/cloudflared/config.yml
|
填入以下内容:
1
2
3
4
|
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
|
保存并退出。
为cloudflared创建 systemd 服务文件:
1
|
sudo nano /etc/systemd/system/cloudflared.service
|
填入以下内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[Unit]
Description=cloudflared DNS over HTTPS 代理
After=syslog.target network-online.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/cloudflared proxy-dns
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
|
启用并开始服务:
1
2
|
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
|
编辑 resolv.conf:
1
|
sudo nano /etc/resolv.conf
|
修改或添加:
关于
__
# /etc/resolv.conf 的初始内容(不同发行版不尽相同,此处截取Ubuntu中的内容)
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0 trust-ad
search localdomain
