[i=s] 本帖最后由 煮酒自? 于 2025-2-22 17:53 编辑 [/i]<br />
<br />
效果预览
一、飞牛部署Linux
参考教程 如何安装和使用虚拟机
二、环境部署【以下以Debian系演示】
2.1、安装依赖【登录到root,或在以下命令前添加 sudo】
apt install -y wget curl vim
2.2、开启root远程登录
vim etc/ssh/sshd_config
PermitRootLogin yes
systemctl restart ssh
ip a
2.3、安装smartdns
使用远程SSH工具链接虚拟机
# dns server name, default is host name
# server-name,
# example:
# server-name smartdns
#
# Include another configuration options
# conf-file [file]
# conf-file blacklist-ip.conf
# dns server bind ip and port, default dns server port is 53, support binding multi ip and port
# bind udp server
# bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# bind tcp server
# bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# option:
# -group: set domain request to use the appropriate server group.
# -no-rule-addr: skip address rule.
# -no-rule-nameserver: skip nameserver rule.
# -no-rule-ipset: skip ipset rule.
# -no-speed-check: do not check speed.
# -no-cache: skip cache.
# -no-rule-soa: Skip address SOA(#) rules.
# -no-dualstack-selection: Disable dualstack ip selection.
# -force-aaaa-soa: force AAAA query return SOA.
# example:
# IPV4:
# bind :53
# bind :6053 -group office -no-speed-check
# IPV6:
# bind [::]:53
# bind-tcp [::]:53
bind [::]:8053
# tcp connection idle timeout
# tcp-idle-time [second]
# dns cache size
# cache-size [number]
# 0: for no cache
cache-size 0
# prefetch domain
# prefetch-domain [yes|no]
# prefetch-domain yes
# cache serve expired
# serve-expired [yes|no]
# serve-expired yes
# cache serve expired TTL
# serve-expired-ttl [num]
# serve-expired-ttl 0
# List of hosts that supply bogus NX domain results
# bogus-nxdomain [ip/subnet]
# List of IPs that will be filtered when nameserver is configured -blacklist-ip parameter
# blacklist-ip [ip/subnet]
# List of IPs that will be accepted when nameserver is configured -whitelist-ip parameter
# whitelist-ip [ip/subnet]
# List of IPs that will be ignored
# ignore-ip [ip/subnet]
# speed check mode
speed-check-mode ping|tcp:43,tcp:80
# example:
# speed-check-mode ping,tcp:80
# speed-check-mode tcp:443,ping
# speed-check-mode none
# force AAAA query return SOA
force-AAAA-SOA yes
# Enable IPV4, IPV6 dual stack IP optimization selection strategy
# dualstack-ip-selection-threshold [num] (0~1000)
# dualstack-ip-selection [yes|no]
# dualstack-ip-selection yes
# edns client subnet
# edns-client-subnet [ip/subnet]
# edns-client-subnet 192.168.1.1/24
# edns-client-subnet [8::8]/56
# ttl for all resource record
# rr-ttl: ttl for all record
# rr-ttl-min: minimum ttl for resource record
# rr-ttl-max: maximum ttl for resource record
# example:
# rr-ttl 300
# rr-ttl-min 60
# rr-ttl-max 86400
# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-size: size of each log file, support k,m,g
# log-num: number of logs
log-level info
# log-file /var/log/smartdns.log
# log-size 128k
# log-num 2
# dns audit
# audit-enable [yes|no]: enable or disable audit.
# audit-enable yes
# audit-SOA [yes|no]: enable or disable log soa result.
# audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log
# audit-size 128k
# audit-num 2
# certificate file
# ca-file [file]
# ca-file /etc/ssl/certs/ca-certificates.crt
# certificate path
# ca-path [path]
# ca-path /etc/ss/certs
# remote udp dns server list
# server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
# default port is 53
# -blacklist-ip: filter result with blacklist ip
# -whitelist-ip: filter result whth whitelist ip, result in whitelist-ip will be accepted.
# -check-edns: result must exist edns RR, or discard result.
# -group [group]: set server to group, use with nameserver /domain/group.
# -exclude-default-group: exclude this server from default group.
# server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2
server 8.8.8.8:53
server 208.67.222.222:53
server 166.111.8.28:53
#server xxx.xxx.xxx.xxx:53
#server xxx.xxx.xxx.xxx:53(此两处处为运营商dns,大家替换为自己的,每个运营商每个地区都不一样)
server 114.114.114.114:53
server 119.29.29.29:53
server 180.76.76.76:53
server 223.5.5.5:53
# remote tcp dns server list
# server-tcp [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-group [group] ...] [-exclude-default-group]
# default port is 53
# server-tcp 8.8.8.8
# remote tls dns server list
# server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify.
# -tls-host-verify: cert hostname to verify.
# -host-name: TLS sni hostname.
# -no-check-certificate: no check certificate.
# Get SPKI with this command:
# echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# default port is 853
# server-tls 8.8.8.8
# server-tls 1.0.0.1
server-tls 8.8.8.8:853
server-tls 149.112.112.112:853
server-tls https://i.233py.com/dns-query:853
server-tls https://dns.233py.com/dns-query:853
# remote https dns server list
# server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify.
# -tls-host-verify: cert hostname to verify.
# -host-name: TLS sni hostname.
# -http-host: http host.
# -no-check-certificate: no check certificate.
# default port is 443
# server-https https://cloudflare-dns.com/dns-query
server-https https://dns.quad9.net/dns-query
server-https https://cloudflare-dns.com/dns-query
server-https https://dns.google/dns-query
# specific nameserver to domain
# nameserver /domain/[group|-]
# nameserver /www.example.com/office, Set the domain name to use the appropriate server group.
# nameserver /www.example.com/-, ignore this domain
# specific address to domain
# address /domain/[ip|-|-4|-6|#|#4|#6]
# address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client
# address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all
# address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all
# enable ipset timeout by ttl feature
# ipset-timeout [yes]
# specific ipset to domain
# ipset /domain/[ipset|-]
# ipset /www.example.com/block, set ipset with ipset name of block
# ipset /www.example.com/-, ignore this domain
# set domain rules
# domain-rules /domain/ [-speed-check-mode [...]]
# rules:
# -speed-check-mode [mode]: speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# -address [address|-]: same as address option
# -nameserver [group|-]: same as nameserver option
# -ipset [ipset|-]: same as ipset option
修改其中
#**server xxx.xxx.xxx.xxx:53**
#**server xxx.xxx.xxx.xxx:53(此两处处为运营商dns,大家替换为自己的,每个运营商每个地区都不一样)**
systemctl restart smartdns
systemctl enable smartdns
2.4、安装AdGuardHome
AdGuardHome 项目地址
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.57/AdGuardHome_linux_amd64.tar.gz
tar -zxvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome
./AdGuardHome -s install
- 配置adguardhome
- 使用ip:3000登录adguardhome后台
-
-
2025-1-23 19:49:25
附件:smartdns.rar
