-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathconfig_custom.yaml
354 lines (303 loc) · 10.5 KB
/
config_custom.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
log:
level: info
file: "./mosdns.log"
# /etc/init.d/mosdns reload
api:
http: ":9091" # 在该地址启动 api 接口。
include:
plugins:
- tag: "hosts"
type: "hosts"
args:
files:
- "./rule/hosts.txt"
- "./rule/hosts_fastly.txt"
- "./rule/hosts_akamai.txt"
- tag: "cache_0"
type: "cache"
args:
size: 1024 # 默认: 1024。
lazy_cache_ttl: 259200 # 默认: 0(禁用 lazy cache)。#建议值 86400(1天)~ 259200(3天)
dump_file: ./cache.dump
dump_interval: 7200 # (实验性) 自动保存间隔。
- tag: "forward_local"
type: forward
args:
concurrent: 1
upstreams:
- addr: "211.138.180.2" # 运营商 DNS
- addr: "211.138.180.3" # 一般情况下是最快的
- tag: "forward_clash"
type: forward
args:
concurrent: 1
upstreams:
- addr: "127.0.0.1:7874"
- tag: "forward_alidns"
type: forward
args:
concurrent: 1
upstreams:
- addr: "223.5.5.5"
- tag: ali_quic
addr: "quic://223.6.6.6:853"
- tag: ali_doh
addr: "https://dns.alidns.com/dns-query"
dial_addr: "223.5.5.5"
enable_http3: true
- tag: "forward_dnspod"
type: forward
args:
concurrent: 1
upstreams:
- addr: "https://doh.pub/dns-query"
dial_addr: "120.53.53.53"
enable_http3: false
- tag: "forward_remote"
type: "forward"
args:
concurrent: 2 # 并发数。每次请求随机选取 concurrent 个 upstreams 发送请求。
upstreams:
- addr: "https://162.159.36.1/dns-query" # cloudflare
- addr: "https://208.67.222.123/dns-query" # opendns
- addr: "https://101.101.101.101/dns-query" # TWNIC DNS Quad 101
- tag: "forward_ecs"
type: "forward"
args:
concurrent: 1
upstreams:
- tag: quad9_11
addr: "https://9.9.9.11/dns-query"
socks5: "127.0.0.1:10808"
- tag: google_doh
addr: "https://8.8.8.8/dns-query"
socks5: "127.0.0.1:10808"
- tag: "forward_easy"
type: "forward"
args:
concurrent: 1
upstreams:
- addr: "https://doh.apad.pro/dns-query"
bootstrap: "223.5.5.5"
enable_http3: false
- tag: has_resp_sequence
type: sequence
args:
- matches:
- "has_resp"
exec: accept
# IP 优选,需要定期修改,最好填写 2 - 4 个
- tag: blackhole_akamai_ipv4 # 替换部分 AKAMAI 域名 IP,详见 https://github.com/IrineSistiana/mosdns/discussions/489
type: sequence
args:
# - exec: black_hole 173.222.248.75 23.208.31.195 23.220.73.71
- exec: query_summary best_akamai
- exec: ttl 3600-0
- exec: accept # 运行 black_hole 之后接受请求,不再进行后续判断
- tag: blackhole_cloudflare_ipv4
type: sequence
args:
# - exec: black_hole 104.18.181.45 104.18.164.218 104.18.166.94
- exec: query_summary cloudflare_best
- exec: ttl 3600-0
- exec: accept
- tag: blackhole_cloudfront_ipv4
type: sequence
args:
# - exec: black_hole 108.139.4.72 13.227.74.215 13.249.160.37
- exec: query_summary cloudfront_best
- exec: ttl 3600-0
- exec: accept
- tag: blackhole_cachefly_ipv4
type: sequence
args:
- exec: black_hole 205.234.175.0 # best_cachefly_ipv4
- exec: ttl 3600-0
- exec: accept
- tag: blackhole_ghs_ipv4
type: sequence
args:
- exec: black_hole 142.250.196.243 # best_ghs_ipv4
- exec: ttl 3600-0
- exec: accept
- tag: blackhole_ghs_ipv6
type: sequence
args:
- exec: black_hole 2404:6800:4004:821::2013 # best_ghs_ipv6
- exec: ttl 3600-0
- exec: accept
- tag: change_cdn_ip # https://github.com/XIU2/CloudflareSpeedTest/discussions/317
type: sequence
args:
- matches:
- cname akamai.net akamaized.net
- qtype 1
- has_wanted_ans # 防止纯 IPV6 域名被替换
exec: jump blackhole_akamai_ipv4
- matches: # 有些 AKAMAI 的域名不能直接替换 IP(没有绑定全证书)
- cname &./rule/akamai_domain_list.txt
exec: accept # 此处多加一次判断,接受全部 AKAMAI CDN 的 域名 不用再过一遍下面的matches
- matches:
- cname full:custom.crisp.help pacloudflare.com cc-ecdn.net # Cloudflare Spectrum、Salesforce 不进行替换
exec: return
- matches:
- qtype 1
- has_wanted_ans
- "resp_ip &./rule/cloudflare_ipv4.txt"
exec: jump blackhole_cloudflare_ipv4
- matches:
- qtype 1
- has_wanted_ans
- "resp_ip &./rule/cloudfront.txt"
exec: jump blackhole_cloudfront_ipv4
- matches:
- qtype 1
- cname cloudfront.net
exec: jump blackhole_cloudfront_ipv4
- matches:
- qtype 1
- "resp_ip &./rule/cachefly_ipv4.txt"
exec: jump blackhole_cachefly_ipv4
- matches:
- qtype 1
- cname full:ghs.googlehosted.com
exec: jump blackhole_ghs_ipv4
- matches:
- qtype 28
- cname full:ghs.googlehosted.com
exec: jump blackhole_ghs_ipv6
- tag: "fallback_clash" # "!has_resp"
type: "fallback"
args:
primary: forward_clash # clash 返回fake-ip
secondary: forward_remote # 在有获取真实IP的需求时,当Clash故障或关闭,查询DNS将返回真实IP地址。
threshold: 200
always_standby: false # 副可执行插件,不待命时,由于clash秒答,所以相当于普通sequence插件
- tag: "fallback_ecs"
type: "fallback"
args:
primary: forward_ecs
secondary: forward_easy
threshold: 500 # 无响应回滚阈值。单位毫秒。默认 500 。
always_standby: true # 副可执行插件始终待命。
- tag: remote_sequence # forward 二选一
type: sequence
args:
- exec: prefer_ipv4
- exec: $fallback_clash # mosdns前置:Dnsmasq → mosdns → clash
# - exec: $forward_clash # mosdns前置:Dnsmasq → mosdns → clash # 不带故障转移
# - exec: $forward_remote # mosdns后置:Dnsmasq → clash → mosdns
- exec: accept
- tag: gfw_ip_sequence
type: sequence
args:
- matches: # 污染ip
- "resp_ip &./rule/gfw_ip_list.txt"
exec: goto remote_sequence
- matches: # 屏蔽ip
- "resp_ip 0.0.0.0 127.0.0.1 ::1"
exec: goto remote_sequence
- tag: local_sequence
type: sequence
args:
- exec: prefer_ipv4
- exec: $forward_alidns # 这里推荐使用当地运营商dns
- exec: jump gfw_ip_sequence
- exec: jump change_cdn_ip
- exec: accept # 有没有响应都终止,防止后续查询其他上游
- tag: ali_sequence_jp # 阿里日本准确度高,腾讯美国准确度高
type: sequence
args:
- exec: prefer_ipv4
- exec: ecs 13.78.0.0
- exec: $forward_alidns ali_doh
- exec: jump change_cdn_ip
- exec: accept
- tag: tencent_sequence_lax
type: sequence
args:
- exec: prefer_ipv4
- exec: ecs 151.101.196.0
- exec: $forward_dnspod
- exec: jump change_cdn_ip
- exec: accept
- tag: default_sequence
type: sequence
args:
- exec: prefer_ipv4
- exec: $forward_alidns # 默认用国内,用来查询是否污染
- matches:
- "resp_ip &./rule/china_ip_list.txt"
exec: accept # 国内直接接受
- exec: jump gfw_ip_sequence
- exec: drop_resp
- tag: global_sequence_us
type: sequence
args:
- exec: ecs 151.101.196.0 # mosdns前置:走 US ECS 直连,删去 _US 代表国外全部走代理 # Los_Angeles
- exec: $fallback_ecs # 也可以直接用 forward_ECS
- exec: jump change_cdn_ip # mosdns后置:MATCH若走直连,才会用到remote_sequence_us
- exec: jump has_resp_sequence
- tag: "fallback_final"
type: "fallback"
args:
primary: default_sequence # 国内ip走直连,如果是gfw ip 走代理
secondary: global_sequence_us # 国外ip 尝试优选 走直连
threshold: 360 # 无响应回滚阈值。单位毫秒。默认 500 。
always_standby: true # 副可执行插件始终待命。
- tag: main
type: sequence
args:
- matches:
- qtype 65
exec: reject 3 # 屏蔽 QTYPE 65
- exec: $hosts
- exec: jump has_resp_sequence
- matches:
- qname &./rule/private.txt &./rule/block_list.txt #内网域名 & 黑名单
exec: reject 5
- matches:
- qname &./rule/white_list.txt # DDNS 和 白名单
exec: $forward_local
- exec: ttl 5-180 #如果使用了DDNS,把这个打开
- exec: jump has_resp_sequence
- matches: "!qtype 1 28"
exec: $forward_ecs google_doh
- matches: "!qtype 1 28" # = accept
exec: accept
- exec: $cache_0 # 下面的请求结果均进入缓存
- exec: jump has_resp_sequence
- matches:
- qname &./rule/akamai_domain_list.txt
exec: jump ali_sequence_jp
- matches:
- qname ebay.com # 占位
exec: jump tencent_sequence_lax
- matches:
- qname apple.com edgesuite.net icloud.com live.com live.net msftconnecttest.com office365.com office.com outlook.com trafficmanager.net xbox.com
exec: $forward_dnspod
- exec: jump has_resp_sequence
- matches:
- qname &./rule/original_domain_list.txt # 不进行 IP 替换的域名,通常是游戏等使用非常用端口的域名
exec: $forward_remote
- exec: jump has_resp_sequence
- matches:
- qname &./rule/google_cn.txt &./rule/wall_list.txt # wall_list手动创建
exec: jump remote_sequence # 适用于被墙/被污染/尚未移出geosite_cn列表的,提前走代理
- matches:
- qname &./rule/china_domain_list.txt
exec: jump local_sequence # 国内域名 & apple cn 提前走直连
- matches:
- qname &./rule/proxy_domain_list.txt # GFW 域名直接走代理
exec: jump remote_sequence
- exec: $fallback_final # 不在列表内的域名
- tag: udp_server
type: udp_server
args:
entry: main
listen: ":5353"
- tag: tcp_server
type: tcp_server
args:
entry: main
listen: ":5353"