Jarod's Blog

0%

overture:自建无污染的DNS服务

发表于 更新于 分类于
本文字数: 2.4k 阅读时长 ≈ 2 分钟

overture是一个用Go开发的DNS服务器,我个人觉得这是个神器,配置简单,使用方便。就是比较小众,用的人不多。。

以下部署步骤请在国内服务器或者本地进行。我这边就在本地的PVE开了一台Debian9部署。

首先在这里下载最新版本的压缩包:

https://github.com/shawn1m/overture/releases

用ROOT权限登录进去安装一些需要用到的工具:

apt -y install dnsutils lrzsz unzip supervisor

新建目录然后用rz命令把下载好的压缩包传到Debian内:

mkdir -p /opt/overture && cd /opt/overture && rz

解压/重命名:

unzip overture-linux-amd64.zip
cp overture-linux-amd64 overture

下载GFWLIST/CHNROUTER列表:

wget https://cokebar.github.io/gfwlist2dnsmasq/gfwlist\_domain.txt wget https://raw.githubusercontent.com/17mon/china\_ip\_list/master/china\_ip\_list.txt

编辑OVERTURE的配置文件:

nano /opt/overture/config.json

下面是我的配置:

{
“BindAddress”: “:53”,
“DebugHTTPAddress”: “127.0.0.1:5555”,
“PrimaryDNS”: [
{
“Name”: “DNSPod”,
“Address”: “119.29.29.29:53”,
“Protocol”: “udp”,
“SOCKS5Address”: “”,
“Timeout”: 6,
“EDNSClientSubnet”: {
“Policy”: “disable”,
“ExternalIP”: “”,
“NoCookie”: true
}
},
{
“Name”: “AliDNS”,
“Address”: “223.5.5.5:53”,
“Protocol”: “udp”,
“SOCKS5Address”: “”,
“Timeout”: 6,
“EDNSClientSubnet”: {
“Policy”: “disable”,
“ExternalIP”: “”,
“NoCookie”: true
}
}
],
“AlternativeDNS”: [
{
“Name”: “CloudFlareDNS”,
“Address”: “one.one.one.one:853”,
“Protocol”: “tcp-tls”,
“SOCKS5Address”: “”,
“Timeout”: 6,
“EDNSClientSubnet”: {
“Policy”: “disable”,
“ExternalIP”: “”,
“NoCookie”: true
}
},
{
“Name”: “GoogleDNS”,
“Address”: “dns.google:853”,
“Protocol”: “tcp-tls”,
“SOCKS5Address”: “”,
“Timeout”: 6,
“EDNSClientSubnet”: {
“Policy”: “disable”,
“ExternalIP”: “”,
“NoCookie”: true
}
}
],
“OnlyPrimaryDNS”: false,
“IPv6UseAlternativeDNS”: false,
“WhenPrimaryDNSAnswerNoneUse”: “PrimaryDNS”,
“IPNetworkFile”: {
“Primary”: “./china_ip_list.txt”,
“Alternative”: “”
},
“DomainFile”: {
“Primary”: “”,
“Alternative”: “./gfwlist_domain.txt”,
“Matcher”: “regex-list”
},
“HostsFile”: “./hosts_sample”,
“MinimumTTL”: 0,
“DomainTTLFile” : “./domain_ttl_sample”,
“CacheSize” : 0,
“RejectQType”: [255]
}

新建supervisor配置文件:

nano /etc/supervisor/conf.d/overture.conf

写入如下配置:

[program:overture] priority=1 directory=/opt/overture
command=/opt/overture/overture -c /opt/overture/config.json
autostart=true autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/overture.log

更新supervisor配置,然后查看overture的运行状态:

supervisorctl update
supervisorctl status overture

是RUNNING状态就OK了,接下来使用dig命令进行测试,正好就拿我这个破博客测试吧,我这个域名就是被污染的,如果能够解析出正确的IP那么就说明overture工作是正常的:

dig @127.0.0.1 lala.im

OK没问题:

那么现在局域网内的其他机器修改DNS地址为这台Debian的IP即可享用无污染DNS服务了: