Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

希望能增强内置的DNS服务 #2188

Closed
ddvcx opened this issue Jan 20, 2020 · 6 comments
Closed

希望能增强内置的DNS服务 #2188

ddvcx opened this issue Jan 20, 2020 · 6 comments
Labels
Stale

Comments

@ddvcx
Copy link

ddvcx commented Jan 20, 2020

最近DNS污染越来越严重,这是我觉得最需要加的功能:
1/DNS并发查询,设置多个服务器并发查询,自动选择响应最快的结果
2/DNS缓存功能
@lw4free
Copy link

lw4free commented Jan 22, 2020

分享一下我的设置,利用dns拦截和dnscrypt-proxy功能查询dns,速度极快,而且准确。唯一不足是不能查询敏感地址的ip了。
建议使用geosite.dat增强版,域名更全(https://github.com/Loyalsoldier/v2ray-rules-dat)
dnscrypt-proxy安装方式(https://github.com/DNSCrypt/dnscrypt-proxy/wiki)
客户端设置
{
"dns": {
"hosts": {
"geosite:category-ads-all": "ads.test.com",//在dnscrypt-proxy里将ads.test.com指向127.0.0.3(将所有广告指向127.0.0.3)
"geosite:geolocation-!cn": "geo.test.com"//在dnscrypt-proxy里将geo.test.com指向22.22.22.22(将所有敏感地址指向22.22.22.22)
"domain:test.com": "geo.test.com"//自定义敏感地址
//之所以不直接指向22.22.22.22是因为v2ray还会查询ipv6地址,指向域名后在dnscrypt-proxy里面再指向22.22.22.22就不会查询ipv6
},
"servers": [
"127.0.0.2"//dnscrypt-proxy地址,查询非上面两种域名的ip
]
},
"inbounds": [
{
"protocol": "socks",
...
},
{
"protocol": "dokodemo-door",
...
}
],
"outbounds": [
{
"protocol": "vmess",
...
},
{
"protocol": "freedom",
...
},
{
"protocol": "blackhole",
...
},
{
"protocol": "dns",//使用内置dns查询
"network": "udp",
"address": "127.0.0.2",//指向dnscrypt-proxy
"port": 53,
"tag": "dns-out"
}
],
"routing": {
"domainStrategy": "IPOnDemand",//使用ip作路由
"rules": [
{
"type": "field",//dns查询
"ip": [
"127.0.0.2"//指向dnscrypt-proxy
],
"port": 53,
"network": "udp",
"outboundTag": "direct"
},
{
"type": "field",//dns拦截(我使用网关模式,所以没有"inboundTag": [ "dns-in" ])
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{
"type": "field",//敏感地址出口
"ip": [
"22.22.22.22"
],
"outboundTag": "proxy"
},
{
"type": "field",//广告拦截
"ip": [
"127.0.0.3"
],
"outboundTag": "block"
},
{
"type": "field",//本地地址出口
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
}
//其它地址默认使用主出口
]
}
}
服务器的设置类似

@littlesum
Copy link

内置dns确实性能不太好 一台用的内置dns 图方便!还有一台机器配置的ipset dnsmasq 分流方案,感觉性能能好点!

@ddvcx
Copy link
Author

ddvcx commented Jan 23, 2020

分享一下我的设置,利用dns拦截和dnscrypt-proxy功能查询dns,速度极快,而且准确。唯一不足是不能查询敏感地址的ip了。
建议使用geosite.dat增强版,域名更全(https://github.com/Loyalsoldier/v2ray-rules-dat)
dnscrypt-proxy安装方式(https://github.com/DNSCrypt/dnscrypt-proxy/wiki)
客户端设置
{
"dns": {
"hosts": {
"geosite:category-ads-all": "ads.test.com",//在dnscrypt-proxy里将ads.test.com指向127.0.0.3(将所有广告指向127.0.0.3)
"geosite:geolocation-!cn": "geo.test.com"//在dnscrypt-proxy里将geo.test.com指向22.22.22.22(将所有敏感地址指向22.22.22.22)
"domain:test.com": "geo.test.com"//自定义敏感地址
//之所以不直接指向22.22.22.22是因为v2ray还会查询ipv6地址,指向域名后在dnscrypt-proxy里面再指向22.22.22.22就不会查询ipv6
},
"servers": [
"127.0.0.2"//dnscrypt-proxy地址,查询非上面两种域名的ip
]
},
"inbounds": [
{
"protocol": "socks",
...
},
{
"protocol": "dokodemo-door",
...
}
],
"outbounds": [
{
"protocol": "vmess",
...
},
{
"protocol": "freedom",
...
},
{
"protocol": "blackhole",
...
},
{
"protocol": "dns",//使用内置dns查询
"network": "udp",
"address": "127.0.0.2",//指向dnscrypt-proxy
"port": 53,
"tag": "dns-out"
}
],
"routing": {
"domainStrategy": "IPOnDemand",//使用ip作路由
"rules": [
{
"type": "field",//dns查询
"ip": [
"127.0.0.2"//指向dnscrypt-proxy
],
"port": 53,
"network": "udp",
"outboundTag": "direct"
},
{
"type": "field",//dns拦截(我使用网关模式,所以没有"inboundTag": [ "dns-in" ])
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{
"type": "field",//敏感地址出口
"ip": [
"22.22.22.22"
],
"outboundTag": "proxy"
},
{
"type": "field",//广告拦截
"ip": [
"127.0.0.3"
],
"outboundTag": "block"
},
{
"type": "field",//本地地址出口
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
}
//其它地址默认使用主出口
]
}
}
服务器的设置类似

这个设置看上去所有DNS都给拦截了,这样会导致国内CDN速度变慢

@lw4free
Copy link

lw4free commented Jan 23, 2020

这个设置看上去所有DNS都给拦截了,这样会导致国内CDN速度变慢

是的 解决办法是 把走国内CDN的网站从geosite:geolocation-!cn中筛选出来 自定义一个列表 我是懒得弄 全部走代理感觉也不慢

@mzz2017
Copy link
Contributor

mzz2017 commented Feb 6, 2020

目前的实现dns查询是轮询的,在前一个dns服务器查询不到结果时进行第二个dns服务器的查询。

实际上dns查询一般很快,国内dns服务器都是100ms以内,访问一个页面根据其跨域资源的数目,所需要请求的dns查询数目一般在1到10不等,并发查询会带来dns请求数的剧增,而带来的性能提升实际上是有限的。

dns缓存在目前的v2ray中是有实现的。

至于解决dns污染,在当前版本中DoH查询在查询空结果时会有性能问题,PR已经merged了,见#2212

@github-actions
Copy link

github-actions bot commented Jul 9, 2020

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days

@github-actions github-actions bot added the Stale label Jul 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@littlesum @mzz2017 @ddvcx @lw4free